Module 10:  The benefits and requirements of ISO 37001

Requirements: (1) Top management responsibility; (2) Anti-bribery policy

ISO 37001 requires the organisation to implement, in a reasonable and proportionate manner, a series of measures which are designed to help the organisation prevent, detect and deal with bribery.  These measures are referred to as “requirements”, as the organisation must implement them in order to comply with ISO 37001.  The overall management system which these combined requirements result in is referred to as the “Anti-Bribery Management System (ABMS)”. 

The following ten pages summarise the key requirements which must be implemented in order to comply with ISO 37001.  These requirements have been summarised under 20 categories of action.

1.  Top management responsibility

Ensure that the organisation’s top management (i.e. the Board of Directors and Chief Executive) has overall responsibility for the implementation and effectiveness of the ABMS, and provides the appropriate commitment and leadership in this regard.

This top management commitment and leadership needs to be openly and constantly displayed by, for example:

  • ensuring that the organisation avoids work opportunities and business associates which involve an unacceptably high risk of bribery
  • raising the importance of compliance with the ABMS at meetings and in internal communication
  • supporting and encouraging personnel and business associates who comply with the ABMS, and taking appropriate disciplinary and remedial action against personnel and business associates who do not.

2.  Anti-bribery policy

Implement, publish and widely communicate an anti-bribery policy which applies to all of the organisation’s personnel and business associates, and which totally prohibits all bribery in connection with the organisation’s activities, of whatever value, and wherever carried out.

The only permitted exception to this policy would be if a payment has to be made in order to ensure someone’s personal safety.  In this case, the payment must immediately be reported by the relevant person who made the payment to the compliance function.

                            7 of 22

January 2025
© GIACC