ISO 37001:2016

ANTI-BRIBERY MANAGEMENT SYSTEM

ANTI-BRIBERY MANAGEMENT SYSTEM MANUAL

 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

1.0 PURPOSE

1.1 The purpose of this manual is to;

1.1.1 Demonstrate the XX ability to consistently provide the integrity,
accountability and professionalism in the conduct of its businesses in order to
protect and preserve XX’s interests and reputation in accordance with the ISO
37001:2016
1.1.2 Describes the activities and responsibilities with respect to Anti-Bribery
Management System (ABMS)
1.1.3 Provide an overall view and understanding of the whole of the Anti-Bribery
Management System (ABMS)
1.1.4 Provide a roadmap and reference to other supporting documents such as the
procedures, records and others which are part of the Anti-bribery management
system (ABMS)

2.0 SCOPE

2.1 This manual is applicable to XX, its controlled organizations, business associates
acting on XX’s behalf and all XX personnel.

3.0 ABBREVIATION & DEFINITION

3.1 Bribery & Corruption” means any action which would be considered as an offence
of giving or receiving ‘gratification’ under the Malaysian Anti-Corruption
Commission Act 2009 (MACCA). In practice, this means offering, giving, receiving
or soliciting something of value in an attempt to illicitly influence the decisions or
actions of a person who is in a position of trust within an organization. Bribery may
be ‘outbound’, where someone acting on behalf of XX attempts to influence the
actions of someone external, such as a Government official or client decision-maker.
It may also be ‘inbound’, where an external party is attempting to influence someone
within the Company such as a senior decision maker or someone with access to
confidential information.

3.2 “Gratification” is defined in the MACCA to mean the following:

(a) money, donation, gift, loan, fee, reward, valuable security, property or interest in
property being property of any description whether movable or immovable, financial
benefit, or any other similar advantage;
(b) any office, dignity, employment, contract of employment or services, and
agreement to give employment or render services in any capacity;
(c) any payment, release, discharge or liquidation of any loan, obligation or other
liability, whether in whole or in part;
d) any valuable consideration of any kind, any discount, commission, rebate, bonus,
deduction or percentage;
(e) any forbearance to demand any money or money’s worth or valuable thing;
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

(f) any other service or favors of any description, including protection from any
penalty or disability incurred or apprehended or from any action or proceedings of a
disciplinary, civil or criminal nature, whether or not already instituted, and including
the exercise or the forbearance from the exercise of any right or any official power or
duty; and (g) any offer, undertaking or promise, whether conditional or unconditional,
of any gratification within the meaning of any of the preceding paragraphs (a) to (f)

3.3 “Business Associate” means an external party with whom XX has, or plans to
establish, some form of business relationship. This may include clients, customers,
joint ventures, joint venture partners, consortium partners, outsourcing providers,
contractors, consultants, subcontractors, suppliers, vendors, advisers, agents,
distributors, representatives, intermediaries and investors.

3.4 “Conflict of Interest” means when a person’s own interests either influence, have
the potential to influence, or are perceived to influence their decision making at XX.

3.5 “Corporate Gift” means something given from one organization to another, with the
appointed representatives of each organization giving and accepting the gift.
Corporate gifts may also be promotional items given out equally to the general public
at events, trade shows and exhibitions as a part of building the XX’s brand. The gifts
are given transparently and openly, with the implicit or explicit approval of all parties
involved. Corporate gifts normally bear the XX name and logo. Examples of corporate
gifts include items such as diaries, table calendars, pens, notepads and plaques.

3.6 “Donation & Sponsorship” means charitable contributions and sponsorship

payments made to support the community. Examples include sponsorship of
educational events, supporting NGOs, and other social causes;

3.7 “Exposed Position” means a staff position identified as vulnerable to bribery through
a risk assessment. Such positions may include any role involving: procurement or
contract management; financial approvals; human resource; relations with
government officials or government departments; sales; positions where negotiation
with an external party is required; or other positions which the XX has identified as
vulnerable to bribery;

3.8 “Hospitality” means the considerate care of guests, which may include refreshments,
accommodation and entertainment at a restaurant, hotel, club, resort, convention,
concert, sporting event or other venue such as XX offices, with or without the personal
presence of the host. Provision of travel may also be included, as may other services
such as provision of guides, attendants and escorts; use of facilities such as a spa, golf
course or ski resort with equipment included

3.9 “Personnel” means directors and all individuals directly contracted to the Company
on an employment basis, including permanent and temporary employees.

