ISO 37001:2016ANTI-BRIBERY MANAGEMENT SYSTEM(ABMS)AN INITIATIVE TO STRENGTHEN THECORPORATE INTEGRITYFAUZIAH SULAIMANSIRIM QAS INTERNATIONAL SDN BHDHOTEL ISTANA, KUALA LUMPUR9-10 JANUARY 2019
OUTLINE1. The Development of ISO 370012. What is ISO 37001?3. ISO 37001 Requirements4. Implementation Journey5. Challenges & Benefits6. The certification process
New Paradigm in Management SystemStandardRisk based thinkingStrategic thinkingSustainable developmentImproved alignment with other managementsystems standards
RISK-BASED APPROACH MSISO 9001 : 2015Quality Management SystemsISO 14001 : 2015Environment Management SystemsISO 45001 : 2018Health & Safety (OH&S) Management SystemsISO 37001 : 2016Anti-Bribery Management SystemsISO 28000 : 2007Supply Chain Security Management SystemsISO 21001 : 2018Education Management SystemsISO 22000 : 2018Food Safety Management SystemsISO 50001 : 2018Energy Management SystemsISO 20000-1 : 2018IT Service Management Part 1ISO 39001 : 2012Road Safety Management SystemsISO 27001 : 2013Information Security Management SystemsISO 55001 : 2014Asset Management SystemsAll management systems supports sustainable development goals
THE ISO HIGH LEVEL STRUCTURE (HLS)ISO 9001:2015ISO 14001:2015ISO 45001:2018ISO 37001:2016ISO/IEC 27001:20130. Introduction0. Introduction0. Introduction0. Introduction0. Introduction1. Scope1. Scope1. Scope1. Scope1. Scope2. Normativereference2. Normativereferences2. Normative reference2. Normativereferences2. Normativereferences3. Terms anddefinitions3. Terms anddefinitions3. Terms and definitions3. Terms anddefinitions3. Terms anddefinitions4. Context of theorganization4. Context of theorganization4. Context of theorganization4. Context of theorganization4. Context of theorganization5. Leadership5. Leadership5. Leadership andworker participation5. Leadership5. Leadership6. Planning6. Planning6. Planning6. Planning6. Planning7. Support7. Support7. Support7. Support7. Support8. Operation8. Operation8. Operation8. Operation8. Operation9. Performanceevaluation9. Performanceevaluation9. Performanceevaluation9. Performanceevaluation9. Performanceevaluation10. Improvement10. Improvement10. Improvement10. Improvement10. Improvement
ISO 19600:2014 COMPLIANCE MANAGEMENT - GUIDELINEThe ISO 19600 standard (December2014) is not certifiable but providesuseful guidelines for a variety ofcompliance needs including antibribery, anti-money laundering,export control. The ISO 37001standard (October 2016) is acertifiable standard, consistent withISO 19600 and dedicated to AntiBribery Management Systems.Values, ethics &beliefsCompliance
CORPORATE INTEGRITY SYSTEM MALAYSIA (CISM) &ISO 37001 REQUIREMENTSCISM1 CODE OF ETHICS & ANTI-BRIBERYPOLICY2 CONFLICT OF INTEREST DETERRENCEPOLICY3 WHISTLEBLOWING POLICY4 REFERAL POLICY5 CORRUPTION RISK MANAGEMENT6 TRAINING ON ETHICS, EDUCATION &COMMUNICATION7 COMPLIANCE PROGRAMME8 ANTI-CORRUPTION PREVENTIONREPORTING9 LEADERSHIP10 CORPORATE SOCIAL RESPONSIBILITYISO 37001An anti-bribery policy, procedures, & controlsTop management leadership, commitment &responsibilityGoverning body OversightAnti-bribery training and awarenessRisk assessmentDue diligence on projects & businessassociatesReporting, monitoring and investigationManagement review, corrective action &continual improvement
10
WHAT IS ISO 37001? It is designed to help an organization establish,implement, maintain, and improve an antibribery compliance programme. It includes a series of measures and controlsthat represent global anti-bribery good practice.11
WHAT IS ISO 37001 ?Helps toReduce bribery risks and demonstrate aculture of integritytransparency, openness andcompliance. cannot provide assurance that no briberywill occur as it is not possible to completelyeliminate the risk of bribery.Conformityto ISO helps organizations implement reasonable37001measures to prevent, detect and respond tobribery.12
WHAT IS ISO 37001?ISO 37001-ABMS : Series ofmeasures to help organisation toPREVENT Which include1. An antibribery policy &objectives2. Appointing aperson(s) to overseeanti-briberycompliance3. Training4. Risk assessments& due diligence onprojects & businessassociates5. Implementingfinancial &commercial controls6. Institutingreporting &investigationproceduresDETECTRESPOND
