The number of people working in the anti-bribery management system compliance function depends on factors such as the size of the organization, the extent of bribery risk the organization faces, and the resultant workload of the function. In a small organization, the anti-bribery compliance function is likely to be one person who is assigned the responsibility on a part-time basis, and who combines this responsibility with other responsibilities. Where the extent of bribery risk and resultant workload justifies it, the anti-bribery compliance function can be one person who is assigned the responsibility on a full-time basis. In large organizations, the function is likely to be staffed by several people. Some organizations can assign responsibility to a committee that embodies a range of relevant expertise. Some organizations can choose to use a third party to undertake some or all of the anti-bribery compliance function, and this is acceptable provided that an appropriate manager within the organization retains overall responsibility for and authority over the anti-bribery compliance function and supervises the services provided by the third party.
The ISO 37001:2016 standard requires that the anti-bribery compliance function be staffed by the person(s) who have the appropriate competence, status, authority, and independence. In this respect:
a) “competence” means that the relevant person(s) has the appropriate education, training or
experience, the personal ability to deal with the requirements of the role, and the capacity to learn about the role and perform it appropriately;
b) “status” means that other people are likely to listen to and respect the opinions of the person
assigned compliance responsibility;
c) “authority” means that the relevant person(s) assigned the compliance responsibility is granted
sufficient powers by the governing body (if any) and top management so as to be able to undertake the compliance responsibilities effectively;
d) “independence” means that the relevant person(s) assigned the compliance responsibility is as far as possible not personally involved in the activities of the organization which are exposed to bribery risk.
This can more easily be achieved where the organization has appointed a person to handle the role full time but is more difficult for a smaller organization that has appointed a person to combine the compliance role with other functions. Where the anti-bribery compliance function is part-time, the role should not be performed by an individual who can be exposed to bribery while performing their primary function. In the case of a very small organization where it can be more difficult to achieve independence, the appropriate person should, to the best of their ability, separate their other responsibilities from their compliance responsibilities so as to be impartial.
It is important that the anti-bribery compliance function has direct access to top management and to the governing body (if any), in order to communicate relevant information. The function should not have to report solely to another manager in the chain who then reports to top management, as this increases the risk that the message given by the anti-bribery compliance function is not fully or clearly received by top management. The anti-bribery compliance function should also have direct communication relating to the governing body (if any), without having to go through top management. This can either be to the fully constituted governing body (e.g. a board of directors or a supervisory council) or can be to a specially delegated committee of the governing body or top management (e.g. an audit or ethics committee).
The primary responsibility of the anti-bribery compliance function is overseeing the design and implementation of the anti-bribery management system. This should not be confused with direct responsibility for the anti-bribery performance of the organization and compliance with applicable anti-bribery laws. Everyone is responsible for conducting themselves in an ethical and compliant manner, including conforming to the requirements of the organization’s anti-bribery management system and anti-bribery laws. It is particularly important that management take the leadership role in achieving compliance in the parts of the organization for which they have responsibility.
Read Latest Blogs