3.10 “Due diligence” means process to further assess the nature and extent of the bribery
risk and help organisations make decisions in relation to specific transactions,
projects, activities, business associates and personnel
 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

4.0 CONTEXT OF ORGANIZATION

4.1 Understanding the organization and its context

XX has determined external and internal issues that are relevant to its purpose and
that affect its ability to achieve the intended result(s) of its anti-bribery management
system.

These issues will include, without limitation the following factors:-

a) The size, structure and delegated decision-making authority of the
organisation;
b) The locations and sectors in which the organisation operates or anticipates
operating;
c) The nature, scale and complexity of the organisation’s activities and
operations
d) The organisation’s business model;
e) The entities over which the organisation has control and entities which
exercise control over the organisation;
f) The organisation’s Business Associates;
g) The nature and extent of interactions with public officials;
h) Applicable statutory, regulatory, contractual and professional obligations and
duties

XX shall monitor and review information about these external and internal issues.

Reference Documents:
1. Attachment 1 – List of Internal/External Issues

4.2 Understanding the needs and expectations of stakeholder

XX has identified the stakeholders that are relevant to the anti-bribery management
system as defined in List of Stakeholder & Relevant Requirements, Attachment 2

XX shall monitor and review information about these stakeholders and their relevant
requirements.

Reference Documents:
1. Attachment 2 – List of Stakeholder & Relevant Requirements

4.3 Determining the scope of the Anti-bribery Management System

The scope of XX’s ISO 37001: 2016 Anti-bribery Management System is xxxxxxx
The scope is applicable to the following address;
 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

4.4 Anti-bribery Management System

XX has established, documented, implemented, maintained and continually reviewed

and where necessary improve the effectiveness of the anti-bribery management
system including the process need and their interaction in accordance with the ISO
37001:2016 standard requirement.

This anti-bribery management system contained measures designed to identify and

evaluate the risk of, and to prevent, detect and respond to, bribery.

Reference Documents:

1. Business Process

4.5 Bribery Risk Assessment

XX has carried out bribery risk assessment and recorded in Bribery Risk Assessment.
The risk identified include:

a. Identify the bribery risks by taking consideration of 4.1

b. Analyse, assess and prioritize the identified bribery risk
c. Evaluate the suitability and effectiveness of the existing controls to mitigate the
assessed bribery risk

The Bribery Risk Assessment are reviewed in yearly basis so that changes and new
information can be properly assessed and in the event of a significant change to the
structure or activities of the XX.

Reference Documents:
1. Bribery Risk Assessment Procedure

5.0 LEADERSHIP

5.1 Leadership and Commitment

5.1.1 Governing Body

The Governing Body has demonstrated leadership and commitment with

respect to the anti-bribery management system by:

a) approving anti-bribery policy;

b) ensuring that the XX’s strategy and anti-bribery policy are aligned;
c) received and reviewed information about the content and operation of
the XX’s anti-bribery management system;
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

d) ensuring adequate and appropriate resources needed for effective

operation of the anti-bribery management system are allocated and
assigned;
e) exercising reasonable oversight over the implementation of the XX’s
anti-bribery management system by top management and its
effectiveness.

5.1.2 Top Management

Top management has demonstrated leadership and commitment with respect

to the anti-bribery management system by:
a) Ensuring the anti-bribery management system, including policy and
objectives is established, implemented, maintained and reviewed to
adequately address the organization’s bribery risk
b) Ensuring the integration of the anti-bribery management system
requirements into the organization’s business processes by making
procedures as part of the culture in the organization.
c) Deploying adequate and appropriate resources for the effective operation
of the anti-bribery management system
d) Communicating internally and externally the anti-bribery policy
e) Communicating the importance of effective anti-bribery management
system and of conforming to the anti-bribery management system
requirements during meetings and discussion
f) Ensuring that the anti-bribery management system achieves its intended
results during management review
g) Directing and supporting personnel to contribute to the effectiveness of
the anti-bribery management system
h) Promoting an appropriate anti bribery culture within the XX’s
i) Promoting continual improvement as and when required and during
management review.
j) Supporting other relevant management roles to demonstrate their
leadership in preventing and detecting bribery
k) Encourage the use of reporting procedures for suspected and actual
bribery
l) Ensuring no personnel will suffer retaliation, discrimination or
disciplinary action for reports made in good faith, or on the basis of a
reasonable belief of violation or suspected violation of the anti-bribery
policy, or for refusing to engage in bribery, even if such refusal can result
in the losing business (expect where the individual participated in the
violation)
m) at planned intervals, reporting to the governing body (if any) on the
content and operation of the anti-bribery management system and of
allegations of serious or systematic bribery.

