GIACC.PACS 7.LOGO.2021


PACS Standard 7:

Controls for Major Suppliers and Major Sub-suppliers

PACS Standard 7 forms part of GIACC’s Project Anti-Corruption System (PACS), which comprises 15 PACS Standards (see links at foot of this webpage). 

Requirements

  1. Required anti-corruption controls:  Bidders for Major Project Contracts and Major Project Sub-contracts, and Major Suppliers and Major Sub-suppliers, should be required to put in place the following anti-corruption controls in accordance with this PACS Standard:
    1. an anti-corruption management system
    2. a Project compliance manager.
  2. Anti-corruption management system: 
    1. Procurement:  In order to qualify to participate in a procurement process for a Major Project Contract or Major Project Sub-Contract, each bidder should have:
      1. implemented an anti-corruption management system which includes the Project within its scope
      2. obtained certification from a reputable third-party certifier that the system is being effectively implemented
      3. provided evidence of such certification to:
        1. the Project Owner (in the case of procurement of a Major Project Contract)
        2. the Project Owner and the Supplier (in the case of procurement of a Major Project Sub-contract).
    2. During the Project:  Each Major Supplier and Major Sub-supplier which is awarded a Major Project Contract or Major Project Sub-contract should, for the duration of its participation in the Project:
      1. maintain in effect the anti-corruption management system referred to above
      2. obtain annual certification from a reputable third-party certifier that the system is being effectively implemented
      3. provide evidence of such certification to:
        1. the Project Owner (in the case of a Major Project Contract)
        2. the Project Owner and the Supplier (in the case of a Major Project Sub-contract).
    3. The anti-corruption management system implemented should be compliant with at least one of the following systems, or with a system of material equivalence:
      1. ISO 37001 anti-bribery management systems standard 2016 (for public or private sector organisations:
      2. Commonwealth Anti-Corruption Benchmarks 2021: Annex to the Guidance (pages 501-508): (Anti-corruption management system for private sector organisations).
  3. Compliance manager:
    1. Procurement:  Each bidder for a Major Project Contract or Major Project Sub-Contract should appoint an appropriate senior manager who is responsible for ensuring that, for the duration of its participation in the procurement process:
      1. it is properly implementing and obtaining certification of an anti-corruption management system in accordance with paragraph 2 above
      2. it and its personnel are complying with:
        1. all applicable anti-corruption laws and regulations
        2. the anti-corruption management system.
    2. During the Project:  Each Major Supplier and Major Sub-supplier should appoint an appropriate senior manager who is responsible for ensuring that, for the duration of its participation in the Project:
      1. it is properly implementing and obtaining certification of an anti-corruption management system in accordance with paragraph 2 above
      2. it and its personnel are complying with:
        1. all applicable anti-corruption laws and regulations
        2. the anti-corruption management system
        3. their Anti-Corruption Contractual Commitments (PACS Standard 4)
        4. the Project Code of Conduct (PACS Standard 8).

Guidance

G1:  How does PACS make the requirements in this PACS Standard binding and enforceable?

Under the procurement controls in PACS Standard 3, the implementation of an anti-corruption management system and appointment of a compliance manager in accordance with PACS Standard 7 is one of the qualification criteria for bidders for Major Project Contracts.  (See paragraph 9 of PACS Standard 3).

Under the Anti-Corruption Contractual Commitments specified in PACS Standard 4, the Major Supplier is required to provide contract commitments to the Project Owner that:

  • it will implement an anti-corruption management system and appoint a compliance manager for the duration of the Project in accordance with PACS Standard 7 and will impose an equivalent contractual obligation on its Major Sub-suppliers. (See paragraph 3 of PACS Standard 4)
  • it will include criteria equivalent to those in paragraph 9 of PACS Standard 3 as qualification criteria for bidders for its Major Project Sub-contracts.  (See paragraph 3 of PACS Standard 4).  These criteria include the implementation of an anti-corruption management system.

G2:  What is an anti-corruption management system for organisations?

The implementation by organisations, in both the public and private sectors, of management procedures designed to prevent corruption by, on behalf of, or against the organisation, is a widely recognised and effective form of corruption prevention.  These procedures are designed to prevent, detect and deal with corruption in relation to the core management functions of the organisation, such as employment of personnel, procurement, contract management and financial management.  The procedures require leadership from top management, vetting and training of personnel, the implementation of effective policies and procedures in the organisation’s management functions, reporting of corruption, and investigating and dealing with any corruption which occurs.

These procedures are together often referred to as an ‘anti-corruption management system’ or ‘anti-corruption programme’.  They are similar in concept to those adopted by an organisation in order to manage its safety, quality, environmental and other risks and requirements.

G3:  Why should the anti-corruption management system be certifiable?

The only effective way in which to ensure that an organisation has implemented an effective anti-corruption management system is to use a certifiable system and to obtain reputable third party certification of compliance with that system.  A certifiable system is one with sufficiently definite requirements that a third party certifier can assess the implementation by an organisation of these requirements, and accordingly issue a certificate of compliance.

