implementing iso 37001 anti-bribery management system … › wp-content › uploads › 2018 › 05...
TRANSCRIPT
Copyright © 2018 BSI. All rights reserved. 1 10/05/2018
1 Copyright © 2018 BSI. All rights reserved
Coleman Tse
Sales and Marketing Director
BSI Pacific Limited
Corruption Risks Through Implementing ISO 37001 Anti-bribery Management System Requirements to Enhance Your Business Resilience “ & GDPR Updates
Copyright © 2018 BSI. All rights reserved. 2
We are a truly global brand
75% of FTSE
100
51% of Fortune
500
68% of Nikkei
Index
4,000 colleagues & 11,450
experts
135,000 delegates trained
205,000 audit days delivered
BSI clients represent
81,000 clients in
180 countries
100,000* product
certifications
2,200 new standards
39,450 in all
* Estimate subject to change
Founded in 1901
World’s 1st National
Standards Body
Thought Leaders: Shaped world’s most
adopted standards including ISO 9001,
ISO 14001, OHSAS 18001
Copyright © 2018 BSI. All rights reserved. 3
Product quality
Customer Data Management
Water resources and chemical waste
Workplace conditions and exploitation
Pollution
Environmental damage
Bribery and corruption
Counterfeiting
Reputational and Behaviour risks
Copyright © 2015 BSI. All rights reserved. 3
Copyright © 2018 BSI. All rights reserved. 4 Copyright © 2017 BSI. All rights reserved.
4
Patrick Ho Chi-ping, 何志平;
former Secretary for Home Affairs of
the Hong Kong SAR government
Ho and former Senegalese foreign minister Cheikh Gadio were arrested in New York in late November 2017, charged with violating the Foreign Corrupt Practices Act and money laundering
Copyright © 2018 BSI. All rights reserved. 5
U.S. Foreign Corrupt Practices Act (FCPA)
• Applies to any person who has a certain degree of connection to the United States and engages in foreign corrupt practices
• Applies to any act by U.S. businesses, foreign corporations trading securities in the U.S., American nationals, citizens, and residents acting in furtherance of a foreign corrupt practice whether or not they are physically present in the U.S
•With amendments in 1998, the anti-bribery provisions also apply to foreign firms and persons who cause, directly or through agents, an act in furtherance of such a corrupt payment to take place within the territory of the United
• Violations of the FCPA can lead to civil and criminal penalties, sanctions, and remedies, including fines, disgorgement, and/or imprisonment
5
Copyright © 2018 BSI. All rights reserved. 6
U.K. Bribery Act 2010 Impacts on Overseas Investments
• The Act has been described as "the toughest anti-corruption legislation in the world", raising the bar above the standard set by the United States Foreign Corrupt Practices Act
• Concerns have been raised that the Act's provisions criminalise behaviour that is acceptable in the global market, and puts British business at a competitive disadvantage
Source: https://en.wikipedia.org/wiki/Bribery_Act_2010
6
Copyright © 2018 BSI. All rights reserved. 7
International standard evolution in anti-bribery management
10/05/2018
BS 10500:2011 ISO 37001:2016
7 Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 8
High Level Structure of ISO 37001
4 Context of the
organization 组织环境 Understandin
g the organization
and its context
了解组织及其环境
Expectations of interested
parties 利益相关方预
期
Scope of ABMS
ABMS范围
ABMS
5 Leadership 领导力
Leadership and
commitment 领导力和承诺
Anti-bribery Policy
反贿赂方针 Org roles,
responsibilities and
authorities 组织角色、责
任和权限
6 Planning 策划
7 Support 支持
Resources 资源
Competence 能力
Awareness and training 意识和培訓
Communication 沟通
8 Operation 运行
9 Performance
evaluation 绩效评估
Monitoring, measurement, analysis and
evaluation 监视,测量、分析和评价
Internal audit 内部审核
Management review
管理评审
10 Improvemen
t 改进
Nonconformity and
corrective action
不符合和纠正措施
Continual improvement
持续改进
Documented information 文件化信息
Actions to address risks
