ISO19600:2014Compliance

managementsystems Whatdoes
itmeanforEurope?
LillianWylie
ComplianceManager,EAME&APAC
OceaneeringInternationalInc.

GLOBALSTANDARDS
TheUnitedNationsGlobalCompacts10th principle
againstcorruption,andtheUnitedNationsConvention
againstCorruption(UNCAC) firstgloballyagreed
instrumentagainstcorruptionwhichsetsouta
frameworkforactionandimplementation
TheOECD:
ConventiononCombatingBriberyofForeignPublic
OfficialsinInternationalBusinessTransactions(1999)
RevisedRecommendationonCombatingBriberyin
InternationalBusinessTransactions(1997)
GuidelinesforMultinationalEnterprises(2000)

EUROPEANSTANDARDS
CouncilofEuropeCivilLawConventionon
Corruption(1999)
CouncilofEuropeCriminalLawConventionon
Corruption(1999)
TheEuropeanUnionConventionontheFight
AgainstCorruptionInvolvingOfficialsofthe
EuropeanCommunitiesorOfficialsofMember
States(1997)

AMERICA,AFRICA
AMERICA
OrganisationofAmericanStatesInter
AmericanConventionAgainstCorruption
(1996)
AFRICA
AfricanUnionConventiononPreventingand
Combating CorruptionandRelatedOffences
(2002)

INTERNATIONALCIVILSOCIETY
TransparencyInternationalsBusiness
PrinciplesforCounteringBribery;and
InternationalChamberofCommerce:
RulesofConductonExtortionandBriberyin
InternationalBusinessTransactions(1977,1996,
1999,2005)
FightingCorruption:ACorporatePracticesManual

NATIONALLEVEL
UnitedStatesSentencingGuidelines7
ElementsofanEffectiveComplianceProgram;
theUSDepartmentofJusticesResource
GuidetotheU.S.ForeignCorruptPractices
Act;
theUnitedKingdomBriberyAct2010;
theUKMinistryofJusticesGuidanceonthe
UnitedKingdomBriberyAct.

SECTORWIDEINITIATITVES
InternationalFederationofConsulting
EngineersCodeofEthics&PolicyStatements
InternationalCouncilonMiningandMetals
SustainableDevelopmentCharter,Ten
Principles
UNICORN,TradeUnionAntiCorruption
Network
TheExtractiveIndustryTransparencyInitiative
Healthcarecomplianceintiatives

ISOCONTRIBUTIONS
December2014:theInternationalOrganization
forStandardization(ISO)publishedISO
19600:2014 Compliancemanagementsystems.
AnewISOstandard,ISO37001,specifically
targetedatantibriberycomplianceiscurrentlyin
draftformat,expectedinQ32016.
Keydifference:ISO19600exhortatoryguidelines,
e.g.should.ISO37001setsoutrequirements,
e.g.shall&isthereforecertifiable.

WhatdoesISO19600cover?
ISO19600isstructuredintosevendistinctparts:
contextoftheorganization;
leadership;
planning;
support;
operation;
performanceevaluation;
improvement.

RecognisableApproach
Thestandardhasfollowedarecognizablemethod
of:

commitment,
design,
implementationand
continuousimprovement.

Leadership
USSentencingGuidelines(USSG):
1)Leadersunderstandandoverseethecompliance
programtoverifyitseffectiveness.
2)Specificindividualshavetheauthorityandresponsibilitytocarryouttheprogram.
3)Thecompanydeniesleadershippositionstopeoplewhohaveengagedinmisconduct.
OECDGuidelinesforMultinationalEnterprises:
1)Supportfromseniormanagementisstrong,explicitandvisible.
2)Programisoverseenbyseniorcorporateofficerswithsufficientresources,authorityandaccess
totheboard.
UKsGuidance6Principles:
Principle1 Toplevelcommitment.
ISO:Leadership,including:
1)theestablishmentandchampioningofastrongvaluedrivencultureforthecompany;
2)commitment(bothwordsandaction)fromtheseniormanagementteamtothegoalsofthe
complianceprogram;
3)commitmentofappropriateresources;
4)aclear,comprehensivecompliancepolicyendorsedbytheexecutive;and
5)aclearoutlineandassignationoforganizationalroles,responsibilitiesandauthorities(e.g.for
thegoverningbody/topmanagement,thecompliancefunction,managementandemployee).

RiskAssessment
USSG:
Companiesmustconductperiodicassessments
ofriskofcriminalconductandtakeappropriatestepsto
design,implementormodifyeachelementtoreducerisk.
OECD:
Riskassessmentshouldbethebasisfor
effectiveinternalcontrolsand complianceprograms.
UKs6Principles:
Principle2 Broadcategoriesofriskmustbe
carefullyexamined,includingcountry,sectoral,transaction,
businessopportunityandpartnerships.
Principle3 Programpriorities,resourcesandcontrolsshouldbedetermined
basedontheresultsoftheriskassessment.
ISO:
Understandingtheorganizationathand,anditscontext,needsandrequirements.

