A challenge for any company with an embedded anti-corruption compliance programme is implementing an anti-bribery management system as required by the ISO 37001 standard. Part of this challenge is ‘retrofitting’ some of your programme into the structure of a management system. While there are very significant similarities between an anti-corruption compliance programme and an anti-bribery management system, there are some areas that make a management system capable of being certified.
The main thing to remember is that a management system relies on documented evidence. You may ‘do something’, but you need to be able to prove it – especially if your management system is the subject of a certification audit.
One of the key requirements of the ISO 37001 standard is to have a clear anti-bribery policy. Most companies have difficult to read, complex policies that summarise the laws in the country around bribery but offer little (if any) guidance for people to follow. Perhaps the original drafters aimed their writing at a regulator if the company was faced with litigation or a public breach. However, today’s drafters must be focused on the employees and key stakeholders and preventing bribery, not trying to defend litigation.
At a minimum, a solid anti-bribery policy should include all of the attached details and be coupled with relevant examples, guidance, directions, procedures and help text.