5.2 Anti-bribery Policy

Top management has established, maintained and reviewed an anti-bribery policy

that:
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

a) prohibits bribery;
b) requires compliance with anti-bribery laws that are applicable to the
organization;
c) is appropriate to the purpose of the XX;
d) provides a framework for setting, reviewing and achieving anti-bribery
objectives;
e) includes a commitment to satisfy anti-bribery management system
requirements;
f) encourages raising concerns in good faith, or on the basis of a reasonable
belief in confidence, without fear of reprisal;
g) includes a commitment to continual improvement of the anti-bribery
management system;
h) explains the authority and independence of the anti-bribery compliance
function;
i) explains the consequences of not complying with the anti-bribery policy.
The policy is communicated, understood and applied to all persons working for or
behalf of the XX and available to the relevant stakeholders as appropriate by;
a) Update in the Company Website
b) Displaying at various strategic areas;
c) Briefing to existing employee through respective head of department;
d) Briefing to new employee through induction/orientation.

Reference Documents:
1. Anti-bribery Policy

5.3 Organizational roles, responsibilities and authorities

5.3.1 Roles and responsibilities

a) Top Management
 Overall responsibility for the implementation of, and compliance
with, the anti-bribery management system, as described in 5.1.2.
 Ensure that the responsibilities and authorities for relevant roles
are assigned and communicated within and throughout every
level of the organization
 Assign an anti-bribery compliance function & their roles and
responsibilities accordingly
 Understanding, complying with and applying the anti-bribery
management system requirements,

b) Head of Department (HOD)

 Ensure all members of their team understand corporate goals and
objectives, the scope of the ABMS, and the role of their team
within that system
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

 Ensure that the anti-bribery management system requirements

are applied and complied with in their department or function.
 Ensure all opportunities to improve existing processes are sought
and taken
 The authorities of HOD are defined in their job description and
departmental procedure.

c) Staff (Executive & Non-executive)

 Understanding, complying with and applying the anti-bribery
management system requirements, as they relate to their role in
the organization
 Reporting for any suspected/actual bribery in good faith to Anti-
bribery Compliance Function.

Reference Documents:
1. Job Descriptions
2. Organization Chart

5.3.2 Anti-bribery Compliance Function

Top management shall assign to an anti-bribery compliance function the

responsibility and authority for:

a) overseeing the design and implementation of the XX anti-bribery

management system;
b) providing advice and guidance to personnel on the anti-bribery
management system and issues relating to bribery;
c) ensuring that the anti-bribery management system conforms to the
requirements of this document;
d) reporting on the performance of the anti-bribery management system
to the governing body and top management and other compliance
functions, as appropriate.

The anti-bribery compliance function shall be adequately resourced and

assigned to person(s) who have the appropriate competence, status, authority
and independence.

The anti-bribery compliance function shall have direct and prompt access to
the governing body and top management in the event that any issue or concern
needs to be raised in relation to bribery or the anti-bribery management
system.

Reference Documents:
1. Letter of Appointment
2. Organization Chart
 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

5.3.3 Delegated decision-making

XX has established the procedures that identifies the authorities for the making
of decisions which includes consideration in ensuring the lowest risk of
bribery.

XX shall, from time to time, review the decision-making process and ensure
that the established level of authority of the decision maker is appropriate and
free of actual or potential conflicts of interest. All these processes are to be
reviewed periodically by the Top Management as part of its role and
responsibility, for implementation and compliance in line with the XX’s
ABMS.

However, delegation of decision making does not exempt the Top

Management or the Governing Body of their duties and responsibilities as
described in Clause 5.1.1, Clause 5.1.2 and Clause 5.3.1, nor does it
necessarily transfer potential legal responsibilities to the delegated Personnel.

