Stay current on changes and developments in corporate law with a wide variety of resources and tools.
By Hui Chen
Hui Chen ( www.HuiChenEthics.com) was the Justice Department’s first-ever compliance counsel expert before leaving in June to start her own private compliance consulting service. Before she joined the DOJ, Hui served in global senior compliance lead positions at Microsoft, Pfizer, and Standard Chartered Bank.
In October 2016, the International Organization for Standardization (“ISO”) published ISO 37001: “Anti-Bribery Management Systems – Requirements with Guidance for Use.” This set of standard and guidance has received no shortage of attention in the anti-bribery and corruption (“ABC”) circles. Of particular interest is the availability of certifications of a company’s ABC compliance program against the standards. What there has not been sufficient debate of are questions relating to the transparency of its development process, evidence of its effectiveness, and how it impacts the implementing organization as a whole.
ISO 37001 is an impressively multilateral project, involving 37 participating countries, 22 observing countries, and eight liaison organizations, including the OECD and Transparency International. I have not, however, seen much transparency as to what actual expertise was available, what interests had been represented, and how participants were compensated in the development process. There is a similar lack of transparency as to the methodology. ISO 37001 purports to “reflect international good practice.” How was a practice judged to be “good”—based on how many delegates liked/used it, or on empirical testing or data analytics? This lack of transparency for an anti-corruption standard seems ironic.
More importantly, there has been no empirical or statistical evidence to demonstrate that ISO 37001 is actually effective. Neill Stansbury, who led the ISO 37001 development committee, claims that “You cannot measure bribery prevention like vaccinations.” That statement contradicts years of prevention measurement work not just in public health, but in crime prevention (bribery is, after all, a crime). For starters, one could measure perception of a company’s commitment to ABC. Perception, as anyone who has ever cited Transparency International’s annual Corruption Perception Index would know, can be measured, at least in relative terms. Similarly, certain common indicators of potentially corrupt transactions can be identified and audited. Reporting and investigation data, too, provide measures of how and what employees report and responses to such reports. Training can be measured by testing employee performance on activities being trained. These are among many measurements that can be taken before and after implementation of a system to assess its effectiveness.
Finally, measurements must not stop at the ABC compliance system itself, but needs to be taken to assess the impact of the ABC system on the organization as a whole. Assuming resources are finite, an investment in one system represents a resource allocation choice that is likely to impact other parts of the organization. Is it possible that focus on an ABC compliance system comes at a cost of another type of compliance, or to other critical aspects of the company’s operations? Does the pursuit of an ABC compliance certification take away resources and attention from other equally important programs or does it have a positive multiplier effect? To my knowledge, no such overall impact studies have been conducted to measure the effects of a specialized compliance system on the organization as a whole, yet I believe this information would be critical in determining the sustainability of any compliance system, as well as its value to the organization.
Why focus on ISO 37001? As many have rightly pointed out, none of the guidance issued by government agencies or organizations such as the OECD have been empirically tested. “We have never done it before,” however, is a poor excuse to refuse the pursuit of evidence: The medical profession had been letting blood as a common treatment for centuries until evidence-based medicine began to challenge its validity. I believe ISO 37001 would be a good place to start the pursuit of evidence-based compliance because: (1) of the multilateral nature of its development, (2) it is preceded by decades of lessons learned and should have benefited from prior system data, and (3) it was published by an organization that began its work in manufacturing and technology, where data and empirical testing have proven their value. In other words, testing a compliance system with the ISO model is too good an opportunity to be wasted.
I can think of few scientific fields where standards with global applications would be rolled out with no empirical testing. I also would expect responsible business leaders to question any investment that has yet to evidence its value. It would be tremendously illuminating if we could implement a multi-year pilot study of ISO 37001, with a team representing expertise in forensic accounting, social psychology, statistics, and corporate compliance. The team would define a methodology and a set of metrics, apply them to five to ten organizations of varying sizes, industries, and geographies, and compare pre-implementation baseline measurements with post-certification measurements. The only thing we have to fear in such an exercise is finding out that our “good practices” might not live up to our expectations. If that should be the case, it would mean we can finally stop letting blood and focus on finding treatments that actually work. If they do work, we would then actually have evidence to show for it.
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)