WHAT DOES ISO 37001 ADDRESS? Bribery by the organization, or by itspersonnel or business associates acting onthe organization’s behalf or for its benefit. Bribery of the organization, or of itspersonnel or business associates in relation tothe organization’s activities.14
WHO CAN USE ISO 37001:2016 ?The standard is flexible and canbe adapted to a wide range oforganizations, including: Large organizations Small & medium sizedenterprises (SMEs) Public and private sectororganizations Non-governmentalorganizations (NGOs)The standard can be used byorganizations in any country.15LargeOrgNGOsISO37001Public/PrivateSMEs
DOES THE STANDARD REQUIRE A STAND-ALONEMANAGEMENT SYSTEM? The measures required by ISO 37001 are designed to be integratedwith existing management processes and controls. It follows the common high-level structure for ISO managementsystem standards, for easy integration with, for example QMS,EMS, OSHMS, EnMS, ISMS, 01:2018OHSAS18001
DOES THE STANDARD DEFINE BRIBERY? Bribery is defined by law which varies between countries.Therefore the Standard provides a generic definition ofbribery, but the actual definition will depend on the lawsapplicable to the organization. The Standard provides guidance on what is meant by briberyto help users understand the intention and scope of theStandard.BRIBERY INVOLVESGIVERValuableitemsGiftsJob offersServicesRECEIVER
The standard does not specifically address Fraud Cartels and other anti-trust/competition offences Money-laundering or Other activities related to corrupt practicesHowever an organization can choose to extend thescope of management system to include suchactivities.18
ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMSREQUIREMENTSWITH GUIDANCE FOR USE
REQUIREMENTS4 Context ofOrganization4.1 Understandingcontext4.2 Stakeholders4.3 Scope ABMS4.4 ABMS4.5 Bribery RiskAssessment5 Leadership6 Planning7 Support8 Operation10Improvement5.1 Leadership &commitment –Governing Body,Top Mgmt.9 Performance& Evaluation6.1 Actions toaddress risks andopportunities7.1 Resources8.1 OperationalPlanning & Control9.1 Monitoring,measurement,analysis &evaluation10.1Nonconformity &corrective action7.2 Competence8.2 Due Diligence7.2.2 EmploymentProcess8.3 FinancialControl7.3 Awareness &training8.4 Non FinancialControl8.5 By Controlledorganization & bybusiness associate8.6 Anti-BriberyCommitment5.2 ABMS Policy(a-i)5.3 Organizationalroles,responsibilitiesand nnex A – A.1 till A. 22ISO 31000 (Risk)ISO 19600 (ComplianceManagement)6.2 ABMSobjectives andplanning7.4Communication7.5 DocumentedInformation8.7 Gift, hospitality,donation8.8 Managinginadequate control8.9 RaisingConcern8.10 Investigating& dealing9.2 Internal Audit9.3 Managementreview –TopMgmt. Review,Governing Body9.4 Anti-BriberyComplianceFunction10.3 Continualimprovement
4 Context of the organization4.1Understanding the organization and its context4.2Understanding the needs and expectation ofstakeholders4.3Determining the scope of the anti-briberymanagement system4.4Anti-bribery management system4.5Bribery risk assessment22
4.1Understanding the organization and its contextThe organization shall determineexternal & internal issuesthat are relevant to its purpose andthat affect its ability to achieve the objectives of itsanti-bribery management system.23
4.1Understanding the organization and its contextThe issues will include (without limitation) Size, structure and delegation decisionmaking authority of the organization Locations and sectors in which theorganization operates or anticipates operating Nature, scale and complexity of theorganization’s activities and operations Organization’s business model24
4.1Understanding the organization and its contextThe issues will include (without limitation) The entities over which the organization hascontrol and entities which exercise control overthe organization The organization’s business associates The nature and extend of interaction which publicofficials Applicable statutory, regulatory, contractual andProfessional obligations and duties25