Reference Documents:
1. Finance Procedure

6.0 PLANNING

6.1 Actions to address risks and opportunities

When planning for the ABMS, XX shall consider the internal/external issues,
requirements from interested parties and bribery risk before taking actions or making
any decision within the Management System, as well as when implementing or
improving the management system.

Bribery risks and opportunities for improvement are managed in accordance to Risk
Management Policy and Framework. The documents were developed to outline the
policy, procedure and framework for risk assessment and treatment process to be
adopted across XX.

Reference Documents:
1. Bribery Risk Assessment Procedure

6.2 Anti-Bribery Objectives and Planning to Achieve Them

XX has outline their respective objectives which are:

a) Consistent with Anti-Corruption Policy Statement;

b) Measurable;
c) Taking into account applicable factors referred to in Clause 4.1, the requirements
referred to in Clause 4.2 and the bribery risks identified in Clause 4.5;
 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

d) Achievable;
e) Monitored;
f) Communicated;
g) Updated.

To ensure the ABMS achieves its objectives, XX has determined:

a) Action or task to be carried out;
b) Resources required for the implementation of the ABMS;
c) Responsible person
d) Date to be achieved
e) Evaluation and reporting method
f) Responsible person imposes sanctions or penalties

Reference Documents:
1. ABMS Objective and Target

7.0 SUPPORT

7.1 Resources

XX has determined and provided the resources needed for establishment,

implementation, maintenance and continual improvement of the ABMS:

a) Human Resources
The sufficient personnel who are able to apply sufficient time to their relevant anti-
bribery responsibilities so that the anti-bribery management system can function
effectively included sufficient person (s) to the compliance function

b) Physical Resources
The adequate and sufficient physical resources for the Compliance function, for the
anti-bribery management system to function effectively.

c) Financial Resources
The sufficient budget, including in the anti-bribery compliance function, for the anti-
bribery management system to function effectively

7.2 Competence

7.2.1 General

XX has determined the necessary competence of person(s) doing work under its
control that affects its anti-bribery performance and ensured that these persons are
competent on the basis of appropriate education, training, or experience.

XX shall take actions to acquire and maintain the necessary competence, and evaluate
the effectiveness of the actions taken and retain appropriate documented information
as evidence of competence.
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

Reference Documents:
1. Recruitment
2. Training

7.2.2 Employment Process

In relation to all its Personnel, XX has established and implemented ‘Recruitment

Procedure” which ensures that;

a) personnel to comply with the anti-bribery policy and anti-bribery management

system, and give the organization the right to discipline personnel in the event
of non-compliance;
b) personnel receive a copy of the anti-bribery policy and training in relation to
that policy as per Training Procedure
c) the XX can take an appropriate disciplinary action against personnel who
violate the anti-bribery policy or anti-bribery management system in
accordance with Code of Conduct.
d) the personnel will not suffer retaliation, discrimination or disciplinary action
(e.g. by threats, isolation, demotion, preventing advancement, transfer,
dismissal, bullying, victimization, or other forms of harassment) for:
1) refusing to participate in, or turning down, any activity in respect of which
they have reasonably judged there to be a more than low risk of bribery that
has not been mitigated by the organization; or
2) concerns raised or reports made in good faith, or on the basis of a reasonable
belief, of attempted, actual or suspected bribery or violation of the anti-bribery
policy or the anti-bribery management system (except where the individual
participated in the violation).

XX has also taken initiative to enhance the employment process by conducting due
diligence during recruitment, promotion and transfer of employee to high bribery risk
area to ascertain as far as is reasonable that it is appropriate to employ or redeploy
them and that it is reasonable to believe that they will comply with the anti-bribery
policy and anti-bribery management system requirements

Performance bonuses and targets are reviewed periodically to verify that there are
reasonable safeguards in to prevent them from encouraging bribery.

Such personnel, top management, and the governing body file a declaration at
reasonable intervals confirming their compliance with the anti-bribery policy in
accordance with Ikrar Bebas Rasuah.

Reference Documents:
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

1. Recruitment Procedure
2. Code of Conduct
3. Ikrar Bebas Rasuah

7.3 Awareness and Training

XX has established and implemented the Training Procedure to provide adequate and
appropriate anti-bribery awareness and training to the personnel.

