1 Anti-bribery approach
1.1 History
History, consequences, evolution, briberies
Those who fulfill some function towards the city must fulfill it without receiving any gift. Plato
Corruption has been known since antiquity.
Corruption is a broader term for misconduct in the workplace. There are many types of corruption in business, and bribery is a form of it.
Bribery is a global scourge, as evidenced by the 2016 European Parliament study which confirms that the annual cost of corruption represents nearly 5% of world GDP (gross domestic product).
The consequences of bribery are always harmful. Some examples:
- criminal prosecution
- bad reputation
- significant fine
- unfair competition
- worsened poverty
- barrier to investment
- unequal distribution of wealth
- increased cost of products and services
- uncertainty in commercial transactions
- obstruction of the fair functioning of markets
According to Transparency International, the list of the ten most corrupt heads of state is led by Mohamed Suharto, who allegedly embezzled between 15 and 35 billion dollars.
The Corruption Perceptions Index (CPI) published in 2021 by Transparency International covers 180 countries and territories. According to this study, the most corrupt country is Somalia (180th place). The least corrupt is New Zealand. France is ranked 22nd.
FCPA (Foreign Corrupt Practices Act) is passed in 1977. It is a US federal law with enormous extraterritorial power to fight against the corruption of foreign officials wanting to gain a commercial advantage.
The forty recommendations of the FATF (Financial Action Task Force on Money Laundering) date from 1989.
French law n° 93-122 of January 29, 1993 relates to the prevention of corruption and the transparency of economic life and public procedures.
The World Bank's anti-corruption plan (Fighting the Cancer of Corruption) dates back to 1996.
The ICC (International Chamber of Commerce) Rules of Conduct for Combating Extortion and Bribery were published in 1997 and have since been revised.
The first edition of the SA8000 standard (Social Responsibility) was published in 1997.
The Twenty Guiding Principles for the Fight against Corruption (Resolution (97) 24) were drawn up by GRECO (Group of States against Corruption) in 1997.
The OECD (Organisation for Economic Co-operation and Development) Convention against Bribery of Foreign Public Officials was signed in 1997.
Two GRECO conventions appeared in 1999:
The Convention on Combating Bribery of Foreign Public Officials in International Business Transactions of OECD Member Countries came into force in 1999.
The Recommendation on codes of conduct for public officials (Recommendation No. R (2000) 10) of GRECO dates from 2000.
The Recommendation on common rules against corruption in the financing of political parties and electoral campaigns (Recommendation Rec(2003)4) of GRECO was published in 2003.
GRECO's Additional Protocol to the Criminal Law Convention on Corruption (ETS 191) appeared in 2003.
The Global Compact, a voluntary framework for corporate social responsibility, included a 10th principle against corruption (“Companies are encouraged to act against corruption in all its forms, including extortion and bribery. “), UN, 2004, cf. § 7.3.
In 2004 the UN adopted the United Nations Convention against Corruption.
The anti-corruption principles of the PACI (Partnership Against Corruption Initiative) date from 2004.
Law no. 2007-1598 on the fight against corruption was adopted in 2007.
The ISO 26000 standard (Guidance on social responsibility) was published in 2010.
The adoption in 2011 of the British standard BS 10500 Anti-bribery management system served as the basis for the creation and publication of the standard ISO 37001 (Anti-bribery management systems — Requirements with guidance for use) in 2016.
The law of December 9, 2016 known as "Sapin 2", relating to transparency, the fight against corruption and the modernization of economic life obliges companies with more than 500 employees and a turnover of more than 100 million euros to fight corruption.
The Opinion on the recommendations of the French Anti-Corruption Agency to prevent and detect acts of corruption, influence peddling, misappropriation, illegal taking of interests, embezzlement of public funds and favoritism is published in the Official Journal, 01/12/2021.
The second edition (version) of ISO 37001 was published in February 2025.
Main changes:
- in the Foreword, for the first time, different licensing agreements are introduced and use restrictions are reinforced
- stakeholder confidence is enhanced through global compliance (ISO 37301 - compliance management)
- climate change is part of sub-clause 4.1
- leadership is empowered to act ethically and responsibly
- new sub-clause 5.1.3 is dedicated to anti-bribery culture
- new sub-clause 6.3 is about planning of changes
- establishment of criteria and requirements for the identification and evaluation of internal and external conflicts of interest (ISO/DIS 37009:2025 - conflicts of interest)
- anti-bribery function is clarified (compliance is withdrawn)
- latest harmonized structure is introduced (i.e. continual improvement is now sub-clause 10.1)
- in most places documented information shall be available instead of retained
A company operating internationally is often exposed to the laws of several countries.
