Developing Effective Compliance Management Systems in China: ISO Tim Klatte 01 February 2018 Shanghai, China

Similar documents
ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

British Standard BS Specification for an Anti-bribery Management System. Summary

An Overview of ISO Anti-Bribery Management System Standard

HOW TO DEVELOP A SUCCESSFUL JOINT-VENTURE IN ASIA. is a business unit of

Metso Code of Conduct

Anti-bribery management systems Requirements with guidance for use

Committee on Anti-Corruption (CAC) Lima, Peru 2016 An overview of ISO Anti-bribery management system standard

Introduction to ISO 14001:2015

Fraud in focus March Fraud & Corruption in the Victorian Public Sector learnings and insight for 2017 and beyond

Why Care? 因何关注. Thoughts for the two great economic superpowers and those who aspire to such power 有关两个经济超级大国及其追随者的思索

Industry insight and global experience: the intelligent connection

Design of demand-oriented vocational education for modern structures of production and service

ATTACHMENT C CORPORATE COMPLIANCE PROGRAM

BSCI Audit Summary Report

German Business in China Greater Shanghai Innovation Survey 2017

ISO 14001: 2015 Environmental Gap Analysis

ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns

ESTERLINE ANTI-CORRUPTION PROGRAM CHARTER

MegaFon has a zero-tolerance policy towards corruption of all kinds.

solutions for a digital world:

Global Supplier Code of Conduct

Conformity and Certification against ISO 55001

ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS

Business Partner Code of Conduct

International Comparison of Product Certification and Verification Methods for Appliances

Moving from ISO/TS 16949:2009 to IATF 16949:2016. Transition Guide

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

Global Supplier Code of Conduct

HAVYARD GROUP ASA Code of Conduct for Business, Ethics and Corporate Social Responsibility

MODERN SLAVERY ACT TRANSPARENCY STATEMENT2018

Audit & Risk Committee (Ad hoc) Committee

REGULATORY HOT TOPIC Third Party IT Vendor Management

Groupe PSA Responsible Purchasing Policy

Risk and risk management

ISO 37001:2016 ANTI-BRIBERY MANAGEMENT SYSTEMS. An initiative to strengthen the Corporate Integrity

CODE OF CONDUCT. Document Management

Public Procurement Reforms to enhance value for money

Alfa Financial Software Holdings PLC Terms of Reference of The Audit and Risk Committee of The Board of Directors of The Company

Analysis of ISO 9001:2015 against the ICoCA Certification Assessment Framework

LABOUR STANDARDS ASSURANCE SYSTEM MANUAL

OUR POLICY ON SLAVERY AND HUMAN TRAFFICKING

Code of Conduct Trans Adriatic Pipeline AG

Issue The University is required to comply with the Concordat to Support Research Integrity by the end of as a condition of the HEFCE grant.

QCC Global Ltd. United Nations Global Compact. Communications on Progress. From May 2016 to May QCC Keeping your business, your business

Code of Business Conduct September 2016

Governance Committee Terms of Reference

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

COMPLIANCE AT LARGER INSTITUTIONS. November 11 13, Robert F. Roach Chief Compliance Officer New York University

Governance Committee Terms of Reference

4.1. The quorum necessary for the transaction of business shall be two members.

Terms of Reference - Audit Committee

China Airlines Ltd. Ethical Corporate Management Best Practice Principles

Supplier Code of Conduct

ADES International Holding Ltd (the Company )

Supplier Code of Conduct

TAG Certified Against Fraud Guidelines. Version 1.0 Released May 2016

Sustainable Urban Transport Development in China

Henkel s Compliance Management System (CMS)

Supplier Code of Conduct

ISO 9000 Certification

Acting for responsible sourcing in our supply chain Code of Business Conduct for Suppliers

The Hotelbeds Group Supplier Code of Conduct. Guidance for suppliers to Hotelbeds Group and its subsidiaries ( Hotelbeds Group )

npliance IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION Auditing for

Marketing Communication Training

Assessments on the competency model of senior managers of family firms in China

McKesson at-a-glance America s oldest and largest healthcare services company

"Finnair" and "Finnair Group" as used herein refer to Finnair Plc and its subsidiaries.

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

ISO 9001:2000 What does it mean in the supply chain?

Risk type Specific risk Explanation Mitigation approach. SKF customers ability to pay can have an impact on the financial result of the Group.

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE. Approved February 2016

Corporate Governance Framework

Slide 3 ISO How will the Context of an Organisation determine whether they accept it or reject it?