Such training shall address the following issues, as appropriate, taking into account
the results of the anti-bribery risk assessment (refer Clause 4.5):

a) Anti-bribery policy, procedures and anti-bribery management system, and their

duty to comply;
b) The bribery risk and the damage to them and the organisation which can result
from bribery;
c) The circumstances in which bribery can occur in relation to their duties, and how
to recognise these circumstances;
d) How to recognise and respond to solicitations or offer of bribes;
e) How they can help prevent and avoid bribery and recognise key bribery risk
indicators;
f) Their contribution to the effectiveness of the anti-bribery management system,
including the benefits of improved anti-bribery performance and of reporting
suspected bribery;
g) The implications and potential consequences of not conforming with the anti-
bribery management system requirements;
h) How and to whom they are able to report any concerns (refer Clause 8.9);
i) Information on available training and resources.

Personnel shall be provided with anti-bribery awareness and training on regular basis
(at planned intervals determined by XX), as appropriate to their roles, the risks of
bribery to which they are exposed, and any changing circumstances.

The awareness and training programmes shall be periodically updated as necessary to

reflect relevant new information. Taking into account the bribery risks identified.

XX shall also implement procedures addressing anti-bribery awareness and training

for Business Associates acting on its behalf or for its benefit, and which could pose
more than a low bribery risk to XX.

These procedures shall identify the Business Associates for which such awareness and
training is necessary, its content, and the means by which the training shall be
provided.
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

XX shall retain documented information on the training procedures, the content of the
training, and when and to whom it was provided.

Reference Documents:
1. Training

7.4 Communication

XX shall determine the internal and external communications relevant to the

antibribery management system including:
a) on what it will communicate;
b) when to communicate;
c) with whom to communicate;
d) how to communicate;
e) who will communicate;
f) the languages in which to communicate.

The anti-bribery policy shall be made available to all organisation’s personnel and
Business Associates, be communicated directly to both personnel and Business
Associates who pose more than a low risk of bribery, and shall be published through
the organisation’s internal and external communication channels, as appropriate.

Internal and external XX’s communication plan with interested parties are defined in
the following table:

What When With whom How Who

communicate

As & when has

New staff Induction HR
new intake

Display at
New/revise strategic area
Anti-Corruption Current staff HODs
policy & Company
Policy
website

Stakeholders/ Email /
New/revise
Business Company HODs
policy
Associates Website

Whistleblowing New/revise
All Staff Briefing HR
Policy & policy
reporting
channel New/revise Business Briefing /
HODs
policy Associates Email
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

What When With whom How Who

communicate

Suspected/ Integrity Email/ Whistle-

Actual bribery Officer Letter/ blower
Telephone
Upon receive Integrity
Bribery CEO/
the complaint Officer/
Investigation Integrity Investigation
of improper Report Investigation
Report Officer
conduct Team

Gift, New/Revise
All Staff Briefing HR
Entertainment, policy
Hospitality and
Other similar New/Revise Business
Email Procurement
benefit Policy policy Associates

Management Anti-bribery
Performance of Governing
Yearly review Compliance
the ABMS Body/CEO
meeting Function

Anti-bribery
Effectiveness of Governing Email, Audit
Yearly Compliance
the ABMS Body/CEO Report, CAR
Function

7.5 Documented Information

7.5.1 General

XX has established the documented information for anti-bribery management

system which included
a) Anti-bribery Management System Manual
b) Policy and Objective such as Anti-Corruption Policy, Whistleblowing
Policy, Gift, Entertainment, Hospitality and Others Similar Benefits Policy
c) Standard Operating Procedures to controls the effectiveness of the anti-
bribery management system
a) Records for demonstrating the conformance to the Anti-bribery management
system

7.5.2 Creating and updating

When creating and updating documented information, XX has ensure that the new
or revised documented information shall be:
 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

a) Properly identified and described with a title, reference number, revision

number, date, author, review and approval authority)
b) Appropriate format of document is used either hardcopy or softcopy
c) Reviewed and approved for suitability and adequacy prior to issuance
d) Periodically reviewed within stipulated period, and updated as necessary

7.5.3 Control of documented information

XX has ensure that the control of documented information included the following;
a) Availability and suitability of document information for use.
b) Protected.
c) Distribution, access, retrieval and use.
d) Storage and preservation.
e) Control of changes.
f) Retention and disposition.
g) Control of external document.

