What are the essential requirements?
To obtain ISO 37001 certification, companies and organisations must adopt a number of compliance measures for anti-corruption management. These include:
- Implementing a compliance and anti-corruption policy along with associated processes within the company.
- Embedding and exemplifying ethical behaviour at the top management level.
- The introduction of a compliance function in the form of a compliance officer with clearly defined tasks and responsibilities.
- The training of all company employees in the form of anti-corruption training. Depending on the position and responsibilities, such training should be repeated on a regular basis so employees stay up to date.
- Control in the areas of finance and contract management.
- The monitoring and evaluation of collected data on anti-corruption management. Regular controlling and evaluations ensure that the programme is both up to date and efficient while revealing potential weaknesses internally before breaches occur.
- The ongoing continuation of compliance measures. Due to the fact that legal situations and corporate governance can evolve, the programme must be regularly reviewed, adapted and improved.
A whistleblowing system as an anti-corruption measure
As well as the tone from the top (i.e., setting an example of ethical behaviour and compliance at top management level), training employees, formulating an anti-corruption programme and the establishment of effective processes are the core elements for ISO 37001 certification.
The establishment of an electronic whistleblowing system is particularly suitable for this. When it comes to internationally operational corporations and organisations, digital solutions are best suited as they can be accessed around the clock and from any location. Digital whistleblowing solutions can also be set up in many different languages and are often barrier-free.
With the help of the reporting system, employees can – anonymously if they wish – provide information on grievances, corruption, abuse of authority or discrimination. The advantage: by first reporting on and solving problems internally, the risk of an employee contacting the investigating authorities or the media is reduced, as are the chances of the organisation experiencing investigations, fines or enormous reputational damage. As a result, problems can be resolved at an early stage before criminal offences occur. Therefore, whistleblowing systems also serve to minimise corporate risks.
Through the use of an anonymous reporting function, the chances increase that serious and valuable reports will be received. Anonymity provides employees with a degree of security in the reporting process which can prove psychologically stressful for whistleblowers. The introduction of a whistleblower system therefore strengthens organisations internally in their compliance efforts and heightens their chances of a successful ISO 37001 certification.