Responsible Procurement policy

BOARD CHARTER JUNE Energy Action Limited ABN

Ethical Code. Fondazione Pirelli Hangar Bicocca 1

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

4.1. The quorum necessary for the transaction of business shall be two members.

Social Re-Audit Report

Risk Management Briefing

AS/NZS 4801 and OHSAS Your implementation guide

Audit Committee Annual Report. Report of the work of the Audit Committee during 2014/15

Audit and Risk Committee Charter

CONFLICT OF INTEREST POLICY

EA-7/04 Legal Compliance as a part of accredited ISO 14001: 2004 certification

Corporate Social responsibility (CSR)

ISO22313: Your Ultimate Guide for Establishing a Business Continuity Management System

CORPORATE SOCIAL RESPONSIBILITY CHAPTER 12

ANTI-MONEY LAUNDERING SERVICES EXPERTS WITH IMPACT

STC s Supplier Code of Conduct

AALTO UNIVERSITY CODE OF CONDUCT

Internal Audit. Audit of Procurement and Contracting

A practical guide to ISO 14001:2015

Slavery and Human Trafficking Statement 2016

Business Management System Manual Conforms to ISO 9001:2015 Table of Contents

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

The Organisation of Nuclear Installations ENSI-G07. Guideline for Swiss Nuclear Installations. July 2013 Edition

ON ARM S LENGTH. 1. Introduction. 2. Background

Developing Effective Anti-Corruption Ethics and Compliance Programmes. Sven Biermann

25 D.L. Martin Drive Mercersburg, PA (717)

Transcription:

Developing Effective Compliance Management Systems in China: ISO37001 Tim Klatte 01 February 2018 Shanghai, China

Today s Discussion 02 08 Introducing ISO37001 Its Benefits & Misconceptions 12 Case Studies 18 Closing Thoughts and Q&A 21 Appendix: Seven Compliance Areas 1

Introducing ISO37001 2

What is ISO? An independent, non-governmental organization A global network of national standards bodies with one member per country Coordinated by a Central Secretariat in Geneva, Switzerland. Non-profit Organization Provides a platform for developing practical tools through common understanding and cooperation with all members * Numbers current as of 13 October 2017 2017 Grant Thornton 致同 2017 3

What is ISO 37001? ISO 37001 has been a closely monitored standard throughout it's development and it's publication opens up a new perspective on Anti- Bribery and Anti-Corruption (ABAC) compliance: Published on 15 October 2016 after several years of development by 41 countries including China, India, Mexico, UK, and the United States; Lays out a framework for establishing a strong anti-bribery program that is reasonable and proportionate according to the company's bribery risks; Designed to be used by small, medium, and large organization in the public, private, and non-profit sectors; ISO 37001 moves beyond the U.S. and UK-centric anti-corruption guidelines that are industry standards. ABAC Game Changer: first time ever, companies can certify their anti-bribery program under a global standard (37001) 2017 Grant Thornton 致同 2017 4

What is an Anti-Bribery Management System? A system that is designed to instill an anti-bribery culture within a company and implement proper controls, which as a result will increase the chances of detecting bribery and reduce its incidence in the first place. ISO 37001, Anti-Bribery Management Systems Requirements with guidance for use, gives the requirements and guidance for establishing, implementing, maintaining and improving an anti-bribery management system; System can be independent of, or integrated into, an overall system. Covers bribery in public, private and not-for-profit sectors; Includes bribery by and against an organization or its employees, and bribery paid or received through a third party; Bribery can take place anywhere, be of any value and can involve financial or non-financial advantages or benefits. 2017 Grant Thornton 致同 2017 5

ISO 37001 FRAMEWORK ISO 37001 Framework 7 Compliance Areas 1 2 3 4 5 6 7 Organization Leadership Planning Support Operation Performance Improvements ISO 37001: Anti-Bribery Management System 2017 Grant Thornton 致同 2017 6

ISO 37001 Development Process ISO 37001 was developed by a Project Committee established by ISO in 2013. The committee comprised experts from the 35 participating countries (includes China), 22 observing countries and 8 liaison organizations. New Work Item Proposal (NWI) 2nd Working Draft (WD2) 2nd Committee Draft (CD2) ISO 37001 was published formally 1st Working Draft 1st Committee Draft International (WD1) Draft (CD1) Standard (DIS) 2013-06 London 2014-03 Madrid 2014-09 Miami 2015-03 Paris 2015-09 Kuala Lumpur 2016-05 Mexico 2016-10-15 Geneva 2017 Grant Thornton 致同 2017 7

