Water Industry Process Automation & Control Monthly - April 2024
ISO 37001 : Anti Bribery Management System Fraud & Bribery Concepts, Laws & Regulations and other requirements
1. TÜV Rheinland Asia Pacific
June 10, 2021
ISO 37001 : Anti Bribery
Management System
Fraud & Bribery Concepts, Laws
& Regulations and other requirements
2. 6/10/2021 ISO 37001 Webinar
2
Fraud and Bribery Concepts
Laws and Regulation
Common Bribery Modus
Real Bribery Case Study
Agenda
3. Did You Know
6/10/2021 ISO 37001 Webinar
3
63%
respondents in Asia-Pacific think
that bribery or corrupt practices
happen widely in their country. The
trend is increasing since 2013
Source: EY Global Frau 32%
respondents in Indonesia said
that they have made a bribe at
least once
Source: Global Corruption Barometer 2017
4. Fraud and Bribery Concepts
6/10/2021 ISO 37001 Webinar
4
F r a u d
Is an intention to gain something by proposed where
the action is out law or crime potents
Who is doing Fraud
6. Bribery is….
6/10/2021 ISO 37001 Webinar
6
Offering, promising, giving, accepting or
soliciting of an undue advantage of any value
(which could be financial or non financial),
directly or indirectly, and irrespective of
location(s), in violation of applicable law, as an
inducement or reward for a person acting or
refraining from acting in relation to the
performance of that person’s duties.
ISO 37001ABMS
7. Law in Indonesia
6/10/2021 ISO 37001 Webinar
7
No. Law No. Title
1 UU No. 11 year 1980 Crime of Bribery
2 UU No. 28 year 1999
State administration that is clean and free of
corruption, collusion and nepotism
3 UU No 31 year 1999 Corruption Eradication
4 UU No. 8 year 2010 Money laundering crime
5 UU No 20 year 2001
Amendments to law no. 31 of 1999
concerning the Crime of Corruption
8. Law in Philippines
6/10/2021 ISO 37001 Webinar
8
Bribery of public officials is penalized under Articles 210 to 212 of the Revised
Penal Code.
Republic Act No. 3019 (The Anti-Graft and Corrupt Practices Act) is the main
anti-corruption law.
Republic Act 6713 (The Code of Conduct and Ethical Standards for Public
Officials and Employees)
Presidential Decree No. 46 (Giving of Gifts on any Occasion)
Republic Act 7080 (Plunder) penalizes a public officer who acquires ill-gotten
wealth in the total of at least PHP 50 million through overt or criminal acts.
9. Foreign Law & Policy
6/10/2021 ISO 37001 Webinar
9
• United Nations Convention against Corruption (UNCAC)
• United States Foreugn Corrupt Practice Act of 1997 (US
FCPA).
• United Kingdom Bribery Act 2010 (“UK BA”).
11. Bribery use of third party/indirect Bribery
6/10/2021 ISO 37001 Webinar
11
This is the most
common and widely
used bribery
scheme
Remember !!! Modus operandi
• through family members, friends,
close relatives of the bribe
recipient
• through a hired consultant
• Using subsidiaries to hire third
parties to channel bribes
• using multiple agents
• using slush funds or offshore
companies
12. Common Bribery Modus
6/10/2021 ISO 37001 Webinar
12
►Lavish entertainment expense with no justification (also applied to
donation, sponsorship, and consultant)
►Use of third party/agent with no business rationale
►Unusual payment made to private/individual account
►Payment of per diem to external party
►Extravagant gifts
►Lack of explanation and detail supporting document toward a cash
payment transaction
17. Donation for the Government Official
6/10/2021 ISO 37001 Webinar
17
18. ISO 37001:2016
6/10/2021 ISO 37001 Webinar
18
Bribery is a phenomenon that gives rise to serious concern in social, moral,
economic, and politics, undermine good governance, reduce development and
distort competition.
Organizations have a proactive responsibility to contribute against bribery.
Law enforcement alone is not enough to solve bribery problem.
This can be achieved through an Anti Bribery Management System, and
through leadership commitment to setting culture honesty, transparency,
openness and compliance.
ISO/PC 278 has published ISO 37001:2016 on 14th October, 2016.
This standard can help organizations implement reasonable and proportionate
designs to prevent, detect and respond to bribery
19. Scope of ISO 37001
6/10/2021 ISO 37001 Webinar
19
ISO 37001 is requirements and provide guidance for establish, implement, maintain,
review and improve the anti-bribery management system.
applies only to bribery issues.
this standard is generic
Can be integrated with other management systems for public, private or not-for-profit sector.
Please be remember !!!