4.1 SIZE,STRUCTURE,DELEGATED DECISION-MAKING, AUTHORITY OF THE ORGANIZATIONLOCATION & SECTORS, NATURE,SCALE AND COMPLEXITY OF THE ORGANIZATION(please use info from current ISO if any i.e coporate profile,website,annual report)Open
4.2 UNDERSTANDING THE NEEDS AND EXPECTATIONS OF STAKEHOLDERSSTAKEHOLDERSNEED & EXPECTATIONSGOVERNMENT,LOCAL AUTHORITIES,CONCESSIONAIRES,UTILITY PROVIDERSGovernance complianceApplicable laws (Construction & Building By Law)Industrial and workplace relationEnvironmental and safety managementSHAREHOLDERS, JV PARTNERSEfficient operations –sustainable profitabilityLong term growth and stabilityBoard governance sustainabilityEMPLOYEEOrganization’s growth, strategies and performanceEmployees safety and well-beingCapability developmentEmployee performanceCUSTOMERS & CONSUMERSStandards of customer relationsSafety and securityInnovative and trend setting practicesSUPPLIERS, SERVICE PROVIDERS,CONTRACTORS, CONSULTANTFair practicesTransparent tender, procurement processCompliance with law and regulationsCOMMUNITYHealth and safety impactenvironmental impactService deliveryMEDIAOperational issue and financial impactCorporate responsibilityreputationOpen
4.3 (a) DETERMINING THE SCOPE OF THE ANTI-BRIBERY MANAGEMENT SYSTEM(INTERNAL- values, culture , performance & knowledge)Factors that may impact level of integrity and exposure to bribery & vernanceOpenSystemProcess
4.3 (a) DETERMINING THE SCOPE OF THE ANTI-BRIBERY MANAGEMENT SYSTEM(EXTERNAL-legal, technological, competitive, market, cultural, social and economic environments )Factors that may impact level of integrity and exposure to bribery & ironmentalSocialTechnologyOpen
GUIDANCE FOR SAMPLINGINTERNAL ISSUESEXTERNAL ISSUESSTRATEGYoverall performance of the organizationRESOURCEas infrastructure (see ISO 9001:2015, 7.1.3),environment for the operation of theprocesses (see ISO 9001:2015, 7.1.4),organizational knowledge (see ISO9001:2015, 7.1.6);3) human aspects such as competence ofpersons, organizational behavior andculture, relationships with unions;PEOPLEcompetence of persons, organizationalbehavior and culture, relationships withunions;OPERATIONALprocess or production and serviceprovision capabilities, performance of thequality management system, monitoringcustomer satisfactionGOVERNANCErules and procedures for decision makingor organizational structure.ECONOMYmoney exchange rates, economic situation, inflationforecast, credit availability;SOCIALas local unemployment rates, safety perception, educationlevels, public holidays and working daysPOLITICALas political stability, public investments, local infrastructure,international trade agreements;TECHNOLOGYnew sector technology, materials and equipment, patentexpirations, professional code of ethicsMARKETcompetition, including the organization’s market share,similar products or services, market leader trends, customergrowth trends, market stability, supply chain relationships;STATUTORY ®ULATORYaffect the work environment (see ISO 9001:2015, 7.1.4) suchas trade union regulations and regulations related to anindustry;Open
Internal IssuesExternal IssuesBribery and corruption exposures within high riskoperations are not adequately mitigatedIncreasing political influenceEmployees behavior and culture not fully supportthe substantive implementation of requisiteGovernance, Risk and Compliance cultureIncreasing public awareness on the governing anticorruption laws and regulationsAbuse of position, affecting important andstrategic decision makingEconomic slowdown compounded with the risingcost of livingLack of competency/knowledgeThird party agreements are entered into withindividuals/businesses via JV partnership etc whomay have questionable ethicsWeak internal control, lack of enforcementGifts & Entertainment occur throughoutorganization by third parties (suppliers,contractors, counterparts, top management ) mayinfluence decision makingTrust deficit/perception issues/complaint channelLeadership crisisIncreasing imposition of guidelines or adequateprocedures by anti-corruption laws andjurisdictionOpen
