Understanding ISO 37001. Addressing facilitation and extortion payments within an ABMS

In a global economy where trust, transparency, and ethical conduct are critical considerations an Anti-Bribery Management Systems according to ISO 37001 offers a structured and internationally recognized approach for any organization that want to to prevent, detect, and respond effectively to bribery. 

Whether operating in high-risk jurisdictions, engaging with public officials, or managing a wide network of third parties, businesses today face increasing pressure to demonstrate integrity and accountability.

Originally published in 2016 and revised in 2025, ISO 37001 is applicable to organizations of all types and sizes — from multinational corporations and government agencies to small businesses and NGOs. The standard outlines the requirements for establishing, implementing, maintaining, and continually improving an effective anti-bribery management system (ABMS).

This article focuses on two concepts found in ISO 37001. Facilitation and extortion payments.

We’ll take a closer look at what these terms mean and how organizations should manage them as part of their ABMS.

What are Facilitation Payments?

Facilitation payments are small, unofficial payments made to expedite routine government actions — things the payer is legally entitled to without any payment. These payments may seem harmless or customary in some countries and cultures.

Example: A company is exporting goods and needs customs clearance. An official hints that things will move faster if a small “service fee” is paid under the table. The paperwork is in order — but without the payment, delays are implied.

Even though these payments may be perceived as "just part of doing business" in certain regions, facilitation payments are considered a form of bribery and must be prohibited under the anti-bribery management system.

An organization implementing an anti-bribery management system according to ISO 37001 is expected to:

• Establish a zero-tolerance policy toward facilitation payments.
• Train personnel to recognize and refuse such requests.
• Instruct staff to ask for proof that the payment is legitimate and to demand an official receipt.
• If the request cannot be justified, employees should refuse the payment and report the incident.

What Are Extortion Payments?

Unlike facilitation payments, extortion payments are made under duress — typically in situations where an employee fears for their life, liberty, or safety. These payments arise from coercion rather than voluntary misconduct.

Example: A company executive traveling abroad is stopped at an unofficial checkpoint. Armed individuals demand money and imply there will be “problems” if it’s not paid. Feeling threatened, the executive complies and pays to avoid immediate danger.

In the context of an anti-bribery management system extortion payments are not considered bribery if they are made under credible threats to health, safety, or liberty.

Because such situations may place individuals in serious risk, many legal systems do not criminalize these payments. However, that doesn’t mean that the organization should ignore the incident. ISO 37001 advises the company to:

• Provide guidance and training for personnel on how to handle such demands.
• Allow personnel to make the payments if their safety is genuinely threatened.
• Report of the incident after the fact.
• Ensure proper investigation of the event.
• Report the payment to authorities, if legally required.

By doing so, organizations protect their people while maintaining the integrity and transparency of their anti-bribery system.

Facilitation and Extortion Payments in ISO 37001

Facilitation and extortion payments are discussed in Annex A of ISO 37001, where the standard provides for how these should be managed. In short these guidelines refer to:

1. Prohibit facilitation payments. Facilitation payments must be explicitly prohibited by the anti-bribery controls of the organization.
2. Train staff. Personnel should be trained to recognize and resist facilitation payments, recognize extortion payments and report incidents.
3. Provide guidance. Guidance must exist for both prevention and response — from refusing payments to documenting and investigating when unavoidable payments occur.
4. Investigate. Organizations should have channels (including whistleblowing mechanisms) where facilitation or extortion events can be reported confidentially.
5. Keep records. Records should be kept maintaining evidence of incidents involving facilitation and extortion payments.

Why It Matters

Tolerating small or seemingly benign bribes — such as facilitation payments — erodes ethical standards and can escalate into larger, systemic corruption. 

Conversely, ignoring or mishandling extortion risks can endanger staff and damage an organization's reputation or legal standing.

By addressing both issues clearly an organization takes a proactive, ethical, and legally sound approach to anti-bribery compliance. It strengthens trust with customers, partners, regulators, and investors, and demonstrates that the organization is serious about doing business with integrity.

Final Thoughts

Facilitation and extortion payments are not theoretical — they are everyday challenges for organizations working in complex and high-risk environments. 

By implementing an anti-bribery management system according to ISO 37001, companies show that they are committed to more than just legal compliance — they are building a culture where bribery, in all its forms, has no place.

Whether you're just starting your compliance journey or looking to enhance your current controls, now is the time to look seriously at what ISO 37001 can offer.

Explore our online course on ISO 37001 to learn how to implement a robust and compliant Anti-Bribery Management System