ISO 37001:2016 – Anti-Corruption Management Systems is a new standard for the construction of a system applicable to any type of organisation, public or private. It sets out the requirements for an anti-corruption management system geared towards continuous improvement and requires measures to be taken to prevent and avoid the risks of corruption in a way that is reasonably proportionate to the business sector, size and complexity of the organisation.
In particular, these measures include:

  • the adoption of an Anti-Corruption Policy;
  • the involvement of senior management;
  • the identification of the Compliance Manager;
  • the assessment of corruption risks;
  • due diligence on projects and business partners according to the risks identified;
  • the implementation of financial and commercial controls;
  • the adoption of procedures for the reporting and investigation of corruption;


The regulation does not overlap with the instruments for the prevention of the risk of corruption provided for by the law (Corruption Prevention Plans Law no. 190/2012 or Organization Models pursuant to Legislative Decree 231), but serves to better coordinate the organization for the prevention of corruption, in an effective and integrated way, with other business management systems. Moreover, it may constitute a valid reference criterion, recognised at international level, supporting evidence of the existence and effectiveness of the Organisation Model for the prevention of corruption offences under Legislative Decree 231, as already recognised for other similar schemes (OHSAS 18001, ISO 14001).

What does a management system for the prevention of corruption entail?

To obtain ISO 37001 Certification, it is necessary to build a Management System that meets the requirements of the new ISO 37001 Standard.
In order to build this Management System, it is first of all necessary to have diversified skills such as:

legal competences within the framework of Legislative Decree 231/2001;
competences in the field of Management Systems and in the development of organizational models;
risk assessment and risk management skills;
however, this is not enough because these skills must be able to work together.

An Organization that wants to build an ISO 37001 management system must develop the following topics internally:

  • Definition of a documented anti-corruption policy;
  • Definition of management roles and responsibilities in anti-corruption matters;
  • Construction of a Risk Analysis Model to identify business processes and activities more exposed to the risk of corruption offences;
  • Drafting of an Organisational Model and procedures aimed at preventing corruption offences identified in the risk assessment;
  • Training at all levels of the Organization on anti-bribery issues;
  • Implementation of appropriate controls and due diligence in financial, commercial, contractual and procurement processes;
  • Planning of a series of reporting, monitoring, auditing and review activities;
  • Management of corrective actions and related investigations aimed at continuous improvement.

Why apply a management system for the prevention of corruption?

The certification according to ISO 37001 allows public and private entities that have decided to implement an organizational system aimed at preventing and combating corruption, to obtain verification and validation by an independent and internationally recognized body, providing evidence of their choice and commitment.