ISO37001 | THE NEW GLOBAL STANDARD FOR ANTI-BRIBERY MANAGEMENT SYSTEMS AND IMPLICATIONS FOR INDIAN BUSINESSES
By Anand Mehta (Partner at Khaitan and Co.) and Soumyadri Chattopadhyaya (Senior Associate at Khaitan and Co.)
Globally, anti-bribery enforcement represents a significant cost of doing business in emerging markets where cultural and business practices often include gifting and offering of bribes. Estimates suggest that between 2008 and 2015, FCPA enforcements resulted in fines, settlements and disgorgements to the tune of several billion dollars. Moreover, with anti-bribery enforcement high on the agenda for regulatory agencies across the world, global businesses are constantly in the line of fire and constantly fighting to develop and implement better internal anti-bribery controls and procedures. After being in the works for many years and involving inputs from some of the foremost thought-leaders, the International Organisation for Standardisation (ISO) has on October 15, 2016 finally published the ISO 37001: Anti-Bribery Management Systems Standard. This represents the first set of globally accepted principles designed to assist organisations worldwide to implement and maintain effective systems, processes and procedures to combat bribery risks.
Dissecting ISO 37001
ISO37001 stipulates the requirements to enable an organization develop, establish, implement, maintain, and improve an anti-bribery compliance programme. It is also designed to be integrated and dovetailed with the organisation’s existing management systems and controls. It provides a series of measures and controls that represent global anti-bribery good practice with a view to check bribery directly by an organisation or its employees or indirectly, through agents and associates. Broken down further, the anti-bribery management system specifies requirements that must be satisfied by organisations putting together process and control systems including:
- Establishing and implementing an anti-bribery policy
- Dissemination of the anti-bribery policy to personnel and business partners such as joint venture partners, contractors, subcontractors, suppliers, consultants and vendors
- Appointment of a compliance manager to oversee implementation
- Appropriate anti-bribery training program
- Effective due diligence to evaluate bribery risks
- Implementation of appropriate financial and contractual controls to prevent bribery
- Periodic monitoring to test the effectiveness of the systems
- Continuous improvement of the systems
ISO 37001 is a fluid and highly adaptable set of principles (with associated guidance) that can be tailored for use by organisations worldwide, regardless of their size, sector or activity, and whether public, private or not-for-profit. While adoption is currently completely voluntary, the standard represents an international benchmark that can be used to test the appropriateness and effectiveness of anti-bribery controls put in place by an organisation. Further, ISO37001 is capable of independent, third party certification thereby lending further credibility.
Indian businesses that are currently subject to the rigours of the US Foreign Corrupt Practices Act, 1977 (FCPA) or the UK Bribery Act, 2010 (UKBA) are already aware of the significance of anti-bribery controls and processes, given the extraordinary extraterritorial reach of both these legislations. Currently there is no Indian legislation that mandates the adoption of an anti-bribery policy or requires organisations to demonstrate that they had implemented “adequate processes to detect and prevent bribery”, as required under the UKBA. Having said that, the Prevention of Corruption (Amendment) Bill, 2013, inter alia not only seeks to create a new offence for bribery of private persons but also envisages creation of a defence from the charge of bribery, along the lines of the UKBA, for organisations which are able to demonstrate that they had implemented “appropriate processes to detect and prevent bribery”.
Significance of ISO37001 for Indian businesses
Given the impact of transnational anti-bribery legislations such as the FCPA and the UKBA and constantly rising enforcement trends, foreign investors are increasingly cautious in evaluating investment and business opportunities and more robust anti-bribery due diligences and checks are becoming the norm. In light of this, Indian companies that are either seeking cross-border alliances and joint venture partners or that act as consultants or vendors or suppliers for foreign entities subject to the FCPA and/ or the UKBA are increasingly under pressure to revamp and overhaul existing anti-bribery systems. However, critically, what was lacking was a unified international benchmark to measure the systems and processes with and guidance on how to spruce up. This is now available in the form of ISO37001.Importantly, ISO 37001 developed out of the British Standard 10500 Anti-bribery Management System, which was developed with reference to UK Ministry of Justice’s six point guidance in relation to what constituted “adequate procedures" under the UKBA. Further, in the context of FCPA prosecutions, a mitigating factor is often establishing that the organisation had effective compliance and ethics programs. In this context, implementing ISO37001 and obtaining periodic certification would go a long way in providing both management as well as counterparties the necessary assurances around bribery risks. Unsurprisingly, ISO37001 compliance could soon become a baseline requirement that anti-bribery due diligences would assess and stress-test. In the event the Prevention of Corruption (Amendment) Bill, 2013 bringing in the adequate procedures requirements into India sees the light of day, ISO37001 may assume more importance as a credible benchmark, much like ISO27001 that is one of the standards prescribed under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, in relation to data privacy.
Thus, in a world, where bribery-related offences and settlements continue to cost multinationals millions of dollars every year, ISO37001, reflecting global best practices, provides a real life benchmark and invaluable tool to assess the adequacy and efficacy of an organisation’s anti-bribery controls. It will go a long way in providing the right signals and assurances to customers, business partners and investors that an organisation takes its anti-bribery controls seriously and thereby better grease the wheels of cross border business.