A few weeks ago, we announced here, and in Ethisphere Magazine, that Microsoft would be the first U.S. company (and first multi-national company) to seek to certify our anti-corruption compliance program to the new international anti-bribery standard, ISO 37001. This means that an independent and accredited third party will perform a rigorous analysis of our program and ensure that it satisfies the very specific requirements of the new standard. I thought it was worth explaining further why we’ve decided to undergo such a thorough review, and why we think it’s important that other companies make the same decision.
The consistency problem
We start with the proposition that corruption is a problem that we need to help solve, and not just because it’s important to be on the right side of the law. Corruption is a big drain on economic development and makes it harder for us to realize our mission — to enable every person and every organization on the planet to achieve more. We know that most big companies like Microsoft feel the same way, which is why most companies have established and maintain a program that reduces the risk that they will act in a way that facilitates corruption.
The problem is that companies must tailor their anti-bribery programs to satisfy the legal requirements of different jurisdictions, which also involves trying to comply with a patchwork of often inconsistent guidance from different government agencies as well as nongovernmental organizations and non-government experts. The problem is even worse for our thousands of partners and suppliers, who often must try to meet not only their legal obligations, but also the often different compliance requirements of Microsoft, and the many other companies with which they do business. This is inefficient, leads to confusion and ultimately, increases risk. Corruption is a cross-border problem and demands a common language to help solve it. That’s where ISO 37001 comes in.
A common language
Microsoft was deeply involved in the U.S. Technical Advisory Group which worked closely with experts from over 60 countries to develop the standard so that it could be useful for all organizations regardless of size, structure or geography. When the standard was published in late 2016, it created a common terminology and provided an objective yardstick for organizations to measure their own program, as well as the programs of the partners in their value chain. It also established a rigorous process for the accreditation of independent third parties who would be charged with evaluating and potentially certifying compliance with the standard.
We think a consistent approach to anti-corruption programs is a good thing. That, along with an objective and independent certification process, should give governments around the world confidence that the companies which achieve certification are doing everything they reasonably can to reduce corruption. We encourage other major companies to adopt ISO 37001, and we invite other U.S. companies to work with us on a new Technical Advisory Group to ensure that the standard remains relevant and effective.