Oil and Energy Companies Look to ISO 37001 for Effective ABMS
In December 2017, the world’s largest builder of offshore rigs agreed to pay $422 million in penalties after entering a guilty plea for bribery charges connected with the Petroleo Brasileiro (Petrobras) scandal. Keppel Offshore & Marine Ltd. made illicit payments to both Petrobras officials and government representatives for more than a decade, between 2001 and 2014 (Reuters, 2017).
The sweeping multimillion-dollar bribery scandal that rocked Petrobras led to numerous investor lawsuits and the downfall of disgraced government officials. It also served as the embodiment of the huge risk of bribery and corruption that confronts the entire oil and energy sector.
Such a scandal is less surprising when one considers the scale of the oil and energy sector. It is a massive portion of the world’s economy, dealing mainly in petroleum – including upstream (exploration, development and production of crude oil or natural gas) and downstream (oil tankers, refiners, retailers and consumers) pipeline. As a raw material, petroleum is used for a number of chemical products, including pharmaceuticals, fertilisers, pesticides, solvents, and plastics.
The need to prospect, discover, and realise oil and energy production in various (and often far-flung) locations lends to the vulnerability to fraud – but geographic considerations aren’t the only risk factors. Perhaps even more impactful is the complexity of business relationships required to operate in the industry – relationships with governments, contractors, regulators, investors/venture partners, equipment suppliers and other parties. Every such interaction and dealing can be considered susceptible to bribery and corruption where cutting corners may be considered profitable or even perceived to be “business as usual.”
Contributing to the risk is the volatile nature of oil and energy prices (along with all levels of the production chain), along with increasing global demand. This drives oil and energy companies to expand into new areas and markets that might carry a higher risk of bribery and corruption, including undeveloped, third-world countries with few controls, lax enforcement, or both. The reality, however, is that when bribery and corruption continues unabated, everyone loses – companies and governments are affected financially, and economic instability is increased.
ISO 37001 Anti-Bribery Management System standard
There is a solution that oil and energy companies can implement to help prevent and detect bribery and corruption: the ISO 37001:2016 Anti-Bribery Management System standard. The standard requires organisations to implement a series of procedures to prevent, detect and address bribery on a reasonable and proportionate basis according to the type and size of the organisation, and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, for organisations in the oil and energy sector that operate across global boundaries, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act.
ABAC® Center of Excellence Limited is accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 ABMS certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit.
Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC® Certification team will increase the scale of the investigation if they determine that a specific process presents on a higher risk side. Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.
A separate audit method is a process-based approach where the ABAC Certification examines the organisation’s processes while considering the interaction between those processes. Finally, there is a sampling-based audit approach where ABAC Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.
The audit is extremely thorough in its approach, which results in an accredited certification for the scope of the ISO 37001 Anti-Bribery Management System. Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery.
Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.
Lessons to learn
In the Keppel Offshore bribery and corruption case, implementing the measures above would have severely mitigated the risk that such a scandal could take root, much less proliferate over 13 years. The certification process involves a number of steps that include on-site audits to reveal any non-conformities – red flag areas that indicate a heightened risk of bribery and corruption. Such an assessment would have uncovered serious problems in Keppel Offshore’s processes, for example, and required corrective action plans to bring the organisation into compliance with its anti-bribery policy.
As corporations like Petrobras and Keppel Offshore have learned, there are deep repercussions for not taking proper preventative action with a robust anti-bribery management system (ABMS). The increase of anti-bribery and corruption legislation cannot be ignored by oil and energy companies, given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Major media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.
By extension, enforcement efforts are also being stepped up. Existing penalties are being applied with more regularities and new ones added with stronger impacts, including imprisonment and large fines – adding to the reputational damage that can occur as a result of bribery and corruption. Laws like the UK Bribery Act are being applied in force across international borders to put teeth in efforts to prevent, detect and punish corrupt corporate behaviour. While ISO 37001:2016 certification does not provide a shield against such enforcement measures, applying its standards can be considered a “good faith measure” for companies facing the consequences of bribery and corruption incurred in the past – and the measures prescribed by ISO 37001:2016 will no doubt have a mitigating effect on risk factors and the scale and scope of future acts of bribery and corruption should they occur.