Reference Documents:
1. Control of Document
2. Control of Record

8.0 SUPPORT

8.1 Operation planning and control

XX has established the procedure to plan, implement and control the processes needed
to meet the requirements for the ABMS, including action determined in the risk
register, outsources processed and the specific control referred to in 8.2 to 8.10.

XX shall control planned changes and review the consequences of unintended

changes, taking action to mitigate any adverse effects, as necessary

XX shall ensure that outsourced processes are controlled and supervised.

Reference Documents:
1. Bribery Risk Assessment Procedure

8.2 Due Diligence

XX conducting due diligence on certain transactions, projects, activities, business

associates, or an organisation’s personnel to obtain sufficient information to assess
the bribery risk.
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

The procedures of due diligence have been incorporated with the respective quality
procedures

The due diligence shall be updated at a defined frequency, so that changes and new
information can be properly considered.

Reference Documents:
1. Finance Procedure
2. Recruitment Procedure
3. Supplier & Service Provider Register Procedure

8.3 Financial Control

XX has implemented financial controls that manage bribery risks using management systems
and processes currently in place.

XX shall manage its financial transaction properly and record these transactions accurately,
completely and in a timely manner which include;

a) Implementing a separation of duties, so that the same person cannot both initiate and
approve a payment
b) Implementing appropriate tiered levels of authority for payment approval (so that
larger transactions require more senior management approval).
c) Verifying that the payee’s appointment and work or services carried out have been
approved by the organisation’s relevant approval mechanisms.
d) Requiring at least two signatures on payment approvals.
e) Requiring the appropriate supporting documentation to be annexed to payment
approvals
f) Restricting the use of cash and implementing effective cash control methods.
g) Requiring that payment categorizations and descriptions in the accounts are accurate
and clear
h) Implementing period management review of significant financial transactions
i) Implementing periodic and independent financial audits and changing, on regular
basis the person or the organization that carries the audit.

Reference Documents:
1. Finance Procedure

8.4 Non-Financial Control

Non-financial controls are the management systems and processes implemented by XX to

help to ensure that the procurement, operational, commercial and other non-financial aspects
of its activities are being properly managed and reduce the bribery risks, for example but not
limited to the following controls
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

a) Using approved Business Associates that have undergone a pre-qualification process

in accordance with Purchasing departmental procedures.
b) Assessing the necessity and legitimacy of the services provided by Business
Associates (e.g. whether services were properly carried out, payment made are
reasonable and proportionate, etc)
c) Awarding contracts where possible and reasonable based on fair and transparent
competitive tender/procurement process;
d) Requiring more than 1 person in the evaluation and approval process, signing of the
contract;
e) Placing a higher level of management oversight on potentially high bribery risk
transactions;
f) Protecting the confidentiality of the tender/procurement process by restricting the
access to information;
g) Providing appropriate tools and templates to assists Personnel (e.g. practical guidance,
checklists, etc.)

Reference Documents:
1. Integrity Pact
2. Departmental Procedures

8.5 Implementation of Anti-Bribery Controls by Controlled Organization and Business

Associates.

8.5.1 Controlled Organization

XX shall ensure that every controlled organization to adopt these or any similar
principles which are reasonably adequate to their own anti-bribery initiatives or shall
follow XX antibribery initiatives to ensure that anti-bribery objectives are met.

8.5.2 Business Associates

XX to ensure that the anti-bribery policies and procedures are implemented by the
business associates unless they have their own anti-bribery controls system. These
shall be documented in the contract or letter of award.

XX shall consider requiring a right to terminate the relevant contract or agreement if

the business associate does not effectively implement the required controls in a timely
manner

Reference Documents:
1. Supplier & Service Provider Register Procedur
2. Integrity Pledge

8.6 Anti-Bribery Commitment

For business associates which pose more than a low bribery risk, XX shall implement
procedures which require that, as far as practicable:
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

a) business associates commit to preventing bribery by, on behalf of, or for the benefit
of the business associate in connection with the relevant transaction, project, activity,
or relationship;
b) XX is able to terminate the relationship with the business associate in the event of
bribery by, on behalf of, or for the benefit of the business associate in connection with
the relevant transaction, project, activity, or relationship.

