The universal standard ISO 37001 can be an enormously useful tool for organisations that want to manage corruption and bribery risks. Yet, to date, development aid agencies have shown little interest in ISO 37001 certification. Nor has any donor agency used the standard to manage its own corruption risk management (CRM) processes.

What is ISO 37001 and what added value can it bring to development aid agencies?

Valuable anti-corruption tool

ISO 37001 provides a summary of the best tools available internationally for bribery risk management. It also establishes a framework that organisations can use to comply with national anti-bribery laws. Organisations can apply the standard’s requirements to build an anti-bribery management system (ABMS). Or they can use it as a benchmark to check a system already in place.

ISO 37001’s requirements start by looking at the context of the organisation (its legal environment, its partners, sector specifics etc.). The requirements also consider stakeholders’ views and concerns, as well as providing a corruption risk analysis to establish a ‘reasonable’ and ‘proportionate’ (ISO 2016: 2) ABMS.

The standard then focuses on how the organisation is governed and how it will implement the ABMS. It provides details for planning and support to help the ABMS work in practice. In particular, it focuses on:

  • implementing an appropriate anti-bribery awareness and training programme for all staff,
  • providing adequate internal and external communication on the ABMS, and
  • setting up relevant documentation.

ISO 37001 also explains operational aspects. It considers:

  1. due diligence,
  2. financial and non-financial controls,
  3. specific procedures in cases where partners pose more than a low bribery risk, and
  4. measures for reporting.

In addition, the standard outlines appropriate actions when bribery or a violation of the ABMS takes place. Finally, the standard develops requirements to monitor and evaluate the ABMS performance and for its continual improvement.

In this respect, the ISO 37001 standard can be a valuable tool to help organisations uncover and limit the risks of corruption. It can improve the business environment, good governance, and development issues.

Time and budget constraints, governance issues

Yet full implementation of an ABMS based on ISO 37001 and its certification takes time and significant resources. The costs will probably exceed the benefits for most development aid agencies. This is because they will likely already have in place an anti-bribery management system, for which there are no specific requirements for certification. In addition, ISO 37001 requirements may not fit with the sometimes complex governance structures of aid agencies.

Hence, at the project or programme level, the structure of ISO 37001 may disincentivise its use. The way that development projects or programmes are governed can make it difficult for aid agencies to meet ISO 37001 requirements. The requirements could hamper the budget and administrative autonomy that is needed by projects or programmes. What is more, adapting to ISO 37001 requirements would need too many resources, which could put the programmes’ other activities at risk.

Aid organisations that are working in developing countries need to document impact. They must prioritise their limited resources towards programme activities and achieving project goals. ISO 37001 is not well adapted to these kinds of working conditions, particularly when quick and visible changes are needed.

Meanwhile, development projects or programmes, by their nature, are non-permanent. Hence time constraints can also be an issue. The budget necessary to deploy an ABMS for these programmes is likely to be significant. This means spending in this area will be inefficient if the project is only going to be in place for a limited time.

Other guides and manuals are better adapted to manage corruption risks in these contexts. Examples include the U4 Guide to using corruption measurements and analysis tools for development programming or the U4 Issue on the basics of corruption risk management.

Guidance, benchmarking, and partner support

Despite these limitations, the ISO 37001 standard can still be useful to development aid agencies. For instance, it can provide them with a good reference point to implement or improve an anti-bribery management system at the headquarters level. This might involve a whole system or focus instead on particular aspects of an ABMS.

The standard’s requirements to assess organisational context, its focus on the commitment of senior leaders, and its distribution of responsibilities within the organisation (distinguishing oversight and executive roles) all provide good guidelines to introduce an ABMS. Its planning and operational aspects could also help streamline CRM, encouraging the agency to incorporate ‘reasonable’ and ‘proportionate’ procedures to control corruption risks.

The standard can also be introduced into multi-stakeholder initiatives or public–private partnerships where development aid agencies are involved. For example, GIZ started the develoPPP.de project, which allows EU-registered companies to partner with GIZ, with both parties providing funds and expertise. ISO 37001 could be a useful tool to ensure that such partnerships comply with anti-bribery requirements.

In addition, the standard could be used by development aid agencies to check the quality of anti-bribery mechanisms for pooled funds, such as the Global Fund, or in blended finance schemes. What is more, cooperation agencies can use the standard as a reference for their third-party due diligence investigations of anti-corruption, assessing corruption risks in their projects, partnerships, and activities. The structure of the standard offers a way to establish a valid checklist on key aspects to consider in this area. This could be useful for development agencies when they use cash transfers or provide core support to non-governmental organisations.