With so much at stake in terms of money and resources, it should be no surprise that the oil and gas industry is rife with bribery and corruption. In today’s business climate, taking every step possible to prevent and detect bribery and corruption is more than just good business sense: It is essential to ensure a successful future. Implementing a worldwide recognised standard like ISO 37001 is a critical step forward for any organisation in the oil and energy industry.
About ABAC® Center of Excellence
ABAC® is an independent certification body powered by CRI® Group. ABAC® Center of Excellence offers a complete suite of services and solutions designed to educate, equip & support the world’s leading business organisations with the latest best-in-practice risk & performance assessments, systems improvement & standards certification. ABAC® programs protect your organisation from damaging litigation & safeguard your business in the global marketplace by providing certification & training in internationally recognised ISO standards, such as ISO 37001 Anti-Bribery Management Systems, ISO 37301 Compliance Management Systems and ISO 31000 Risk Management Systems.
GET A FREE QUOTE or CONTACT US to discuss your anti-bribery, risk and compliance needs. ABAC® CoE is an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including:
- ISO 31000:2018 Risk Management- Guidelines;
- ISO 37000:2021 Governance of Organisations;
- ISO 37002:2021 Whistleblowing Management System;
- ISO 37301:2021 (formerly ISO 19600) Compliance Management system (CMS);
- Anti-Money Laundering (AML); and
- ISO 37001:2016 Anti-Bribery Management Systems ABMS.
ABAC® offers a complete suite of solutions designed to help organisations mitigate the internal and external risks associated with operating in multi-jurisdiction and multi-cultural environments while assisting in the development of frameworks for strategic compliance programs. ABAC® is accredited by the United Kingdom Accreditation Service (UKAS CB number: 10613) against ISO/IEC 17021-1:2015 Conformity assessment — Requirements for bodies providing audit and Certification of the scheme’s management systems of ISO 37001:2016 Anti-Bribery Management Systems (ABMS). This makes ABAC® Certification the leading accreditated certification body specialising in global anti-bribery and anti-corruption, risk and compliance management system standards. ABAC® experts audit any existing compliance and anti-bribery anti-corruption management systems to assess effectiveness and vulnerabilities while ensuring your organisation complies with Internal Standards, FCPA, UK Bribery Act, Anti-Money Laundering regulations, and all other global, regional and local regulations while maintaining a competitive edge in the world marketplace.
OUR CLIENTS
ABAC® was established as an independent division of CRI® Group to provide training and certification services to businesses seeking to validate or expand their existing compliance frameworks by developing the latest in best-practice anti-corruption, due diligence processes and procedures necessary for pursuing and maintaining global third-party affiliations. ABAC® Center of Excellence offers a complete suite of solutions designed to help organisations mitigate internal and external risks.
Over the past three decades, CRI® Group has emerged as a global leader in corporate investigations and risk management, serving distinguished clients across Europe, Asia Pacific, South Asia, the Middle East, North Africa, North and South America. CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with an organisation.
If you are seeking to validate or expand your existing compliance frameworks to maintain a competitive edge in the world marketplace, ABAC® can help you. Our experts audit your existing compliance and anti-bribery anti-corruption management systems to assess effectiveness and vulnerabilities while ensuring your organisation complies with Internal Standards, FCPA rules, UK Bribery Act laws, Anti-Money Laundering regulations, and all other global, regional and local regulations.
[…] in every industry, for example, financial services, pharma, healthcare, and life sciences, and oil and gas. I am very happy to know that multi-national organisation [such as IntelliSoft] are increasingly […]