Standards&Controls
USSG:
Companiesshouldhavestandardsandprocedurestopreventanddetectcriminalconduct.Theyshouldprovide
incentivesanddisciplinemisconduct.
OECD:
1)Companypolicyshouldclearlyandvisiblystate
thatbriberyisprohibited.
2)Complianceprogramsshouldaddresskeyriskareas.
3)Companiesshouldconductduediligenceonbusinesspartnersandimplementeffectiveinternalcontrolsfor
accuratebooksandrecords.
4)Employeesshouldbeabletoreportviolationsconfidentiallywithoutfearofretaliation.
UKs6Principles:
Principle4
1)Policiesandproceduresshouldbeclear,practicaland
accessible.
2)Companiesshouldhaveduediligenceprotocols
forscreeningthirdpartyintermediaries.
ISO:

Planning:
1)complianceobjectivesshouldbeconsistentwiththecompliancepolicy,measurable,practicable,monitored,
communicatedandupdatedasappropriate;
2)theorganizationshouldclearlydeterminehowtoachievetheseobjectives,includingresourcesrequired,
responsibilityandtargetcompletiondates;
3)theseeffortsshouldbedocumented.

Training
USSG:
1)Companiesmustcommunicatethestandards
andproceduresofitscomplianceprogramand
conducteffectivetraining.
OECD:
1)Trainingshouldbeperiodic,consistent,anddocumented.
UKs6Principles:
Principle5 Effectiveimplementationofcomplianceprogrampolicies
andproceduresthroughadequatetraining.
ISO:
Supportnecessarytoimplementacompliancemanagementsystem,including:
1)adequateresources(includingaccesstoorganisationalinfrastructure,financeandhuman
resources,externaladviceandcontemporaryreferencematerialonbestpracticecomplianceand
legaldevelopments);
2)competenceandtraining(includingmaintainingrecords);
3)organizationalawarenessofthecomplianceprogram,theroleanindividualplaysincontributing
toandmaintainingtheprogram,andtheimplicationsofnotconformingwiththecompliance
managementsystemrequirements;
4)thedevelopmentofacompliancecultureviaactive,visible,consistentandsustained
commitmentofthegoverningbodyandmanagementtowardsacommonpublishedstandardof
behaviour;and
5)theneedfordocumentedinformationregardingtheoperationofthecomplianceprogram.

Oversight
USSG:
1)Companiesshouldmonitorandaudittheircomplianceprogramsandmaintainreporting
mechanisms.
2)Theyshouldrespondquicklytoallegations
andmodifytheirprogramsasneeded.
OECD:
1)Individualsatalllevelsofthecompanyshouldbe
responsibleformonitoring.
2)Companiesshoulddisciplineemployeesforviolations
ofthepolicy.
3)Companiesshouldregularlyreviewtheircomplianceprogramsandmakenecessaryrevisions.
UKs6Principles:
Principle6Companiesmustmonitorandreviewtheircompliance
programs.
ISO:
PerformanceEvaluation:
1)monitoring,measurement,analysisandevaluation,includingthedevelopmentofmeasurable
indicatorstoassisttheorganizationinmeasuringtheachievementofitscomplianceobjectives(e.g.
percentageofemployeestrainedeffectively);
2)auditingpractices;and
3)managementreview.
Nonconformance&ContinualImprovement:
1)intheeventofnonconformity,noncomplianceandcorrectiveaction;and
2)continualimprovement.

CurrentApproachtoDealingwith
MultipleStandards
Ahodgepodgemixof:
thehighestcommondenominator e.g.ascertainthe
requirementsofthemostexactingstandard
applicableandapplytheserequirements;
locallaw recognisingthelocaljurisdictionof
operationandmakingreferencetothatlaw(however
cursory)inthecomplianceprogram;
lawoftheparentcompany(ifdifferenttothelocal
law,asisoftenthecase);
thestandardpublishedbytheCEOsfavourite industry
association.

Questionsfortheprofession
Q:Whatdowethinkaboutthissituation?
Q:Arewehappywithit?
Q:Wouldweprefertochangethestatusquo?
Q:Assumingwedowanttochangethestatusquo,
whatdowewantthenewlandscapetolooklike?

Anewstatusquo?
Keyelementsofanewstatusquomightinclude:
Singlesourceoftruth,clearlyacknowledged
authoritativestandard
Impartial/nonpartisan/global
Authoritative
Clear
Principlesbased
Acknowledgedbydomesticauthorities(e.g.local
courts)asbestpractice

Advantages

CentralAuthoritativeBody
MultinationalCompanies
InternationalTrade
Investor/CustomerBenefits

Disadvantages
Costsoftransition
Vaguenessofaprinciplesbasedapproach
Lackofindividualtailoringtosituationathand

10

Thewayforward
Dowewantacontinuingproliferationof
guides?
Howshouldweattempttorationalizeit?
Whatwouldbethemostacceptable
overarchingglobalguide(ifany)?

ISO
ISOisanindependent,nongovernmental
internationalorganizationwithamembership
of162nationalstandardsbodies.Throughits
members,itbringstogetherexpertstoshare
knowledgeanddevelopvoluntary,consensus
based,marketrelevantInternational
Standardsthatsupportinnovationand
providesolutionstoglobalchallenges.

11

ISOKEYAREAS

Health;
SustainableDevelopment;
Food;
Water;
Cars;
Climatechange;
Energyefficiencyandrenewables;
Services

Whataretheimplicationsfor
Europe?
Whataretheimplicationsof
EuropeforISO?
Wheretofromhere?

12