!!! Compliance with this standard does not guarantee bribery will not happen.
!!! Bribery risk is impossible to completely eliminated.
20. Certification ISO 37001- Objective
6/10/2021 ISO 37001 Webinar
20
To help organizations prevent, detect and deal with bribery and comply with
laws and regulations related to anti-bribery and voluntary commitments that
are consistent with activities within the management system
21. Certification Process and Time Line
ISO 37001 Webinar
Pre Audit
(Optional)
Upon Client Request
1st and 2nd Stage of
Certification Audit
± 6 Months (max.)
Certificate Issuance
3 months (max)
1st and 2nd Surveillance
Audit
2nd and 3rd Year
Recertification Audit
4th Year
Description
Document Review
Onsite Audit
Finding
Correction &
Corrective Action
Reporting
Description
Onsite Audit
Evaluation of MS
Finding
Correction &
Corrective Action
Reporting
Description
Certificate valid
for 3 years subject
to annual
surveillance audit
Description
Onsite Audit
Evaluation of MS
Finding
Correction &
Corrective Action
Reporting
Description
Recertification audit
is one time only
Certificate Issuance
1st Surveillance
2nd Surveillance
6/10/2021
21
24. ISO 37001 integration with further management systems
6/10/2021 ISO 37001 Webinar
24
The measures required by ISO 37001 are designed to be integrated with existing management
processes and controls.
It follows the common high-level structure for ISO management system standards, for easy
integration with, for example, ISO 14001.
New or enhanced measures can be integrated into existing systems
26. Term and Definition
6/10/2021 ISO 37001 Webinar
26
3.1 bribery
offering, promising, giving, accepting or soliciting of an undue advantage of any value (which could be
financial or non-financial), directly or indirectly, and irrespective of location(s), in violation of applicable law, as
an inducement or reward for a person acting or refraining from acting in relation to the performance of that
person’s duties
3.7 governing body
group or body that has the ultimate responsibility and authority for an organization’s activities, governance
and policies and to which top management reports and by which top management is held accountable
3.8 anti-bribery compliance function
person(s) with responsibility and authority for the operation of the anti-bribery management system
In total 30 terms – some of them are common terms with core definitions
Specific terms for the standard:
27. Term and Definition
6/10/2021 ISO 37001 Webinar
27
3.26 business associate
external party with whom the organization has, or plans to establish, some form of business
relationship
Note 1 to entry: Business associate includes but is not limited to clients, customers, joint ventures, joint venture partners,
consortium partners, outsourcing providers, contractors, consultants, sub-contractors, suppliers, vendors, advisors, agents,
distributors, representatives, intermediaries and investors
3.29 conflict of interest
situation where business, financial, family, political or personal interests could interfere with the judgment of
persons in carrying out their duties for the organization.
3.30 due diligence
process to further assess the nature and extent of the bribery risk and help organizations make decisions in
relation to specific transactions, projects, activities, business associates and personnel
28. 4. Context of the organization
6/10/2021 ISO 37001 Webinar
28
4.1 Understanding the organization and its context
4.2 Understanding the needs and expectations of stakeholders
4.3 Determining the scope of the anti-bribery management system
4.4 Anti-bribery management system
4.5 Bribery risk assessment
29. 5. Leadership
6/10/2021 ISO 37001 Webinar
29
5.1 Leadership and commitment
5.1.1 Governing body
5.1.2 Top management
5.2 Anti-bribery policy
5.3 Organizational roles, responsibilities, accountabilities and authorities
5.3.1 Roles and responsibilities
5.3.2 Anti-bribery compliance function
5.3.3 Delegated decision-making
30. 5. Leadership
6/10/2021 ISO 37001 Webinar
30
Top management shall establish, maintain and review an anti-bribery policy that:
a) prohibits bribery;
b) requires compliance with anti-bribery laws that are applicable to the organization;
c) is appropriate to the purpose of the organization;
d) provides a framework for setting, reviewing and achieving anti-bribery objectives;
e) includes a commitment to satisfy anti-bribery management system requirements;
f) encourages raising concerns in good faith, or on the basis of a reasonable belief in confidence,
without fear of reprisal;
g) includes a commitment to continual improvement of the anti-bribery management system;
h) explains the authority and independence of the anti-bribery compliance function;
i) explains the consequences of not complying with the anti-bribery policy
5.2 Anti-bribery policy
31. 6. Planning
6/10/2021 ISO 37001 Webinar
31
6.1 Actions to address risks and opportunities
When planning for the anti-bribery management system, the organization shall consider the issues referred
to in 4.1, the requirements referred to in 4.2, the risks identified in 4.5, and opportunities for improvement
6.2 Anti-bribery objectives and planning to achieve them
The organization shall establish anti-bribery management system objectives at relevant functions and
levels
32. 7. Support
6/10/2021 ISO 37001 Webinar
32
7.1 Resources
7.2 Competence
7.2.1 General
7.2.2 Employment process
7.3 Awareness and training
7.4 Communication
7.5 Documented information
7.5.1 General
7.5.2 Creating and updating
7.5.3 Control of documented information
33. 7. Support
6/10/2021 ISO 37001 Webinar
33
In relation to all of its personnel, the organization shall implement procedures such that:
- require personnel to comply with the anti-bribery policy and ABMS
- personnel receive a copy of, or are provided with access to, the anti-bribery policy and training
- enable it to take appropriate disciplinary action against personnel who violate the anti-bribery policy or
ABMS
- personnel will not suffer retaliation, discrimination or disciplinary action
1) refusing any activity with bribery risk; or
2) concerns raised or reports made in good faith
In relation to all positions which are exposed to more than a low bribery risk the organization shall
implement procedures such that:
- due diligence is conducted on persons before they are employed or transferred
- performance bonuses, performance targets and other incentivizing elements of remuneration are
reviewed periodically
confirming their compliance with the anti-bribery policy.
