Strengthening Anti-Bribery Governance through Integration of GCG with SNI ISO 37001: 2016 ABMS

DOI: 10.21532/apfjournal.v6i1.200 ABTRACT The government’s desire to improve the quality of State-Owned Enterprises (SOEs) by implementing GCG is considered not yet optimal because there are still several cases of non-compliance by SOEs with high GCG scores. Therefore, a clear standard or method is needed so that the implementation of GCG in State-Owned Enterprises (SOEs)can be carried out more optimally. The purpose of this research is to find out whether SNI ISO 37001: 2016 Anti-Bribery Management System (ABMS) can be integrated with GCG in order to improve the quality of governance in State-Owned Enterprises. The discussion is carried out in two parts: first, a descriptive discussion related to GCG and ISO 37001: 2016 itself, and second, a discussion related to how to identify and integrate GCG with ISO 37001: 2016. This study uses descriptive qualitative analysis method, with literature study and analysis of related laws and regulations. The results show that ISO 37001: 2016 can be one of the guidelines or a foundation for SOEs to implement GCG in accordance with the Regulation of the State Minister for State-Owned Enterprises Number: PER-01 / MBU / 2011. It is recommended that SOEs start implementing GCG with reference to ISO 37001. : 2016. However, it should be understood that SNI ISO 37001: 2016 is not the only guideline or reference because there are several other things that must be fulfilled in GCG that are not listed in SNI ISO 37001: 2016.


INTRODUCTION
Is ISO 37001: 2016 on Anti-Bribery Management System (ABMS) which has been adopted by Indonesia to become SNI ISO 37001: 2016, necessary to be implemented? Referring to the classification given by the Association of Certified Fraud Examiners (ACFE) in the 2020 Report to the Nations, bribery is one of the four categories of corruption, while the other three are conflicts of interest, illegal gratuities, and economic extortion. Moreover, corruption is one of the three categories of fraud, in which the other two are asset misappropriation and financial statement fraud. So, why does ISO not regulate fraud or corruption, but only bribery?
According to the Oxford Dictionary, fraud is the crime of cheating somebody in order to get money or goods illegally. Meanwhile, according to ACFE, fraud is a knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment, or which can be understood as an act of covering up or hiding the truth or fact that causes harm to other people. While according the Indonesian Dictionary, fraud is a dishonest act or word (lie, fake, etc.) with the intention of misleading, outsmarting, or seeking profit.
Meanwhile, the definition of corruption for each country is different. In Indonesia, Law no. 31 of 1999jo. Law No. 20 of 2001 concerning the Eradication of Corruption Crimes does not explain a specific definition for corruption. However, this law states 30 types of Corruption Crime which are grouped into 7: 1) State losses; 2) Bribery; 3) Embezzlement in Office; 4) Extortion; 5) Fraudulent Acts; 6) Conflict of Interest in Procurement; and 7) Gratuities. Meanwhile, among the seven types of corruption, the most common articles are articles that regulate bribery. This is in line with the types of corruption regulated in the United Nations Convention against Corruption (UNCAC). UNCAC divides the types of corruption as follows: 1) Bribery of national public officials; 2) Bribery of foreign public officials and officials of international public organizations; 3) Bribery in the private sector; 4) Embezzlement; 5) Influence trading; 6) Misuse of position; 7) Improper self-enrichment; 8) Laundering the proceeds of crime; 9) Obstruct the judicial process. UNCAC describes the definition of bribery for public officials in Chapter III of Criminalization and Law Enforcement Art. 15 that bribery of national public officials is (a) the promise, offering or giving, to a public official, directly or indirectly, of an undue advantage, for the official himself or herself or another person or entity, in order that the official act or refrain from acting in the exercise of his or her official duties.
Based on the elaboration of this definition, it can be seen that the definition of fraud is very broad. There are also differences in the definition of corruption, where some emphasize the abuse of power, the existence of state losses, and others. According to the Organization for Economic Co-operation and Development (OECD), the definition of fraud and corruption is so broad that it is unclear and difficult to use in a criminal law perspective. This makes policy makers and law enforcers prefer to use the definition of more specific actions such as bribery, extortion, conflict of interest, and so on.
Referring to the International Organization for Standardization, ISO 37001: 2016 Anti-Bribery Management System was created because bribery is considered the biggest cause of an organization's losses. In addition, the definition or understanding of bribery which is relatively the same throughout the world makes this standard become easily used and adapted by all types and sizes of organizations, both large and small.
