New Anti-Bribery Management Systems Standard
A new anti-bribery management systems standard (ISO 37001) is scheduled to be issued in October 2016 by the International Organization for Standardization (ISO), which is made up of the national standards bodies of 163 member countries. According to the ISO 37001 draft standard summary, ISO 37001 “specifies a series of measures” to help organizations “prevent, detect and address bribery, and [that] provides guidance in relation to their implementation.”
The draft standard summary also states that ISO 37001 is a Type A requirements standard, which means that third parties can certify an organization’s compliance with it.
However, as consultants William Marquardt and David Holley note in a Global Anticorruption Blog post about the draft standard:
it is not yet clear how much weight regulators (or the market) will place on an ISO 37001 certification. . . . Moreover, the current ISO 37001 lacks clarity on a key question: Will the ISO certification focus narrowly on the existence of the formal elements of an effective ABC [anti-bribery and corruption] program, or will the certification process include an evaluation of whether the program is operating effectively?
Marquardt and Holley also write that:
the proposed ISO standard provides a number of sound recommendations – such as a comprehensive, risk-based approach, as well as management commitment to promoting an ethical corporate culture.
On the FCPA Blog, Kristy Grant-Hart, the managing director of a consulting company that plans to offer certification, asks: “Why wouldn’t you certify your anti-bribery program?” She expects that by going through the process of certification, organizations will be doing things that naturally lead to the mitigation of the risk of prosecution, such as:
- Performing a proper risk assessment and implementing/validating controls
- Ensuring that training is provided to at-risk individuals
- Getting policy and procedures documentation in order
- Creating and maintaining a due diligence process
- Obtaining support for the program from the top and management
FCPA Case: Nu-Skin Enterprises
A recent Securities and Exchange Commission (SEC) anti-bribery settlement brings home the point that companies may be at the risk of prosecution even when they have an ABC policy and require employees to follow it.
Nu Skin Enterprises, Inc., a corporation headquartered in Utah (Nu Skin US), had a wholly owned subsidiary that was incorporated in China (Nu Skin China). Nu Skin China faced penalties under Chinese law for having a promotional meeting in a city in which the company was not licensed to do business.
Facing a fine of about $431,088, Nu Skin China decided make a donation of about $154,000 to a charity affiliated with a communist party official, in exchange for the official’s intervention in the investigation. It also obtained a US college recommendation letter for the official’s child. Two days after the donation, Nu Skin China learned that it would not be charged or fined.
Nu Skin China had informed Nu Skin US of the donation, but it failed to disclose the relationship between the investigation and the donation and request for a recommendation letter. Nu Skin US knew that a large donation in China could pose Foreign Corrupt Practices Act (FCPA) risks, so it advised Nu Skin China to consult with outside US legal counsel based in China to ensure that the donation complied with the FCPA. The outside counsel recommended that Nu Skin China add anti-corruption language to the written donation agreement. The language was added to a draft of the agreement but was removed from the final version. Nu Skin US wasn’t aware that the language was removed.
The SEC charged Nu Skin US for a violation of the books and records provision of the FCPA because the payment to the charity was described on Nu Skin China’s expenditures paperwork as a donation rather than as an improper payment to obtain the party official’s influence. Nu Skin US also violated the internal controls provision because it failed to maintain a reasonable system of internal counting controls over its operations in China.
Nu Skin US proposed a settlement of $765,688, including $431,088 in disgorgement (for the fine it didn’t pay for its violations in China), a penalty of $300,000, and interest. In deciding to accept Nu Skin US’s offer in September 2016, the SEC favorably considered the remedial acts that Nu Skin US promptly undertook and its cooperation with SEC staff.
Use of ISO 37001 in Various Countries
In the draft standard summary, the ISO says that ISO 37001 can be used in any country: “It is designed to aid compliance by the organization both with international good practice and with the relevant antibribery legal requirements in all countries in which the organization operates.”
Creating a uniform anti-bribery standard solves that problem that organizations face when operating in several countries is that actions that are legal in one country might not be legal in another. As Dulcie J. Foster of the Fredrikson & Byron law firm writes, the draft standard allows certified companies to skip requirements that “conflict with, or [are] prohibited by, any applicable law.” Foster points out that ISO 37001 allows anonymous reporting and that although “anonymous hotlines are widely used throughout the U.S., such systems violate the data protection laws of a number of countries in Europe.”
As Foster concludes, “Whether ISO 37001 becomes widely used or not, it underscores the global trend against corruption even in countries where bribery is culturally engrained.” This trend against corruption is evident in the FIFA litigation that’s been going on for the past few years. Whether or not a company chooses to certify its anti-bribery program, the new standard provides guidelines and an opportunity to combine compliance with company culture.
Note: The final standard was published on October 15, 2016.