Where it is not practicable to meet the requirements of a) or b) above, this shall be a

factor taken into account in evaluating the bribery risk of the relationship with this
business associate (see 4.5 and 8.2) and the way in which the organization manages
such risks (see 8.3, 8.4 and 8.5, XX is committed to obtain commitment in relation
with Business Associates to prevent Bribery by, on behalf of, or for the benefits in
connection with relevant transaction, project, activity or relationship. XX is also able
to terminate the relationship in the event of bribery

Reference Documents:
1. Supplier/Service Provider Integrity Pledge

8.7 Gifts, Hospitality, Donations and Similar Benefits

XX shall implement procedures that are designed to prevent the offering, provision or
acceptance of gifts, hospitality, donations and similar benefits where the offering,
provision or acceptance is, or could reasonably be perceived as, bribery

Reference Documents:
1. Gift, Entertainment, Hospitality and Others Similar Benefits Policy

8.8 Managing inadequacy of anti-bribery controls

If the due diligence conducted on specific transaction, project, activity or relationship

with a Business Associate establishes that the bribery risks cannot be managed by
existing anti-bribery controls, and the organization cannot or does not wish to
implement additional or enhances anti-bribery control or take other appropriate steps
to manage the relevant bribery risks, whereas XX shall:

a) in the case of an existing transaction, project, activity or relationship, take

steps appropriate to the bribery risks and the nature of the transaction, project,
activity or relationship to terminate, discontinue, suspend or withdraw from it
as soon as practicable;
b) in the case of a proposed new transaction, project, activity or relationship,
postpone or decline to continue with it

Reference Documents:
1. Supplier/Service Provider Integrity Pledge

8.9 Raising Concern

DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

XX shall:
a) Encourage and enable any individual or organization to report in good faith or
on the basis of a reasonable belief attempted, suspected and actual Bribery, or
any violation of or weakness in the ABMS manual;
b) Except to the extent required to progress an investigation, require that the
treats reports confidentially, so as to protect the identity of the reporter and of
others involved or referenced in the report;
c) Allow anonymous reporting;
d) Prohibit retaliation, and protect those making reports from retaliation, after
they have in good faith, or on the basis of a reasonable belief, raised or reported
a concern about attempted, actual or suspected bribery or violation of the
ABMS Manual; and
e) Enable Personnel to receive advice from an appropriate person on what to do
if faced with a concern or situation which could involve bribery.
XX shall ensure that all personnel are aware of the reporting procedures and are able
to use them, and are aware of their rights and protections under the procedures.

Reference Documents:
1. Whistleblowing Policy

8.10 Investigation and Dealing with Bribery

XX shall implement the following procedures in the investigation

a) require assessment and, where appropriate, investigation of any bribery, or
violation of the anti-bribery policy or the anti-bribery management system,
which is reported, detected or reasonably suspected;
b) require appropriate action in the event that the investigation reveals any
bribery, or violation of the anti-bribery policy or the anti-bribery management
system;
c) empower and enable investigators;
d) require co-operation in the investigation by relevant personnel;
e) the status and results of the investigation are reported to the anti-bribery
compliance function and other compliance functions, as appropriate;
f) the investigation is carried out confidentially and that the outputs of the
investigation are confidential.

The investigation shall be carried out by, and reported to, personnel who are not part
of the role or function being investigated.

XX can appoint a business associate to conduct the investigation and report the
results to personnel who are not part of the role or function being investigated.

Reference Documents:
1. Whistleblowing Policy
 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

9.0 PERFORMANCE EVALUATION

9.1 Monitoring, measurement, analysis and evaluation

XX shall evaluate the performance and the effectiveness of the anti-bribery

management system and retain appropriate documented information as evidence of
the results.

Process Method Data Analysis Responsibilities Freq

Performance Internal/External No of NC vs ABCF Yearly
& audit results No of OFI
effectiveness
of ABMS
Reports of No of bribery No. of bribery ABCF Monthly
Bribery case reported case per
month
Anti-Bribery Achievement of Result of ABCF Yearly
Objective ABMS achievement
objectives
Effectiveness Training plan vs Result of HR Yearly
of training actual training training
completion completed as
per plan
Bribery Risk Review and Result of risk HOD/ABCF Yearly
Effectiveness evaluate risk effectiveness
level &
mitigation plan
implementation

9.2 Internal Audit

XX shall conduct internal audits at planned intervals to provide information on

whether the anti-bribery management system conforms to the anti-bribery
management system and the requirements of ISO 37001:2015 standard and is
effectively implemented and maintained.

