• Governance I Risk I Compliance Management

For U.S. organisations, ISO 37001 can help prevent bribery and corruption

April 2, 2020


First-world countries are not immune to the worldwide problem of corruption. As a matter of fact, the United States – considered by many as one of the leaders in anti-corruption laws and enforcement – has faced a rash of major corruption scandals over the past 20 years and beyond. In the early 2000s, accounting scandals like Enron and Worldcom rocked the business world and caused major economic losses among investors and other stakeholders. More recently, investigations into alleged violations of the Foreign Corrupt Practices Act (FCPA) often begin with illicit actions taken broad, but are traced back to U.S.-based companies right here at home. Iconic companies like Walmart and Microsoft are among the U.S. organisations that have been involved in large settlements with the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) over bribery and corruption charges. These fines coupled with criminal prosecutions in certain cases have demonstrated the U.S. government’s aggressive stance toward reducing corruption at home and abroad. For this reason, and as a matter of good business practice, U.S. organisations should quickly adopt an internationally recognised set of anti-bribery anti-corruption standards. Foremost among such initiatives is ISO 37001:2016 – Anti-Bribery Management Systems standard, providing a comprehensive approach to mitigating the risk of bribery and corruption. Companies will find that ISO 37001 and its essential elements can be tailored to their organisation, regardless of the organisation size or industry. Among its many features, ISO 37001 promotes implementing an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments, and conducting due diligence on projects and business associates. Implementing financial controls and instituting reporting and investigation procedures are also key within the ISO 37001 framework.


U.S. Losing Ground on Corruption

For those who expect the U.S. to score near the top of the most recent Transparency International Corruption Perceptions Index, the actual result might be surprising. Canada ranks higher, and the U.S. score of 69 marks a two-point drop from the previous year – earning its worst score in eight years. “The US faces a wide range of challenges, from threats to its system of checks and balances, and the ever-increasing influence of special interests in government, to the use of anonymous shell companies by criminals, corrupt individuals and even terrorists, to hide illicit activities.” The Americas as whole do not get a glowing review from TI: “With an average score of 43 for the fourth consecutive year on the Corruption Perceptions Index (CPI), the Americas region fails to make significant progress in the fight against corruption.”

Transparency International’s frank assessment of the U.S.’s standing among other countries and regions in terms of corruption is useful. It helps dispel the notion held by some that bribery, fraud and other malfeasance are primarily “third-world problems” that don’t impact large first-world economies. The fact is, large Western companies that seek to expand into new markets, including underdeveloped regions, are often guilty and liable for the corrupt practices that some employees or contactors might employ to advance that growth. Not only is that a problem in itself for its illegality, and for the damage often inflicted on economies in those areas; but it also creates serious legal and financial peril for companies that are caught and punished for violating the FCPA (as well as other international laws such as the UK Bribery Act).


Bribery Cases Prosecuted in the U.S.

Among the cases involving U.S. companies that were investigated, prosecuted, and/or resolved in 2019, a few stand out as clear warnings that punishment is catching up to those who commit bribery and collusion. Household names like Microsoft and Walmart make the list, as well as smaller organisations and even individuals who faced fines and, in some cases, custodial punishments.

Microsoft was fined $23 million in combined criminal and civil penalties after a subsidiary, Microsoft Hungary, was investigated for a bid-rigging and bribery scheme. The alleged violations lasted from 2013 until “at least 2015,” according to court documents. The action was brought by the U.S. Department of Justice (DOJ) and the SEC for the sale of Microsoft software licenses to Hungarian government agencies. Microsoft Hungary executives and other employees were found to have violated the FCPA by falsely representing large “discounts” in the effort to close deals with resellers. The SEC also found that Microsoft’s subsidiary in Turkey “provided an excessive discount to an unauthorised third party in a licensing transaction for which Microsoft’s records do not reflect any services provided.”

Walmart has been embroiled for more than 10 years in allegations of making corrupt payments to governments and officials around the world, according to an agreement the massive corporation reached with the DOJ and SEC. Walmart agreed to pay $282 million to settle charges that it violated the FCPA in an effort to open new locations in various countries and jurisdictions around the world. In court, Walmart’s Brasilian subsidy pleaded guilty to breaking U.S. federal law. On the whole, allegations include cases in Mexico, China, India and other locations. According to federal investigators, Walmart looked the other way as its subsidiaries on three continents paid millions of dollars, between July 2000 to April 2011, to middlemen in order to help the company obtain permits and other government approvals.