and opportunities风险和机会的
识别措施 Anti Bribery objectives
and planning to achieve
them 反贿赂目标和实现它
们的策划
Operational planning and
control 运行策划和控
制
8.2 to 8.10
Bribery Risk Assessment 贿赂风险评估
Review by anti-bribery compliance
function 反贿赂功能评
审
8 Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 9
9 Control Elements in “8.1 Operational planning and control”
9
8.2 Due diligence high risk in -Transaction -Business associates -Personnel
8.3 Finance controls - Identify risk - Implement process to
control risk
8.4 Non-finance controls Procurement, operation, sales, commercial, HR, regulatory activities
8.5 Implement controls by controlled org and by business associates
8.6 Anti-bribery commitment Applied to -High risk associates -Able to influence
8.7 Gift, hospitality, donation and similar benefit -Inbound & outbound -Clear criteria
8.8 Managing inadequacy of controls Applied to associates -Improve or terminate
8.9 Raising concerns - Enable persons to report -Protect reporters -Prohibit retaliation
8.10 Investigation and dealing with bribery -Initiate investigation -Empower investigators
: applied to associates 10/05/2018 Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 10
US - Foreign Corrupt Practices Act (FCPA) April 2016, the Department of Justice (DOJ) released the Foreign Corrupt Practices Act Enforcement Plan and Guidance. This plan outlines a pilot program that allows for declinations or fine reductions in FCPA enforcement actions beyond what is available under the U.S. Sentencing Guidelines. The Pilot
Program also set forth requirements for:
• Voluntary self-disclosure • Cooperation • Remediation in FCPA cases (e.g., implementation of an effective Compliance
Program to Anti-bribery) • Corporations that meet the program’s other requirements and self-disclose may
qualify for a up to 50% reduction from the bottom of the Sentencing Guidelines fine range or maximum reward, i.e., a declination of prosecution. 10
Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 11
Corporate Compliance Program “Filip factors”x 11
All covered by ISO 37001
10/05/2018
(1)
Analysis and remediation of underlying misconduct
(2)
Senior and middle management
(3)
Autonomy and resources
(4)
Policies and procedures
(5)
Risk assessment
(6)
Training and communications
(7)
Confidential reporting and investigation
(8)
Incentives and disciplinary measures
(9)
Continuous improvement, periodic testing and review
(10)
Third Party management
(11)
Mergers and acquisitions (M&A)
11
Copyright © 2018 BSI. All rights reserved
Governing
body
管治機關
Anti-bribery
compliance
function 反贿赂合規組
Raising
concerns
提出關注
Employment
– incentive
僱用 - 獎勵
Copyright © 2018 BSI. All rights reserved. 12
Why implementing ISO 37001
Minimizing bribery lawsuit likelihood
Mitigating the possible lawsuit penalty through demonstrating an effective compliance program
Demonstrating to customers and stakeholders a robust anti-bribery management system
Risk-based to manage bribery risk to effectively allocate resources on high risk control
Influence business partners/suppliers to improve anti-bribery practice and demonstrate to your customers
12
Copyright © 2018 BSI. All rights reserved. 13
20 16 12 8 4 4
High
15 12 9 6 3 3
Medium
10 8 6 4 2 2
Low
Possibility
4
20
4
High
2
10
2
Low
1
Very low
5
25 5 15
5
Very high
3
Medium
1
Very low
5 3 1
Sever
i
t
y B = 14 - 19 C = 8 - 13 D= 1 - 7
Risk matrix
A = 20 - 25
13
Copyright © 2018 BSI. All rights reserved. 14
Sample Risk Assessment Template
样本风险评估模板
Likelihood
可能性
Risk # Activity
活动
C
L SL TL
T
P CTP PL
Impact
冲击
Risk
Level
风险水平
Existing
Controls
现有控制
Residual
Risk
余下风险
Risk
Treatment
风险处理
Additional
Controls
额外控制
Risk Owner
Approval
风险所有人授权
Review
Date
审核日期
R1 Hospitality
招待 1 3 0 0 3 0 6 13 policy
Acceptable
可接受
Not required
不需要 NA
Sales
Director
销售总监
Yearly
年
R2
Political
Donations
政治捐款
1 3 3 0 1 0 6 14
