No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Pivoting From Anti-Bribery Program to Management System

by Worth MacMurray
November 3, 2016
in Compliance
A new anti-bribery standard

For those managing and working with anti-bribery programs, the world has fundamentally changed. Pre-37001, varying and less-than-clear legal standards formed the basis for preventive and detective program activities. The stick of “the government could be knocking at the door someday” was sometimes needed to convince business colleagues to allocate resources, convey appropriate messaging to the workforce and otherwise support an effective program.

Post-37001, internationally agreed-upon anti-bribery business procedures now exist, with accompanying business opportunities: competitive differentiation to help drive revenue, supply chain simplification and compliance program administration cost and time savings – to name a few.

Compliance chiefs can now lead their management colleagues through a psychological pivot: what was once a “program” containing a set of activities that to some seemed murky and/or imprecise (the negative) can now be recast as a globally recognized “management system” focused on business processes with accompanying business opportunities (a positive) through adopting and becoming certified under 37001.

But how to get there? Some of the basic initial questions a compliance chief may want to consider as he/she begins applying 37001 are:

Strategically, how should I think about 37001?

This is a question that should be revisited periodically, as your company’s business, regulatory and other facts and circumstances change. Initially, however, consider using 37001 as a business tool and as a way of supporting the organization’s business goals. Make management aware of how standard certification could help drive revenue (e.g., generally, as a positive differentiator in the market, and specifically with customers, as a voluntary measure taken by the company to decrease collective risk) deserving of new business. Illustrate to colleagues how 37001 adoption helps achieve efficiencies and better resource application by re-tasking staff previously assigned to narrow administrative tasks and moving them (with appropriate training) to more analytical roles that support the standard’s emphasis on system measurement and monitoring.

On the flip side, query under what circumstances your company may need to adopt 37001 because of business or legal developments. Commercially, certain public procurement bodies and several larger companies are already reviewing 37001 as a possible requirement for their bidders and/or supply chain participants going forward. There is also the possibility that competitors may become 37001 certified and use that status to add a new competitive dynamic to the sales environment.

From a legal and reputational perspective, fellow participants in a sector where a key player is undergoing investigatory scrutiny may feel that 37001 certification is necessary to strengthen their overall position – to underscore both the comprehensiveness of their programs and to show that they are good corporate citizens. If your company should also be investigated and has not followed the same course, its commitment to fight bribery may be questioned by not having adopted 37001 while others similarly situated did so.

There may be advantages to getting out in front and adopting 37001 on your own terms and at your own speed, rather than under pressure from the emergence of factors outside your control.

Where is my anti-bribery program now?

This is the “look yourself in the mirror,” brutally honest question – not where you aspire to be with the program, or hoped you would be, but where you are now.

Among the related questions: How many gaps, of what size, exist in which areas vis-a-vis the legal standards applicable to your entity? Are you able to objectively assess those gaps or should outside resources be brought in to accomplish this task more quickly and objectively? What are the reasons for the gaps? What is the underlying corporate culture and does it: (a) align with the existing anti-bribery program and (b) provide a basis for believing that it will or could support a more proactive and embedded 37001-compliant program?

Your program and company facts and circumstances will dictate when and at what speed to begin the 37001-adoption process. For some situations, and because of its business-oriented focus, 37001 may provide the reason(s) and momentum to systematically mitigate or eliminate long-standing internal obstacles to a stronger program. In other cases, it may be best to set 37001 as a goal for a future period and to concentrate on filling basic programmatic gaps.

How different is 37001, and how will I need to start thinking differently in the process of adopting the standard?

37001 is not “same old, same old” to most entities with anti-bribery programs – numerous recent blogs to the contrary notwithstanding. The underlying principles and goals are essentially consistent with, albeit broader than, the FCPA, but the “how to” is different. This becomes clear as one applies the standard.

37001’s requirements are distinctly more granular, specific and business-oriented than the anti-bribery legal standards U.S. compliance chiefs typically use and apply. At its core, 37001 is an ISO “management system.” As with other such ISO systems, the essential activities required to establish and maintain an anti-bribery system revolve around identification of objectives, documentation, implementation, review (to include measuring and monitoring) and improvement – “including the processes needed and their interactions.” (Sec. 4.4) The system should be “reasonable and proportionate” to the organization’s particular facts and circumstances.

Documentation is a requirement in many instances, some of which may be outside a compliance chief’s typical coverage in his/her program (e.g., with respect to the various processes needed to meet 37001 requirements, process criteria and controls needed to be established and implemented, as well as documentation “to the extent necessary to have confidence that processes have been carried out as planned.” (Sec. 8.1.c)

In contrast to the U.S. Sentencing Guidelines’ relatively brief and conceptual treatment of effective programs, 37001’s management system contains detailed separate sections on leadership, planning, support and operations. An extensive Annex provides nonbinding guidance on topics and issues likely to be encountered as one implements and operates 37001.

