标准简介
ISO 37001:2016 是反贿赂管理体系的国际标准,为组织预防、检测和应对贿赂行为提供了系统化的管理框架。该标准适用于所有类型的组织,无论规模、行业或地域,涵盖组织自身人员的贿赂行为、代表组织行事的人员的贿赂行为以及组织业务合作伙伴的贿赂行为。ISO 37001 可独立实施,也可与其他管理体系标准(如 ISO 9001、ISO 37301 合规管理体系)整合。
ISO 37001 要求组织进行贿赂风险评估、制定反贿赂政策、建立尽职调查程序、实施财务和非财务控制措施、建立举报机制、开展培训和沟通,以及进行监督和审核。该标准特别强调最高管理层和治理机构的承诺、反贿赂合规职能的独立性和权限、以及对商业伙伴的尽职调查。认证由认可的第三方认证机构进行,有效期为三年,每年进行监督审核。ISO 37001 认证在政府采购、国际开发项目和合规敏感行业(如建筑、能源、国防、金融服务)中越来越被视为组织诚信的证明。
Anti-Bribery Controls
Provides a framework for implementing policies, procedures, and controls to prevent, detect, and respond to bribery within an organization and its business associates.
Bribery Risk Assessment
Requires systematic identification and assessment of bribery risks based on factors including country, sector, transaction type, and business associate relationships.
Regulatory Alignment
Supports compliance with anti-bribery laws such as the US FCPA, UK Bribery Act, and similar legislation worldwide. Certification may serve as evidence of reasonable procedures.
list_alt ABMS Core Elements
- Anti-bribery policy and objectives
- Bribery risk assessment methodology
- Due diligence on business associates and transactions
- Financial and non-financial controls
- Anti-bribery compliance function independence
- Reporting and whistleblowing mechanisms
- Investigation and remediation procedures
- Training, awareness, and communication
Who Needs to Comply?
Any organization — public, private, or not-for-profit — seeking to establish or strengthen anti-bribery controls. Particularly valuable for organizations operating in high-risk sectors or countries, government contractors, and entities subject to the FCPA, UK Bribery Act, or similar laws.
Key Requirements
Anti-Bribery Policy
Top management must establish an anti-bribery policy that prohibits bribery, requires compliance with applicable laws, and is communicated to all personnel and business associates.
Bribery Risk Assessment
Conduct regular assessments to identify, analyze, and evaluate bribery risks. Consider country, sector, transaction, and business relationship risk factors. Prioritize and treat identified risks.
Due Diligence
Apply risk-based due diligence to business associates, personnel, and specific transactions. The extent of due diligence should be proportionate to the assessed bribery risk.
Financial & Non-Financial Controls
Implement controls to manage bribery risk including approval authorities, segregation of duties, gift and hospitality policies, and adequate record-keeping of all transactions.
Anti-Bribery Compliance Function
Appoint an independent anti-bribery function with authority, resources, and direct access to governing body. Responsible for overseeing the ABMS design, implementation, and effectiveness.
Penalties & Enforcement
ISO 37001 is voluntary with no direct penalties for non-certification. However, underlying anti-bribery laws carry severe penalties: FCPA fines up to $2 million per violation for entities and 5 years imprisonment for individuals; UK Bribery Act penalties include unlimited fines and up to 10 years imprisonment.