Its Benefits & Misconceptions 8

BENEFITS Benefits of ISO 37001 Certification Good Governance The global standard is a way to achieve good governance and the companies commitment to compliance. Presenting an ISO 37001 certification will help in showing the enforcement agencies that the company is taking action to mitigate these bribery risks. Government Enforcement Agencies Competitive Advantage Companies want to engage with ethical 3 rd parties and the ISO 37001 certification will be one mechanism for the 3 rd party to demonstrate that they operate with integrity and ethical reputation. Certification will provide assurances that the controls that were implemented in emerging markets are working, as these countries are considered the riskiest in the world for anti-bribery purpose. Mitigate Risks 2017 Grant Thornton 致同 2017 9

ISO 37001 Misconceptions #1 ISO 37001 is a race to the bottom It provides a high-water mark where firms must meet global standards including rigorous requirements & documentation to obtain certification. While a company must be recertified every 3 years, they must also undergo a smaller annual audit to show continuous improvement. #2 ISO 19600 and ISO 37001 are equivalent While both relate to the compliance community, the standards are completely different. ISO 19600 does not provide specific guidelines to anti-bribery systems and is also not certifiable. Companies can use this standard to evaluate and establish compliance programs, but certification is not available. In addition, ISO 37001 is the first and only ISO international standard relating to compliance programs and anti-bribery mgmt systems. 2017 Grant Thornton 致同 2017 10

ISO 37001 Misconceptions #3 Anyone can certify ISO 37001 ISO strongly recommends using qualified certification bodies that adhere to certain standards. Companies using an unqualified certifier do so at their own risk. If a company is looking for certification, then they should look for a certifier that follows the requirements of ISO 17021-01 and 17021-09 and that uses auditors who have expertise in compliance programs and anti-bribery practices. #4 ISO 37001 is only good for certification ISO 37001 is an excellent tool for benchmarking a program, conducting a gap analysis to fix the holes in a compliance program, and for internal auditors to gauge the effectiveness of a company s anti-bribery program s effectiveness. 2017 Grant Thornton 致同 2017 11

Case Studies 12

ISO 37001: Anti-bribery management systems Case Study #1 Singapore SS ISO 37001: Singapore Implementation Main objective is to help Singapore s companies strengthen their anti-bribery compliance systems and processes to global standards. This is necessary to increase trust and confidence in their products and services and boost their competitiveness in global markets. Adopted standard on 12 April 2017 and will have developed an accrediation scheme for certification bodies providing SS ISO 37001 certification services by the end of 2017. SPRING Singapore and CPIB released joint statement saying ISO 37001 is based on internationally recognized good practices [and] provides guidelines to help Singapore companies strengthen their anti-bribery compliance systems and processes to ensure compliance with anti-bribery laws. Will help Singapore firms manage corruption risk when they continue to expand overseas. 2017 Grant Thornton 致同 2017 13

ISO 37001: Anti-bribery management systems Case Study #1 Singapore SS ISO 37001: Specific Requirements The SS ISO 37001, similar to ISO 37001, specifies requirements for: 1. top management leadership and commitment; 2. anti-bribery policy and procedures, as well as relevant training to personnel; 3. third party risk assessments and due diligence; 4. financial, procurement, commercial and contractual controls; 5. reporting, monitoring and investigation procedures; 6. appropriate remedial measures and continual monitoring and improvement; 7. oversight by a compliance manager or function 2017 Grant Thornton 致同 2017 14

Awareness Case Study #2 Peru ISO 37001: Peru Implementation On 5 April 2017, Peru was the first country in Latin America to adopt the voluntary standard ISO 37001. The major motivation being the discovery of massive corruption in the private and public sector all over South America, most notably the major construction company Odebrecht. Peru lost an estimated 3.94 billion USD to corruption in 2015 as a result misappropriation of public funds, collusion and bribery. Adopting the ISO 37001 standard was a pivotal move to decrease corruption and gain traction on international business opportunities. Implementation Challenges Completing accreditation scheme for private firms in 2 months at the latest. Promoting the ISO 37001 standard to the private sector. Implementing the standard as a requirement for the public sphere. 2017 Grant Thornton 致同 2017 15

