How to make compliance and risk management professionals’ jobs easier?

An open letter for Compliance and Risk Management Professionals

Let’s have a frank discussion about your job. Day in and day out, your ongoing challenge is to work diligently to identify, expose and remediate the vast number of potential vulnerabilities both within and outside of your organisation. From training and support to guidance and compliance, yours is a profession that requires many hats, extraordinary knowledge, and a high degree of understanding and patience.

Your job responsibilities are enormous, spanning the spectrum of employee safety; keeping the business protected; safeguarding customers, clients and the environment; complying with local, regional, national and international rules and regulations; preventing and detecting misconduct; and supporting colleagues when they need advice on potential risky or unethical situations. And all the while you’re desperately trying to get management, leadership and stakeholders to buy into maintaining a company-wide mindset that is focused on controlling scenarios that can lead to litigation and legal risks.

The list of responsibilities is a lot to handle and you’re most likely trying to tackle that list armed with a skeleton staff, a restrictive budget and limited resources, while operating in a global business landscape that, simply put, won’t stop changing.

Perhaps that’s why so many individuals in your profession lay awake most nights fretting over everything from new laws and regulations, risks inside the organisation, and preventing and detecting ethical and compliance violations, to figuring out exactly how you’re going to investigate and remediate such violations.

It’s indeed a challenging, stress-filled role you play. And one that sees you endlessly spending time with your colleagues emphasising the vital importance of doing the right thing. Which is one of the reasons why, unfortunately, your noble profession sees such a high degree of corporate burnout.

As a long-time consultant to compliance and risk management professionals worldwide, I can empathise with you when it comes to the daily responsibilities and challenges (and subsequent stress) that accompanies your job. So, if there were a solution that would help reduce or eliminate one of those many stressors, would you be open to considering it?

The solution

I firmly believe that certification to the ISO 37001:2016 Anti-Bribery Management System standard can greatly reduce much of your stress-related to corporate bribery and corruption (especially if yours is a multi-national corporation). Hear me out on this.

The ISO 37001 standard establishes globally accepted best practices principles and guidelines for establishing and maintaining a highly effective Anti-Bribery and Anti-Corruption framework that, if properly implemented, can mitigate the many risks associated with various forms of bribery. It’s the standard to which many global organisations are turning as a means of protecting the company, its reputation, its stakeholders and others from the often devastating impacts of bribery. ISO will review the Standard in future with certain improvements, specifically in-line with acceptance of ISO 37001 in certain regions for an effective measure to prevent corporate corruption with adequate procedures at the first place.

The objective is to present a solution to reduce the burden associated with this single facet of your many corporate responsibilities. If we can address and remedy the cause and effect of bribery within your organisation, then that’s simply one less distraction that will keep you concerned.

Generally speaking, the ISO 37001 standard is designed to help companies prevent, detect and respond to the many forms of bribery while assuring that the company continues to comply with the confusing web of anti-bribery laws and regulations around the world. This dual-purpose tool not only lays out a proper framework for addressing bribery within the organisation, it serves as acceptable proof in many global regions that the company is following established adequate procedures to fight this form of corruption – which could potentially be a lifesaver to the organisation if a costly legal battle were to ever arise.

Certification to the ISO 37001 standard is akin to someone else doing your homework (or in this case, setting up your anti-bribery system) for you. It clearly lays out measurable means for establishing the vital components and structure of an effective anti-bribery management system which includes leadership, training, communications, process, implementation, evaluation and continuous improvement.

Once that framework is followed and the systems and processes are in place and tested, then certification is the natural next step. Certification entails a rigorous external audit and gap analysis of the policies, training and communication requirements associated with the organisation’s anti-bribery management system. It’s conducted by an outside certification body accredited in the standard and utilizes qualified auditors and subject-specific experts specially trained to apply the standard to the organisation’s particular industry sector.

ISO 37001 certification has been gaining both credibility and traction since it was released in 2016 because the certification process goes deeper than the traditional paper-based, check-the-box process. Through a series of audit and gap analysis procedures, certification can adequately define red flag deficiencies that can only help improve upon the organisation’s anti-bribery management system.

The end result is a globally accepted process that provides the oversight needed to fortify a stringent, effective and versatile anti-bribery management system. And because of this rigorous outside-party review, assessment and certification, ISO 37001 meets the adequate procedure requirements of such global legislative statements as Section 7 of the UK Bribery Act and Section 17A of the Malaysian Anti-Corruption Commission Amendment Act.

Arguably one the most important components of ISO 37001 certification is the “Tone from the Top” requirement, which begins, “Top management shall demonstrate leadership and commitment with respect to the anti-bribery management system.” Too often compliance and risk management professionals experience resistance from a boardroom that doesn’t see the return on investment of such certification. Ironically, those are the same management leaders who continually espouse protecting the organisation’s reputation, stakeholders and market share from corruption.

Certification to the standard is designed to safeguard the organisation from criminal liabilities (including those faced by directors and officers), while demonstrating to the world that the organisation has a zero-tolerance for bribery and corruption in its business dealings. Such an ethical statement shouldn’t be taken lightly, as it can greatly impact the company’s bottom line via enhanced reputation and increased market share.

Finally, certification to the ISO 37001 standard demonstrates that the organisation has implemented proper due diligence in working with third-party partners, which has become increasingly important in a pandemic-impacted global business climate. Supply chain partners have become particularly vulnerable to the effects of the pandemic, and that vulnerability can subsequently be devastating to the organisation. Due diligence will red-flag those outside parties that may lack appropriate training, do business in a questionable manner, or use unlawful schemes to gain business. Thus, the certification process provides powerful measures and internal controls to prevent, detect and deter such third-party activity.

It goes without saying that the stress of compliance or risk management professional’s job can be numbing. If you can eliminate a fraction of the stress that comes with the overwhelming responsibilities with which you’re saddled, then perhaps you’ll be able to gain some much-needed peace of mind.

Perhaps a look at ISO 37001 certification can help contribute to that.