UNI EN ISO 37001

What is ISO 37001?

ISO 37001:2016 – Anti-bribery Management Systems is a new standard for creating a system applicable to any type of organization, whether public or private. It outlines the requirements for an anti-corruption management system focused on continuous improvement and requires the adoption of measures to prevent and avoid corruption risks in a reasonable and proportionate manner, depending on the sector of activity, size, and complexity of the organization.

Specifically, these measures include:

• Adoption of an Anti-corruption Policy;
• Involvement of top management;
• Appointment of a Compliance Manager;
• Corruption risk assessment;
• Due diligence on projects and business partners based on identified risks;
• Conducting financial and commercial controls;
• Adoption of procedures for reporting and investigating corruption.

The standard does not overlap with legal tools for preventing corruption risks (such as Corruption Prevention Plans under Law No. 190/2012 or Organizational Models according to Legislative Decree 231), but it aims to better coordinate the organization’s efforts in preventing corruption, effectively and integratively with other business management systems. Additionally, it can serve as a valid reference criterion, recognized internationally, to support evidence of the existence and effectiveness of an Organizational Model for the prevention of corruption offenses under Legislative Decree 231, as already recognized for other similar schemes (OHSAS 18001, ISO 14001).Organizzazione per la prevenzione dei reati di corruzione D.Lgs 231, come già riconosciuto per altri schemi analoghi (OHSAS 18001, ISO 14001).

Key Points

1. Who Can Obtain ISO 37001 Certification?

Any organization (small or large, public, private, or non-governmental) can establish a Management System that meets the requirements of the ISO 37001 standard and apply for ISO 37001 Certification.

Moreover, ISO 37001 is structured according to the High-Level Structure (HLS) framework, making it easily integrable with other management systems that the organization may have already adopted (such as ISO 9001:2015). While the objectives of ISO 37001 are different, its language and methodology are common to other management systems.

2. How to Obtain ISO 37001 Certification

To obtain ISO 37001 Certification, an organization must develop a Management System that complies with the requirements set by the new ISO 37001 Standard.

Building this Management System requires a diverse set of competencies, including:

• Legal expertise related to Legislative Decree 231/2001.
• Expertise in Management Systems and the development of organizational models.
• Risk assessment and risk management skills.

However, possessing these competencies is not enough; they must also be able to work together effectively.

An organization seeking to implement a management system for ISO 37001 must develop the following key areas:

• Definition of a documented anti-corruption policy.
• Establishment of roles and responsibilities for management in anti-corruption matters.
• Development of a Risk Analysis Model to identify business processes and activities most exposed to corruption risks.
• Drafting of an Organizational Model and procedures aimed at preventing corruption offenses identified through risk assessment.
• Training at all organizational levels on anti-bribery topics.
• Implementation of appropriate controls and due diligence in financial, commercial, contractual, and procurement processes.
• Planning a set of reporting, monitoring, auditing, and review activities.
• Management of corrective actions and related investigations aimed at continuous improvement.

Advantages of ISO 37001 Certification

Although an organization cannot completely shield itself from potential disputes or sanctions, obtaining ISO 37001 Certification provides significant benefits. It represents the first truly effective approach to implementing actions that reduce the risk of corruption.

In addition to this general advantage, by certifying ISO 37001 the organization can obtain more specific benefits.
We highlight the most important ones:

• It allows you to claim, in the event of a crime, that your Organization’s crime prevention model was inspired by an international Standard, recognized as “Best Practice”. Consequently, it could be assumed that there could be references to the ISO 37001 standard as a reference Standard of good practice for the purposes of applying Legislative Decree 231/2001 (as occurred for Article 30 of Legislative Decree 81/2008 for crimes in the area of ​​health and safety at work). More clearly, if the Organization demonstrates that it has adopted an Organizational Model for the prevention of corruption certified by a third party, it will be able to benefit from a mitigating effect on the sanctions provided for by Legislative Decree 231/2001.
• From the point of view of the competitiveness of Organizations, the ISO 37001 Certification will increasingly become a distinctive element not only of an “ethical” type, but also of a “substantial” type.  It is in fact very likely that compliance with the ISO 37001 standard will become a distinctive element for participating in and winning tenders and contracts.
• As regards public procurement, the ISO 37001 Certification will facilitate the acquisition of the Legality Rating by the Competition and Market Authority. The same certification will also facilitate the acquisition of the Business Rating  by the National Anti-Corruption Authority.
• From a financial point of view, it will be possible to access the benefits deriving from the Regulation of the Competition and Market Authority on the attribution of the Legality Rating, that is, “of having adopted organizational models for the prevention and fight against corruption” (art. 3 letter G Regulation in bulletin 17/9/2016).