4.1 h - LAW REGULATIONS & OTHER REQUIREMENTS MACC Act 2009 (ACT 694) Whistleblower Protection Act 2010 (ACT 711)- Enforcement Agencies :SPRM, JPJ, JIM, PDRM, KASTAM,SSM, SCSIAP( Suruhanjaya Intergriti Agensi Penguatkuasa)Related acts & documents: Private Companies Act 1965 2016 ( Act 777) Securities Commission Act 1993 (Act 498) Corporate Governance 2016 (Code of Conducts / Code ofBusiness Ethics)
4.1 h ACT & RELATED DOCUMENTSGovernment –Pekeliling & Arahan –Arahan Arahan Perbendaharaan Pekeliling Perkhidmatan Bil 3, 1998 –Garispanduanpemberian & penerimaan hadiah di dalam perkhidmatanawam Pekeliling Perkhidmatan Bil 6 Tahun 2013 – PenubuhanUnit Intergriti Di Semua Agensi Awam Peraturan pegawai awam (kelakuan dan tatatertib) 1993
4.1 h ACT & RELATED DOCUMENTSYAB PERDANA MENTERI PekelilingARAHANPerkhidmatanBil 6 Tahun 2011- PindaanNO.1 TAHUN 2014Tapisan Keselamatan Bagi Pegawai Yang DilantikDalam Perkhidmatan AwamManual Pengguna Sistem eVetting
ARAHANYAB PERDANAMENTERI - - NO.1 TAHUN 2014ARAHAN YABPERDANAMENTERINO.1 TAHUN 2014Jun 2014ARAHAN YAB PERDANA MENTERI - NO.1 TAHUN 2018Jun 2018Gerakan Pemantapan Governans, Intergriti dan AntiRasuah Dalam PengurusanPen
ISO 45001 : 2018 Health & Safety (OH&S) Management Systems ISO 37001 : 2016 Anti-Bribery Management Systems ISO 28000 : 2007 Supply Chain Security Management Systems ISO 21001 : 2018 Education Management Systems ISO 22000 : 2018 Food Safety Management Systems ISO 50001 : 2018 Energy Management Systems ISO 20000-1 : 2018 IT Service Management Part 1
ISO 37001 is an anti-bribery management system (ABMS) standard for organizations. It specifies various anti-bribery policies and procedures which an organization should implement to assist it prevent bribery, and identify and deal with any bribery which does occur. It is published by the International Organization for Standardization (ISO .
n ISO 37001 cannot provide absolute assurance that no bribery will occur. But can help establish that organization has implemented reasonable and proportionate anti-bribery measures. n The risk of bribery is reduced and the playing field is levelled for organizations if certification to ISO 37001 is a project pre-qualification requirement.
What is the ISO 37001 Anti-bribery Management Systems standard? –Why was it created? –How is the standard different from the FCPA? –What are its benefits? How does ISO 37001 work? –What is/are its structure, contents, principles and key concepts? How does an organization prepare for an ISO 37001 certification audit?
Anti Bribery Management System (ISO 37001) . An anti-bribery management system (ABMS) designed to introduce an anti bribery culture within an organization and implement appropriate controls, which will in turn increase the chance of detecting bribery and reduce its
ISO 37001: Anti - Bribery Management System ISO BACKGROUND ISO is a globally recognized authority that establishes standards across a wide range of industries. ISO 37001 has been a closely monitored standard throughout it's development and it's publication opens up a new perspective on ABAC compliance:
ISO 37001: THE NEW STANDARD FOR ANTI-BRIBERY MANAGEMENT What is the focus of the standard? The ISO 37001 standard, published in October 2016, is designed to help an organization implement and maintain a proactive anti-bribery system. The standard, which replaced the British Standar
ISO 37001 is designed to help your organization implement an anti-bribery management system or enhance the controls you currently have. It requires implementing a series of measures such as adopting an anti-bribery policy, appointing someone to oversee compliance with that policy, vetting and training employees, undertaking risk
Department of Aliens LAVRIO (Danoukara 3, 195 00 Lavrio) Tel: 22920 25265 Fax: 22920 60419 tmallod.lavriou@astynomia.gr (Monday to Friday, 07:30-14:30) Municipalities of Lavrio Amavissos Kalivia Keratea Koropi Lavrio Markopoulo . 5 Disclaimer Please note that this information is provided as a guide only. Every care has been taken to ensure the accuracy of this information which is not .