Oil and Energy Companies Look to ISO 37001 for Effective ABMS

In December 2017, the world’s largest builder of offshore rigs agreed to pay $422 million in penalties after entering a guilty plea for bribery charges connected with the Petroleo Brasileiro (Petrobras) scandal. Keppel Offshore & Marine Ltd. made illicit payments to both Petrobras officials and government representatives for more than a decade, between 2001 and 2014 (Reuters, 2017).

The sweeping multimillion-dollar bribery scandal that rocked Petrobras led to numerous investor lawsuits and the downfall of disgraced government officials. It also served as the embodiment of the huge risk of bribery and corruption that confronts the entire oil and energy sector.

Such a scandal is less surprising when one considers the scale of the oil and energy sector. It is a massive portion of the world’s economy, dealing mainly in petroleum – including upstream (exploration, development and production of crude oil or natural gas) and downstream (oil tankers, refiners, retailers and consumers) pipeline. As a raw material, petroleum is used for a number of chemical products, including pharmaceuticals, fertilisers, pesticides, solvents, and plastics.

The need to prospect, discover, and realise oil and energy production in various (and often far-flung) locations lends to the vulnerability to fraud – but geographic considerations aren’t the only risk factors.  Perhaps even more impactful is the complexity of business relationships required to operate in the industry – relationships with governments, contractors, regulators, investors/venture partners, equipment suppliers and other parties. Every such interaction and dealing can be considered susceptible to bribery and corruption where cutting corners may be considered profitable or even perceived to be “business as usual.”

Contributing to the risk is the volatile nature of oil and energy prices (along with all levels of the production chain), along with increasing global demand. This drives oil and energy companies to expand into new areas and markets that might carry a higher risk of bribery and corruption, including undeveloped, third-world countries with few controls, lax enforcement, or both. The reality, however, is that when bribery and corruption continues unabated, everyone loses – companies and governments are affected financially, and economic instability is increased.

ISO 37001 Anti-Bribery Management System standard

There is a solution that oil and energy companies can implement to help prevent and detect bribery and corruption: the ISO 37001:2016 Anti-Bribery Management System standard. The standard requires organisations to implement a series of procedures to prevent, detect and address bribery on a reasonable and proportionate basis according to the type and size of the organisation, and the nature and extent of bribery risks faced. It applies to small, medium and large organisations in the public and private sector and can be implemented in any country. Though it will not provide absolute assurance that bribery will completely cease, for organisations in the oil and energy sector that operate across global boundaries, this is a critical layer of protection that provides both anti-bribery controls and a system for compliance with various anti-corruption legislation, such as the FCPA and UK Bribery Act.

ABAC Center of Excellence Limited is accredited as a Conformity Assessment Body (Certification Body) to assist your organisation in attaining ISO 37001 ABMS certification through a thorough bribery risk assessment and audit covering the entire scope of the standard. The audit methodology is evidence-based, meaning any issues raised will be confirmed through adequate evidence that the ABAC Certification team has discovered during the audit.

Auditing techniques take a risk-based approach to examining your organisation’s Anti-Bribery Management System (ABMS), and the ABAC Certification team will increase the scale of the investigation if they determine that a specific process presents on a higher risk side.  Factors such as Impact, Negligence, Minor, Major, and Critical are taken into consideration during the audit.

A separate audit method is a process-based approach where the ABAC Certification examines the organisation’s processes while considering the interaction between those processes.  Finally, there is a sampling-based audit approach where ABAC Certification incorporates an appropriate sampling plan utilising samples from different ABMS processes to conclude and support the audit findings and results.

The audit is extremely thorough in its approach, which results in an accredited certification for the scope of the ISO 37001 Anti-Bribery Management System.  Because of the standard’s international acceptance and the thoroughness of the audit process, such certification can provide a valuable safeguard in demonstrating an “adequate procedures” compliance defence in cases posing a liability for a company’s failure to prevent bribery.

Once certified, an organisation must continue surveillance and undergo a recertification audit over three years to ensure that the organisation still complies with the ISO 37001 ABMS standard. During this time, any changes to processes, the addition of new partners and expansion/acquisition of new assets or energy contracts, etc. are carefully reviewed.

Lessons to learn

In the Keppel Offshore bribery and corruption case, implementing the measures above would have severely mitigated the risk that such a scandal could take root, much less proliferate over 13 years. The certification process involves a number of steps that include on-site audits to reveal any non-conformities – red flag areas that indicate a heightened risk of bribery and corruption. Such an assessment would have uncovered serious problems in Keppel Offshore’s processes, for example, and required corrective action plans to bring the organisation into compliance with its anti-bribery policy.

As corporations like Petrobras and Keppel Offshore have learned, there are deep repercussions for not taking proper preventative action with a robust anti-bribery management system (ABMS). The increase of anti-bribery and corruption legislation cannot be ignored by oil and energy companies, given that such regulations have, in most cases, achieved a global reach. For ownership and management, the stakes are especially high – accountability now includes criminal liability for organisation personnel as individuals, beyond (and in addition to) liabilities faced by the organisation. This trend will only continue as governments, and their publics become increasingly intolerant of fraud, bribery and corruption. Major media coverage and the real and perceived threat to governments’ economies contribute to this changing landscape of public opinion.

By extension, enforcement efforts are also being stepped up. Existing penalties are being applied with more regularities and new ones added with stronger impacts, including imprisonment and large fines – adding to the reputational damage that can occur as a result of bribery and corruption. Laws like the UK Bribery Act are being applied in force across international borders to put teeth in efforts to prevent, detect and punish corrupt corporate behaviour. While ISO 37001:2016 certification does not provide a shield against such enforcement measures, applying its standards can be considered a “good faith measure” for companies facing the consequences of bribery and corruption incurred in the past – and the measures prescribed by ISO 37001:2016 will no doubt have a mitigating effect on risk factors and the scale and scope of future acts of bribery and corruption should they occur.

Conclusion

With so much at stake in terms of money and resources, it should be no surprise that the oil and gas industry is rife with bribery and corruption. In today’s business climate, taking every step possible to prevent and detect bribery and corruption is more than just good business sense: It is essential to ensure a successful future. Implementing a worldwide recognised standard like ISO 37001 is a critical step forward for any organisation in the oil and energy industry.