ISO 37001 Anti-Bribery SM

CHAPTER 4- CONTEXT OF ORGANIZATION

In understanding the organization and its context, the organization shall determine external and internal issues that are relevant to its purpose and affects its ability to achieve the objectives of its anti-bribery management system. The factors of the issue includes the size, structure and delegated decision-making authority, the locations and sectors, nature, scale and complexity. The organization’s business model is also a factor. These also includes the entities which the organization has a control and vice versa. The organization’s business associates and extent of interactions with public officials, applicable statutory, regulatory, contractual, and professional obligations are its factors as well. Keep in mind that an organization has control over another organization if it directly or indirectly controls its management.

In understanding the needs and expectations of stakeholders, the organization shall determine who are relevant to the anti-bribery management system and their relevant requirements. Take note that in identifying the requirements of stakeholders, an organization can distinguish between mandatory requirements and non-mandatory expectations of, and voluntary commitments to, stakeholders. 

In determining the scope of anti-bribery management system, the organization shall consider the external and internal issues, the requirements and result of bribery risk assessment. The scope should be available as documented information. 

In anti-bribery management system, the organization shall establish, document, implement, maintain and continually review and improve the system, including the processes needed and their interactions. The system itself shall contain measures designed to identify and evaluate the risk of, to prevent, detect and respond to bribery. 

For Bribery Risk Assessment, the organization shall identify the bribery risks they might reasonably anticipate, analyze, assess and prioritize the identified bribery risks, evaluate the suitability and effectiveness of the organization’s existing controls to mitigate the assessed bribery risked and must establish criteria for evaluating its level of bribery risk. It shall be reviewed on a regular basis to properly assess changes and new information. Documented information shall be retained by the organization. 

CHAPTER 5- LEADERSHIP

The governing body of the organization shall demonstrate leadership and commitment with respect to the anti-management bribery management system by approving the organization’s anti-bribery policy, ensuring the alignment of the strategy and the policy, at planned intervals, receiving and reviewing information about the content and operation an allocated and assigned resources needed for effective operation and exercising reasonable oversight over the implementation by top management and its effectiveness. Those activities shall be carried out by the top management if the organization does not have a governing body. 

Top management shall demonstrate leadership and commitment with respect to the anti-bribery management by ensuring that the anti-bribery management system is established, implemented, maintained and reviewed to adequately address the organization’s bribery risk. Ensuring the management’s integration, deploying adequate and appropriate resources, communicating internally and externally regarding the policy, communicating internally the importance of effectiveness and of conforming to the requirements of the anti-bribery management system. Also ensuring that it was properly designed to achieve its objectives, directing and supporting the personnel to contribute to the effectiveness and promoting an appropriate anti-bribery culture within the organization along with its continual improvement. The management also consider supporting other relevant management roles as it applies to their areas of responsibility, encouraging the use of reporting procedures and ensuring that no personnel will suffer retaliation, discrimination or disciplinary action for reports made in good faith or on the basis of reasonable belief of violation or suspected violation of the organization’s anti-bribery policy or for refusing to engage in bribery, even if such refusal can result in organization losing business.

In Anti-Bribery Policy, the top management establish, maintain and review a policy that prohibits bribery, requires compliance with the anti-bribery law, appropriate to purpose of organization, provides framework for achieving objectives, includes commitment, encourages raising concerns in good faith without fear of reprisal, includes continual improvement, explains the authority of compliance function, and explains the consequences of not complying to the anti-bribery policy that shall be available of documented information, communicated in appropriate languages and be available to relevant stakeholders. 

For the roles and responsibilities, the top management shall have responsibility for the implementation and compliance with the anti-bribery management system and shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within and throughout every level of the organization. Managers at every level shall be responsible for requiring that the anti-bribery management system requirements are applied and complied with in their department or function. The governing body, top management and all other personnel shall be responsible for understanding, complying with and applying the anti-bribery management system requirements as they relate to their role in the organization. 

In anti-bribery compliance function, the top management shall assign to an anti-bribery compliance function the responsibility and authority for overseeing the design and implementation, providing advice and guidance on issues relating to bribery, ensuring that the management system conforms to the requirements and reporting on the performance of the system to the governing body and top management and other compliance functions. 

The anti-bribery compliance function shall have direct and prompt access to the governing body (if any) and top management in the event and they can assign some or all of the anti-bribery compliance function to persons external to the organization. Specific personnel have responsibility and authority over those externally assigned parts of the function. 

Delegate decision-making is where top management delegates to personnel the authority for the making of decisions in relation to which there is more than a low risk of bribery. The organization shall establish and maintain a decision-making process or set of controls which requires that the decision process and the level of authority of the decision-maker(s) are appropriate and free of actual or potential conflicts of interest. Top management shall ensure that these processes are reviewed periodically as part of its role and responsibility for implementation of, and compliance with anti-bribery management system. Keep in mind that delegation of decision-making does not exempt top management of their duties and responsibilities nor does it necessarily transfer to  the delegated personnel potential legal responsibilities.