Skip to content
Thomson Reuters
Compliance Risk

Is your anti-bribery system up to scratch?

A man identified as Daniel Van Pelt, a New Jersey Assemblyman, tries to shield his face as he exits federal court after being one of the more than 40 people were arrested in a federal investigation of public corruption and international money laundering
Photographer: Chip East

An estimated US$1 trillion is paid in bribes each year. Now an international standard — ISO 37001 — has been created so organizations can implement an effective anti-bribery management system.

Through institutional change and the promotion of an ethical business culture, organizations can play a significant role in the global fight against bribery.

Find out how Third Party Risk can help detect, assess, and minimize potential risks

Recognizing this, the Swiss-based International Organization for Standardization (ISO) has developed a new standard specifying a series of measures that firms should implement in order to prevent, detect and address bribery.

ISO 37001 is designed to instil an anti-bribery culture within an organization and ensure the presence of appropriate controls, which in turn should increase the chance of detecting bribery and reduce its incidence in the first place.

The benchmark is applicable to all types of organizations globally, regardless of type, size or ownership.

Risk assessment

A company will be ISO 37001 accredited if their internal management system for detecting and eliminating bribery and corruption passes an external audit.

Steve McDonald, Head of Market Development for Risk, Americas at Thomson Reuters, said: “It is not yet clear whether companies will adopt the standard to mitigate their own risk, or specifically work with suppliers who have adopted the standard as a means to reduce risk in their supply chains.

“Ideally, strategic risk assessment should happen before any suppliers are even considered, in order to ascertain where the higher risk levels are. The standard will certainly help with this.”

Key benefits

Implementing the standard offers several potential benefits.

First, it helps businesses to detect and address bribery risks before they negatively impact the organization, by equipping them with the tools necessary to make informed decisions about third parties.

Importantly, the standard could also deliver a competitive advantage, since it sends a clear message to investors, stakeholders and partners that the company will not tolerate bribery and corruption within its supply chain. Stakeholders are therefore assured of regulatory compliance.

Furthermore, the standard has the potential to boost operational efficiency and demonstrate a company’s commitment to good corporate citizenship.

Steps to implementation

The key steps to implementing the ISO 37001 standard are summarized as follows:

Anit- Bribery framework

Download infographic: ISO 37001 Anti-Bribery Management Framework

Companies can work with trusted partners to navigate the process of implementing ISO 37001.

Thomson Reuters Third Party Risk solutions can help by:

  • Maintaining internal controls and policies

Our solution tracks employee disclosures regarding gifts, donations, and conflicts of interest, while also monitoring personal trading, including pre and post-trade workflow to identify suspicious behavior.

  • Rolling out anti-bribery training courses

We offer a library of interactive courses and micro-learnings designed to meet compliance training needs, plus a full range of customization options to manage training programs with audit-ready reporting to demonstrate compliance. 

  • Carrying out initial bribery risk assessments against third parties

Thomson Reuters World-Check risk intelligence can be integrated into new or existing questionnaire on-boarding platforms and risk analytics. We also provide a country-focused risk index that ranks more than 240 countries around the world according to their risk level to identify situations where enhanced due diligence on third parties could be appropriate.

Country risk ranking screenshot

Find out more about Country Risk Ranking

  • Understanding a third party and its associates

Companies can conduct initial due diligence by screening third parties against World-Check, a database of three million profiles related to corruption, exploitation, sanctions, watch lists, fraud, organized crimes and personally exposed persons (PEPs).

  • Conducting due diligence

We offer in-depth due diligence reports on individuals, entities, and their ultimate beneficial owners. Our analysts are trained in proven due diligence techniques to gather hard-to-reach information from open sources, subscription-based services, and public records and documents.

  • Ongoing monitoring

Thomson Reuters Screening Resolution Service provides outsourced screening, remediation and ongoing monitoring in the form of a managed service for clients’ third party risk assessments and onboarding.

SRS image

Find out more about Thomson Reuters Screening Resolution Service

A waiting game

The question remains whether or not the industry will adopt ISO 37001.

McDonald concludes: “An important point to remember is that this is a standard and therefore adherence offers no 100% guarantee against bribery and corruption.

“The industry is divided and whether or not everyone accepts ISO 37001 as useful remains to be seen.

“What it does provide is evidence that an organization has taken reasonable steps to prevent these sorts of risks from entering their business, and this will be taken into consideration in the event of an investigation relating to bribery.”

Third Party Risk banner

Paradise Papers: What could be the impact on your firm? MiFID II: European rules, global repercussions Innovative KYC compliance sculpted in Africa Regulatory reform is no barrier for Asia firms Paradise Papers: What new offshore leak reveals about UBO challenge MiFID II countdown: Will markets be ready? Filling in the LEI gaps for MiFID II advantage How can RegTech ease the risk management burden? Is audit management technology fit for the rapidly changing times? Corporate KYC pain: can the pain be eased?