Research Topics


The U4 Blog

Learning & events

About Us


How development aid agencies can use the ISO 37001 standard

ISO 37001 is a universal standard designed to help organisations manage and prevent bribery risks. It presents interesting — but contradictory — features for development aid agencies to limit corruption.
Read the associated publication
3 September 2021

ISO 37001 is a universal standard designed to help organisations manage and prevent bribery risks. Yet its structure, costs, and requirements mean development aid agencies are seldom interested in implementing it fully or gaining certification. Despite this, the standard can serve as an inspiration and guide for aid agencies and development projects in key areas.

The universal standard ISO 37001 can be an enormously useful tool for organisations that want to manage corruption and bribery risks. Yet, to date, development aid agencies have shown little interest in ISO 37001 certification. Nor has any donor agency used the standard to manage its own corruption risk management (CRM) processes.

What is ISO 37001 and what added value can it bring to development aid agencies?

Valuable anti-corruption tool

ISO 37001 provides a summary of the best tools available internationally for bribery risk management. It also establishes a framework that organisations can use to comply with national anti-bribery laws. Organisations can apply the standard’s requirements to build an anti-bribery management system (ABMS). Or they can use it as a benchmark to check a system already in place.

ISO 37001’s requirements start by looking at the context of the organisation (its legal environment, its partners, sector specifics etc.). The requirements also consider stakeholders’ views and concerns, as well as providing a corruption risk analysis to establish a ‘reasonable’ and ‘proportionate’ (ISO 2016: 2) ABMS.

The standard then focuses on how the organisation is governed and how it will implement the ABMS. It provides details for planning and support to help the ABMS work in practice. In particular, it focuses on:

  • implementing an appropriate anti-bribery awareness and training programme for all staff,
  • providing adequate internal and external communication on the ABMS, and
  • setting up relevant documentation.

ISO 37001 also explains operational aspects. It considers:

  • due diligence,
  • financial and non-financial controls,
  • specific procedures in cases where partners pose more than a low bribery risk, and
  • measures for reporting.

In addition, the standard outlines appropriate actions when bribery or a violation of the ABMS takes place. Finally, the standard develops requirements to monitor and evaluate the ABMS performance and for its continual improvement.

In this respect, the ISO 37001 standard can be a valuable tool to help organisations uncover and limit the risks of corruption. It can improve the business environment, good governance, and development issues.

Time and budget constraints, governance issues

Yet full implementation of an ABMS based on ISO 37001 and its certification takes time and significant resources. The costs will probably exceed the benefits for most development aid agencies. This is because they will likely already have in place an anti-bribery management system, for which there are no specific requirements for certification. In addition, ISO 37001 requirements may not fit with the sometimes complex governance structures of aid agencies.

Hence, at the project or programme level, the structure of ISO 37001 may disincentivise its use. The way that development projects or programmes are governed can make it difficult for aid agencies to meet ISO 37001 requirements. The requirements could hamper the budget and administrative autonomy that is needed by projects or programmes. What is more, adapting to ISO 37001 requirements would need too many resources, which could put the programmes’ other activities at risk.

Aid organisations that are working in developing countries need ‘quick wins’. They must prioritise their limited resources towards programme activities and achieving project goals. ISO 37001 is not well adapted to these kinds of working conditions, particularly when quick and visible changes are needed.

ISO 37001 is not well adapted to certain working conditions, in particular when quick and visible changes are needed

Meanwhile, development projects or programmes, by their nature, are non-permanent. Hence time constraints can also be an issue. The budget necessary to deploy an ABMS for these programmes is likely to be significant. This means spending in this area will be inefficient if the project is only going to be in place for a limited time.

Other guides and manuals are better adapted to manage corruption risks in these contexts. Examples include the U4 Guide to using corruption measurements and analysis tools for development programming or the U4 Issue on the basics of corruption risk management.

Guidance, benchmarking, and partner support

Despite these limitations, the ISO 37001 standard can still be useful to development aid agencies. For instance, it can provide them with a good reference point to implement or improve an anti-bribery management system at the headquarters level. This might involve a whole system or focus instead on particular aspects of an ABMS.

The standard’s requirements to assess organisational context, its focus on the commitment of senior leaders, and its distribution of responsibilities within the organisation (distinguishing oversight and executive roles) all provide good guidelines to introduce an ABMS. Its planning and operational aspects could also help streamline CRM, encouraging the agency to incorporate ‘reasonable’ and ‘proportionate’ procedures to control corruption risks.

The standard can also be introduced into multi-stakeholder initiatives or public–private partnerships where development aid agencies are involved. For example, GIZ started the project, which allows EU-registered companies to partner with GIZ, with both parties providing funds and expertise. ISO 37001 could be a useful tool to ensure that such partnerships comply with anti-bribery requirements.

The standard can be useful for aid agencies to improve due diligence operations when using cash transfers or core support to NGOs

In addition, the standard could be used by development aid agencies to check the quality of anti-bribery mechanisms for pooled funds, such as the Global Fund, or in blended finance schemes. What is more, cooperation agencies can use the standard as a reference for their third-party due diligence investigations of anti-corruption, assessing corruption risks in their projects, partnerships, and activities. The structure of the standard offers a way to establish a valid checklist on key aspects to consider in this area. This could be useful for development agencies when they use cash transfers or provide core support to non-governmental organisations.

    About the author

    Guillaume Nicaise is a Senior Adviser for the U4 Anti-Corruption Resource Centre at the Chr. Michelsen Institute. He leads U4’s work on corruption risk management and the private sector. He previously worked for the German and Belgian development agencies – GIZ and BTC. He also has work experience from the NATO Parliamentary Assembly and NATO itself, as well as the International Crisis Group. Nicaise completed a PhD on the transfer of good governance norms in Rwanda and Burundi from the Ecole des Hautes Etudes en Sciences Sociales, France.


    All views in this text are the author(s)’, and may differ from the U4 partner agencies’ policies.

    This work is licenced under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International licence (CC BY-NC-ND 4.0)


    bribery, corruption risk assessment, development cooperation, aid