Lesser-known companies also faced scrutiny, and, in some cases, prosecution. Juniper Networks, a California-based cybersecurity firm, was ordered by the SEC to pay more than $11.7 for FCPA violations. According to the SEC investigation, some of the sales employees in Juniper’s Russian subsidiary “secretly agreed with third-party distributors to fund leisure trips for customers, including government officials through the use of off-book accounts.” It is notable that Juniper did not explicitly admit nor deny the SEC’s claims in coming to terms for the settlement – but nevertheless, the company agreed to “cease and desist from committing or causing any violations.”

Some significant DOJ and SEC action targeted individuals. For example, Hawaiian resident Frank James Lyon, 53, was charged and pleaded guilty to conspiracy to violate the anti-bribery provisions of the FCPA, as well as conspiracy to commit federal program fraud, after trying to bribe government officials in the Federal States of Micronesia. Lyon, the owner of a Hawaii- based engineering and consulting company, was sentenced to 30 months in prison followed by three years of supervised release. “According to admissions made as part of his plea agreement, between 2006 and 2016, Lyon and his co-conspirators paid bribes to foreign officials in the Federated States of Micronesia (FSM) and to Hawaii state officials in exchange for those officials’ assisting Lyon’s company in obtaining and retaining contracts valued at more than $10 million. The bribes included, among other things, cash to FSM officials and Hawaii officials, and vehicles, gifts and entertainment for FSM officials.”

The aforementioned cases make clear that U.S. corporations and business leaders are vulnerable to the same bribery and corruption schemes that are often considered endemic in certain other regions of the world. The DOJ, SEC and other regulatory and investigatory bodies are scrutinising transactions and behaviors, and conduct that runs afoul of provisions in the FCPA are likely to be met with prosecution and fines.


ISO 37001:2016 to Combat Bribery & Corruption

Corruption is a worldwide problem. In the U.S., business and government leaders are urging organisations to take action now to reduce their risk exposure. To implement best practices and better protect themselves, organisations have found ISO 37001:2016 Anti-Bribery Management Systems standard. Issued by the International Organisation for Standardization (ISO) in 2016, ISO 37001 helps organisations of all sizes and industries increase and measure their efforts against bribery and corruption. Organisations can use the principles provided by ISO 37001 to implement the highest integrity standards at every level. At its core, ISO 37001 calls for an organisation to establish an anti-bribery policy and appoint a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates. The organisation must also implement robust internal controls, as well as reporting procedures and investigation processes, to help make ISO 37001 truly effective.

ABAC (Anti-Bribery and Anti-Corruption) Center of Excellence Limited was founded by international security firm CRI Group to help organisations of all types and industries implement the highest standards of training and certification. With a team of experts around the world, ABAC Center of Excellence is composed of certified ethics and compliance professionals, financial and corporate investigators, forensic analysts, certified fraud examiners, qualified auditors, and accountants. Through their training and experience in implementing ISO 37001 standards, ABAC Center of Excellence’s agents help clients more effectively prevent bribery and corruption. As an accredited provider of ISO 37001 ABMS, ABAC Center of Excellence provides certification and training for organisations of various types and industries.

There are many elements of a comprehensive anti-bribery anti-corruption system. ISO 37001 lays these out in detailed guidance. The following are just a few of the elements of bribery that are addressed by ISO 37001:

  • Bribery in the public, private and not-for-profit sectors
  • Bribery by the organisation
  • Bribery by the organisation’s personnel acting on the organisation’s behalf or for its benefit
  • Bribery by the organisation’s business associates acting on the organisation’s behalf or for its benefit
  • Bribery of the organisation
  • Bribery of the organisation’s personnel in relation to the organisation’s activities
  • Bribery of the organisation’s business associates in relation to the organisation’s activities
  • Direct and indirect bribery (e.g. a bribe offered or accepted through or by a third party)


Benefits of ISO 37001:2016 Certification

ISO 37001:2016 certification is designed to help protect the organisation, its assets, and shareholders from the effects of bribery and corruption. Because certification must be completed by a qualified, independent third party, it adds a distinct level of credibility to the organisation’s management system and ensures that the organisation is implementing a viable anti-bribery management program using widely accepted controls and systems.

To reduce the risk of bribery and corruption, companies and government organisations can rely on best practices set out by ISO 37001’s standards. The following are some of the ways ISO 37001 helps organisations accomplish this goal:

  • Provides needed tools to prevent bribery and mitigate related risks
  • Helps an organisation create new and better business partnerships with entities that recognise ISO 37001 certified status, including supply chain manufacturing, joint ventures, pending acquisitions and co-marketing alliances
  • Potentially reduces corporate insurance premiums
  • Provides customers, stakeholders, employees and partners with confidence in the entity’s business operations and ethics
  • Provides a competitive edge over non-certified organisations the organisation’s industry or niche
  • Provides acceptable evidence to prosecutors or courts that the organisation has taken reasonable steps to prevent bribery and corruption

ISO 37001 certification should not be considered “legal cover” for all liability issues related to bribery – but it can be a mitigating factor: “Conformity with (ISO 37001) cannot provide assurance that no bribery has occurred or will occur in relation to the organisation, as it is not possible to completely eliminate the risk of bribery,” according to ISO.  ISO 37001 certification can be considered an important piece of evidence, however, demonstrating to regulators, prosecutors, and the courts that the organisation has taken meaningful action to prevent bribery and corruption.