On However, after 18 years since it was first announced, there has been no improvement that can produce the maximum results as expected. This is reflected in the results of the 2016 Indonesian Fraud Survey conducted by the Association of Certified Fraud Examiners (ACFE) Indonesia Chapter where the Government (81.2%) and SOEs (8.1%) were the parties considered to be the most disadvantaged from fraud.
Data on the prosecution of corruption cases by the Corruption Eradication Commission (KPK) show that bribery is the most common category of corruption and involves public and private officials, and even corporations. Based on the conditions described above, it can be concluded that the Government and SOEs are unable to implement GCG optimally because they are the parties most disadvantaged by fraud, and the most frequently committed fraud is bribery. So, it becomes relevant if this research integrates the government's desire to implement GCG policies in SOEs using SNI ISO 37001: 2016 in order to strengthen the anti-bribery governance system in SOEs.
This research is expected to enrich the study of fraud control governance, especially bribery as a form of fraud, through the integration of the implementation of GCG with SNI ISO 37001: 2016 in SOEs.

RESULTS AND DISCUSSION Good Corporate Governance (GCG)
Before discussing further about the implementation of Good Corporate Governance (GCG), it is necessary to understand the definition of corporate governance itself. The Organization for Economic Co-operation and Development (OECD) explains that corporate governance is the structure of the relationship and its relation to responsibilities among related parties, consisting of shareholders, members of the board of directors and commissioners, including managers, designed to encourage the creation of a competitive performance which is necessary in achieving the main goals of the company. In addition, according to the Indonesian Institute for Corporate Governance (IICG), corporate governance is a process and structure applied in running a company, with the main objective of increasing shareholder value in the long term while still paying attention to the interests of other stakeholders.
Meanwhile, the Cadbury Committee from the UK, as quoted by the Forum for Corporate Governance in Indonesia (FCGI), defines corporate governance as a set of rules that formulates the relationship between shareholders, managers, creditors, government, employees, and other interested parties both internal and external related to their rights and responsibilities, or the system that directs and controls the company. Meanwhile, in this concept there are at least two things that are emphasized, namely the interests of shareholders' rights to obtain information correctly and timely and the company'sobligation to disclose all information on company performance, ownership, and stakeholders accurately, timely, and transparently.
In relation to its implementation in Indonesia, as explained in the In Article 1 paragraph (1) of the Regulation of the State Minister for SOEs (PERMEN BUMN) No. 01/2011 regulates Good Corporate Governance. Good Corporate Governance (GCG) is the basic principles of a management process and mechanism based on statutory regulations and business ethics. Then, in Article 2 paragraph (1) it is explained that SOEs are obliged to implement GCG consistently and continuously in accordance with the provisions of the Ministerial Regulation while still paying attention to the norms, regulations, and articles of association of SOEs.
Furthermore, Article 2 paragraph (2) of the Regulation of the State Minister for SOEs No. 01/2011 explains the provisions in paragraph (1). In implementing GCG as referred to in paragraph (1), the Board of Directors compiles a GCG manual which includes creating a board manual, risk management manual, internal control system, internal monitoring system, reporting mechanism for suspected irregularities in the SOE concerned, information technology governance, and code of conduct.
The GCG principles contained in this regulation are in accordance with Article 3 of the Regulation of the State Minister for SOEs 01/2011, including: • Transparency, which means openness in carrying out the decision-making process and openness in disclosing material and relevant information about the company; • Accountability, which means clarity of functions, implementation and accountability of the organization so that company management is carried out effectively; • Responsibility, which means conformity in the management of the company to the laws and regulations and sound corporate principles; • Independence, which means a condition in which the company is managed professionally without any conflict of interest and influence / pressure from any party that is not in accordance with statutory regulations and sound corporate principles; • Fairness, which means conditions and equality in fulfilling the rights of stakeholders arising from agreements and laws and regulations. Regulation of the State Minister for SOEs number 01/2011 also regulates the prohibition of taking personal benefits as contained in Articles 17 and 23, where members of the Board of Commissioners and members of the Board of Directors are prohibited from taking actions that have a conflict of interest and taking personal benefits, either directly or indirectly, from taking decisions and activities of the SOEs concerned other than legal income. This means that this regulation also prohibits opportunities for corrupt behavior.
