Although organizations appear to be concerned about bribery and corruption, they rarely go beyond issuing anti-bribery policies, according to a recent DNV survey. Their main objective is to manage regulatory compliance, reputation and ethical risks, but that does not translate into tangible actions such as risk assessments, due diligence or whistleblower arrangements. So one might wonder if these organizations are aware of their bribery risks and equipped to manage them.
"Although 55% has formulated policies, only 25% has set goals and only 15% has set KPIs. Not much more than a third conduct sales agent due diligence or risk assessments. Few companies say they plan to increase investment. That puts a big question mark over the level of implementation and control companies have when it comes to anti-bribery," said Barbara Frencia, CEO of Business Assurance at DNV.
An estimated global annual loss of $2.6 trillion (5% of global GDP) due to corruption is a strong argument for organizations to step up their game. They should proactively manage risks and take measures to prevent or detect problems in a timely manner rather than being forced to contain a costly incident.
The DNV survey found that while organizations recognize the benefits of an anti-bribery management system, they often do not adopt a structured approach until forced to do so by an incident. Only 3% say they are very familiar with the standard for anti-bribery management systems, ISO 37001. Only 2,896 certificates for this standard have been issued worldwide. By comparison, more than 1 million certificates have been issued for the ISO 9001 quality standard and more than 400,000 for the ISO 14001 environmental standard.
"It is becoming increasingly expensive not to know the risks of the organization," Barbara Frencia continued. "Anti-bribery is no exception. We know that most fraudsters exhibit 'red flags' in their behavior and that most organizations adjust their management measures after becoming victims of an incident. So there is a strong case for a preventive, structured approach in the form of an ISO 37001-compliant management system."
Organizations that adopt an anti-bribery approach based on the internationally recognized ISO 37001 standard take more active steps to identify their risks and ensure they are better equipped to prevent and manage incidents. As many as 61% of the organizations with such policies have established KPIs, 64% conduct risk assessments and 57% due diligence for sales functions. Moreover, as many as 43% have a dedicated anti-bribery policy department. This avoids the potential conflict of interest that can arise when this responsibility is assigned to a director or top manager who is also responsible for operations and profits.