標準簡介
ISO 37001:2016 是反賄賂管理系統(ABMS)的國際標準。該標準於 2016 年 10 月發布,規定了建立、實施、維護和持續改進預防、偵測和應對賄賂措施的要求。該標準適用於任何組織,無論規模、產業或地點——包括公共機構、民間企業和非營利組織。
此標準要求組織進行賄賂風險評估,實施相應的反賄賂政策和控制措施,對商業合作夥伴和交易建立盡職調查程序,並建立具有通報和檢舉機制的獨立合規監督。ISO 37001 認證表明組織已建立合理的反賄賂程序,可為依據美國《反海外腐敗法》和英國《賄賂法》等法律的抗辯提供支持。修訂版(ISO 37001:2025)已於 2025 年 2 月發布,轉換截止日期為 2027 年 2 月。
Anti-Bribery Controls
Provides a framework for implementing policies, procedures, and controls to prevent, detect, and respond to bribery within an organization and its business associates.
Bribery Risk Assessment
Requires systematic identification and assessment of bribery risks based on factors including country, sector, transaction type, and business associate relationships.
Regulatory Alignment
Supports compliance with anti-bribery laws such as the US FCPA, UK Bribery Act, and similar legislation worldwide. Certification may serve as evidence of reasonable procedures.
list_alt ABMS Core Elements
- Anti-bribery policy and objectives
- Bribery risk assessment methodology
- Due diligence on business associates and transactions
- Financial and non-financial controls
- Anti-bribery compliance function independence
- Reporting and whistleblowing mechanisms
- Investigation and remediation procedures
- Training, awareness, and communication
Who Needs to Comply?
Any organization — public, private, or not-for-profit — seeking to establish or strengthen anti-bribery controls. Particularly valuable for organizations operating in high-risk sectors or countries, government contractors, and entities subject to the FCPA, UK Bribery Act, or similar laws.
Key Requirements
Anti-Bribery Policy
Top management must establish an anti-bribery policy that prohibits bribery, requires compliance with applicable laws, and is communicated to all personnel and business associates.
Bribery Risk Assessment
Conduct regular assessments to identify, analyze, and evaluate bribery risks. Consider country, sector, transaction, and business relationship risk factors. Prioritize and treat identified risks.
Due Diligence
Apply risk-based due diligence to business associates, personnel, and specific transactions. The extent of due diligence should be proportionate to the assessed bribery risk.
Financial & Non-Financial Controls
Implement controls to manage bribery risk including approval authorities, segregation of duties, gift and hospitality policies, and adequate record-keeping of all transactions.
Anti-Bribery Compliance Function
Appoint an independent anti-bribery function with authority, resources, and direct access to governing body. Responsible for overseeing the ABMS design, implementation, and effectiveness.
Penalties & Enforcement
ISO 37001 is voluntary with no direct penalties for non-certification. However, underlying anti-bribery laws carry severe penalties: FCPA fines up to $2 million per violation for entities and 5 years imprisonment for individuals; UK Bribery Act penalties include unlimited fines and up to 10 years imprisonment.