In addition to making decisions and actions, the Regulation of the State Minister for SOEs number 01/2011 also regulates Risk Management in Article 25 by implementing a risk management program, in paragraph (3) including a) establishing a separate work unit under the Board of Directors or b) assigning an existing and relevant work unit to carry out the risk management function, and in paragraph (4) the Board of Directors is required to submit a risk management profile report and its handling together with the company's regular reports.
To ensure the implementation of GCG by the company, this regulation also regulates the Internal Control System in Article 26 and Article 27 of the Regulation of the State Minister for SOEs number 01/2011. Article 26 regulates the provisions for the Board of Directors in establishing a control system in order to secure investment and company assets. The system created must cover a disciplined and structured environment, risk assessment, control activities, information and communication systems, and monitoring. Furthermore, Article 27 explains that the Board of Directors formulates provisions governing the reporting mechanism for suspected irregularities at the SOEs concerned.
Not only internally, the Regulation of the State Minister for SOEs number 01/2011 also regulates how the GCG implemented by SOEs will be closely related to external parties or stakeholders. So, in Article 38 it is explained that SOEs must respect the rights of stakeholders that arise based on laws and regulations and or agreements made by SOEs with employees, customers, suppliers, and creditors as well as the community around the SOE's business place, and other Stakeholders. Furthermore, Article 39 explains that the Board of Directors first gets approval from the General Meeting of Shareholders (GMS) to enter into an agreement with employees relating to employee income that is not required by or exceeds the provisions of laws and regulations.
The important point of the Regulation of State Minister for SOEs No. 01/2011 is that in implementing GCG there are guidelines for companies related to business ethics, anti-corruption and donations as stipulated in CHAPTER X Articles 40-42. Article 40 paragraph (1) clearly explains that Members of the Board of Commissioners / Supervisory Board, the Board of Directors, and employees of SOEs are prohibited from giving or offering, or receiving, either directly or indirectly, anything of value to or from a customer or a Government official to influence or act as a compensation for what he has done and other actions, in accordance with the provisions of laws and regulations. However, the exception is that it does not include employee incentives, and SOEs are required to establish a company's code of conduct. Then, in Article 41, it is explained that the form of commitment is that the Board of Directors signs an integrity pact and must submit an asset report. Article 42 also stipulates the limitation that SOEs can only make donations for charity or social purposes in accordance with statutory regulations.

SNI ISO 37001: 20016 Anti-Bribery Management System (ABMS) ISO 37001: 2016 Anti-Bribery Management
System was first published on October 13, 2016 by the International Organization for Standardization, or known as ISO. One of the ISO publications is related to the purpose of developing ISO 37001: 2016, which is to help organizations implement effective measures to prevent and deal with bribery, and to instill a culture of honesty, transparency and integrity. Although it cannot guarantee that bribery will not occur, ISO 37001: 2016 provides tools and systems that can reduce risks and help organizations to manage risks if they do occur. ISO 37001: 2016 can be applied to the public, private and non-profit sectors as well as various forms and types of organizations. In addition, implementing ISO 37001: 2016 will provide assurance to investors and other stakeholders that the organization has an effective management system to manage bribery risk. ISO 37001 has a format similar to other management system standards such as ISO 9001 and ISO 14001.
With the issuance of Presidential Instruction Number 10 of 2016 concerning Action to Prevent and Eradicate Corruption in 2016 and 2017, the National Standardization Agency of Indonesia (BSN) then adopted ISO 37001 as a management system that can be applied to both the government and private sectors as an effort to prevent and eradicate corruption in Indonesia. In addition, with the issuance of Supreme Court Regulation No. 13 of 2016 concerning Procedures for Handling Corruption Crime, SNI ISO 37001 Anti-Bribery Management System can be applied to organizations to prevent bribery. As an Adequate Procedure, there are 44 (forty four) clauses that must be fulfilled by organizations in implementing SNI ISO 37001: 2016 Anti-Bribery Management System (ABMS).
In implementing the Anti-Bribery Management System (ABMS), there are 44 (forty four) mandatory requirements that must be met by the organization. The 44 (forty four) requirements are part of clause 4 (plan) related to the organization, clause 5 (plan) related to leadership, clause 6 (plan) related to planning, clause 7 (plan) related to support, clause 8 (do) related to operations, clause 9 (check) related to evaluation, and clause 10 (act) related to improvements. One of the interesting things that distinguish this ABMS from other management systems is that there is a requirement for organizations to carry out a Bribery Risk Assessment (BRA) as stipulated in clause 4.5. BRA is an activity/process in which the organization identifies, maps, analyzes and assesses the potential bribery risks that exist within the organization itself.
