“Unmanageable fraud and corruption” has been identified as one of South Africa’s top risks. Could Exploring the ISO 37001:2016 Anti-Bribery Management System provide a solution?
The 30th African Union Summit, held in Addis Ababa, Ethiopia, earlier this year, revolved around the 2018 theme for the African Union: Winning the fight against corruption: A sustainable path to Africa’s transformation. This was a most fitting “call to action” for the continent.
Since its inception in 1995, Transparency International’s Corruption Index has been keeping track of how the public sectors in countries score on this issue. The index applies a scale of zero to 100, where zero is highly corrupt and 100 is very clean.
For example, the Corruption Perceptions Index, 2017 noted that “the worst performing regions are sub-Saharan Africa (average score 32), as well as Eastern Europe and Central Asia (average score 34)”.
Much closer to home, the Institute of Risk Management South Africa’s (IRMSA’s) Risk Report 2018, fourth edition, ranked “unmanageable fraud and corruption” at number two out of the top-ten risks for the country.
Building a strong platform
Mitigating risks associated with corruption in organisations needs a strong platform to gain traction. The adoption of an anti-bribery management system in accordance with the ISO 37001:2016 Anti-bribery Management Systems – Requirements (with guidance for use) standard, would be appropriate in any organisation.
The good news is that the standard is certifiable and can be incorporated into any organisation’s current management system.
Bribery is defined by the International Organisation for Standardisation (ISO) as “the offering, promising, giving, accepting or soliciting of an advantage (which could be financial or non-financial), directly or indirectly, in violation of applicable law, as an inducement or reward for a person acting, or refraining from acting, in relation to the performance of that person’s duties”.
Like any other ISO standard, leadership commitment and drive are required to implement an anti-bribery management system. This will ensure a risk-based campaign towards due diligence that will eventually support good ethical decision-making. It is important to note that ISO 37001 is based on the ISO High-Level Structure (HLS).
During the implementation of the standard, ISO 37001:2016 will address the following in relation to an organisation’s activities:
• Bribery in the public, private and not-for-profit sectors;
• Bribery of the organisation, or of its personnel, or business associates acting on its behalf or for its benefit;
• Direct and indirect bribery (for instance, a bribe paid or received through, or by, a third party).
Bribery practices should not be seen as the “cost of doing business”. Organisations need to have robust anti-bribery policies and supporting programmes. These should be made known to the relevant stakeholders to enforce wider compliance.
The appointment of key personnel to provide oversight will further strengthen the compliance aspect. The adoption of the ISO 37001 standard, alone, would
not necessarily root out corrupt behaviour. Top management therefore needs to commit to fair conduct that would signify a desirable ethical culture while doing business.
Time and time again, we have seen certain companies colluding to gain competitive advantage over others, thus putting their reputations at risk. An organisation that implements an anti-bribery programme, or management system, represents a profound commitment to continual assessment and improving its ethical behaviour.
This ensures that there is ongoing anti-bribery awareness and assessment of due diligence to ensure bribery risks are continually identified, and strict financial supply chain controls are implemented and reviewed.
It is worth noting that there are several risky situations where bribery might manifest. Whether is it expressed or not, the risk is still there and it is necessary to adopt appropriate control measures. It is critical to put terms and conditions in place that relate to curbing potential bribery practices, for example, use contractual obligations to enforce compliance.
As the saying goes “knowledge is power”. Any organisation looking at entering the market in the aforementioned “most corrupt territories”, identified by Transparency International, needs to be aware of bribery and recognise it as a significant risk.
Ethically minded organisations need to enforce ethical practices. This will further complement enforcement of laws such as the Prevention and Combating of Corrupt Activities Act No. 12 of 2004 in South Africa.
In terms of anti-bribery and corruption, PricewaterhouseCoopers challenges us with the following questions:
• How do we manage our third-party service providers?
• Are we using third parties to help expand into new markets?
• Do we deal with government officials?
• Are we facing business decisions where facilitation payments or bribes are expected?
• Do we do business overseas, or are we considering overseas expansion?
Additional sources such as Corruption and the law in South Africa, A quick reference guide, published by Corruption Watch, and Business principles for countering bribery, published by Transparency International, can provide organisations with additional resources to implement anti-bribery policies.
Time will tell if evidence of adherence to ISO 37001 could become a pre-requisite in procurement requirements. It will be a good yardstick for the supply chain functions, project managers and funders alike. Hence, the requirements of ISO 37001 would be a good platform to include into an organisation’s existing anti-bribery programme.
We have seen from the CPI index of the most corrupt countries, and the IRMSA’s report on South Africa’s risk rankings, that it is important for companies to avoid the scenario of being seen as the most corrupt company!
Companies would be well advised to: “Keep nothing under the table, except your shoes.”