"fully leverage its resources" to hold
individuals accountable for corporate
misconduct. DOJ may have deemed the
policy announcement as helpful guidance
but companies were left wondering what
new legal burdens they faced.
only provides clear measurable processes
for businesses to adopt, it also is being
promoted to DOJ as a tool for measuring an
organization's commitment to compliance
with relevant laws. In this way, the standard
assists in both implementation and
assessment of compliance when mitigating
penalties.
Moreover, ISO 37001 is a global,
rather than national, standard. According
to Worth MacMurray, a member of the
U.S. Technical Advisory Group that
participated in its drafting, ISO 37001 was
built on systems identified as "anti-bribery
leading practices" by a project committee
featuring persons from over 60 countries.
Governments worldwide are implementing
ISO 37001 to make it harder to hide bribes
and payments. The United Arab Emirates'
Classification Society took the lead in the
Middle East and issued a certification to
Robert Bosch, the "first anti-corruption
standard of its kind" in the region. Entities
in Peru, Singapore, Canada, Ecuador,
Indonesia, Morocco, and the Philippines
also have begun certifying under 37001.
With such rapid international adoption,
a company engaged in international
transactions can use 37001 to implement
systems that address compliance obligations
in multiple jurisdictions. Several major
U.S. companies and audit firms also have
announced their intent to seek certification
under 37001 and will likely soon require
the same of their suppliers. Microsoft, with
an international supply chain, announced it
will be the first to do so, as Vice President
David Howard explained: "Corruption is
a cross-border problem and demands a
common language to help solve it." Walmart
also is seeking certification.
U.S. trade groups are now studying ISO
37001 and Attorney General Sessions has
reportedly discussed how the U.S. might
treat companies that adopt the standard
National Association of Manufacturers.
These developments suggest there is
a global appetite for anti-bribery reform,
which could lead to an unusually rapid
cascade of ISO 37001 adoption.
processes and performance measures,
removing much uncertainty about what
individuals and companies must do to
adhere to anti-bribery laws. MacMurray
says the standard was "created by business,
for business," and that it is not a "myopic,
legalistic process." It addresses bribery
by and of the organization, its personnel,
and its business associates. It is designed
for easy integration with existing corporate
management processes, imposing what
MacMurray described as "reasonable and
proportionate risk-based implementation of
financial and personnel controls, training,
risk assessments, due diligence, monitoring
and managerial leadership." The standard
considers the organization's size and
nature, geographical footprint, and business
associates in assessing the appropriate
systems for adoption. ISO 37001 is also
designed to seamlessly mesh with other
certification standards, like the widely
popular ISO 9001 for quality management.
Although MacMurray cautioned that ISO
37001 is not a "silver bullet" to prevent
bribery, nor a "liability shield" against
prosecution, it builds on well-understood
foundations of business operations and
methodologies to create credible anti-
bribery systems that are an adaptable risk-
based approach to developing compliance
programs for organizations in any country,
of any size, whether public or private.
37001 is voluntary, but earning a third-
party certification can provide significant
and tangible benefits for companies.
First, companies already subject to
bribery investigations have incentive to
certify under ISO 37001 and show that
their hands are clean or that they are taking
necessary preventative steps. Companies in
the same sector as one under investigation
also can benefit from taking precautionary
steps. Similarly, governments, particularly
reassure investors by requiring certification
to win government contracts.
Second, companies operating in
high-risk areas such as the Middle East
and North Africa region, Central Asia,
or elsewhere, have a strong incentive to
seek certification. Clients who rely on
subcontractors in high-risk regions stand
to gain even more. MacMurray noted
that companies do not have to certify
organization-wide; instead, they can "stick
their big toe into the compliance pool" by
certifying high-risk parts of a business,
such as regional sales operations.
Third, companies that are operating in
traditional at-risk fields such as energy,
pharmaceuticals or mining would likely
benefit from certification. Companies
that combine an industry risk with a
geographical risk, such as oil companies
operating in Central Asia, have multiple
reasons to seek certification.
Fourth, given that ISO 37001 was just
released last year, there is an opportunity
at present for companies and individuals
to assume a leadership role in global
anti-bribery efforts for their respective
industries. "Socially-conscious" investment
and partnering are becoming increasingly
important for both large and small
companies as part of their branding.
and worldwide for anti-bribery efforts, and
ISO 37001 was designed to standardize
existing best practices. This new standard
presents an opportunity to certify for a host of
legal, leadership and risk-based reasons.
make payments to foreign government officials to assist in
obtaining or retaining business.
anti-corruption); see also IMF Staff Discussion Note:
Corruption: Costs and Mitigating Strategies, (May 2016imf.
org/external/pubs/ft/sdn/2016/sdn1605.pdf)
(justice.gov/opa/speech/attorney-general-jeff-sessions-
delivers-remarks-ethics-and-compliance-initiative-
annual?_ga=2.101723521.1282231261.1497450600-
1991356329.1497450600).
Wrongdoing (Sep. 9, 2015) (justice.gov/archives/dag/
file/769036/download)