37001 CABCM Training

  • The business case for a formal Anti-Bribery Management System (ABMS)

    7 StepsAs business becomes more globalized, organizations are faced with new challenges and opportunities. Part of this new environment is compliance with newly emerging anti-bribery and anti-corruption laws, such as the US Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, Canada’s Corruption of Foreign Public Officials Act, Mexico's General Law of Administrative Accountability and Model Program for Corporation Integrity, Russia's Federal Anti-Corruption Law No. 273, and several others in France, Germany, China, and Brazil just to name a few.

    International development and enforcement of new anti-bribery and corruption (ABC) laws and guidelines is not an ad-hoc coincidence. As of August 2017, 43 countries have committed to implementing the recommendations and requirements of the OECD Anti-Bribery Convention. 140 Countries have committed to the United Nations' Convention against Corruption. This means that adoption and rigorous enforcement of anti-bribery and anti-corruption programs and best practices is already well-established, and is growing stronger by the day. 

    While each of these laws and conventions are somewhat different in scope and reach, the corrupt activities they prohibit are similar. “Bribery” involves improper inducement and occurs when something of value is offered or accepted in order to influence a transaction or encourage improper or illegal behavior. “Corruption” involves dishonest or illegal behavior achieved through unethical means, such as bribery. To ensure that bribery and corruption are minimized, a common requirement of these laws is for an organization to establish and maintain a formal anti-bribery and anti-corruption (ABC) management program (system). Failure to establish such a system puts public and private sector organizations and their employees at risk of incurring severe fines or even criminal prosecution. Today, a formal ABC compliance program is simply a mandatory requirement for all organizations, public or private. In fact, many organizations no longer purchase from a vendor, supplier, or contractor that doesn't have evidence of a formal Anti-Bribery Management System (ABMS) fulfilling local, national, and even international ABC compliance requirements. 

    Strict enforcement of UK's Bribery Act of 2010 (examples here) is now in the news quite frequently, so it is also natural that any UK organization, citizen,  or even UK resident will be particularly sensitive to the need to show due diligence in having an ABMS to prevent, detect, and correct bribery and corruption. Not a UK organization or citizen? You might need to comply with UK's bribery Act anyway. If your organization buys from or provides products or services to any UK organizations or citizens anywhere in the world, expect to be required to show evidence of your own organization's ABMS to continue business with these UK organizations and citizens since they need to prove that the scope of their own ABMS includes their vendors and customers - everywhere they do business.

    Expect even more pressure to control bribery and corruption when doing business in Russia or with any Russian organization. On January 1, 2013, Russia amended its its Federal Anti-Corruption Law No. 273  with Article 13.3 to go beyond the reach of both the U.S. Foreign Corrupt Practices Act (FCPA) and the U.K. Bribery Act (UKBA) to require all corporations organized in Russia to develop anti-corruption compliance measures.

    Country by country, anti-bribery and anti-corruption laws and related enforcement is growing rapidly and more severely. And the growth is gaining momentum every year. If your organization wants to continue to conduct business in this new era necessitating proof of compliance with existing and emerging regulatory and legislative anti-bribery requirements, it should invest in developing and maintaining an ISO 37001-certified anti-bribery management program. The alternative is losing B2B business, or even potentially paying huge fines and penalties for failing to practice anti-bribery and anti-corruption due diligence.

    The new standard for an Anti-Bribery Management System (ABMS) - ISO 37001

    While organizations critically need to prove due diligence in preventing, detecting, and correcting bribery and corruption, the dilemma is that there has not been a universally-recognized standard of exactly what a sufficient ABC program would entail. Until now. As of October 2016, there is a new global standard for anti-bribery and corruption (ABC) management systems, made available by the International Organization for Standardization. With the new ISO 37001 standard, "Anti-bribery management systems - Requirements with guidance for use," it means there is now an internationally recognized set of best practices to prevent and detect bribery. Moreover, these best practices are auditable and can be ISO certified. The standard is designed for use in both public-sector and private-sector organizations. Expect to see early widespread international adoption by the public sector, which will subsequently drive private-sector organizations wanting to do business with them to become certified to the same standard. Even if your organization already has an ABC program, it should immediately perform an audit against the new ISO 37001 standard to ensure that all details are addressed and compliant. After all, ISO 37001 will likely determine the minimum of what your organization's customers, regulators, and suppliers will expect of your program.

