• Governance I Risk I Compliance Management

Financial Firms – Why ISO 37001 ABMS is necessary to this sector?

Why do financial firms need ISO 37001 Anti-Bribery Management Systems? In most European countries today, it can be very costly to be caught breaking bribery laws. Most laws call for stiff fines. The UK ushered in this landscape with the introduction of the UK Bribery Act 2010. Under this ground-breaking law, individuals or businesses may face up to 10 years in prison or unlimited fines. The other EU Member States have also enacted anti-bribery laws with heavy penalties. While their new regulations are not as sweeping and often focus less on business and more on bribing public or government officials, these laws at least put punishments on the books and fall in line with the US Foreign Corrupt Practices Act (FCPA). The French Criminal Code, for example, underwent changes in 2016 with provisions for up to 15 years imprisonment, along with significant financial penalties, for bribery – including among companies. It also requires some businesses to implement compliance measures.

To effectively counter corruption and promote integrity, these rule-based methods should be complemented with measures to stimulate a culture of honesty in banks and financial institutions. These can include codes of conduct, public oaths, building incentives for integrity in remuneration packages and careful management of conflicts of interest. That’s why ABAC® will be hosting a live ISO 37001 training session on the 30th of September exploring the Pitfalls Most Organisations Often Commit – the importance of implementing the Anti-Bribery Management System (ABMS). Being a part of the solution means sharing our knowledge, so society is one step closer to an ethical reality.

Financial services firms involved in scandals across the globe

When Société Générale, a global financial services institution based in France, agreed to pay a combined total penalty of more than $860 million for an alleged bribery and corruption scheme, it served as a warning shot to financial firms worldwide that a culture of enforcement has arrived. Société Générale was accused of paying bribes to officials in Libya and committing violations in manipulating the London InterBank Offered Rate (LIBOR), one of the world’s leading benchmark interest rates. Together with other regulatory penalties faced by the financial services giant, the total amount to be paid exceeds $1 billion. (The United States Department of Justice, 2018)

Bribery and corruption often go together with money laundering – and, as such, the financial sector faces new Anti-Money Laundering (AML) rules and legislation that is strict and increasingly enforced. Remaining in compliance through implementing proper prevention controls is a must. Failing to do so can mean a loss of business, trust and reputation: Banking giant Citibank was fined $70 million in the US for failing to address shortcomings in its anti-money laundering policies. (Reuters, 2018)

In April 2020, the ACFE released the 2020 Report to the Nations, the latest global studies on the costs and effects of occupational fraud (i.e., fraud committed by individuals against the organisations that employ them). The 2020 global study examined 2,504 cases of occupational fraud reported from 125 countries throughout the world. This supplemental report focuses specifically on the 386 cases that occurred in organizations in the banking and financial services industry, providing a deeper view into the ways that these frauds were perpetrated, how they were detected, the demographic characteristics of the victim organizations, the profiles of the perpetrators, and the results of the cases after the frauds were discovered.

In short, the report revealed 85% of fraud, reported cases are from asset misappropriation, 40% due to corruption and 10% from financial statement fraud. Corruption is the most occupational fraud common scheme reported in the banking and financial industry. Read the full report below.

In the US alone, more than 100 bribery investigations were in progress at the end of last year, with the financial services industry facing the most investigations. (Wall Street Journal, 2019) Having layers of safeguards in place is required both from a legal and compliance standpoint. One of the most critical layers is an effective anti-bribery management system (ABMS).

ISO 37001:2016 ABMS to prevent corruption and promote compliance

There is a solution that financial services organisations can implement to take a proactive stance against bribery and corruption: The ISO 37001:2016 Anti-Bribery Management System standard. ISO 37001 ABMS is designed to help global organisations implement an anti-bribery management system (ABMS), as the standard specifies a series of measures required by the organisation to prevent, detect and address bribery, and provides guidance relative to that implementation.

For financial services firms, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act. The UK Bribery Act’s adequate procedures requirement dictates that all companies need to have ongoing monitoring, training, surveillance and risk assessments – ISO 37001 ABMS is designed to fulfil these criteria and more.

