An Interview with Sangwoo Kim, Director of the Korean Foundation for Quality (KFQ), on the global efforts of combating corruption and the responsibility of Korean companies.
TI-Korea: What is the main message that ISO 37001 sends to our society and business?
Sangwoo Kim: ISO 37001 is the first certified standard for social responsibility established by the International Organization for Standardization (ISO). It limits the subject of bribery which is the source of all corruption.
In fact, the international community is working hard to combat corruption – for example with the US Foreign Corrupt Practices Act (US FCPA) in 1977, the 1997 OECD Anti-Bribery Convention, the 2003 United Nations Convention against Corruption and the 2010 UK Bribery Act. The enactment of the international standard ISO 37001 is a fruitful result of all these international efforts. Compliance is no longer a ‘good job’ when companies only voluntarily follow up. It is a requirement of the international society that the Korean society and companies must adhere to.
The recent plunge in the Corruption Perceptions Index (CPI) announced by Transparency International (TI) in January 2017 (link for CPI results in 2016) as well as the recent scandal of former President Park Geun-hye and her longtime friend Choi Soon-sil are both examples showing how corrupt and unfair the Korean society still is. I believe that the enactment of ISO 37001 and the “Improper Solicitation and Graft Act of Korea” (Kim Young-ran Act) are both a good start for creating a cleaner society.
What is a necessary requirement that Korean companies should comply with?
The most important thing is a strong will from the top in order to fight corruption through bribery prevention. No matter how many staff members adopt ISO 37001, if the CEO does not have a willingness to do it, it will only become a nominal system and a mere scrap of paper. Changing the governance structure and creating a compliance manager and a dedicated department which has an independent internal authority can be a starting point. One of the key requirements of ISO 37001 is the assessment of bribery risks. Until now, only a few organizations have established internal anti-bribery processes by evaluating bribery risks. And systematic education and training are also important.
Are Korean companies interested in ISO 37001?
Public sectors which have been evaluated for anti-corruption measures by the Anti-Corruption and Civil Rights Commission of Korea (ACRC) are most interested. We may say that there is also the interest of private companies. I expect that there will be more and more domestic companies being interested in ISO 37001 because the global society has been increasingly demanding. Trading partners ask their Korean partners to adopt adequate compliance systems before starting a business.
What could be the main reason for Korean companies to obtain an ISO 37001 certification?
I may summarize three categories:
One of the common characteristics of anti-corruption laws around the world, such as the FCPA in the United States, the UK Bribery Act, and the Korean Kim Young-ran Act, is the dual liability. When an organization can demonstrate that it has a proper compliance system, the organization can escape responsibility. But it is very difficult for organizations to prove themselves. Therefore, they want to utilize an ISO 37001 certification because third parties evaluate and guarantee it.
And for those companies which have not built up a compliance system yet, it is a good tool to meet the needs of the global society by applying for ISO 37001 because ISO 37001 is best practice created by experts from all over the world.
Finally, companies want to get certification in order to prove the excellence of the organization system they have already had in place and to improve their company image.
What is the biggest challenge in the certification business?
Organizations wishing to introduce certification should recognize that the certificate should not be considered to evade their responsibility but that they have to really operate as an organization’s internalized process. And certification institutions have to keep away from easy certification. In the ISO certification market, the perception that ISO certification is just a matter of money is widely spread, because some certification bodies overissue easy certifications. I believe that ISO 37001 certification should not be treated as an easy process, and certification institutes should not overlook missing key requirements of ISO 37001.
The government should adopt international standards as national standards and drive them to be implemented. When ISO international standards come up, government agencies usually create and operate relevant institutions based on these international standards. But such separate national systems do not recognize global markets and they require a different ISO certification. Therefore, Korean companies should get both a Korean certification and an ISO certification. However, in this case companies have to encounter double tortures. When a separate national system is needed, I think it is necessary that companies which have already been certified by ISO get some benefits – such as an incentive system or partial exemption of national system requirements – in order to assure institutional arrangements compatibility with the ISO certification.
Are there any actions the government or National Assembly should take in order to support compliance management?
Section 8.5, a key requirement of ISO 37001, states that business stakeholders should be required to implement a bribery management system or to implement their own anti-bribery controls. This is a clause which emphasizes the importance of efforts of both sides, not only the company’s side. Also relevant stakeholders have to observe and implement anti-corruption.
In this respect, ISO 37001 is significantly different from other existing ISO management system standards. To meet this requirement, efforts must be made to incorporate ISO 37001 into various related systems. I also believe that efforts should be made to spread the ISO 37001 certification system through these efforts.
The proliferation of the certification system means that organizations which do not have a bribery prevention system can be equipped with a systematic anti-bribery management system by ISO 37001, and this certification process will provide a basis for upgrading the system. For this purpose, the government should strive to spread compliance throughout the country by implementing a positive incentive system, not a negative punishment.
Do you have any further comments regarding ISO 37001?
In fact, I think that the part where ethics are involved is a mainly sad reality. By applying for ISO 37001, I hope that major organizations become the global leading actors. And then I hope that Korea reflects on past faults and upgrades the level of compliance, and that compliance becomes not only the culture of our country but also a best practice within the international community.
Interview by Sang Hak Lee (Board Member of TI-Korea)
is Director of the Advanced Business Division at the Korean Foundation for Quality (KFQ). KFQ was established in 1993 as the first certification body of the Republic of Korea. Their intention was to support industries’ competitiveness. Since then, KFQ has conducted certifications of management systems in all Korean industries at home and abroad, e.g. in the fields of quality, environment, safety, energy, IT and food.