    Even if you feel your ABM program covers all of the new ISO 37001 requirements, and can claim such as fact, how do you prove it to your organization's stakeholders? Going through a fresh review/audit every time someone asks? A better alternative is having your organization's ABMS certified to ISO 37001 so it can easily provide third-party assurance of its ABC program. Although ISO 37001 does not bring any amazingly fresh best practices to the table regarding bribery and corruption control, ISO 37001 certification is the single best solution for getting credible third-party assurance and validation of your organization's ABC management system - which is a critical business need today. Certification to ISO 37001 will become essential for companies wanting to do public-sector work, and we will see it quickly permeate through industry commercial sectors as well. Companies not certified will be at a substantial disadvantage in the near future.

    Where to go from here

    1. Get a better understanding of your organization's business and legal requirements for having an ABMS.

    2. Get your team trained to design and implement an ISO 37001-conforming ABMS.
      You can't get your organization to establish, operate, and maintain an ISO 37001 ABC management system without understanding ISO 37001's requirements, and how to establish proper strategy, policy, roles/responsibilities, and procedures to support ISO 37001's requirements. All of the international laws, regulations, and requirements mentioned above require a system that is integrated and managed throughout the organization, not just from a single compliance manager's desk. The very ISO 37001 standard in question requires the same. This means your organization needs to get its entire management team properly trained with a course that will give them more than just awareness. They need a workshop course that will give them direction and tangible support with developing ISO 37001 policies and procedures. Such training can be phased, but be sure to start with the governing function and c-level management first. After all, they are the people accountable for ensuring the organization is fulfilling its obligations to internal and external stakeholders, and they are also the only people with sufficient authority to decide upon ABM scope, requirements, resourcing, and roles/responsibilities to be assigned. ISO 37001 requirements begin with "Leadership" from the top, so these are the people who need to get involved first.

    3. Plan and design an ISO 37001-conforming ABMS. 
      1. Articulate and document the ABM system's architecture and strategy into a organization function-level policy. The initial policy will define strategic requirements and related objectives, scope, and roles/responsibilities/accountabilities.
      2. Develop the protocols (procedures) to fulfill the ABM management system's requirements

    4. Implement the agreed-upon policy and protocols.

    5. After the program is established and has been in practice, it needs to be audited to ensure it is performing according to design and is fulfilling policy requirements as desired.

    6. Maintain and improve the system by reviewing audit findings to identify opportunities for improvement, and then acting on those opportunities with plans of remedy.

    7. Arrange for an ISO 37001 certification audit with an ISO certification body accredited to perform ISO 37001 certification audits.
  • Strategy & Policy Workshop: ISO 37001 Anti-Bribery and Corruption Management (5-Days)

    Day 1

    Introduction to today's business legal context driving the need for a formal anti-bribery and corruption system

    • How are bribery and corruption fully defined?
      • Official bribery versus commercial bribery
      • Typical examples
    • High-level comparative overview of laws and regulation requiring a formal Anti-Bribery and Corruption Management System
      • OECD Convention Anti-Bribery Convention
      • United Nations Convention against Corruption
      • United States - Foreign Corrupt Practices Act (FCPA)
      • United Kingdom - Bribery Act
      • Canada - Corruption of Foreign Public Officials Act (CFPOA)
      • Mexico's General Law of Administrative Accountability and Model Program for Corporation Integrity
      • France - Sapin II
      • Germany - German Administrative Act
      • Russia - Federal Anti-Corruption Law No. 273, Article 13.3
    • Overview of how the ISO 37001 standard provides a common framework for a program that fulfills differing international requirements for bribery and corruption control

    Establishing, managing, and performing anti-bribery and corruption controls

    • Introduction to ISO 37001, "Anti-bribery management systems - requirements with guidance for use"
      • The Plan-Do-Check-Act (PDCA) process approach
      • Overview of integrating an ISO 37001-certified anti-bribery management system into the organization's comprehensive enterprise risk management system
    • Establishing the Anti-Bribery and Corruption (ABC) Management System (ISO 37001 Clauses 4 - 5)
      • Determining internal and external business context drivers that form ABC strategic requirements, goals, and objectives
      • Determining the scope of the ABC management system
      • Defining the ABC management system
      • Performing bribery and corruption risk assessment (Inherent risk assessment + operational risk assessments + ongoing risk monitoring)
        1. risk identification
        2. risk analysis
        3. risk evaluation (impact assessment)
      • Establishing top-down ABC system leadership
        1. Leadership requirements for top management
        2. Establishing a formal ABC system policy defining the ABC system goals (what it will accomplish) based upon internal and external context requirements (Soft-copy policy template available)
        3. Establishing appropriate roles and responsibility throughout the organization to detect, investigate, and correct potential bribery and corruption
          • Establishing a formal ABC compliance function in accordance with local, national, and international requirements

