implementing iso 37001 anti-bribery management system … › wp-content › uploads › 2018 › 05...

Copyright © 2018 BSI. All rights reserved. 1 10/05/2018

1 Copyright © 2018 BSI. All rights reserved

Coleman Tse

Sales and Marketing Director

BSI Pacific Limited

Corruption Risks Through Implementing ISO 37001 Anti-bribery Management System Requirements to Enhance Your Business Resilience “ & GDPR Updates

Copyright © 2018 BSI. All rights reserved. 2

We are a truly global brand

75% of FTSE

100

51% of Fortune

500

68% of Nikkei

Index

4,000 colleagues & 11,450

experts

135,000 delegates trained

205,000 audit days delivered

BSI clients represent

81,000 clients in

180 countries

100,000* product

certifications

2,200 new standards

39,450 in all

* Estimate subject to change

Founded in 1901

World’s 1st National

Standards Body

Thought Leaders: Shaped world’s most

adopted standards including ISO 9001,

ISO 14001, OHSAS 18001


Product quality

Customer Data Management

Water resources and chemical waste

Workplace conditions and exploitation

Pollution

Environmental damage

Bribery and corruption

Counterfeiting

Reputational and Behaviour risks


Copyright © 2018 BSI. All rights reserved. 4 Copyright © 2017 BSI. All rights reserved.

4

Patrick Ho Chi-ping, 何志平;

former Secretary for Home Affairs of

the Hong Kong SAR government

Ho and former Senegalese foreign minister Cheikh Gadio were arrested in New York in late November 2017, charged with violating the Foreign Corrupt Practices Act and money laundering

https://en.wikipedia.org/wiki/Foreign_Minister_of_Senegal

https://en.wikipedia.org/wiki/Cheikh_Tidiane_Gadio



https://en.wikipedia.org/wiki/Foreign_Corrupt_Practices_Act


U.S. Foreign Corrupt Practices Act (FCPA)

• Applies to any person who has a certain degree of connection to the United States and engages in foreign corrupt practices

• Applies to any act by U.S. businesses, foreign corporations trading securities in the U.S., American nationals, citizens, and residents acting in furtherance of a foreign corrupt practice whether or not they are physically present in the U.S

•With amendments in 1998, the anti-bribery provisions also apply to foreign firms and persons who cause, directly or through agents, an act in furtherance of such a corrupt payment to take place within the territory of the United

• Violations of the FCPA can lead to civil and criminal penalties, sanctions, and remedies, including fines, disgorgement, and/or imprisonment

5


U.K. Bribery Act 2010 Impacts on Overseas Investments

• The Act has been described as "the toughest anti-corruption legislation in the world", raising the bar above the standard set by the United States Foreign Corrupt Practices Act

• Concerns have been raised that the Act's provisions criminalise behaviour that is acceptable in the global market, and puts British business at a competitive disadvantage

