Compliance requires systems that generate costs – training, risk mapping, due diligence, etc. etc. These costs are necessary for risk management. Can they also contribute to the company’s development? Does the ISO certification process allow you to capitalize on your efforts?
The anti-corruption measures set out in the most recent legislative and regulatory provisions are designed to create the conditions and rules for a global level playing field, in order to guarantee sustainable growth that respects free competition. ISO37001 certification – an anti-corruption management system – responds to the legitimate desire of some companies for a stable, long-lasting framework that can be applied to any type of organization in the future.
But every approach, every commitment, has its detractors. Some will say it’s extra work that adds nothing. Others say that this does not prevent a control. Still others believe that companies that have entered into a remediation process for their anti-corruption program(monitoring) do not need ISO37001 certification. However, once an audit or monitoring has been completed, there is no longer any external evaluation of the anti-corruption system. Vigilance can wane, leading to even more serious consequences than after an initial sanction.
Unlike a law, ISO370001 is a voluntary management system standard with an international scope. It can be used as a self-assessment and certification tool. The certification process must reflect the company’s strong desire and long-term commitment. It ensures that the anti-corruption program is appropriate to each organization’s capabilities, based on its size, human and financial resources, and specific risks. It also measures whether the system is constantly evolving to reflect developments in the organization – new markets, new regulations, reorganizations, mergers/acquisitions, changes in management, etc. It attests to our commitment to continuous improvement. This concern to regularly assess the relevance and deployment of its anti-corruption program is a positive factor in the event of a judicial review or investigation.
The “management system” approach makes it possible to structure and document your program in a way that integrates legislative and regulatory compliance with stakeholder expectations. Regardless of the country in which the organization has its subsidiaries, ISO37001 certification is based on the various applicable laws (those of the head office, the countries of operation, extraterritorial laws, particularly American, sector-specific regulations, rules of ethics for public officials, etc.). The documentation aspect is essential to be able to attest to the measures deployed, particularly in the event of an inspection, investigation or legal inquiry.
An ISO 37001 assessment is a founding act of mobilization within an organization. The fact of “daring to talk about corruption risks” and obtaining this certification is a fundamental step, without being anxiety-provoking, because the organization is not targeting people but risks. Certification allows us to enter a virtuous circle. Employees who are aware that they are working in an environment where probity reigns, will have a more respectful attitude towards their organization. And the employee entrusted with an assignment may feel that it’s because he or she is a trustworthy person, and this is a motivating factor. Involving employees in the anti-corruption program helps to develop their sense of pride. It also enables us to benchmark the system against best practices.
Some public tenders now include ISO37001 certification as a prerequisite for qualification. Certification is also seen as a competitive advantage when it comes to customer referrals, as everyone is required to carry out due diligence on their partners.
It constitutes a tangible element to be communicated to extra-financial analysts. It is interesting to note that some rating agencies and ethical indexes have recently stepped up the development of the anti-corruption section in their evaluation grids in order to meet growing requirements in this area. Similarly, banks, export insurers and other third parties involved in transactions, who are themselves subject to due diligence obligations, regularly ask organizations about the maturity of their anti-corruption systems.
A word of caution, however. How can I be sure of the quality of a certification? ISO37001 certification is an effective tool for raising the profile of an organization among interested parties, provided it is issued by a recognized organization. The certification world is not immune to ethical problems; false certificates or certificates of convenience do exist. It is up to the organization to be extremely vigilant about the reliability and recognition of the certification body it selects. Certain criteria, such as accreditation, specialization in the field of corruption prevention, and the profile and experience of auditors, help to distinguish between certifiers.
To quote “If you think compliance is expensive… try non-compliance“In the words of former US Deputy Attorney General Paul McNulty, a solid certification can be seen as a financial and human investment, the cost of which is minimal given the stakes involved and the image the company can offer its partners and future stakeholders.
Dear users, on 15/06/2022 Internet Explorer will be retiring. To avoid any malfunctioning, we invite you to install another browser, such as Google Chrome, by clicking here, or the one of your choice.
Please check this before contacting us in the event of a problem.