The ISO 37001 Standard: Coalition for Integrity’s Recommendations for Companies Considering Certification
The ISO 37001 standard has generated a lot of debate and discussion among companies, compliance providers and academics and several companies have announced that they plan to seek certification. For companies that want to evaluate their programs for effectiveness, there is already a plethora of publicly available guidance. Perhaps what makes the ISO standard a topic of such interest is that the standard is marketed as one that can be audited and certified. Based on our prior and extensive work on the topic of verification, we have compiled recommendations for companies that are considering certification. The recommendations are available here.
Verification of Anti-Corruption Compliance Programs
It is crucial for enterprises to assess whether their anti-corruption programs are working effectively. How to carry out this verification had been a neglected topic until the Coalition for Integrity published the Verification of Corporate Anti-Corruption Compliance Programs Report. The Verification Report sets forth concrete recommendations for companies to use in evaluating their compliance programs. It is based on an in-depth examination of compliance verification practices and is intended to strengthen anti-corruption compliance programs and to improve public credibility regarding their effectiveness.
The Verification Report includes practical guidance on how to conduct a risk assessment, when and how to conduct internal reviews and external reviews, the documents that should be reviewed and the interviews that should be conducted, the actual testing process, and other considerations for meaningful verification. It also encourages companies to disclose publicly compliance and verification efforts to enhance public credibility and trust. And, it calls for certifying organizations, companies, and investor groups to develop broader agreement on the standards for certification.
The Verification Report is raising the standards of practice. Compliance officers have expressed appreciation for the comprehensive and practical guidance provided and have noted that the Report has generated important internal discussions of risk assessments, verification, and corporate public reporting of their anti-corruption programs. The Center for International Private Enterprise called the Report “an important step towards a unified vision of what successful anti-corruption programs should look like.”
Third-Party Due Diligence and Management Guidance
Under the FCPA and the UK Bribery Act, and many other anti-corruption laws, a company can be held liable not only for the corrupt actions of its employees, but also for a third party’s actions when that third party acts on the company’s behalf. Over 70% of cases brought under the FCPA and similar foreign bribery laws have involved bribe-paying through third parties. To prevent and mitigate risks of liability, including the possibility of criminal conviction, companies need to have effective procedures to scrutinize and monitor the third parties with whom they work. However, companies in both the United Kingdom and the United States have identified third-party due diligence and management as an area of high difficulty. In response, the Coalition for Integrity, in collaboration with Transparency International-UK (TI-UK), prepared a guide for companies that serves as a resource for companies that seek to design a third party anti-corruption framework or improve an existing one to lower their exposure to corruption risk. With the publication of the report, Coalition for Integrity and TI-UK hope to raise the standards of practice.
The report is available here.