Given the above, and if 37001 adoption is a likely priority within the next year, compliance chiefs should begin immersing themselves in the standard: skim it – to understand its organization and basic contents; read it word by word – to begin understanding the section interrelationships and levels of documentation (including process) detail either required or advisable even if not required; and map it – to specifically identify “need to do’s,” internal and external strategic and tactical relationships/dependencies and related timelines. Lastly, get comfortable with a process management or idea organization software package; it may become your constant companion.

37001 is a voluntary business (not legal) standard and only recently (October 14, 2016) took effect – but the need is large and growing for a globally recognized anti-bribery standard that provides the basis for independent certification. Many compliance chiefs see it as a rare opportunity to align with their business colleagues around a business “system” while simultaneously improving (for legal and reputational reasons) their anti-corruption “programs.”

This article is intended to be used for general business purposes only. It does not provide business, legal or other professional advice or services, and is not intended to be a substitute for legal advice or services. The author disclaims any and all liability for use of or reliance on any article content.


Tags: Volkswagen
Previous Post

Broad Regulation Targets Traditional and Digital Prepaid Products

Next Post

LockPath Wins 2016 GRC Value Award for Policy Management

Worth MacMurray

Worth MacMurray

nov-3-worth-macmurray-headshotWorth MacMurray is a Principal with Washington, D.C. area based Governance & Compliance Initiatives.  With over 30 years of legal compliance and operational experience, he focuses on corporate anti-bribery and anti-corruption compliance programs. Previously, he served as General Counsel of public and privately held software, technology and government contractor entities, as a leader of the Washington, D.C. anti-corruption practice for a "Big 4" accounting firm and as an independent consultant. During his career, Mr. MacMurray has led or participated in numerous high-profile and complex anti-corruption or transactional matters both in the U.S. and overseas (Argentina, France, Germany, Ghana, Haiti, Iraq (Kurdistan), Pakistan, Sweden and the U.K.) – including:

  • Siemens – Munich-based anti-corruption compliance program subject matter expert for the Special Outside Compliance Advisor to the Siemens Supervisory Board and lead compliance advisor to the internal Siemens task force responsible for designing and implementing the company's new (2007) global corporate anti-corruption compliance program.
  • Haiti – Led Port au Prince "Big 4" team creating and operating the Performance and Anti-Corruption Office of the IHRC (Interim Haiti Recovery Commission) and supporting IHRC co-chairs Prime Minister Bellerive and former U.S. President Clinton (2011-2012).
  • Peregrine Systems (San Diego, CA) – As the SEC-approved Chief Compliance Officer, designed and implemented corporate compliance program for public software developer to address massive software revenue recognition (SOP 97-1) fraud. Positive program status materially contributed to 2005 sale of company to HP.
  • Information Systems Support (Gaithersburg, MD) – As the U.S. Army Suspension & Debarment Office (SDO) – appointed Chief Compliance Officer, implemented corporate compliance program dictated by multiyear Administrative Compliance Agreement. Positive program status materially contributed to SDO's consent to early Agreement termination and 2006 sale company sale to CACI.
Mr. MacMurray is a member of the U.S. Technical Advisory Group sponsored by ANSI (American National Standards Institute) that worked with 36 other countries to create ISO (International Organization for Standards) 37001 "Anti-bribery management systems." Mr. MacMurray's recent articles appear in the FCPA Blog, Ethisphere and Corporate Counsel (LAW.COM) publications and are available on LinkedIn. He also manages the LinkedIn group "Applying ISO 37001: Anti-bribery management systems." He is a graduate of Princeton University (Woodrow Wilson School of Public and International Affairs) and the Georgetown University Law Center.

Related Posts

model blue VW van upside down in a puddle

Critical Lessons from the Volkswagen Scandal

by Michael Toebe
September 11, 2020

Volkswagen has paid dearly for the ethical shortcomings that led to “Dieselgate.” But has VW learned from the scandal? With...

hanging gold keys on blue background

Cross-Culture: What Finance Can Learn About Compliance Culture From Volkswagen, Novartis & Tenneco

by Henry Engler
July 10, 2019

Thomson Reuters’ Henry Engler compiles guidance from the Chief Compliance Officers at Volkswagen, Novartis and Tenneco – principles that transcend...

Volkswagen steering wheel

TRACE: The Volkswagen Emissions Scandal

by TRACE International
November 8, 2017

Today, Alexandra speaks with Jack Ewing of the New York Times. Jack reports on business and economics and is based...

VW fraud dispels myth of the rogue employee

The End of the Wild West

by Thomas Fox
August 24, 2016

As much as Volkswagen wants us to believe it, corruption never happens in a vacuum. As VW squirms under the...

Next Post
LockPath Wins 2016 GRC Value Award for Policy Management

LockPath Wins 2016 GRC Value Award for Policy Management

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights