Indonesia Mandates All State-Owned Entities to Obtain ISO 37001 Certification

What organisations need to know

In today’s global economy, bribery has a wide-spread effect that encompasses social, moral and political concerns, in addition to undermining good corporate governance and healthy competition. Bribery also increases the cost of doing business and cost of goods and services, introduces uncertainties into commercial transactions and diminishes the quality of products and services, which in turn, can destroy the public’s trust in government institutions. As part of its ongoing effort to combat bribery, the Indonesian Ministry of State-Owned Entities have declared that all state-owned entities (“SOEs“) must now obtain ISO 37001 certifications.¹

Besides obtaining ISO 37001 certificate, the SOEs must also establish, implement, maintain and continually review and improve their anti-bribery management system according to the ISO 37001 standard. The elements of ISO 37001 can be broadly grouped into four main activities:

1. Prevention, which involves activities designed to prevent bribery from occurring in the first place, such as vendor and partner due diligence and anti-bribery statements by vendor and other organisational partners;
2. Detection, which includes activities to immediately detect bribery after it has occurred in an organisation, such as whistleblowing system and implementation of a proactive audit and organisational bribery risk assessment;
3. Response, which covers the systems and processes to assist an organisation in responding appropriately to an alleged bribery that has been detected, such as investigation for any alleged bribery in the organisation; and
4. Monitoring, Evaluation and Reporting, which are activities designed to provide assurance that legal responsibilities are being met, as well as to promote accountability by providing information that demonstrates compliance with specific strategies to prevent bribery.

In order to be effective, the organisation must appoint a person in charge, preferably members of the senior management, to each activity. Oversight by senior executives will ensure that each activity does not operate in isolation and that interdependencies are effectively identified and managed properly.

ISO 37001 also requires an organisation to have a compliance policy supported by an appropriate management system to assist compliance with its legal obligations. Both the anti-bribery management system and compliance policy should be an organisation’s first line of defence in avoiding and mitigating the costs, risks and damage that may be incurred as a result of bribery. These will also help to promote trust and confidence in business dealings and enhance the organisation’s reputation.

All organs of an organisation, including board of directors, board of commissioners and employees, are expected to adhere to the anti-bribery management system and compliance policy.

How we can help your organisation

Propelled by our transactional experience in some of Indonesia’s most complex cross-border transactions, and in line with our goal to continuously innovate, we have established a dedicated practice for fraud and forensics investigation. We are conscious that today’s rigorous enforcement regime demands clients not only to comply, but also to invest in anti-corruption programs. Here, we assist clients, from multinational corporations to state-owned entities, in protecting their operation and reputation by leveraging data analytics to improve compliance and investigation outcomes.

Please contact us to know more about our scope of work in this sector.

1. This requirement is stated in Letter No. S-17/S.MBU/02/2020 dated 17 February 2020, from the Ministry of SOE to the directors of various SOEs listed in such letter.