Briberyabuse of power for personal gain can take various forms. Some examples of briberyabuse of power for personal gain risklikelihood of occurrence of a threat or an opportunity (see also ISO Guide 73, 1.1) situations:
- envelope (under the table)
- gift:
- show ticket
- sporting event ticket
- alcohol
- perfume
- tourist trip (presented as a business trip)
- disguised payment:
- bill (too high)
- consultant fees (not essential)
- third party commission (not required)
- facilitating payment:
- exit from customs (express)
- obtaining a visa or permit (express)
- hospitality:
- free tourist visit
- hotel offered
- invitation to a social reception
- job offer:
- hire a parent (without competition)
- hire a friend (and receive a favor)
- free service in exchange for tempting promise
- travel expenses (excessive)
- donation (included in the contract)
- free tuition
- acceptance of poor quality products for personal gain
- over-invoicing (liquidation of a stock of obsolete goods at market price with the help of an accomplice)
- attempts to circumvent recourse to a call for tenders (favor a single supplier)
- calls for tenders that do not take into account the technical competence of the candidates
- unnecessary purchases
- ambiguous specifications
- successive orders from the same supplier without a call for tenders
- call for tenders with unrealistic deadline (too short)
The causes of briberyabuse of power for personal gain are many and varied:
- general poor governance
- lack of anti-bribery policy
- poorly respected institutions
- low wages (poverty)
- reduced administrative culture
- concealed conflict of interest
Some myths related to briberyabuse of power for personal gain:
- it's not me, it's the other – bribery always involves two guilty actors: the one who offers and the one who receives (active and passive bribery)
- bribery is a victimless crime, it is just a lubricant to grease the wheels – bribery undermines trust, it can destroy a reputation, a career, a life
- bribery is part of life – bribery can be avoided, in most countries of the world it is a criminal offens
1.2 Benefits
Benefit examples, factors
The value of the company derives from its performance, and its profits are the consequence of our long-term vision. Bernard Arnault
The ISO 37001 standard (Anti-bribery management systems – Requirements with guidance for use) is generic as it can be applied to the management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) of any company, without limitations on size, activity or type. It is a voluntary international standard which allows certification by accredited bodies.
The purpose of the third-party auditsystematic and independent survey to determine whether activities and results comply with pre-established measures and are capable of achieving the objectives (see also ISO 19011, 3.1) (by a certification body) is to verify whether the requirements of the ISO 37001 standard are met. It is in no way to seek the existence or not of briberyabuse of power for personal gain.
The standard helps to effectively prevent, detect and deal with any risk of bribery.
An anti-bribery management systemset of processes to reduce bribery (ABMSanti-bribery management system) in place supports the daily fight against statements (apologies) of this kind:
- I didn't know it was forbidden
- I didn't realize it was so serious
- but it's a win-win!
- if I don't do it, someone else will
- but here everyone does it like that!
- the only way to stay in the market is to pay bribes
- but that will make us lose the contract!
- I was really uncomfortable with the amount of money I received
- it is not at all easy to spend large sums of money without being noticed
Expected benefits of implementing an ISO 37001 ABMSanti-bribery management system:
- bribery risks are identified and dealt with
- improved stakeholder confidence
- consolidation of the company's credibility and reputation
- establishment of a culture of integrity and transparent communication
- obtaining a competitive advantage
- cost reduction
- prerequisites for public tenders for sensitive markets
- prevention of conflicts of interest
- staff aware, consulted, motivated and proud
- opportunities for improvement following the detection of bad practices
- valued best practices for the prevention of bribery
- enhanced stakeholder satisfaction
- prevention of legal and penal risk
- protection of the company's assets
- reduction of operational surprises
- better economic results following the reduction of financial losses
In 2020 Airbus pays a 3.6 billion euro fine for corruption: a sanction made possible by the Sapin II law.
Airbus, one of the world leaders in aeronautics, has implemented ISO 37001 to strengthen its culture of ethics in order to prevent the risks of corruption and fraud. The implementation of an anti-bribery management system (ABMS) has made it possible to raise employee awareness of the risks of corruption and to put in place effective prevention measures.
Since then, Airbus has recorded a significant improvement in its brand image, demonstrating its commitment to transparency and integrity towards its customers and partners.
Some essential factors for the success of the implementation of the ABMSanti-bribery management system:
- main bribery risks identified
- anti-bribery policy promoted and respected
- evaluation of each new customer
- selection and qualification of all suppliers
- raising awareness of the prevention of bribery among all staff
- live alert procedure
- regular due diligence
- effective recruitment process
- controls reasonably applied
1.3 Steps steps
Preparation, implementation, Deming PDCA cycle
A well-prepared approach is half successful
The approach to implementing an anti-bribery management systemset of processes to reduce bribery involves several steps. An example of preparation is shown in figure 1-1.
Figure 1-1. ABMS preparation
Step 1 involves identifying the needs and expectations (requirements) of stakeholders:
- staff, trade unions
- customers, consumers
- external providers (suppliers, subcontractors, partners)
- shareholders, investors, insurers, bankers
- competitors
- branch organizations and associations, communities
- media, neighbors
- legal and regulatory authorities
The involvement of top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1) at its highest level is truly indispensable. The advice of a consultant is often solicited. Determining the current status of the anti-bribery management systemset of processes allowing objectives to be achieved (see also ISO 9000, 3.5.3) (whole or partial) would be welcome at this stage. An external certification body is chosen.