XX shall:
a) Plan, establish, implement and maintain an audit programme(s) including the
frequency, methods, responsibilities, planning requirements and reporting,
which shall take into consideration the importance of the processes concerned,
changes affecting the organization, and the results of previous audits.
b) Define the audit criteria and scope for each audit.
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

c) Select competent auditors and conduct audits to ensure objectivity and the
impartiality of the audit process.
d) Ensure that the results of the audits are reported to top management and the
anti-bribery compliance function.
e) Take appropriate correction and corrective actions without undue delay.
f) Retain documented information as evidence of the implementation of the audit
programme and the audit results.

Reference Documents:
1. Internal Audit Procedure

9.3 Management Review

9.3.1 Top Management Review

Top Management shall review the organisation’s ABMS, at planned intervals,

to ensure its continuing suitability, adequacy and effectiveness.

The Top Management review shall include consideration of:

a) The status of actions from previous management reviews;
b) Changes in external and internal issues that are relevant to the ABMS;
c) Information on the performance of ABMS, including trends in:
1) Nonconformities and corrective actions;
2) Monitoring and measurement results;
3) Audit results;
4) Report of Bribery;
5) Investigations;
6) The nature and extent of the bribery risks faced by the
organisation.
d) Effectiveness of actions taken to address bribery risks;
e) Opportunities for continual improvement of the ABMS.

9.3.2 Management Review Output

The outputs of the Top Management review shall include decisions related to
continual improvement opportunities and any need for changes to the ABMS.
A summary of the results of the Top Management review shall be reported to
the Governing Body.

XX shall retain documented information as evidence of the results of Top

Management reviews.

9.3.3 Governing Body Review

 DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

The Governing Body, shall undertake periodic reviews of the ABMS based on
information provided by Top Management and the Anti-Bribery Compliance Function
and any other information that the Governing Body requests or obtains.

XX shall retain summary documented information as evidence of the results of

Governing Body reviews.

9.4 Review by Compliance Function

The Anti-Bribery Compliance Function shall assess on a continual basis whether the
antibribery management system is:

a) Adequate to manage effectively the bribery risks faced by the organization;

b) Being effectively implemented.

The Anti-Bribery Compliance Department shall report at planned intervals, and on an ad hoc
basis, as appropriate, to the Governing Body and Top Management, or to a suitable committee
of the Governing Body or Top Management, on the adequacy and implementation of the
ABMS, including the results of investigations and audits.

Reference Documents:
1. Management Review Procedure

10.0 IMPROVEMENT

10.1 Nonconformity and Corrective Action

Depending on the effects of the nonconformities encountered, XX takes appropriate

corrections or corrective actions by eliminating their causes, in order to prevent
recurrence and to create permanent solutions.

The corrective actions shall be appropriate to the effects of the nonconformities

encountered.

XX has established the Nonconformity and Corrective Action Procedure to define the
requirements for:
a) Reviewing nonconformities;
b) Determining the causes of nonconformities;
c) Evaluating the need for actions to ensure that nonconformities do not recur;
d) Determining and implementing action needed
e) Updating risks and opportunities if necessary;
f) Records of the results of action taken, and;
g) Reviewing the effectiveness of the corrective action taken. Enhancements of
the ABMS as a result of measures taken in reaction to any nonconformity and
corrective action resulting from continual improvements should be carried out
under the same approach
DOC. TYPE MANUAL DOC. NO.:
TITLE ABMS MANUAL PAGE NO.:
REV: 00 EFF.DATE

Reference Documents:
1. Nonconformity and Corrective Action

10.2 Continual Improvement

XX shall continually assess and improve the suitability, adequacy and effectiveness
of the ABMS through monitoring and measurement data and review their
achievements as stated below. The areas are; -
a) ABMS Policy,
b) ABMS Objectives,
c) Internal and external audit results
d) Corrective action,
e) Employee’s suggestion,
f) Internal and external feedback, and
g) Management review

Reference Documents:
1. Internal Audit Procedure
2. Management Review Procedure
3. Bribery Risk Assessment Procedure
4. Corrective Action Procedure