More on Compliance Program Certification/Verification: The Proposed ISO Standard

My last post, inspired by Transparency International USA’s recent publication of a report on verifying the effectiveness of corporate anti-bribery programs, talked a bit about the emergence of a set of private firms that provide “certifications” for such programs. I expressed some skepticism about the value of these certification services. Some of my concerns — also expressed in the TI-USA report — had to do the opacity and apparent inconsistency in the methodology that certification firms employ. One possible response to this concern might be to develop an “official” international standard for anti-bribery compliance, and to provide certification that firms meet that standard.

Such an effort is already underway, through an organization called the International Organization for Standardization (ISO), a consortium of national (generally private) standard-setting bodies in 163 different countries. Traditionally, the ISO promulgates international standards with respect to quality control, safety, and technical compatibility. External auditing firms then provide certifications that a firm meets the ISO standard(s) in the relevant areas. The ISO is now already in the process of developing an ISO standard (ISO 37001) for anti-bribery programs — which would be the first ISO standard to deal with a topic like bribery. The draft standard is supposed to be available for public comment by 2015.

Before proceeding further, I should disclose that I’ve been involved — very marginally — in the U.S. Technical Assistance Group that’s supposed to provide commentary on this developing standard. (Basically, I’ve listened in on a few phone calls and seen a few documents circulated to the group.) So I need to be careful what I say on this subject, so as not to disclose anything confidential. I actually think there’s little risk of that, because what I really want to do in this post is not to focus on specific features of the proposed standard, but rather to raise questions about the whole enterprise. The more I think about it, the less justification I can imagine for promulgating an international standard like this. Indeed, it strikes me as entirely the wrong way to go about promoting the very worthy cause of improved corporate anti-bribery compliance programs.

Continue reading