Paragraph 2 of PACS Standard 7 therefore recommends the use of one of the following certifiable systems which have been developed and published through international consultation.  They include specific anti-corruption management measures of the type referred to in G2 above. They are minimum requirement standards, in that an organisation which seeks to comply with them must comply with all of their requirements.

  • ISO 37001: 2016 – Anti-bribery management systems standard: (for both public sector and private sector organisations):  ISO 37001 is an anti-bribery management system standard published in 2016 by the International Organization for Standardization (ISO).  It was developed in consultation with 59 participating and observing countries.  ISO 37001 provides guidance on its implementation, and an associated guidance handbook was published in 2021.  It is an anti-bribery standard rather than a broader anti-corruption standard.  However, the stringency of its anti-bribery requirements should help to give the Project Owner assurance that the Supplier is unlikely to act corruptly.
  • Commonwealth Anti-Corruption Benchmarks 2021: Annex to the Guidance: (Anti-corruption management system for private sector organisations):  The Commonwealth Anti-Corruption Benchmarks were published in 2021 by the Commonwealth Secretariat, GIACC and RICS.  They were developed in consultation with representatives of the African Union, the International Monetary Fund, the United Nations Office on Drugs and Crime, the law ministries and anti-corruption agencies of the 53 Commonwealth countries, and other partner organisations.  The Annex to the Guidance to the Commonwealth Anti-Corruption Benchmarks (pages 501 to 508) contains an anti-corruption management system for private sector organisations.   The requirements of the Annex to the Guidance are simpler and less prescriptive than ISO 37001 but are consistent with the core requirements contained in ISO 37001.  The Annex to the Guidance applies to all corruption and is therefore broader in scope than ISO 37001.

Third party certification of the anti-corruption management system with either ISO 37001 or the Annex to the Guidance would meet the requirements of PACS Standard 7.

G4:  Is it possible to get third party certification of these anti-corruption management systems?

Yes, numerous organisations worldwide provide third party certification of management systems.  Thousands of organisations worldwide, in both the public and private sector, have successfully achieved certification to ISO 37001.

G5:  What evidence of certification is available?

Third party certifiers will normally issue a formal certificate of compliance with the relevant management system.  This certificate will show the system certified, the organisation certified, the identity of the certifier, any limitations to scope, and the date and validity of the certification.  A copy of this certificate can be provided as evidence of certification.

G6:  Why does PACS Standard 7 recommend the implementation of a certified anti-corruption management system only by Major Suppliers and Major Sub-suppliers, and not by all Suppliers and Sub-suppliers?

The implementation and certification of an anti-corruption management system incurs management time and cost.  Consequently, any requirement to implement and certify such a system must be proportionate to the degree of the corruption risk and the potential loss that could be caused by corruption in relation to the relevant Supplier or Sub-supplier. 

The Major Suppliers and Major Sub-suppliers are party to Major Project Contracts and Major Project Sub-Contracts which are of high value.  As a result, there is a significant risk of corruption and the potential loss which could be caused by corruption is large.  It is therefore reasonable to require these organisations to implement an anti-corruption management system.

In contrast, it is likely to be unreasonable to require Suppliers and Sub-suppliers which have relatively low value Project Contracts or Project Sub-contracts to implement such a system.  However, such Suppliers and Sub-suppliers should still be subject to the anti-corruption contract provisions in PACS Standard 4.

G7:  Why does PACS Standard 7 not require the Project Owner to implement an anti-corruption management system?

PACS Standard 7 does not require the Project Owner to implement an anti-corruption management system because anti-corruption management controls are imposed on the Project Owner in PACS Standard 1.  These controls are similar to those in PACS Standard 7 but are more specifically designed to suit the Project Owner’s role in the Project, and its overall responsibility for the anti-corruption management of the Project.  The Project Owner’s compliance with the requirements of PACS Standard 1 is monitored by the independent monitor.

G8:  What does it mean in paragraph 1 of PACS Standard 7 when it states that the anti-corruption management system should “include the Project within its scope”?

An anti-corruption management system implemented by an organisation may apply to all of the organisation’s activities worldwide, or its scope may be limited in some way (e.g. it may apply to only some of an organisation’s locations, business units or activities).  Consequently, PACS Standard 7 requires that the scope of the system must be broad enough so as to include the Project.  This means that the system should include within its scope the organisation’s business unit(s) which are or may be involved in the Project and to all of their activities in relation to the Project.  The certificate provided by the third party certifier will normally state whether the certificate applies to all of the organisation’s business activities worldwide, or whether the scope is limited in any way.

G9:  Does the compliance manager appointed under paragraph 3 of PACS Standard 7 need to be a full time appointment?

The compliance manager may be full time or part time depending on the size of the Major Project Contract or Major Project Sub-contract, and the extent of work required.  The organisation appointing the compliance manager needs to ensure that s/he has sufficient time available to be able to effectively fulfil the compliance responsibilities.

The compliance manager may combine the compliance role with other responsibilities provided that these do not result in a conflict of interest with the manager’s other responsibilities.  For example, a manager whose role on a project is to approve work done by sub-suppliers (and who is therefore exposed to bribery risk) cannot also be the compliance manager with a responsibility to ensure that bribery is avoided. 

Other Resources

Updated on 1st November 2021

© GIACC