ISO 37001 Anti-Bribery Management System

Building the cornerstone of global compliance competitiveness

The birth of ISO 37001 is closely related to the US Foreign Corrupt Practices Act (FCPA). The FCPA has promoted global awareness of anti bribery by forming multilateral conventions through international organizations. On this basis, the UK released the national standard "Specification for Anti Bribery Management Systems" (BS 10500:2011) and proposed the development of ISO 37001 to ISO in 2013. ISO 37001 was officially released on October 15, 2016, with the aim of helping organizations combat bribery risks within their own businesses and their entire global value chain.

The ISO 37001 anti bribery management system includes the following aspects: 
1. Anti bribery policies and procedures: Organizations should establish clear anti bribery policies and ensure their consistency with international and domestic anti bribery laws. 
2. Leadership commitment and participation: The leadership should play an active role in anti bribery efforts and provide key support and resources. 
3. Risk assessment and management: Organizations should conduct bribery risk assessments to identify potential risks. 
4. Due diligence: Conduct risk assessment and due diligence on projects and business partners. 
5. Financial, procurement, commercial, and contract control: Implement sufficient financial control measures to strengthen control over non-financial aspects such as procurement, operations, and sales. 
6. Anti bribery training: Continuously carry out anti bribery education and training to enhance the anti bribery awareness of all staff. 
7. Reporting, monitoring, investigation, and review: Establish reporting procedures and investigation and handling mechanisms. 
8. Corrective measures and continuous improvement: Take corrective measures for identified problems and continuously improve the management system.

1. Legal risk mitigation 
Meet the legislative requirements of multiple countries (such as Article 7 of China's Anti Unfair Competition Law and the US FCPA), and reduce the risk of criminal penalties and exorbitant fines. 
2. Enhancing Business Competitiveness 
According to a survey by KPMG, 83% of multinational companies list compliance certification as a mandatory indicator for supplier admission in their bidding process. 
3. Optimization of operating costs 
Preventive investment can reduce the cost of crisis management. The Accenture case shows that ISO certified companies save an average of 30% on compliance expenses. 
4. Brand asset appreciation 
Obtain ESG rating points from international rating agencies such as EcoVadis to support green financing and capital market performance. 
5. Accelerated globalization expansion 
Meet multinational compliance requirements through a single certification and shorten the entry cycle for emerging markets. 
6. Driven by cultural transformation 
Establish a culture of zero tolerance and integrity to reduce the risk of moral decline among employees.

（I.） Core materials 
1. System documents: 
Anti bribery policies, manuals, procedural documents (risk assessment, due diligence, reporting mechanisms, etc.). 
2. Operational evidence: 
Bribery Risk Assessment Report; 
Due diligence records of business partners; 
Approval records for gifts/hospitality/donations; 
Financial control records (reimbursement, procurement, etc.); 
Training records (content, attendance, assessment). 
3. Internal audit and management evaluation: 
Internal audit plan, report, and corrective action tracking; 
Management review input/output records and action items. 
4. Compliance certificate: 
List of applicable laws and regulations and compliance evaluation; 
Report processing records (confidential). 
5. Organizational information: 
Business license, organizational chart, and system scope statement. 
Key principles 
Authenticity: The materials must reflect the actual operation and temporary fabrication is strictly prohibited. 
Integrity: Covering all applicable clauses of the standard. 
Continuity: After obtaining certification, the system needs to be maintained and subject to supervision and audit. 
Note: Specific material requirements are subject to the certification body, and it is recommended to communicate and confirm details in advance. 

（II.） Application requirements 
1. Legal entity: an organization registered and operated in accordance with the law. 
2. System establishment: 
We have established anti bribery management system documents (policies, procedures, etc.) that comply with the ISO 37001 standard. 
Clearly define the scope of system coverage (organizational boundaries and activities). 
3. Effective operation: 
System implementation for at least 3 months, covering all applicable departments/locations. 
The top management promises and allocates resources. 
4. Internal audit: Complete system internal audit, report non conformities and corrective measures. 
5. Management review: The top management reviews the performance, compliance, and effectiveness of the system. 
6. No major pending bribery incidents: If an incident occurs, it must be proven that corrective measures have been taken.

The following is a standardized flowchart of the ISO 37001 anti bribery management system certification process (based on internationally recognized certification procedures)

Precautions 
1. Time cycle: 
The first certification process takes about 4-6 months (including the system operation period) 
The rectification of a single non conformance shall not exceed 90 days 
2. Key failure points: 
The file is disconnected from the actual operation 
The top management did not participate in the management review 
Not covering high-risk business partners (such as agents and suppliers) 
3. Certificate maintenance: 
If the supervision review fails, the certificate will be suspended 
Major bribery incidents must be reported to the certification body within 48 hours