Skip to content

ISO 37001 Anti-bribery Management System

ISO 37001 Anti-Bribery Management System is closely related to ISO 26000 and highlighted at this ISO 26000 website.

The standard was developed in ISO PC278 (project committee). UK held the project secretariate that is now part of ISO Technical Committee 309 Organizational Governance and approximately 38 countries and 7 liaison organizations participated.

ISO 37001 General:

ISO 37001 is designed to help an organization establish,. implement, maintain, and improve an anti-bribery compliance program or “management system. It includes a series of measures and controls that represent global anti-corruption good practice.

The standards addresses

  • Bribery by the organization, or by its personnel or business associates acting on the organization’s behalf or for its benefit
  • Bribery of the organization, or of its personnel or business associates in relation to the organization’s activities

ISO 37001 (draft) contains a series of measures and controls to help prevent, detect, and address bribery, among them:

  • An anti-bribery policy, procedures, and controls
  • Top management leadership, commitment and responsibility
  • Senior level oversight
  • Anti-bribery training
  • Risk assessments
  • Due diligence on projects and business associates
  • Reporting, monitoring, investigation and review
  • Corrective action and continual improvement

ISO 37001 SCOPE (from the almost final draft):

This International Standard specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be standalone or can be integrated into an overall management system. This standard addresses the following in relation to the organization’s activities:
a) bribery in the public, private and not-for-profit sectors;
b) bribery by the organization;
c) bribery by the organization’s personnel acting on the organization’s behalf or for its benefit;
d) bribery by the organization’s business associates acting on the organization’s behalf or for its benefit;
e) bribery of the organization;
f) bribery of the organization’s personnel in relation to the organization’s activities;
g) bribery of the organization’s business associates in relation to the organization’s activities;
h) direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party).

This International Standard is applicable only to bribery. It sets out requirements and provides guidance for a management system designed to help an organization to prevent, detect and address bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities. In this International Standard, the term “bribery” is used to refer to the offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be financial or non-financial), directly or indirectly, and irrespective of location(s), in violation of applicable law, as an inducement or reward for a person acting or refraining from acting in relation to the performance of that person’s duties.

Moreover, this general use of the term “bribery” will be further informed by the anti-bribery laws applicable to the organization and an anti-bribery management system designed to help the organization. This International Standard does not specifically address fraud, cartels and other anti-trust/competition offences, money-laundering or other activities related to corrupt practices (although an organization may choose to extend the scope of the management system to include such activities).

The requirements of this International Standard are generic and are intended to be applicable to all organizations (or parts of an organization), regardless of type, size and nature of activity, and whether in the public, private or not-for-profit sectors. The extent of application of these requirements depends on the factors specified in 4.1, 4.2 and 4.5. If the whole or part of any requirement in this International Standard is in conflict with, or prohibited by, any applicable law, then the organization will not be obliged to conform with the relevant whole or part of that requirement.

NOTE 1 See A.2 for guidance.
NOTE 2 The measures necessary to prevent, detect and address the risk of bribery by the organization may be different from the measures used to prevent, detect and address bribery.

More ISO 37001 information can be found at the dedicated ISO website