A new global standard (ISO 37001) is about to be approved which means, for the first time, a company can readily demonstrate that it has internationally recognised anti-corruption policies. This could be important in attracting and retaining global business, as well as avoiding crippling investigations and fines in the United Kingdom and abroad.
Bribery and corruption
Bribery and corruption is costly, both in terms of the actual bribes paid and in terms of the penalties for doing so. To give some sense of scale, the World Bank estimates that about US$ 1 trillion is paid in bribes around the world each year. Between 2010 and 2016 companies have paid over US$7 trillion in settlement of Foreign and Corrupt Practices Act 1977 investigations in the United States. Approximately £36 million (equivalent to about US$52 million) has so far been paid in settlement of investigations in the United Kingdom under the Bribery Act 2010.
Bribes come in all shapes and sizes
It is dangerous for companies to think that they are immune to such penalties because they would not pay bribes. Bribes do not just consist of cash stuffed in envelopes. Gifts, hospitality and preferential loans are all potential examples of bribes. The real headache for companies in the UK is that they commit a criminal offence if third parties performing services on their behalf offer bribes. This might mean an employee, agent or subsidiary in another country. The only way the company will then be able to avoid substantial penalties is by having good systems and policies in place which are designed to prevent bribery and corruption by those who act on its behalf.
A new international standard
The International Standards Organisation is an independent, non-governmental organisation with representative members from 161 countries. It draws on its common expertise to develop world-class standards in various areas of commerce. It is about to approve a new standard (ISO 37001: Anti-Bribery Management Systems), which will be of direct importance to corporate anti-corruption systems and policies. It has been three years in development and the British Standards Institute (the UK’s national standards agency) led the project committee. Final comments on the draft standard will be resolved at the meeting of the ISO 37001 project committee in Mexico on 30 May 2016 and, assuming that there are no last-minute upheavals, publication is anticipated in the autumn.
Rather than simply offering guidelines, ISO 37001 will provide a set of verifiable requirements. Of most practical benefit to an organisation is the ability for a third party to audit the company’s systems and policies and certify that they are compliant with the Standard. This may be particularly important for those companies that are subject to The Public Contracts Regulations 2015.
As with all legislation relating to bribery and corruption, ISO 37001 is likely to reinforce the need for corporate entities to establish, by independent sources, identification of the individual(s) behind the entity with whom they are dealing. This was first seen following the implementation in the United Kingdom of the Fourth Amendment to the European “Money Laundering” Directive 2005/60/EC by the legal requirement for all companies and Limited Liability Partnerships (LLPs) from 6 April 2016 to create and maintain a register of beneficial ownership including details of any person with significant control (PSC) over a corporate entity.
Having established the requirement that the register should be publicly available (via Companies House from 30 June 2016) businesses in the United Kingdom may find they have a head-start on compliance with ISO37001 over their non-European competitors. But as Directive 2005/60/EC only applies to Member States, business relationships with entities outside of the EU will need to be assessed and monitored stringently.
On a final note, Directive 2014/95/EU (also known as “the CSR Directive”) requires Member States to bring into force necessary laws, regulations and administrative provisions by 6 December 2016 requiring certain large organisations and groups to provide a non-financial statement in its annual management report detailing its position on anti-corruption and bribery. ISO 37001 certification is likely to show that a company is taking this responsibility seriously.
We are tentatively of the view that ISO 37001 certification will come to be viewed as the yardstick by which an organisation’s anti-bribery programme is judged by clients, colleagues and prosecutors alike. Those that are not certified will stand out from the crowd for all the wrong reasons.
This article has been co-written by Jamas Hodivala Barrister and Certified Fraud Examiner at 2 Bedford Row Chambers and Matthew Ewens, Associate, Business Crime Group at Mishcon de Reya LLP.