Top
managem
ent
Acceptable
可接受
Not required
不需要 NA
Sales
Director
销售总监
Yearly
年
R3 xxxxxxx 3 3 3 3 3 3 9 27 xxxxx Too high
太高
Required
需要
To be
derived
Procurement
Director
采购总监
Quarterly
季度
CL = Country Likelihood国家可能性, SL = Sectoral Likelihood部门可能性,
TL=Transaction Likelihood交易可能性 (eg. Granting licenses or permits, procurement, etc.) ,(颁发执照或许可,采购等等)
TP= Third parties第三方 (eg. agents)(如代理商)
PL= Partnership Likelihood,伙伴可能性
CTP = Critical Touch Point 关键点(Some activities carry a higher risk of bribery particularly where they involved a critical touch
point; an example is provision of hospitality(一些活动具有更高的贿赂风险,特别是在涉及到关键点的地方,比如提供热情的招待) 14
Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 15
ISO 37001 Anti-bribery Management System Certificate
15 Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 16
ISO 37001 Certification worldwide
Global certificate # : about 150
Most in European countries
Mainly in sectors ─ Procurement & retails ─ IT ─ Construction ─ Manufacturing
Most in private sectors
Will accelerate due to publication of ISO 37001
Copyright © 2018 BSI. All rights reserved. 17
BSI services
10/05/2018
17
Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved.
10/05/2018
BSI Anti-bribery Capacity Building Programme
Demonstrate integrity | Embed best practice | Reduce risk | Increase confidence
5 Stage Anti-bribery Capacity Building Programme designed to facilitate compliance to the best practice principles of Anti-Bribery Management (reference ISO 37001)
• What is bribery?
• Understanding the
implications of bribery to
your business?
• What is ISO 37001?
• Requirements of Anti-bribery
Management System (ABMS)
• Risk assessment and scope
• Gifts, hospitality, donations
and facilitation payments
• Raising concerns and
investigations
• Internal auditor training for
ISO 37001 (optional)
Awareness and training on Anti-bribery
Management System (2 day + )
• Onsite Gap Assessment to
ISO 37001 Anti-bribery
Standard
• Review policies, objectives
and procedures
• Evaluate the existing anti-
bribery system
implementation
• Include written report on gaps
identified
• BSI staff conduct the Gap
Assessment together with
organization’s ISO 37001
internal auditors (optional)
1st Onsite Gap Assessment
(2 days + ) • Onsite walk through the
identified gaps together with
responsible parties
• Facilitate the discussion with
organization’s project team to
understand the requirements
in relation to the identified
gaps
• Facilitate the sharing on the
publicly available best
practices, tools or
methodologies for the key
issues identified
• Onsite training and support
• Facilitate the discussion of Key
Performance Indicators (KPI’s)
and associated reports or
dashboards to monitor the
improvements effectively
On-site Support and Workshop
(2 day + ) • Onsite Gap Assessment to ISO
37001 Anti-bribery Standard
• Review the improvements in
relation to the gaps identified in
the 1st Onsite Gap Assessment
and to confirm whether it meets
the standard requirements
• Review the effectiveness in
meeting the objectives against
ISO 37001
• Improvement comparisons to
1st Onsite Gap Assessment
• Evaluate the progress of anti-
bribery management system
implementation and needs
• Includes written report on gaps
identified
2nd Onsite Assessment (2 days + )
Stage 1 Stage 2
Stage 3
Stage 5
• Organization’s project team
applies what has been
learned to its own anti-
bribery management
system
Documenting and implementing the Anti-
bribery Management System
Stage 4 5 Stages Anti-Bribery Capacity Building Program
Copyright © 2018 BSI. All rights reserved
Copyright © 2018 BSI. All rights reserved. 19 10/05/2018
Copyright © 2018 BSI. All rights reserved. 20 10/05/2018
Copyright © 2018 BSI. All rights reserved. 21
Thank you
Copyright © 2018 BSI. All rights reserved. 22
10/05/2018
22
Copyright © 2018 BSI. All rights reserved