PACS Standard 7 forms part of GIACC’s Project Anti-Corruption System (PACS), which comprises 15 PACS Standards (see links at foot of this webpage).
Under the procurement controls in PACS Standard 3, the implementation of an anti-corruption management system and appointment of a compliance manager in accordance with PACS Standard 7 is one of the qualification criteria for bidders for Major Project Contracts. (See paragraph 9 of PACS Standard 3).
Under the Anti-Corruption Contractual Commitments specified in PACS Standard 4, the Major Supplier is required to provide contract commitments to the Project Owner that:
The implementation by organisations, in both the public and private sectors, of management procedures designed to prevent corruption by, on behalf of, or against the organisation, is a widely recognised and effective form of corruption prevention. These procedures are designed to prevent, detect and deal with corruption in relation to the core management functions of the organisation, such as employment of personnel, procurement, contract management and financial management. The procedures require leadership from top management, vetting and training of personnel, the implementation of effective policies and procedures in the organisation’s management functions, reporting of corruption, and investigating and dealing with any corruption which occurs.
These procedures are together often referred to as an ‘anti-corruption management system’ or ‘anti-corruption programme’. They are similar in concept to those adopted by an organisation in order to manage its safety, quality, environmental and other risks and requirements.
The only effective way in which to ensure that an organisation has implemented an effective anti-corruption management system is to use a certifiable system and to obtain reputable third party certification of compliance with that system. A certifiable system is one with sufficiently definite requirements that a third party certifier can assess the implementation by an organisation of these requirements, and accordingly issue a certificate of compliance.
Paragraph 2 of PACS Standard 7 therefore recommends the use of one of the following certifiable systems which have been developed and published through international consultation. They include specific anti-corruption management measures of the type referred to in G2 above. They are minimum requirement standards, in that an organisation which seeks to comply with them must comply with all of their requirements.
Third party certification of the anti-corruption management system with either ISO 37001 or the Annex to the Guidance would meet the requirements of PACS Standard 7.
Yes, numerous organisations worldwide provide third party certification of management systems. Thousands of organisations worldwide, in both the public and private sector, have successfully achieved certification to ISO 37001.
Third party certifiers will normally issue a formal certificate of compliance with the relevant management system. This certificate will show the system certified, the organisation certified, the identity of the certifier, any limitations to scope, and the date and validity of the certification. A copy of this certificate can be provided as evidence of certification.
The implementation and certification of an anti-corruption management system incurs management time and cost. Consequently, any requirement to implement and certify such a system must be proportionate to the degree of the corruption risk and the potential loss that could be caused by corruption in relation to the relevant Supplier or Sub-supplier.
The Major Suppliers and Major Sub-suppliers are party to Major Project Contracts and Major Project Sub-Contracts which are of high value. As a result, there is a significant risk of corruption and the potential loss which could be caused by corruption is large. It is therefore reasonable to require these organisations to implement an anti-corruption management system.
In contrast, it is likely to be unreasonable to require Suppliers and Sub-suppliers which have relatively low value Project Contracts or Project Sub-contracts to implement such a system. However, such Suppliers and Sub-suppliers should still be subject to the anti-corruption contract provisions in PACS Standard 4.
PACS Standard 7 does not require the Project Owner to implement an anti-corruption management system because anti-corruption management controls are imposed on the Project Owner in PACS Standard 1. These controls are similar to those in PACS Standard 7 but are more specifically designed to suit the Project Owner’s role in the Project, and its overall responsibility for the anti-corruption management of the Project. The Project Owner’s compliance with the requirements of PACS Standard 1 is monitored by the independent monitor.
An anti-corruption management system implemented by an organisation may apply to all of the organisation’s activities worldwide, or its scope may be limited in some way (e.g. it may apply to only some of an organisation’s locations, business units or activities). Consequently, PACS Standard 7 requires that the scope of the system must be broad enough so as to include the Project. This means that the system should include within its scope the organisation’s business unit(s) which are or may be involved in the Project and to all of their activities in relation to the Project. The certificate provided by the third party certifier will normally state whether the certificate applies to all of the organisation’s business activities worldwide, or whether the scope is limited in any way.
The compliance manager may be full time or part time depending on the size of the Major Project Contract or Major Project Sub-contract, and the extent of work required. The organisation appointing the compliance manager needs to ensure that s/he has sufficient time available to be able to effectively fulfil the compliance responsibilities.
The compliance manager may combine the compliance role with other responsibilities provided that these do not result in a conflict of interest with the manager’s other responsibilities. For example, a manager whose role on a project is to approve work done by sub-suppliers (and who is therefore exposed to bribery risk) cannot also be the compliance manager with a responsibility to ensure that bribery is avoided.
PS 7: Controls for Major Suppliers and Sub-suppliers
Updated on 1st November 2021