ISO standard: Unifying laws, regulations and best practices

This interview was originally published by Leaders League on Tuesday, 13 September 2022.

As a pioneer in the anti-bribery and compliance certification market, Speeki Europe (formerly known as ETHIC Intelligence) continues its development through its merger with the Speeki Group. Initially dedicated to technology solutions for whistleblowing, the organisation is evolving into the broader ESG sector. Leaders League got the thoughts of Scott Lane and Pauline Bailly, Speeki's European president and director of anti-corruption certification, respectively.

Photos of Scott Lane (left) and Pauline Bailly (right)with Leaders League's logo in the bottom left corner and Speeki's logo in the bottom right corner

What are the key changes in your structure and/or organisation in 2022?

Pauline Bailly: In April 2022, ETHIC Intelligence merged with its sister company Speeki, which originally specialised in technology-based whistleblowing solutions, and now more broadly in environmental, social and governance (ESG) risk management. Under the leadership of Scott Lane, ETHIC Intelligence has been renamed Speeki Europe and remains the only ISO 37001 accredited entity in the group. This merger therefore has little or no impact on our certification activities yet will gradually strengthen our skills and scope of action in ESG, thanks to Speeki’s technologies and experts.

What is your analysis of the certification market more than two years on from the start of the pandemic?

Scott Lane: Initially, the COVID-19 pandemic did slow down activity. But the demand for certification picked up very quickly, once organisations got used to working remotely and accreditation agencies relaxed their rules on remote auditing. As a global organisation, we were already used to this practice, which made it easier for us to adapt.

Today, the certification market, as it applies to the standards we are interested in, is progressing well. The ISO 37001 standard on anti-corruption management systems is well established. More and more organisations are using the standard and launching a certification process, both in the private and public sector. In France, there has been a great deal of progress, which can be explained in part by organisations fully realising the importance of the subject and upgrading their anti-corruption compliance programmes as a result. They are now ready for certification (the publication of the benchmark and promulgation of the Sapin 2 law both date from the end of 2016). Widely used where governments require certification for public procurement, Latin America, southeast Asia and some European countries (e.g. Italy and Romania) are champions of ISO 37001 certification - see ISO Survey 2020, publication 2021 pending. The US is also making progress in adopting the standard.

PB: The ISO 37301 standard on compliance management systems published in 2021 has opened up certification to any conformity obligation. Its scope is deliberately broad, because compliance in one organisation may be quite different from compliance in another. It depends on the activity and the risks involved. This standard comes at the right time for compliance teams whose scope is expanding as ESG issues become more prominent.

In your opinion, what is the added value of ISO standards (compared to other standards)?

SL: In terms of anti-corruption and compliance, they are the best internationally recognised standards available. The harmonisation of applicable laws, regulations and best practices around a system is what an ISO standard is all about. Many organisations are still struggling to get a sustainable programme up and running, often spending already scarce resources where they are not necessarily needed. Too much valuable time is spent on administrative tasks like compilation, filing, questionnaires, etc. where automation could be used. ISO standards help to build systems that allow this, in a proportionate, appropriate and risk-based way.

How do ISO 37001 and 37301 contribute in practice to the fight against corruption, fraud and money laundering?

PB: The ISO management system standards should be seen for what they are, i.e. a management tool. Their common objective is to prevent, detect and manage incidents by setting up an effective system. They propose to transform a legal or regulatory obligation into a programme structured by a methodology and a framework. In this context, they are a very good tool for fighting corruption and other compliance risks.

Furthermore, the certification provided by ISO standards boosts the commitment of employees to the subject, which in turn helps combat it. The integrated and participatory approach of ISO standards encourages organisations to involve all teams and departments in the operation of the system. And certification implies auditing these same teams, who may then feel more involved. It seems to me that employees, who are ever more demanding in terms of what they expect from their company, are more open to the idea of participating in a joint certification project. Following an annual training module or filling in a conflict-of-interest declaration takes this to another dimension.

The ISO 37002 standard was published in July 2021. In your opinion, does compliance with this standard guarantee the effectiveness of internal whistleblowing systems within companies?

SL: In a similar way, the document is a harmonisation of the existing rules on whistleblowing, and thus, a real guide. The ISO 37002 guidelines are a very good basis for setting up an alert-management system. The document proposes that alerts be managed via a comprehensive programme encompassing receipt, assessment and triage, handling, status and communication, protection of the whistleblower, investigation, management, resolution and conclusion; adding to this the "system" aspects: planning, monitoring and review of objectives, internal audit, management review, etc.

Another ISO 2021 publication in our field worth mentioning is the ISO 37000 Governance of Organisations – Guidance.


How to learn more

The ISO Whistleblowing Guidelines are available to purchase from the ISO stores in each country. Check the ISO website for further details.

If you are interested in building your programme from scratch or for consultative advice on the ISO Whistleblowing Guidelines, please contact us here.