ISO 37301

ISO 37301 is a widely-accepted standard that provides guidance for establishing, developing, implementing, evaluating, maintaining and improving an organisation’s compliance management program. It covers all compliance-related issues, including anti-trust, fraud, misconduct, export control, anti-money laundering, and other unexpected risks which might affect your business.

Previously named ISO 19600, the standard was introduced by the International Organization for Standardisation (ISO) in April 2014, and replaced by ISO/DIS 37301 in 2021. ISO 37301 will establish requirements for implementing a compliance management system, as opposed to ISO 19600 CMS, which only provides recommendations.

Whereas ISO 19600 was a guideline, ISO 37301 is a certification standard

ISO 37301 is a Type A standard and – unlike its predecessor ISO 19600 – is certifiable. That being said, 90% of the new standard is based on ISO 19600:2014. Companies that have previously aligned themselves to this one will not need to make radical changes. And organisations can have their compliance management system verified through an independent third party in the future.

If your organisation performs regular risk assessments, you have probably noticed that corporate compliance consistently ranks as one of the most significant risks. The implementation and certification of a robust compliance program can help you maintain integrity and ensure compliance with all applicable rules and regulations in a systematic, structured and proactive manner.

CMS helps organisations to comply with the legislation that is applicable to them and with the commitments assumed by their stakeholders. They reduce the economic or reputational risks of failing to comply with them and are a fundamental tool for organisations to comply with their corporate social responsibility policies. They undoubtedly help to create a culture of integrity and compliance that fosters sustained success and the survival of the organisation.

Do you seek to benchmark your existing system against international best practices? Certification of your compliance management system by an independent third-party such as ABAC® not only provides assurance to your stakeholders, but it also enables organisations to detect opportunities and to further increase the effectiveness of their CMS.

At the surface, organisations that implement ISO 37301 demonstrate a commitment to company-wide good governance and ethical practices, two core principles that contribute to any business’s overall economic success. But the benefits of implementation go much deeper and include:

• Safeguarding the organisation’s overall reputation
• Verifying the existence of an effective compliance management system
• Reducing the risk of prosecution in legal proceedings
• Strengthening the organisation’s position in international business deals

Additionally, courts in several jurisdictions have previously taken into consideration an organisation’s overall commitment to compliance when determining penalties in corruption-related legal cases. An effective compliance management system provides proof of the organisation’s integrity levels and business values.

• Private organisations: the company at large, a business unit or a subsidiary
• Public organisations: administrations, services, political parties
• Not-for-profit organisations: NGOs, charities, foundations, association

Certification against ISO 37301 demonstrates your organisation’s commitment towards an effective compliance management system and any of its applicable subsections like:

• General compliance
• Anti-bribery
• Sanctions
• AML
• Export control
• Data privacy.

The inclusion of these subsections demonstrates its wide-ranging applications and its potential to revolutionise your overall compliance efforts. However, as with all of ISO’s standards, the requirements are broad enough to allow you to build a system that best suits the needs of your organisation, deciding upon the scope, location, number of people we interview, depth of the audits within the organisation, and which subsections to include.

• Compliance policies and procedures
• Personnel controls and training
• Compliance objectives and planning to achieve them
• Policies regarding reporting, monitoring, investigating and reviewing
• Management, leadership, commitment, and responsibility
• Risk-assessment procedures
• Financial, commercial, and contractual controls
• Corrective action and continual improvement of the CMS

ABAC™ is designed to help develop processes and systems that help your organisation effectively manage compliance risks and foster a system-wide business integrity culture.

1. Safeguard your organisation’s reputation
2. Strengthen your organisation’s position in international business deals
3. Become attuned to new & exiting laws, rules & regulations globally
4. Verify your current compliance management system
5. Correct potential breaches in a swift & effective manner
6. Prove your organisation’s integrity levels & business values
7. Be alerted when the risk of breaching any regulation exists
8. Reduce the risk of prosecution – courts in multiple jurisdictions can consider an organisation’s overall commitment to compliance when determining penalties in corruption-related legal cases

Our fully equipped auditors and analysts work with your team in benchmarking the compliance and anti-bribery management systems in accordance with all international standards. Both certifications help the organisation and its top management, compliance officers, risk managers, internal and external auditors, and all related personnel to work together towards implementing adequate measures to prevent non-compliant behaviour on several key fronts, including:

• Comprehending the scope and context of the compliance management system
• Equipping the organisation’s leadership via management-led controls
• Educating personnel on the importance of compliance
• Furthering compliance as a risk mitigation tool
• Establishing firm compliance objectives
• Building training programs that foster a strong corporate culture of compliance
• Developing effective communications and supporting documentation
• Monitoring the effectiveness of the compliance framework
• Identifying the necessary actions to ensure continuous improvement of the program

The new standard will complement the existing ISO 37001, Anti-bribery management systems – Requirements with guidance for use, which helps organisations combat bribery both in their own operations and throughout their value chains.

This globally recognised standard certifies that an organisation has implemented reasonable and proportionate measures to prevent bribery and corruption. ABMS establishes requirements for areas such as top-level leadership, training, bribery risk assessment, due diligence adequacy, financial and commercial controls, reporting, audit and investigation.

Compliance to both standards presents a unique opportunity for the organisation to firmly state that both anti-bribery and compliance systems are in line with the highest level of international standards. ISO 37001 ABMS is structured to be easily integrated into an existing compliance management system following ISO 19600. Both standards focus on establishing best-practice procedures, controls and measures to identify, detect, prevent and monitor system-wide corruption while demonstrating a strong commitment to compliance. Your business will benefit specially if you are seeking a competitive advantage whilst expanding operations across the globe, attract potential investors, report to current stakeholders and build viable partnerships in the global marketplace.

Furthermore, such integration addresses the marketplace expectations that your organisation has a firm control over the operations of outside suppliers, agents, distributors and other third-party affiliations.

Organisations that are interested in being certified should be preparing themselves now. This preparation should start with the re-structuring of your compliance programme or management system accordingly. ABAC can offer recommendations from our network of talented industry consultants with proven track records.

It’s simple to transfer your certification to ABAC™:

Step 1: Contact us. We’ll discuss your current certification and transfer requirements. Provide us your current certificate and your latest audit report.

Step 2: Once the transfer criteria have been met, a transfer quotation shall be produced.

Step 3: Once the quotation is accepted a Transfer Audit will take place either remotely or onsite.

Step 4: Once the transfer audit is successfully conducted and reviewed by our technical team, we’ll issue you a new ABAC™ certificate.