ISO certification could certainly be a valuable exercise for any organisation looking to ascertain whether its programme - or at least its plan for developing the programme - hits all the right marks. Seeking certification should not, however, direct company resources away from focussing on meeting the standards regulators set: is the programme mitigating the risk and incidence of corruption, and is it providing a credible response when impropriety nonetheless occurs?
Achieving these goals - as opposed to a certification - is hard work and takes planning, expertise and cultural change management. Reflecting this, the ISO standard notes in its appendix that senior managers must have “genuine intent” and a “genuine commitment to prevent, detect and address bribery in relation to the organisation's business”.5 This matches various guidance documents issued by the authorities, such as the UK Ministry of Justice Bribery Act Guidance,6 the FCPA Resource Guide7 and the US Federal Sentencing Guidelines.8
The dangers of an over-reliance on certification were highlighted earlier this year when Australian journalists alleged that Monaco-based Unaoil had helped various multi-national companies secure government licences using improper payments. Unaoil had previously been certified by a well-known due diligence provider. The matter is now subject to a number of criminal inquiries by authorities including the SFO, and the press has labelled the agent, “The Intermediary That Allegedly Bribed The Entire Oil Industry”.9
Ensuring that your anti-bribery management programme really works takes genuine review and assurance: not just an auditing process, but substantive transaction testing to ensure that legal risks are being appropriately identified and mitigated, that processes are being followed and that the correct decisions are being made by businesses, legal and compliance personnel. Such an outcomes-based assessment provides metrics and management information to executives and boards, which enables a company to determine with confidence whether their programme really works. The same can be done, albeit with more qualitative feedback, with respect to development of ethical culture and training effectiveness. What dilemmas are facing your managers, and how effectively does their reflex meet the challenge? Is your training programme changing hearts and minds, and how can you do better? Is your message being heard?
Real commitment and action is the challenge in any organisation and the key to effective anti-bribery management programmes. The new ISO standard gives corporates a set of tools by which they can meet that challenge, but whether those tools are deployed effectively is a matter of real testing and assurance.
Norton Rose Fulbright was delighted to be represented as the only legal practice on the UK based BSi Anti-Bribery Committee which worked on the ISO standard on anti-bribery (ISO 37001). This followed our earlier work on the British Standards Institute’s panel in connection with the drafting of the first British Standard on Anti-Bribery (BS 10500).