Anti-Bribery Compliance for Trading Companies: ISO 37001 and Beyond

International trade, by its nature, involves operating across multiple jurisdictions with varying governance standards, developing relationships with government officials and state-owned enterprises, and navigating procurement processes that can be subject to improper influence. The bribery and corruption risks facing trading companies are real, material, and subject to some of the most aggressive extraterritorial enforcement activity in all of regulatory compliance.

The US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act are the two most important anti-bribery frameworks for globally active trading companies. Both have significant extraterritorial reach: the FCPA applies to any company that uses US financial infrastructure, employs US persons, or lists securities in the US; the UK Bribery Act creates liability for UK-registered companies for bribery anywhere in the world.

Penalties for violations are severe. FCPA enforcement actions in the past decade have resulted in combined fines, disgorgement, and penalties exceeding $20 billion. Several trading company executives have faced personal criminal prosecution and imprisonment. The reputational consequences of a bribery investigation — even one that does not result in criminal charges — can permanently impair a company's access to banking relationships, government contracts, and blue-chip client relationships.

ISO 37001: The Framework

ISO 37001, published in 2016 and under revision for a 2024 update, provides an internationally recognised framework for anti-bribery management systems. The standard requires organisations to: conduct systematic bribery risk assessments across all operations and markets; implement proportionate controls based on identified risks; conduct due diligence on business partners, intermediaries, and high-risk counterparties; implement financial controls over payments, gifts, and hospitality; establish reporting mechanisms for suspected bribery; and undergo regular third-party audit and certification.

Certification demonstrates to regulators, banks, and business partners that anti-bribery compliance is systematic and audited rather than aspirational. In enforcement contexts, documented ISO 37001 certification provides evidence of genuine good-faith compliance effort — a factor that regulators consistently cite as influencing prosecution decisions and penalty determination.