Anti-Bribery · ISO 37001

ISO 37001 Anti-Bribery Management Systems in Malaysia

What the standard requires, how it maps to Section 17A and the CIDB G7 mandate, and the realistic pathway to certification — set out plainly, then implemented by a practitioner.

ISO 37001:2016 is the international standard for anti-bribery management systems. It sets out the controls an organisation needs to prevent, detect, and respond to bribery — and, crucially, the evidence that those controls are actually working.

What the standard requires

ISO 37001 follows the Annex SL structure common to modern management-system standards, so it integrates cleanly with ISO 9001, ISO 37301, and others. At its core, it requires you to:

  • Understand your context and assess your bribery risk
  • Establish an anti-bribery policy and a resourced compliance function
  • Exercise due diligence over associates, projects, and transactions
  • Apply financial and non-financial controls, and govern gifts and hospitality
  • Provide a way to raise concerns, and investigate them properly
  • Monitor, audit, and continually improve the system

Clause map — Annex SL structure

Clauses 4 to 10 carry the requirements: context (4), leadership (5), planning (6), support (7), operation (8), performance evaluation (9), and improvement (10). The operational heart sits in Clause 8 — due diligence, controls, gifts and hospitality, raising and investigating concerns. ABMS walks each clause against your real operations, not a template.

Mandate, pathway and cost

The commercial driver in Malaysia is twofold: the Section 17A adequate-procedures defence, and the CIDB G7 certification mandate from 2027. Implementation runs six to nine months; ABMS support starts from RM 18,000 depending on scope, with the certification audit charged separately by an accredited body.

ABMS implementation support fromRM 18,000

Implementation

A six-month roadmap to certification readiness

Enough structure to see the path — without turning it into a do-it-yourself manual. ABMS runs each stage with you.

Month 1

Gap analysis & bribery risk assessment — establish scope, context, and where exposure actually sits.

Month 2

Anti-bribery policy, governance, and the compliance function — leadership commitment made real.

Month 3

Controls: due diligence on associates, financial and non-financial controls, gifts and hospitality.

Month 4

Raising concerns, investigation procedures, and documented information across the system.

Month 5

Internal audit, management review, and corrective action — proving the system works.

Month 6

Stage 1 / Stage 2 certification audit readiness and support through the assessment.

FAQ

ISO 37001 — common questions

Is ISO 37001 mandatory in Malaysia?

Not universally — but it is effectively required in key contexts. From 2027, CIDB requires G7 contractors to hold MS ISO 37001 certification to renew SPKK registration. More broadly, ISO 37001 is the recognised way to evidence the 'adequate procedures' defence under MACC Act Section 17A.

How long does ISO 37001 implementation take?

Typically six to nine months from gap analysis to certification audit, depending on the size and complexity of the organisation and how much of an anti-bribery framework already exists.

What does ISO 37001 certification cost?

Implementation support from ABMS starts from RM 18,000 depending on scope; the certification audit is charged separately by an accredited certification body. We give you a clear, itemised picture before you commit.

How is ISO 37001 different from Section 17A?

Section 17A is the law — it creates corporate liability for bribery and the 'adequate procedures' defence. ISO 37001 is the management-system standard that operationalises and evidences those adequate procedures.

Talk to a practitioner

Bring an active mandate, an open question, or a draft policy you want reviewed.

Whether you are facing the CIDB G7 deadline, building a Section 17A defence, or preparing for an ISO 37001 audit — start with a direct conversation, not a sales pitch.