Integration between GCG and SNI ISO 37001: 2016 ABMS As described above, in general the enthusiasm for good corporate governance (GCG) in State-Owned Enterprises is to improve the image of SOEs and maximize the benefits obtained for the State. In essence, these two goals are expected to be achieved by doing business in good and right ways.
In line with this, to maximize the benefits that can be obtained for the State, it is also pursued by minimizing the risk of abuse of authority, position, facilities or other potential losses. This is stated in Article 23 of the Regulation of the State Minister for SOEs number PER-01 / MBU / 2011 concerning the prohibition of taking personal gain. Furthermore, Article 25 also states that risk management should be carried out as part of the implementation of the GCG program. Unfortunately, the Regulation of the State Minister for SOEs number PER-01 / MBU / 2011 does not clearly state the list, method, or standard regarding what must be done by each SOE in implementing this GCG. The absence of such standardization can cause each SOE to have different interpretations, so that there is no common reference or measurement standard.
As discussed in the previous section, ISO 37001: 2016 Anti-Bribery Management System (ABMS), or which has been adopted by Indonesia as SNI ISO 37001: 2016, can be the answer to this problem. ISO 37001: 2016 can be the basis / foundation for SOEs to have the same reference in implementing this GCG. In addition to minimizing the risk of bribery, ISO 37001: 2016 also provides the instruments and methods needed to carry out a risk assessment, especially in the form of a bribery risk assessment. This is stated in the 44 requirements contained in clause 4 to clause 10 of ISO 37001: 2016 which can be divided into four major parts, namely planning (plan), implementation (do), checking (check), and improvement (act).
The Regulation of the State Minister for SOEs number PER-01 / MBU / 2011 can be matched with clause 4 ISO 37001: 2016 which defines the organizational context. Then regarding shareholders, the board of commissioners, the supervisory board, the owner of capital, and so on, it can also be matched with clause 5, namely leadership. Long-term plans and company work plans can be matched with clause 6, namely planning. Risk management can be done by making a number of efforts in clause 8, related to operations. The internal control system can also be matched with clause 9, related to performance evaluation, and the existence of external auditors can be matched with clause 10, related to improvement.
Details about the integration between GCG and ISO 37001: 2016 can be seen in the following (Appendix 1). There are 6 (six) aspects of testing / indicators / assessment parameters with a total score of 100.00

Basic Differences on the Measurement of Implementation between GCG and SNI
Each organization must fulfill 44 (forty four) clauses The assessment and evaluation are carried out by an independent assessor appointed by the Board of Commissioners / Supervisory Board. If it is deemed more effective and efficient, the assessment can be carried out by utilizing the services of government agencies that are competent in the field of GCG The implementation of evaluation can also be carried out independently by BUMN (self-assessment) External audits (certification) and Surveillance Audit (annually, once certified) are carried out by a certification body accredited by the National Accreditation Committee Then, the recommendation for exercise of state ownership for integrity is fulfilled with leader's commitment in SNI ISO 37001. This leader's commitment can be seen in clause 5 in SNI ISO 37001; 2016 concerning leadership. As discussed in the previous section, this clause 5 requires a commitment from top leaders of each organization as well as an anti-bribery policy made for the organization they lead.
Recommendation for promotion of integrity and prevention of corruption at the enterprise level is matched with risk management. SNI ISO 37001: 2016 focuses on risk management in clause 4.5, namely bribery risk assessment. This is one of the core sections of SNI ISO 37001: 2016, in which an organization wishing to implement SNI ISO 37001: 2016 must map and analyze all potential bribery contained in every business process in its organization. This requirement regarding bribery risk assessment is one of the things that differentiate SNI ISO 37001: 2016 from other similar regulations.
Finally, the recommendation for Accountability of State-Owned Enterprises and of the State is matched with due diligence and effective communication. Due diligence on SNI ISO 37001: 2016 is in clause 8.2. The due diligence required by SNI ISO 37001: 2016 includes potential business partners, prospective employees, and other parties who wish to relate, interact, or cooperate with the organization itself. Effective communication is contained in clause 7.4, where the organization must also consistently convey its anti-bribery commitments and policies to both internal and external parties. Both of these are intended so that the organization can work accountably.
From the above explanation, it can be seen that the clauses in SNI ISO 37001: 2016 provide technical instructions related to fulfilling the requirements of GCG.