ISO 37001:2016 is an International Standard published from ISO. This is a standard for Anti-Bribery Management Systems. This standard has been designed to assist organizations in implementing and maintaining specific measures which assist them in preventing, detecting and addressing bribery throughout all the processes within and outside of the organization to include all its business activities. This standard ISO 37001 on Anti-bribery management systems—Requirements with guidance for use (ISO 37001). Released in late 2016, ISO 37001 Certification covers establishing, implementing, maintaining, reviewing, and improving an anti-bribery management system, either as a stand-alone initiative by an organization or part of a broader anti-corruption compliance program- a group or Government body, etc.

This definitely includes the following:

  • Bribery activities conducted by the organization
  • Bribery activities conducted against the organization

ISO 37001 can be taken up by and is applicable to any organization of any size and process complexity, across the globe regardless of business activities and industry, and because it is based on Annex SL, this can easily be integrated into an existing management system such as ISO 9001:2015, ISO 14001:2015, ISO 22301, ISO 45001:2018, etc.


Understanding how the standard fits in the regulatory and compliance ecosystem:

The Government body of guidance and standards, including the requirements as laid out in ISO 37001, is to be considered and implemented as appropriate within the context of a company’s specific risk profile. What this means is, that, in the eyes of a regulator or Government, the mere certification against ISO 37001, or adherence to specific guidelines as prescribed therein, is unlikely to provide a strategic compliance “safe harbor” or legal defense to prosecution for violations. The efficacy of the anti-corruption program elements including the certification is actually critical from a regulatory perspective, taking into consideration the Government rules and more specifically, the quality of the information provided, the skill, thoughtfulness, and proactivity of the consultant- Ascent WORLD and the certifying board, and the thoroughness of the review and verification performed. As such, most regulators of Govt bodies assess the facts of how the company implements a compliance program, tailored to its specific anti-bribery risk profile—i.e., the material, not the form of the program—to determine its overall effectiveness.


ISO 37001 does require a risk assessment of an existing compliance program.

ISO 37001 addresses the implementation of anti-bribery management systems, as well a broader fraud and other corruption issues within or involving the organization. Seeking certification or implementing requirements of the standard is viewed as a way of enhancing, the company’s existing anti-corruption compliance programs.

The opportunity—and risks—for companies is to carefully assess and prioritize all of their anti-corruption-related issues, including those which are addressed by the anti-bribery guidelines. Then a thoughtful review and assessment with the help from Ascent WORLD as to how their existing anti-corruption program addresses those risks. These include- in the context of specific regulatory guidance; all internal & external issues within the context; with consideration of non-regulatory guidance and standards; with as few redundancies wherever possible.

After a company completes its 1st review and does an assessment (internal/external) of its existing anti-corruption compliance program, it covers the consideration has been given to both the regulatory and non-regulatory guidance available, no further action may be needed. However, for companies that have less mature anti-corruption programs, ISO 37001 is actually with effective guidance for quickly enhancing the maturity curve without necessarily involving any significant time in going through the regulatory and non-regulatory ecosystem to develop their approach.


Whether seeking ISO 37001 certification or not, these steps are important.

The process of ISO 37001 certification—external assessment or enhancement of a company’s anti-corruption methodology—actually begins with a strong compliance anti-bribery health check, maturity assessment, or risk/opportunity assessment. Such an assessment includes detailed inventory on a wide basis of areas of corruption risk, including government or external touchpoints and risk profiles, broken down by locations and business operations. It also shall include a detailed assessment of what are the internal controls (mitigation or contingency or strategic), business processes, and technology (wherever applicable) supporting the company’s anti-corruption compliance program.

As part of a compliance health check, which can either be done internally (during an internal audit) or externally (during certification audit), organizations must evaluate the presence and quality of other important compliance program elements, including:

  • Accountability and Commitment from Top management and the board, and a clearly communicated tone related to corruption
  • A documented code of conduct and compliance policies and procedures
  • Documented Program resources and autonomy
  • Documented and clarified and understood Employee communication, training, and awareness
  • Documented and aware Incentives and disciplinary measures
  • Due diligence and monitoring procedures- documented and implemented at various levels
  • Confidential reporting (hard copies or email) and internal investigation and response mechanisms (conflict of interest to be taken care of)
  • Monitoring of Continuous improvement, including periodic internal auditing, testing, and control gap analysis and conduct of Management Reviews
  • When mergers and acquisitions, pre-acquisition due diligence and post-acquisition integration
  • Where applicable, the technology used to strengthen anti-corruption compliance programs, including Apps, and tools for detecting any red flags in financial statements and data analytics (AI etc) used to address anti-corruption risk and facilitate risk assessment and monitoring.

Also, the organization needs to implement and document a mature compliance program which is not one that is merely well-designed or even fully implemented—it also should be effective in preventing and detecting and reducing corruption-related misconduct. As noted above, an organization with a mature program must regularly assess the effectiveness of its program and continually improve it over time.

The standard is adjustable enough and can be taken up by a wide range of organizations, including:

  • Large Scale organizations
  • Small & medium scale enterprises (SMEs)
  • Public and private sector type organizations
  • Non-governmental organizations (NGOs) and types

The standard can be implemented and used by any type of organization in any geographical location/country.

Does the Standard require a stand-alone Management System?

  • The measures adopted and as is required by the ISO 37001 standard are designed as such to be combined with the already existing Organizational management processes and controls.
  • It follows the common high-level structure Annex SL for ISO management system standards after Sept 2015, for easy integration with, for example, ISO 9001:2015, ISO 14001:2015, etc.
  • New or improved measures can be integrated into the already existing systems.

What does ISO 37001 address?

  • Bribery by the management of the organization, or by its employees or associates acting on the organization’s behest or for its beneficial purposes.
  • Bribery of the management of the organization, or of its employees or engaging associates who are in relation to the organization’s context or activities.

Does the Standard define bribery?

  • Bribery is defined by law / Government of that particular country, and it varies amongst countries. Therefore the Standard provides a generic definition of bribery, but the actual definition will depend on the laws and location of the organization.
  • The Standard provides generic guidance on what is meant by bribery to help users understand the intention and scope of the Standard.

Ascent WORLD takes pride in assisting and guiding organizations across the globe to implement this ISO 37001:2016 standard to its purpose.

From Ascent WORLD, the implementation technique of ISO 37001 involves:

  • Preparing the Anti-bribery policy
  • Development of the Anti-bribery compliance and control person
  • Doing and completing Risk Assessments
  • Due diligence
  • Identifying and Implementing Control mechanisms
  • Reviewing, Reporting and investigation procedures

Ascent WORLD shall help you with

  • Developing of the Anti-bribery policy
  • Guidance towards Anti-bribery compliance
  • Guidance towards doing Risk assessments
  • Due diligence
  • Developing Prosecution protection
  • Identifying and Implementing Control mechanisms
  • Reviewing, Reporting and investigation procedures
  • Understanding of Bribery of organizational personnel
  • Efficiency and Effectiveness of anti-bribery processes
  • Validation into Demonstrating compliance to relevant legislation such as the Bribery Act 2010 etc.

Ascent WORLD helps organizations to reap in the benefits of ISO 37001 standard and getting certified


Read Latest Blogs

How to find the best ISO Consultant for ISO Certification?

How can my company grow with an ISO Certification?

How to get ISO Certification in new Mumbai, Thane, Pune

close slider

    * Required

    Open chat
    How may I help you?