Costs and Timeframes of ISO 37001:2016 Certification

The time and cost of certification depends on the size of the organisation, as well as the state of its existing anti-bribery management system. If it’s very well developed, the process will be shorter and the organisation can showcase it to their stakeholders and third parties. For organisations that don’t already have developed good policies, training and due diligence, the standard provides requirements and guidance on how to achieve it.

Some major corporations are seeking certification. Microsoft, whose prior compliance issues were highlighted earlier in this paper, is reportedly one of them: Microsoft’s Deputy General Counsel, David Howard, wrote that “Microsoft will seek certification from an independent and accredited third party to demonstrate that our anti-bribery program satisfies the requirements of the standard. We hope other companies will do the same.”


Regulators and enforcement bodies in the U.S. have placed a high priority on rooting out fraud and other financial crimes. Bribery and corruption are at, or near, the top of this list. Investigations and prosecutions have increased in recent years and will continue to do so. Against this backdrop, it is critical that U.S.-based companies, corporations and government organisations take action now to reduce their risk profile and be better protected from liability. ISO 37001 is a perfect first step – or, for some, a next step – toward increasing that level of protection.

ISO 37001 ABMS provides the program of training and certification that organisations need for accountability and effectiveness. The training process can be tailored based on the size, type, industry or risk level. Bribery and corruption are not exclusive to the third world or developing economies. They are pervasive in Western countries including the U.S., and they require comprehensive measures to make an impact and lessen their effects. ISO 37001 provides solutions that any organisation can implement – not tomorrow, but today. The positives of decreased risk, decreased liability and better financial protection outweigh any negatives of the minimal investment in cost and effort.


Let’s talk. 

Let us know if you have any questions about ISO 37001 certification, training or other compliance solutions.



“Corruption Perceptions Index 2019,” Transparency International, 2020 <https://www.transparency.org/cpi2019> (accessed 10 Feb. 2020)

“CPI 2019: AMERICAS,” Transparency International, 23 Jan. 2020 <https://www.transparency.org/news/feature/cpi_2019_Americas> (accessed 10 Feb. 2020)

Jaclyn Jaeger, “Microsoft to pay $25M in FCPA case,” Compliance Week, 23 July 2019, <https://www.complianceweek.com/anti-corruption/microsoft-to-pay-25m-in-fcpa-case/27446.article > (accessed 10 Feb. 2020)

Michael Corkery, “A ‘Sorceress’ in Brazil, a ‘Wink’ in India: Walmart Pleads Guilty After a Decade of Bribes,” The New York Times, 20 June 2019, <https://www.nytimes.com/2019/06/20/business/walmart-bribery-settlement.html > (accessed 10 Feb. 2020)

“SEC fines Juniper Networks more than $11.7 million to settle internal control violations,” Reuters, 28 Aug. 2019,< https://www.reuters.com/article/us-usa-sec-fcpa/sec-fines-juniper-networks-more-than-11-7-million-to-settle-internal-control-violations-idUSKCN1VJ2OD > (accessed 11 Feb. 2020).

“U.S. Executive Sentenced to Prison for Role in Conspiracy to Violate Foreign Corrupt Practices Act,” U.S. Department of Justice, 14 May 2019,< https://www.justice.gov/opa/pr/us-executive-sentenced-prison-role-conspiracy-violate-foreign-corrupt-practices-act> (accessed 10 Feb. 2020)

“CRI Group Celebrates 29 Years Moving Towards a Fraud-Free Future,” Fraud Insider, 7 May 7 2019,< http://fraudinsider.com/blog/2019/6/4/cri-group-celebrates-29-years-moving-towards-a-fraud-free-future > (accessed 11 Feb. 2020)

“ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS — REQUIREMENTS WITH GUIDANCE FOR USE”, www.ISO.org, < https://www.iso.org/standard/65034.html > (accessed 5 Aug. 2019)

David Howard, “An update on Microsoft’s approach to compliance,” Microsoft, 7 Mar. 2017, < https://blogs.microsoft.com/on-the-issues/2017/03/07/update-microsofts-approach-compliance/ > (accessed 17 Feb. 2020)