ISO 37001 - Anti-Bribery Management System


Bribery and corruption continues to be one of the highest-priority compliance risks for organisations, attracting considerable public and media attention.


In October 2016, the  International Organisation for Standardisation (ISO) 37001 Anti-bribery Management System was published. This was a significant development for organisations seeking to better manage bribery and corruption risks.


The combination of corporate values with an appropriate anti-bribery management program is now paramount if an organisation is to maintain integrity and address the risks associated with potential bribery and corruption.


This standard provides specifications for organisations to establish, implement, maintain and continually improve their anti-bribery management systems in order to address, prevent and detect bribery. The standard includes a program of measures and controls that represents global anti-corruption good practice.


Many organisations have operations, subsidiaries, suppliers, or other business associates located in countries where the risk of corruption and bribery is high. These companies will benefit immensely by adopting ISO 37001 or by bench marking and certifying their anti-bribery management program against the ISO standard.


While compliance with the standard does not absolve an organisation from bribery-related liabilities, it does provide assurance and evidence in the event of an investigation that the organisation has taken reasonable due-diligence to prevent wrongdoing.


The ISO 37001 standard is adaptable to all type of organisations, irrespective of size, geography or expose to bribery risk.

Benefits of ISO 37001 certification:


Some of the benefits of implementing ISO 37001 are:


  • No need to reinvent the wheel, the standard is built upon years of experience with world-class anti-bribery management systems. As such, the standard provides invaluable guidance to organisations in the process of developing anti-bribery procedures;

  • Adopting an effective anti-bribery management system helps you ensure that suppliers, sub-contractors and agents are committed to anti-bribery best practices;

  • Implementing the measures of the standard reduces the risk of malpractice;

  • Commitment to the standard and its principles promotes trust and confidence. The checks and balances introduced by the system will help you avoid involvement in bribery and the ensuing organisation's reputation damage;

  • Implementation and certification can be used as evidence of due-diligence in case of disputes;

  • The ISO 37001 standard follows the same structure as ISO 9001, ISO 14001 and ISO 45001 and be easily integrated into existing management systems.

What is required?


According to ISO 37001, the anti-bribery management program, including policies, procedures, and controls should be:

  • “Reasonable and proportionate” to the organisation’s size and bribery risk exposure.

  • In other words, smaller organisations, as well as those with a lower risk of bribery, wouldn’t need to establish the same level of procedures and controls as larger organisations, or those with a higher risk of bribery.


While there is no one-size-fits-all approach to complying with the ISO standard, organisations need to have the following elements in place:

  • Anti-bribery policies and procedures, including those around gift-giving, hospitality, donations, and other such benefits;

  • An effective compliance team to oversee the anti-bribery program;

  • A strong tone at the top with management level leadership on, commitment to, and responsibility for anti-bribery;

  • Anti-bribery risk assessments;

  • Controls to mitigate bribery risks (including financial, procurement, commercial, and contractual controls);

  • Training and awareness on anti-bribery policies and measures;

  • Due diligence on projects, transactions, personnel, and business associates/ third parties with a high risk of bribery;

  • Procedures for reporting, investigating, and reviewing suspected or actual bribery;

  • Continuous monitoring and regular audits;

  • Corrective action and continual improvement.