Case Studies #3 & #4 U.S. Corporations Walmart On 3 May 2017, Wal-Mart began looking for a 3rd party to certify them in ISO 37001. By getting certified by an international program, this will help companies defend against isolated cases of corruption or poor business practices. Wal-Mart has invested more than 141 million USD on global ethics and their compliance system. By adopting the standard, Wal-Mart will lead the way for American companies as the standard begins to gain traction internationally. Microsoft Announced that it will be the first American and first multinational company to try and adopt the anti-corruption compliance program to the new international anti-bribery standard, ISO 37001. Currently searching for independent and accredited third party that will perform deep analysis of current program and ensure it satisfies criteria of new standards. As a global company, Microsoft has 120,000 employees in more than 190 countries. David Howard, Corporate VP & Deputy GC, Litigation, Competition law and Compliance for Microsoft states that ISO 37001 will be, A common consistent and rigorous standard for anti-bribery will cut across countries, industries and all segments of the value chain. 2017 Grant Thornton 致同 2017 16

Case Study #5 UK Corporation London-based CPA Global announced it has already implemented ISO 37001 With operations in over 190 countries, CPA Global manages IP for other businesses, resulting in a large part of their company consisting of local law firms acting as agents of CPA Global. ISO 37001 is ideal for this European company as it needs an anti-bribery system non-us individuals can understand and respect. As ISO is more popular in Europe than America, it makes this new anti-bribery system easier to merge with older standards and systems already in place, such as the 31000 standard for risk management. CPA Global demonstrates the flexibility of this new standard as companies of different size, location and prior systems can adopt it. CPA Global s certification is good for 3 years Compliance program will get annual reviews until re-certification In 2020 process starts again. 2017 Grant Thornton 致同 2017 17

Closing Thoughts 18

Awareness In Closing 64% 56% of companies are of companies felt this more likely to certification would conduct business effect the amount of with a third party that DD they conducted is 37001 certified. on a third party. 2017 Grant Thornton 致同 2017 19

Questions? 20

Appendix: The Seven Compliance Areas of ISO37001 21

ISO 37001 FRAMEWORK Framework of This New Standard Organization Leadership Planning Support Operation Performance Improvements Understanding the organization, expectations of stakeholders, scope, system and bribery risk assessment Governing body, anti-bribery policy, compliance function roles and responsibilities Address risks and opportunities, compliance objectives and planning of activities Resources, competences, awareness and training, communication and documentation Due diligence, controls, anti-bribery commitments, gifts, hospitality and donations, raising issues and investigations Monitoring, measurement, analysis and evaluation, internal audit and reviews Nonconformity and corrective action and program improvement

ISO 37001 FRAMEWORK Framework of This New Standard Specific requirement and benchmarks of the Standard The standard was developed as a guideline for best practice All companies which are already certified will need to be re-certified every 3 years, provided that annual audits are completed Key points to be noted in regards to each area of the framework is discussed below

ISO 37001 FRAMEWORK Framework of This New Standard Organization Understanding the organization, expectations of stakeholders, scope, system and bribery risk assessment Understanding the organization: There are many external and internal issues which will affect the organization s ability to achieve its anti-bribery objective. Such factors include: the size and structure, the location and sector of the organization, the nature, scale and complexity of the organization, nature and extent of interaction with public officials, applicable statutory, regulatory, contractual and professional obligation and duties, and etc. Organisation Expectations of stakeholders: The organization must distinguish between mandatory requirements and the non-mandatory expectations of stakeholders Organizations must document, implement, maintain and continually review their system once established Scope: The system may be used as a standalone or part of an integrated system. The scope should cover facilitation and extortion payments

ISO 37001 FRAMEWORK Framework of This New Standard Organization Understanding the organization, expectations of stakeholders, scope, system and bribery risk assessment System: The system should be set up so that measures can identify and evaluate risk, and also prevent, detect and respond to bribery Bribery risk assessment: The bribery risk level depends on the organization s risk appetite. The organization will be responsible for establishing their own criteria in regards evaluating bribery risk Organisation Organizations may choose a 3 tie criteria such as low, medium, high, or a more detailed approach Factors which were listed in Understanding the organization must be taken into consideration

ISO 37001 FRAMEWORK Framework of This New Standard Leadership Governing body, anti-bribery policy, compliance function roles and responsibilities According to the standard, the top management will need to demonstrate leadership and commitment with respect to the anti-bribery management system where a governing body does not exist In practice, it will be sufficient for the governing body to be knowledgeable about the content and operation of the system, and exercise reasonable oversight with respect to the adequacy, Organisation effectiveness and implementation of the system. Top management is required to establish, review and maintain the anti-bribery policy The top management can assign their responsibility to an anti-bribery compliance function. However, this does not free them of their overall responsibility for the implementation and compliance of the system Top management must ensure that the processes are implemented, monitored, and reviewed periodically

