ISO 37001:2025
Anti-Bribery Management Systems
Introduction
ISO 37001:2025 is the internationally recognised standard for Anti-Bribery Management Systems (ABMS).
It provides a framework for organisations to prevent, detect, and address bribery in their operations and business relationships. The standard outlines best practices for establishing a culture of integrity, implementing anti-bribery controls, and ensuring compliance with anti-corruption laws and regulations.
ISO 37001 applies to organisations of all sizes and sectors, including private companies, public institutions, and non-profits. Certification demonstrates a company’s commitment to ethical business practices, reducing the risk of financial losses, legal penalties, and reputational damage.
ISO 37001 applies to organisations of all sizes and sectors, including private companies, public institutions, and non-profits. Certification demonstrates a company’s commitment to ethical business practices, reducing the risk of financial losses, legal penalties, and reputational damage.
Why ISO 37001 Matters?
Prevention of Bribery and Corruption
The standard establishes a proactive approach to identifying, preventing, and addressing bribery, reducing legal and financial risks.
Enhanced Corporate
Reputation and Trust
Certification demonstrates an organisation’s commitment to ethical business practices, improving trust with clients, investors, regulators, and stakeholders.
Risk Mitigation
and Organisational Resilience
By implementing a structured anti-bribery system, organisations reduce their vulnerability to fraud, financial losses, and reputational damage caused by bribery-related scandals.
Improved Business
Opportunities and Market Access
Many companies and governments require anti-bribery compliance from their suppliers and partners. ISO 37001 certification strengthens credibility and facilitates participation in global business opportunities.
Compliance with Legal
and Regulatory Requirements
Many countries have strict anti-bribery laws, such as the UK Bribery Act and the US Foreign Corrupt Practices Act (FCPA). ISO 37001 certification helps organisations align with these regulations, reducing the risk of legal penalties.
Integration with
Other Management Systems
The standard follows the same High-Level Structure (HLS) as ISO 9001 (Quality Management) and ISO 45001 (Occupational Health & Safety), allowing organisations to integrate anti-bribery measures with existing management frameworks.
Key Requirements of ISO 37001
ISO 37001 establishes a systematic approach to preventing and addressing bribery. The core requirements include:
-
Leadership and Commitment
Senior management must take responsibility for implementing and maintaining an anti-bribery culture within the organisation. This includes defining policies, allocating resources, and ensuring accountability at all levels. -
Training and Awareness
Employees, business partners, and relevant stakeholders must receive regular training on anti-bribery laws, company policies, and ethical decision-making. -
Anti-Bribery Policies and Procedures
Clear anti-bribery policies must be established, communicated, and enforced throughout the organisation. Policies should cover aspects such as gifts, hospitality, donations, facilitation payments, and conflicts of interest. -
Financial and Non-Financial Controls
The standard requires the implementation of robust financial controls, such as segregation of duties, transaction monitoring, and audits, to prevent and detect bribery. Non-financial controls include whistleblower mechanisms, training programmes, and internal reporting procedures. -
Bribery Risk Assessment and Due Diligence
Organisations must conduct risk assessments to identify bribery risks in their operations, supply chains, and business relationships. Due diligence procedures must be applied to business associates, suppliers, and third parties. -
Investigation and Corrective Actions
A structured process must be in place for investigating bribery allegations and taking corrective actions. Organisations must implement disciplinary measures and report violations to relevant authorities when necessary. -
Whistleblower Protection and Reporting Mechanisms
Organisations must establish confidential and secure channels for employees and stakeholders to report suspected bribery incidents without fear of retaliation. -
Monitoring, Auditing, and Continuous Improvement
Regular internal audits, performance reviews, and external assessments must be conducted to evaluate the effectiveness of the anti-bribery management system. The organisation must take corrective actions and continuously improve its compliance measures.
Who Needs ISO 37001?
-
Corporations and Multinational Companies
Preventing bribery in global operations, securing compliance with anti-corruption laws, and protecting corporate reputation. -
Government Agencies and Public Institutions
Enhancing transparency, accountability, and integrity in public sector procurement and operations. -
Financial Institutions and Banks
Preventing money laundering, fraud, and unethical financial practices. -
Construction and Infrastructure Companies
Mitigating bribery risks in large-scale projects, tenders, and government contracts. -
Legal and Consulting Firms
Protecting client interests and ensuring compliance with anti-corruption laws and ethical guidelines. -
NGOs and Non-Profit Organisations
Maintaining donor trust and ensuring ethical financial management in fundraising and project implementation.
Certification Process
To achieve ISO 37001 certification, organisations must follow a structured implementation process:
1
Gap Analysis and Initial Assessment
The organisation evaluates its current anti-bribery practices against ISO 37001 requirements to identify gaps and areas for improvement.
2
Development of Anti-Bribery
Policies and Controls
Policies and Controls
The company establishes documented policies, financial controls, and risk assessment procedures to comply with ISO 37001 guidelines.
3
Implementation
and Employee Training
and Employee Training
Employees and stakeholders receive training on bribery risks, reporting mechanisms, and ethical practices to ensure compliance with anti-bribery policies.
4
Internal Audits
and Management Review
and Management Review
An internal audit is conducted to assess compliance with ISO 37001. Management reviews findings and implements corrective actions as needed.
5
Certification Audit
An independent certification body conducts a two-stage audit. Stage 1 reviews documentation and policies, while Stage 2 assesses practical implementation, risk management effectiveness, and organisational compliance. If all requirements are met, the organisation receives ISO 37001 certification.
6
Ongoing Compliance and Recertification
Certified organisations must undergo regular surveillance audits to maintain compliance. A full recertification audit is required every three years to ensure continued adherence to the standard.