Source: https://en.wikipedia.org/wiki/Bribery_Act_2010

6

https://en.wikipedia.org/wiki/Bribery_Act_2010

https://en.wikipedia.org/wiki/Bribery_Act_2010


International standard evolution in anti-bribery management

10/05/2018

BS 10500:2011 ISO 37001:2016



High Level Structure of ISO 37001

4 Context of the

organization 组织环境 Understandin

g the organization

and its context

了解组织及其环境

Expectations of interested

parties 利益相关方预

期

Scope of ABMS

ABMS范围

ABMS

5 Leadership 领导力

Leadership and

commitment 领导力和承诺

Anti-bribery Policy

反贿赂方针 Org roles,

responsibilities and

authorities 组织角色、责

任和权限

6 Planning 策划

7 Support 支持

Resources 资源

Competence 能力

Awareness and training 意识和培訓

Communication 沟通

8 Operation 运行

9 Performance

evaluation 绩效评估

Monitoring, measurement, analysis and

evaluation 监视，测量、分析和评价

Internal audit 内部审核

Management review

管理评审

10 Improvemen

t 改进

Nonconformity and

corrective action

不符合和纠正措施

Continual improvement

持续改进

Documented information 文件化信息

Actions to address risks

and opportunities风险和机会的

识别措施 Anti Bribery objectives

and planning to achieve

them 反贿赂目标和实现它

们的策划

Operational planning and

control 运行策划和控

制

8.2 to 8.10

Bribery Risk Assessment 贿赂风险评估

Review by anti-bribery compliance

function 反贿赂功能评

审



9 Control Elements in “8.1 Operational planning and control”

9

8.2 Due diligence high risk in -Transaction -Business associates -Personnel

8.3 Finance controls - Identify risk - Implement process to

control risk

8.4 Non-finance controls Procurement, operation, sales, commercial, HR, regulatory activities

8.5 Implement controls by controlled org and by business associates

8.6 Anti-bribery commitment Applied to -High risk associates -Able to influence

8.7 Gift, hospitality, donation and similar benefit -Inbound & outbound -Clear criteria

8.8 Managing inadequacy of controls Applied to associates -Improve or terminate

8.9 Raising concerns - Enable persons to report -Protect reporters -Prohibit retaliation

8.10 Investigation and dealing with bribery -Initiate investigation -Empower investigators

: applied to associates 10/05/2018 Copyright © 2018 BSI. All rights reserved


US - Foreign Corrupt Practices Act (FCPA) April 2016, the Department of Justice (DOJ) released the Foreign Corrupt Practices Act Enforcement Plan and Guidance. This plan outlines a pilot program that allows for declinations or fine reductions in FCPA enforcement actions beyond what is available under the U.S. Sentencing Guidelines. The Pilot

Program also set forth requirements for:

• Voluntary self-disclosure • Cooperation • Remediation in FCPA cases (e.g., implementation of an effective Compliance

Program to Anti-bribery) • Corporations that meet the program’s other requirements and self-disclose may

qualify for a up to 50% reduction from the bottom of the Sentencing Guidelines fine range or maximum reward, i.e., a declination of prosecution. 10

Copyright © 2018 BSI. All rights reserved

http://www.google.com.hk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjWoaDcp-jWAhXHJJQKHbbsA6oQjRwIBw&url=http://www.wfaa.com/life/holidays/american-flag-merchandise-federal-law-/262384631&psig=AOvVaw1pbrYi20zXi_2eBLvweqhM&ust=1507802316261365


Corporate Compliance Program “Filip factors”x 11

All covered by ISO 37001

10/05/2018

(1)

Analysis and remediation of underlying misconduct

(2)

Senior and middle management

(3)

Autonomy and resources

(4)

Policies and procedures

(5)

Risk assessment

(6)

Training and communications

(7)

Confidential reporting and investigation

(8)

Incentives and disciplinary measures

(9)

Continuous improvement, periodic testing and review

(10)

Third Party management

(11)

Mergers and acquisitions (M&A)

11


Governing

body

管治機關

Anti-bribery

compliance

function 反贿赂合規組

Raising

concerns

提出關注

Employment

– incentive

僱用 - 獎勵


Why implementing ISO 37001

Minimizing bribery lawsuit likelihood

Mitigating the possible lawsuit penalty through demonstrating an effective compliance program

Demonstrating to customers and stakeholders a robust anti-bribery management system

Risk-based to manage bribery risk to effectively allocate resources on high risk control

Influence business partners/suppliers to improve anti-bribery practice and demonstrate to your customers