ISO 37001 FRAMEWORK Framework of This New Standard Planning Address risks and opportunities, compliance objectives and planning of activities When planning for the anti-bribery management system, the company must be reasonably assured that the system can achieve its objectives, while limiting any undesired effects Objectives and goals are to include both drivers at process level and results. Performance indicators are to be identified and monitored Organisation Questions that the organization must address include the following: 1. What will be done 2. What resources will be required 3. Who will be responsible 4. When the objectives will be achieved 5. How the results will be evaluated and reported 6. Who will impose sanction and penalties The objective of the system must be documented

ISO 37001 FRAMEWORK Framework of This New Standard Support Resources, competences, awareness and training, communication and documentation Resources: Provide sufficient human, physical and financial resource for the system to be established and function effectively Competence: The organization has to make sure that their staff are competent for their work The organization has to make Organisation sure that their employees are aware and will comply with the anti-bribery policy Where a position is exposed to more than a low bribery risk, due diligence should be conducted before the person is employed, performance evaluation and rewards need to be reviewed periodically, and declarations are to be held periodically Awareness and training: Training is to be provided to all employees, and business associate, at regular intervals. Training can be held online, or in person, and training must be documented

ISO 37001 FRAMEWORK Framework of This New Standard Support Resources, competences, awareness and training, communication and documentation Communication: Internal and external communication on anti-bribery management system are to be communicated based on: Information to communicate Timing of communication Speaker and audience Method of communication Language used Organisation The anti-bribery policy must be available to all employees and business associates Documentation: Documentation must be made available, be updated regularly, and adequately protected

ISO 37001 FRAMEWORK Framework of This New Standard Operation Due diligence, controls, anti-bribery commitments, gifts, hospitality and donations, raising issues and investigations Due diligence: When there is more than low bribery risk, due diligence must be carried out on transaction, projects, activities, business associates, and/or employees. When evaluating, factors to be considered include structure, nature and complexity, level of control and visibility, business associates and others involved, etc. Organisation Controls: Controls include both financial and non-financial controls, which should both be developed with an aim to reduce bribery risk Procedures shall be implemented in all organizations that the organization has control over Where the organization does not have control over the business associate, it will be ideal for the business associate to have equivalent controls implemented

ISO 37001 FRAMEWORK Framework of This New Standard Operation Due diligence, controls, anti-bribery commitments, gifts, hospitality and donations, raising issues and investigations Anti-bribery commitments: Should the business associate pose more than low bribery risk, the organization should require, where practicable, the business associate to commit to prevent bribery, preferably with commitment in writing Gifts, hospitality and donations: Best to avoid as far as possible Organisation any gifts, hospitality and donations Where gifts and hospitality is accepted, control on the extent and frequency of gifts should be established, along with advance approvals Steps should be taken to control any donations, sponsorships, promotional expenses and community benefits Raising issues and investigations: Raising issues: The organization should ensure that all personnel are aware of the procedure and encourage reporting in good faith Investigation: Investigation should be carried out in confidence

ISO 37001 FRAMEWORK Framework of This New Standard Performance Monitoring, measurement, analysis and evaluation, internal audit and reviews Organizations are suggested to periodically perform self-assessments to assess the effectiveness of the system Internal audit is to be done at a regular basis, usually annually. Audits should be reasonable, proportionate and risk based Organisation Reviews Compliance function: To review whether the system has been implemented effectively, and whether it can adequately manage bribery risk faced by the organization. This must be carried out at least annually Top management review: Top management must review the antibribery management system and decide on improvement opportunities and needs for change. All information is to be documented and reported to governing body Governing body review: Governing body is to review the system based on information provided by top management, or as they seen appropriate

ISO 37001 FRAMEWORK Framework of This New Standard Improvements Nonconformity and corrective action and program improvement Where nonconformity occurs, the organization must react promptly, take action and deal with the consequences The company must also evaluate, implement and review where appropriate, if any action needs to be take to prevent future incidences of nonconformity All incidences must be documented Organisation

2018 致同会计师事务所 ( 特殊普通合伙 ) 版权所有 致同会计师事务所 ( 特殊普通合伙 ) 是 Grant Thornton International Ltd( 致同国际 ) 在中国的成员所 Grant Thornton( 致同 ) 作为各成员所运作的统一品牌, 在上下文中指某家或多家成员所 Grant Thornton International Ltd( 致同国际 ) 与各成员所并非全球合伙企业关系 各项服务系各成员所独立提供 各成员所不为其他成员所的服务及行为承担任何责任 Grant Thornton International Ltd( 致同国际 ) 不以自身名义直接向客户提供服务

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback