by Seong Uk Han (Director of Deloitte Korea)
A recent estimate by the International Monetary Fund put the annual cost of bribery at approximately 2% (2 trillion US-Dollars) of the global Gross Domestic Product (GDP). Bribery in its nature is one of the most clandestine types of fraud, and countries around the world are strengthening anti-corruption regulations to contain the ensuing social losses (particularly in the corrosion of social trust).
In order to promote social and public trust, recent global anti-bribery regulations have emphasized on transparency, bribery prohibition, and advanced economic activities; and the demand has escalated not only to the public sectors but also to require private sectors to maintain reasonable and proportionate efforts to combat corruption at the corporate level. Moreover, considering the growing inter-state and international cooperation to execute anti-bribery legislations, global corporations must be aware of the anti-bribery laws and policies of the jurisdictions relevant to their businesses.
Since last year, South Korea has also been enhancing anti-bribery regulations by enforcing the “Improper Solicitation and Graft Act of Korea” (Kim Young-ran Act). More recently with the new government’s campaigns to reform deep-rooted corruption (a new investigation committee, discussions to perform investigations on scandalous activities of senior government officers, etc.) as well as the citizen’s heightening hostility towards corruption, companies in Korea should consider corruption as a significant risk.
According to research conducted by Transparency International Korea, however, South Korean firms are particularly deficient in implementing effective anti-corruption programs, which imposes potential risks in expanding their businesses across borders.
In response, there is a considerable demand by Korean firms to establish an effective anti-corruption management system by recognizing the impact of corruption risks to their businesses, determining the gap between its current compliance program and the requirements of ISO 37001, and developing it up to the global level.
What is ISO 37001?
- ISO 37001 is a standard for international anti-bribery management system prepared by the International Organization for Standardization (ISO).
- ISO 37001 reflects international good practices and is applicable across all jurisdictions.
- ISO 37001 specifies the implementation by the organization of policies, procedures, and controls which are reasonable and proportionate to the bribery risks the organization faces.
Annex A provides guidance on implementing the requirements of this International Standard.
However, conformity with ISO 37001 cannot provide assurance that no bribery has occurred or will take place in relation to the organization as it is not possible to completely eliminate the risk of bribery. This International Standard can help the organization implement reasonable and proportionate measures designed to prevent, detect and address bribery.
The scope and procedures of ISO 37001
ISO 37001 adheres to ISO’s High-Level Structure (HLS), designed to provide economic benefits through integration of multiple management systems, and its basic structure utilizes the “Plan, Do, Check, Act” (PDCA) procedure. ISO 37001 includes detailed seven-level criteria, among which several requirements and operation procedures are as follows:
- Chapter 4, ‘Context of the Organization’, lists the understanding of the organization and its structure, as well as the assessment of bribery risks as the key requirements. The chapter goes on to address the strategic procedures to carry out the requirements, which includes understanding the organization’s context and revenue status per division and determining projects with high corruption risks through risk assessments.
- Chapter 5, ‘Leadership’, emphasizes leadership, commitment, and anti-bribery policies as key requirements (which can be demonstrated through the top management’s effort to conform to anti-bribery practices, review the organization’s anti-corruption policies, etc.)
ISO 37001 and the Anti-Corruption & Civil Rights Commission’s (ACRC) corporate anti-corruption guideline
The checklist included in ISO 37001 is mostly in line with the corporate anti-corruption guideline proposed by Korea’s Anti-Corruption & Civil Rights Commission (see guidelines here).