    Day 2

    Establishing, managing, and performing anti-bribery and corruption controls, continued

    • Establishing top-down ABC system leadership
      • Leadership requirements for top management
      • Establishing a formal ABC system policy defining the ABC system goals (what it will accomplish) based upon internal and external context requirements requirements (Soft-copy policy template available)
      • Establishing appropriate roles and responsibility throughout the organization to detect, investigate, and correct potential bribery and corruption
        1. Establishing a formal ABC compliance function in accordance with local, national, and international requirements
    • Planning the ABC Management System (ISO 37001 Clause 6)
      • Planning the ABC goals to align with defined business context requirements and system (ABC risks and opportunities)
      • Planning ABC objectives to fulfill ABC system goals and requirements
    • Supporting the ABC Management System (ISO Clause 7)
      • Properly budgeting and supporting the ABC management system
      • Establishing and validating appropriate ABC Management System competence and skills (ISO Clause 7)
        1. General competence and skills development, validation, and maintenance for top and senior management for ABC System Management
        2. Employment process requirements
      • General Awareness and training requirements for all staff
      • Communication requirements
      • Documentation requirements

    Day 3

    Establishing, managing, and performing anti-bribery and corruption controls, continued

    • Integrating ABC into Operations (ISO 37001 Clause 8)
      • Developing and implementing operational planning and control processes to fulfill planned ABC objectives, goals, and requirements
      • Performing ABC due diligence 
      • Implementing financial ABC controls
      • Implementing non-financial ABC controls throughout the organization, including (but not limited to) procurement, operations, sales, commercial, human resources, and regulatory activities
      • Establishing upstream ABC requirements for vendors and suppliers
      • Establishing formal ABC incident response measures
      • Establish operational policies and procedures preventing bribery
      • Continuously monitoring ABC control effectiveness
      • Establishing a ABC tip program to facilitate ABC risk identification
      • Investigating suspected ABC incidents, or even ABC vulnerabilities

    Day 4

    Measuring the performance and effectiveness of the ABC Management System and ABC Controls (ISO 37001 Clause 9)

    • Internal audit requirements
    • Management review requirements
    • Governing body / Board of Directors review requirements
    • ABC Compliance function review requirements

    Continuous improvement and corrective action (ISO 37001 Clause 10)

    Break-out Class Lab: ABC Management System Gap Assessment

    Day 5

    Understanding typical high-risk areas for bribery and corruption

    • Procurement Corruption / Facilitation and Extortion Payments
      • Bribery
      • Kickbacks
      • Improper gratuities
      • Bid rigging
    • Sales corruption
      • Selling product discounts
      • Fraudulent sales and/or debt write-off/release
    • Conflict of Interest Schemes
      • Shell companies
      • Business diversions

    Training Certificate of attendance (32 CPE) awarded

    Optional Online Certification Exam (Student laptop required)

    • Online practice exams provided throughout the week for live instructor-led classes
    • Participants successfully completing the training and the corresponding certification exam will be awarded a professional certificate for "Certified ISO 37001 Anti-Bribery & Corruption Manager"


    * ISO Standards are NOT included in this management system and compliance training, nor are provided in class. Students are encouraged to bring their own hard-copies of the standards to the class. ISO standards are available for purchase at www.iso.org.

  • CABCM 250

    As an organizational governor, executive, or manager you need to ensure the organization minimizes and controls potential bribery and corruption as managers conduct business. You also need to ensure the organization complies with existing and emerging legislative requirements for establishing, operating, and maintaining an effective anti-bribery and anti-corruption management system aligned to the international standard of ISO 37001. Earning the CFCM™ certification will give you the credential and proof of competence the standard requires, and will ensure you understand how to integrate ISO 37001 best practices into your portfolio of job responsibilities.


    ISO 37001 CABCM™ Certification Details

    Getting IRMCB standardized training and taking certification exams

    IRMCB courses are delivered by Authorized Training and Education Centers (ATECs) in standardized live and online formats. Select ATECs are also authorized to proctor exams and issue certificates.

    Authorized Training and Education Center


    Authorized for Live Instructor-Led Training

    Authorized for Web-Based Training

    Authorized exam center

    Certified Information Security

    United States