7.2.2 Employment process
34. 8. Operation
6/10/2021 ISO 37001 Webinar
34
8.1 Operational planning and control
8.2 Due diligence
8.3 Financial controls
8.4 Non-financial controls
8.5 Implementation of anti-bribery controls by controlled organizations and by business associates
8.6 Anti-bribery commitments
8.7 Gifts, hospitality, donations and similar benefits
8.8 Managing inadequacy of anti-bribery controls
8.9 Raising concerns
8.10 Investigating and dealing with bribery
35. 8. Operation
6/10/2021 ISO 37001 Webinar
35
Where the organization’s bribery risk assessment, as conducted in 4.5, has assessed a more
than low bribery risk in relation to:
a) specific categories of transactions, projects or activities,
b) planned or on-going relationships with specific categories of business associates, or
c) specific categories of personnel in certain positions (see 7.2.2.2),
the organization shall assess the nature and extent of the bribery risk in relation to specific
transactions, projects, activities, business associates and personnel falling within those categories.
This assessment shall include any due diligence necessary to obtain sufficient information
to assess the bribery risk. The due diligence shall be updated at a defined frequency, so that
changes and new information can be properly taken into account
8.2 Due diligence
36. 9. Performance evaluation
6/10/2021 ISO 37001 Webinar
36
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
9.3.1 Top management review
9.3.2 Governing body review
9.4 Review by anti-bribery compliance function
37. 9. Performance evaluation
6/10/2021 ISO 37001 Webinar
37
The anti-bribery compliance function shall assess on a continual basis whether the anti-bribery
management system is:
a) adequate to manage effectively the bribery risks faced by the organization;
b) being effectively implemented.
c) The anti-bribery compliance function shall report at planned intervals, and on an ad hoc basis,
as appropriate, to the governing body (if any) and top management on the adequacy and
implementation of ABMS, including the results of investigations and audits
9.4 Review by anti-bribery compliance function
38. 10. Improvement
6/10/2021 ISO 37001 Webinar
38
10.1 Nonconformity and corrective action
10.2 Continual improvement
Annex A (informative) Guidance
39. ISO 37001 requirements for documented information
6/10/2021 ISO 37001 Webinar
39
4.3 Determining the scope of the anti-bribery management system
4.5 Bribery risk assessment
5.2 Anti-bribery policy
6.2 Anti-bribery objectives and planning to achieve them
7.2.1 Competence, General (records)
7.2.2 Competence, Employment process (records – declaration)
7.3 Awareness and training
8.1 Operational planning and control Explicitly
(8.2 Due diligence, 8.6 Anti-bribery commitments, 8.7 Gifts, hospitality, donations and similar benefits)
9.1 Monitoring, measurement, analysis and evaluation (records)
9.2 Internal audit (records)
9.3.1 Top management review (records)
9.3.2 Governing body review (records)
10.1 Nonconformity and corrective action (records)
40. Thank you for attending this webinar
TÜV Rheinland Asia
Ms. Dian Susanty Soeminta
General Manager – Systems
dian.soeminta@tuv.com
Let’s get connected and follow our channels!
Insights.tuv.com
@tuvcom_asia
TÜV Rheinland
Ms. Rahmawati Noor
Senior Manager (QM & HSE)
rahmawati.noor@tuv.com
Ms. Nelly Yong
Vice President (Systems), APAC
Nelly.Yong@tuv.com