ISO 37001

ISO 37001 Anti-bribery management systems - Requirements with guidance for use, is a management system standard published by International Organization for Standardization (ISO) in 2016. As the title suggests, this standard sets out the requirements for the establishment, implementation, operation, maintenance, and continual improvement of an anti-bribery management system (ABMS). It also provides guidance on the actions and approaches organizations can take to adhere to the requirements of this standard.

This management system standard has been developed by ISO Project Committee ISO/PC 278, Anti-bribery management systems. More recently, technical committee ISO/TC 309 Governance of organizations has been created and the maintenance and future development of ISO 37001 will be undertaken by members of this committee.

An anti-bribery management system intends to help organizations in the fight against bribery, by establishing the procedures, policies and controls that help foster a culture of integrity, transparency and compliance.

ISO 37001 is applicable only to bribery, and the ABMS intended to improve the organization's ability to prevent, detect, and respond to bribery and comply with anti-bribery laws and commitments that the organization had adhere to. Furthermore, ISO 37001 does not specifically address fraud, cartels, money-laundering, or other activities related to corrupt practices.

The anti-bribery management system can be stand-alone system or integrated into an already implemented management system such as the Quality Management System ISO 9001. An organization can choose to implement the anti-bribery management system in conjunction with or as part of other systems, such as those relating to the quality, environment and safety.

Background
The standard was developed by ISO technical committee ISO/TC 309, chaired by lawyer Neill Stansbury, and published for the first time on October 15, 2016. The standard was based upon existing guidance from the International Chamber of Commerce, Organization for Economic Co-operation and Development, Transparency International, and other organizations. The standard also incorporated guidance issued by leading international regulators such as the US Department of Justice, US Securities and Exchange Commission, and UK Ministry of Justice.

The standard was adopted by the governments of Singapore and Peru for their anti-bribery management systems, and formed the basis for the "Shenzhen Standard", an official anti-bribery standard published by the city of Shenzhen, China in June 2017. Microsoft and Walmart have also announced intentions to obtain ISO 37001 certification.

Main requirements of the standard
The ISO 37001:2016 adopts the "ISO High Level Structure (HSL)" in 10 main clauses in the following breakdown:

The standard only addresses management systems and is not a comprehensive anti-fraud or anti-corruption standard. It also contains a great deal of subjectivity as many requirements are qualified by terms such as "appropriate" and "reasonable". Therefore, the actual meaning and relevance of ISO 37001 certification is dependent largely upon the thoroughness of the certifying body.
 * 1) Scope
 * 2) Normative references
 * 3) Terms and definitions
 * 4) Context of the organization
 * 5) Leadership
 * 6) Planning
 * 7) Support
 * 8) Operation
 * 9) Performance evaluation
 * 10) Improvement