ABAC®’s ISO 37001 Certification Services are accredited to offer independent ISO 37001 certification to ensure that an organisation is in compliance with the standard, which is recognised and practised in more than 160 countries worldwide. ABAC® Group’s auditors and analysts work with financial services organisations to develop measures that integrate with existing management processes and controls, and include:

  • Adopting an anti-bribery policy
  • Establishing buy-in and leadership from management
  • Training personnel in charge of overseeing compliance
  • Communicating the policy and program to all personnel and business associates
  • Providing bribery and corruption risk assessments
  • Conducting due diligence on projects, business associates and other third-party affiliations
  • Implementing financial and commercial controls
  • Developing reporting and investigation procedures

Financial services organisations face unique challenges. Among them are maintaining proper internal procedures as they relate to bribery and AML regulations. These measures can be logistically challenging, especially in the auditing process – but keeping accurate books and records is a key provision of the UK Bribery Act. ISO 37001 ABMS standard makes this a key provision in cultivating proper due diligence and reporting procedures.

Another major challenge involves monitoring third-party risk. The due diligence practices and risk assessments implemented through ISO 37001 ABMS are critical in this area. Financial services firms, more than any other sector, must conduct effective vetting and ongoing monitoring of third parties. This goes beyond “on-boarding” and relates to how companies continually assess risk from outside partners – including brokerage firms, introducers, agents, joint-venture relationships, even clients – as borrowers, for example, represent a major risk on the balance sheet.

Some financial services companies do not properly score or assign risk profiles to third-party partners, and this can represent a major weak point in efforts to prevent bribery, corruption and money laundering. Regulators understand this, too. That’s why ISO 37001 ABMS dictates thorough and comprehensive due diligence in regard to all third parties and especially in the case of mergers and acquisitions.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001:2016 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.

Long-lasting benefits of certification

ISO 37001 ABMS provides a strong framework for addressing and isolating risk factors, and the benefits of certification are far-reaching, impacting not just the primary organisation but also influencing contractors, clients, and raising the profile of the company as an ethical entity that is a good trading partner. By achieving ISO 37001:2016 ABMS certification, a financial services firm will:

Ensure that the organisation is implementing a viable anti-bribery management system utilising widely accepted controls and systems.
Assure management, investors, business associates, personnel and other stakeholders that the organisation is actively pursuing internationally recognised and accepted processes to prevent bribery and corruption. If needed, provide acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption.

Cases like Société Générale are not isolated, but more and more, we are seeing companies punished for not taking proper preventative action with a robust anti-bribery management system (ABMS). Financial services firms need to be aware and stay in front of increased anti-bribery and corruption legislation given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Significant media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.

As the ISO 37001 International standard document states, “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to eliminate the risk of bribery. However, (the standard) can help the organisation implement reasonable and proportionate measures designed to prevent, detect and respond to bribery”. With this in mind, It’s important to note that ISO 37001 certification, on its own, is not a “safe harbour” from prosecution should bribery or corruption be discovered. Significantly, ISO certification is, as the above explains, a potential mitigating piece of evidence to regulators or even prosecutors and the courts that the entity has taken meaningful steps in its efforts to prevent bribery and corruption.


It is critical that any financial services organisation have a proper, comprehensive strategy to prevent and detect bribery and corruption, and remain in compliance with all regulations – on the local, regional, and international levels. The ISO 37001 ABMS standard is an established, tried and tested program to address those issues head-on through a comprehensive program of training and certification. The training process is tailored to the organisation while still following the developed curriculum and documented best practices. Due diligence procedures and risk assessments are applied in a thorough, comprehensive manner. Certification requires the demonstration that processes have been implemented effectively, with follow-up evaluations.

Worldwide developments in laws and regulations have demonstrated that there isn’t time to wait to implement controls and compliance procedures – the next investigation and/or prosecution may be too late. The harm caused by bribery and corruption to an entity’s reputation, investments, and business can be far-reaching and long-lasting.

You can learn more at our live session training on the 30th of September (08:00 to 10:00 GMT | 15:00 to 17:00 MYT | 12:00 to 14:00 GST).At the end of the live session you will have obtained a Continuing Professional Development (CPD) certificate and Certificate of Attendance (COA) as well as a complimentary ABMS Awareness Training for two people (per company). Register your place for this live ISO 37001 training session here and find out how to tackle the issue of bribery and corruption in your workplace before it has time to manifest itself into a greater issue. Finance is the greatest asset to the economy after all.

About ABAC® Center of Excellence

ABAC® is an independent certification body powered by CRI Group. ABAC® Center of Excellence offers a complete suite of services and solutions designed to educate, equip & support the world’s leading business organisations with the latest best-in-practice risk & performance assessments, systems improvement & standards certification. ABAC® programs protect your organisation from damaging litigation & safeguard your business in the global marketplace by providing certification & training in internationally recognised ISO standards, such as ISO 37001 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000 Risk Management Systems.

CONTACT US to discuss your anti-bribery, risk and compliance needs.