12


20 16 12 8 4 4

High

15 12 9 6 3 3

Medium

10 8 6 4 2 2

Low

Possibility

4

20

4

High

2

10

2

Low

1

Very low

5

25 5 15

5

Very high

3

Medium

1

Very low

5 3 1

Sever

i

t

y B = 14 - 19 C = 8 - 13 D= 1 - 7

Risk matrix

A = 20 - 25

13


Sample Risk Assessment Template

样本风险评估模板

Likelihood

可能性

Risk # Activity

活动

C

L SL TL

T

P CTP PL

Impact

冲击

Risk

Level

风险水平

Existing

Controls

现有控制

Residual

Risk

余下风险

Risk

Treatment

风险处理

Additional

Controls

额外控制

Risk Owner

Approval

风险所有人授权

Review

Date

审核日期

R1 Hospitality

招待 1 3 0 0 3 0 6 13 policy

Acceptable

可接受

Not required

不需要 NA

Sales

Director

销售总监

Yearly

年

R2

Political

Donations

政治捐款

1 3 3 0 1 0 6 14

Top

managem

ent

Acceptable

可接受

Not required

不需要 NA

Sales

Director

销售总监

Yearly

年

R3 xxxxxxx 3 3 3 3 3 3 9 27 xxxxx Too high

太高

Required

需要

To be

derived

Procurement

Director

采购总监

Quarterly

季度

CL = Country Likelihood国家可能性, SL = Sectoral Likelihood部门可能性,

TL=Transaction Likelihood交易可能性 (eg. Granting licenses or permits, procurement, etc.) ,（颁发执照或许可，采购等等）

TP= Third parties第三方 (eg. agents)（如代理商）

PL= Partnership Likelihood,伙伴可能性

CTP = Critical Touch Point 关键点(Some activities carry a higher risk of bribery particularly where they involved a critical touch

point; an example is provision of hospitality（一些活动具有更高的贿赂风险，特别是在涉及到关键点的地方，比如提供热情的招待) 14



ISO 37001 Anti-bribery Management System Certificate



ISO 37001 Certification worldwide

Global certificate # : about 150

Most in European countries

Mainly in sectors ─ Procurement & retails ─ IT ─ Construction ─ Manufacturing

Most in private sectors

Will accelerate due to publication of ISO 37001


BSI services

10/05/2018

17


Copyright © 2018 BSI. All rights reserved.

10/05/2018

BSI Anti-bribery Capacity Building Programme

Demonstrate integrity | Embed best practice | Reduce risk | Increase confidence

5 Stage Anti-bribery Capacity Building Programme designed to facilitate compliance to the best practice principles of Anti-Bribery Management (reference ISO 37001)

• What is bribery?

• Understanding the

implications of bribery to

your business?

• What is ISO 37001?

• Requirements of Anti-bribery

Management System (ABMS)

• Risk assessment and scope

• Gifts, hospitality, donations

and facilitation payments

• Raising concerns and

investigations

• Internal auditor training for

ISO 37001 (optional)

Awareness and training on Anti-bribery

Management System (2 day + )

• Onsite Gap Assessment to

ISO 37001 Anti-bribery

Standard

• Review policies, objectives

and procedures

• Evaluate the existing anti-

bribery system

implementation

• Include written report on gaps

identified

• BSI staff conduct the Gap

Assessment together with

organization’s ISO 37001

internal auditors (optional)

1st Onsite Gap Assessment

(2 days + ) • Onsite walk through the

identified gaps together with

responsible parties

• Facilitate the discussion with

organization’s project team to

understand the requirements

in relation to the identified

gaps

• Facilitate the sharing on the

publicly available best

practices, tools or

methodologies for the key

issues identified

• Onsite training and support

• Facilitate the discussion of Key

Performance Indicators (KPI’s)

and associated reports or

dashboards to monitor the

improvements effectively

On-site Support and Workshop

(2 day + ) • Onsite Gap Assessment to ISO

37001 Anti-bribery Standard

• Review the improvements in

relation to the gaps identified in

the 1st Onsite Gap Assessment

and to confirm whether it meets

the standard requirements

• Review the effectiveness in

meeting the objectives against

ISO 37001

• Improvement comparisons to

1st Onsite Gap Assessment

• Evaluate the progress of anti-

bribery management system

implementation and needs

• Includes written report on gaps

identified

2nd Onsite Assessment (2 days + )

Stage 1 Stage 2

Stage 3

Stage 5

• Organization’s project team

applies what has been

learned to its own anti-

bribery management

system

Documenting and implementing the Anti-

bribery Management System

Stage 4 5 Stages Anti-Bribery Capacity Building Program



Thank you


10/05/2018

22


implementing iso 37001 anti-bribery management system … › wp-content › uploads › 2018 › 05...

Documents