Demonstrating “Adequate Procedures” with ISO 37001 ABMS

March 17, 2021
Demonstrating Adequate Procedures with ISO 37001 ABMS

As the international outcry on bribery and corruption practices continues to tighten its grip around rogue players in the private and public business sectors, global organisations continue to ramp up their efforts to develop effective frameworks to prevent, detect and report bribery and corruption. And by fortifying their anti-bribery management systems, such organisations are further helping their cause as such systems can play a pivotal role in establishing “adequate procedures” as a compliance defence in the event of a bribery accusation. Adequate procedures is a term made popular through the UK Bribery Act of 2010, which poses the potential of a company avoiding liability for failing to prevent bribery if that organisation can demonstrate sound and established policies and procedures that deter individuals (inside and outside of the organisation) from partaking in questionable or corrupt conduct.

A key challenge, though, is that “adequate procedures” takes on different meanings, depending on what country or jurisdiction one may reside.  Further, most enforcement agencies and government authorities offer little guidance that pinpoints what exactly “adequate procedures” means when considered as a possible defence in a legal proceeding. Consider two international legislative provisions that offer “adequate procedures” as a possible legal defence consideration along with the most recent National Anti-Corruption Plan of the Malaysian Government, and discover how a newly adopted international standard can offer multi-national organisations specific guidelines in developing a globally accepted anti-bribery management system that may support most “adequate procedures” defences.

UK Bribery Act of 2010

Under the UK Bribery Act, an “adequate procedures” defence would be considered during an investigation into a corporate failure to prevent bribery.  The Act provides commercial organisations with a defence to liability when commercial organisations can prove and demonstrate that they had in place proper procedures designed to prevent persons associated with them from undertaking bribery-related conduct. Consequently, corporations that are otherwise liable for violating the corporate failure to prevent bribery provision can escape criminal liability from the provision if they can prove that they had in place “adequate procedures” to prevent the relevant illegal conduct from occurring.  This defence is unique in that it contends that corporations are acting in good faith and taking proper precautions throughout the organisation in implementing adequate compliance procedures, and subsequently can avoid being held criminally accountable for the failure to prevent bribery.  This defence is significant in that there is no such defence under the FCPA (see below) or most other foreign anti-bribery laws.

Get industry news delivered to your inbox. Sign up to our newsletter

FCPA (U.S. Dept. of Justice)

While corporate compliance procedures are not considered in the liability phase of the FCPA, they are taken into account during the sentencing phase by the U.S. DOJ relevant to the FCPA.  The United States Sentencing Commission outlines through its Federal Sentencing Guideline Manual six factors — four aggravating and two mitigating — that a sentencing court must consider in determining the appropriate penalty on organisations convicted under the FCPA.  The existence of an effective compliance program is one of the two mitigating factors.  Subsequently, an organisation convicted of FCPA violations can use the existence of an effective compliance program to potentially reduce a penalty against it.

Malaysian National Anti-Corruption Plan 2019-2023

Under Section 17A (3) of the Malaysian Anti-Corruption Commission, if the commercial organisation is found liable under the corporate liability provisions, a person who is the director, controller, officer or partner of the organisation, or a person who is concerned with the organisation’s management affairs at the time of the commission of an offence, is deemed to have committed that offence unless such person can prove that the corrupt act was committed without his consent or connivance and that he exercised due diligence to prevent that commission of the offence as he ought to have exercised with regard to the nature of his function in that capacity and the circumstances.

Hence, there is a need for the company to put in place “adequate procedures” as a defence in case there is proven corruption by the associated individual.  The Malaysian Anti-Corruption Commission MACC has issued guidelines which constitute “adequate procedures.” In the National Anti-Corruption Plan, Tun Dr. Mahathir bin Mohamad, Prime Minister of Malaysia on 29th January 2019 developed initiative number 2.1.3 which seeks “To introduce Anti-Bribery Management System (ABMS)MS ISO 37001 certification in all Government agencies”  within two years (Jan 2019-Dec 2020). The guidelines further state in initiative 6.2.4 “To propose Anti-Bribery Management System (ABMS) MSISO 37001 certification as a requirement for State-Owned Enterprises (SOEs), Company Limited By Guarantee (CLBG) and the private sector to bid for Government contracts”.

In complying with these guidelines and to prove “adequate procedures”, public and private sector organisations should implement the ISO 37001 certification process which would provide proper assurance that the organisation has succeeded in establishing, implementing, maintaining, reviewing and improving its Anti-Bribery Management System.

Demonstrating “Adequate Procedures” through ISO 37001 Certification

ISO 37001 Anti-Bribery Management System is an internationally accepted standard that specifies the procedures by which an organisation should implement in preventing bribery while detecting and reporting any bribery incident that occurs. The standard requires organisations to implement these procedures on a reasonable and proportionate basis according to the type and size of the organisation, and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, the standard can help establish that the organisation has in place reasonable, proportionate and adequate anti-bribery procedures.

ABAC® Center of Excellence Limited is fully accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 certification through a thorough bribery risk assessment and audit covering the entire scope of the standard The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC® Certification team has discovered during the audit. Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC® Certification team will increase the scale of the investigation if they determine that a specific process presents on a higher risk side.  Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.

A separate audit method is a process-based approach where the ABAC® Certification examines the organisation’s processes while considering the interaction between those processes.  Finally, there is a sampling-based audit approach where ABAC® Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.

The audit is extremely thorough in its approach, which results in accredited certification for the scope of the ISO 37001 Anti-Bribery Management System.  Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery. Indeed, from an FCPA perspective, certification may provide tangible evidence that a compliance program was in place at the time of the alleged bribery actions. And from a UK Bribery Act perspective, the certification could provide the company with tangible prima facie evidence presented by an accredited certification body attesting to the establishment and effectiveness of the organisation’s compliance program. Notably, per Section 17A of the Malaysian Anti-Corruption Commission, the Prime Minister’s National Anti-Corruption Plan 2019-2023 has declared ISO 37001 certification a requirement for companies operating in Malaysia.

There is a strong likelihood that ISO 37001 Anti-Bribery Management System will continue to set the pace for a globally recognised “adequate procedures” standard for corporations embroiled in corruption litigation proceedings. But for now, the most powerful “insurance” tool that public and private sector organisations can use in their defence strategy is ISO 37001 ABMS certification.

Prove That Your Business is Ethical with our FREE HEBA (worth USD 45000)

Complete our FREE Highest Ethical Business Assessment (HEBA) & evaluate your current Corporate Compliance Program. Find out if your organisation’s compliance program is in the line with worldwide Compliance, Business Ethics, Anti-Bribery and Anti-Corruption Frameworks. Let ABAC®-Malaysia experts prepare a complimentary gap analysis of your compliance program to evaluate if it meets “adequate procedures” requirements under UK Bribery Act, DOJ’s Evaluation of Corporate Compliance Programs Guidance and Malaysian Anti-Corruption Commission.


About ABAC® Center of Excellence

ABAC® is an independent certification body powered by CRI Group. ABAC® Center of Excellence offers a complete suite of services and solutions designed to educate, equip & support the world’s leading business organisations with the latest best-in-practice risk & performance assessments, systems improvement & standards certification. ABAC® programs protect your organisation from damaging litigation & safeguard your business in the global marketplace by providing certification & training in internationally recognised ISO standards, such as ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management Systems.

CONTACT US to discuss your anti-bribery, risk and compliance needs.