One of the key questions that comes up quickly (step 2) is the need for this decision. If this is not really necessary or if the estimated costs of the certification approach exceed the available resources, it is better to reject this idea immediately.
The ISO 9000 family of standards will stop you making promises you can't fulfil and help you keep those you can. David Hoyle
The internalization of the spirit of the principles and requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4) of an ISO standard significantly improves the overall performance of your business, especially when it is not considered as a constraint.
The third step shall determine whether this approach receives the approval of the staff. A communication campaign is launched in-house on the objectives of an anti-bribery management systemset of processes to reduce bribery (ABMSanti-bribery management system). The staff is aware and understands that, without their participation, the project cannot succeed.
Have confidence: success will come with the involvement and effort of all!
The vision (what we want to be), the mission (why we exist) and the business plan of the company are determined. The following step (4) includes the establishment of an outline of the anti-bribery policy and objectives. If you do not have a copy of the ISO 37001 standard, now is the time to get it (see sub-clause 2.1 of the present course).
Planning is the last step (5) of the project preparation for obtaining ISO 37001 certification. A reasonable period is between 5 to 8 months (each company is unique and specific). The financial resources and staff are confirmed by top managementgroup or persons in charge of the organizational control at the highest level (see also ISO 9000, 3.1.1). Top management commitment is formalized in a documentany support allowing the treatment of information (see also ISO 9000, 3.8.5) communicated to all staff. A person is appointed as project leader for obtaining ISO 37001 certification.
The establishment and implementation of an ISO 37001 anti-bribery management systemset of processes to reduce bribery are shown in figure 1-2.
Figure 1-4. ABMS implementation
Step 1 aims to identify and determine the processes, interactions, owners, responsibilitiescapacity to make a decision alone and drafts of certain documentsany support allowing the treatment of information (see also ISO 9000, 3.8.5). The first versions of process sheets, job descriptions and work instructions are written with the participation of the maximum number of available persons.
The necessary resources to achieve the anti-bribery objectives are determined in step 2. Planning tasks, responsibilitiescapacity to make a decision alone and time frames are established. Training of internal auditorseveryone who is trained to carry out audits (see also ISO 19011, 3.8) is taken into account.
Step 3 allows you to set and implement methods for measuring the effectivenesscapacity to perform planned activities with minimum effort (see also ISO 9000, 3.7.11) and efficiencyfinancial relationship between achieved results and resources used (see also ISO 9000, 3.7.10) of each processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1) (indicators). Internal auditssystematic and independent survey to determine whether activities and results comply with pre-established measures and are capable of achieving the objectives (see also ISO 19011, 3.1) help to evaluate the degree of implementation of the systemset of interacting processes (see also ISO 9000, 3.5.1).
Nonconformities of all kinds are listed in step 4. A first draft for dealing with wasteanything that adds cost but no value is established. Corrective actionsaction to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence (see also ISO 9000, 3.12.2) are implemented and documented.
A first encounter with the tools and application areas of continual improvement is made in step 5. Riskslikelihood of occurrence of a threat or an opportunity (see also ISO Guide 73, 1.1) are determined, actions are planned and improvement opportunities are found. An approach to preventing nonconformitiesnon-fulfillment of a specified requirement (see also ISO 9000, 3.6.9) and eliminating causes is established. The internal and external communicationexchange of information is established and formalized.
To conduct the pre-audit of the ABMS (step 6), documentation is checked and approved by the appropriate people. A management reviewperiodic survey carried out by top management of the management system for its continual improvement allows evaluation of compliance with applicable requirementsexplicit or implicit need or expectation (see also ISO 9000, 3.6.4). The anti-bribery policydirectives from top management to set objectives for the prevention of bribery and objectives are finalized. An anti-bribery manager from another company or a consultant can provide valuable feedback, suggestions and recommendations.
When the systemset of interacting processes (see also ISO 9000, 3.5.1) is accurately implemented and followed, the certification of the ABMS is a breeze, a formality (step 7).
An example of a certification project plan with 26 steps is shown in annex 01. 
The Deming cycle (figure 1-3) is applied to control any processactivities that transform inputs into outputs (see also ISO 9000, 3.4.1). The PDCA cycles (Plan, Do, Check, Act) are a universal base for continual improvementprocess allowing the improvement of the global performance of the organization (see also ISO 9000, 3.3.2).
- Plan – plan, identify anti-bribery obligations, define context, issues and processes, demonstrate leadership, identify and evaluate risks, establish anti-bribery policy and objectives, action plan (clauses 4, 5, 6 and 7)
- Do – realize, implement and control processes, demonstrate leadership, controls, gifts, raising concerns, dealing (clauses 5, 7 and 8)
- Check – compare, verify, evaluate, inspect, analyze data, conduct audits and management reviews and demonstrate leadership (clauses 5 and 9)
- Act – adapt, demonstrate leadership, treat nonconformities, react with corrective actions and find new improvements (new PDCA cycle), (clauses 5 and 10)