Harry Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Richard L. Cassin Editor at Large

Elizabeth K. Spahn Editor Emeritus 

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« Martin Kenney: Shell’s Nigeria mess shows why we need more disclosure | Main | Gretta Fenner: Are companies and executives responsible for human rights violations abroad? »

MacMurray and Lazzarini: Why ISO 37001 is the next big thing

The ISO 9001 Quality Management System has been a spectacular success, with over 1.3 million organizations certified around the world since the standard's 1987 introduction.

We believe the ISO 37001 Anti-Bribery Management Systems may enjoy similar widespread worldwide acceptance.

Why? Similar pre-existing circumstances and good business reasons.

Many of the same conditions are in place today with respect to bribery as existed in 1987 concerning the often unpredictable nature of product or service quality:

  • the existence of a global business problem with pernicious societal impact
  • ambiguous or conflicting legal/regulatory measures that place more importance on national boundaries and proscribed behavior than on positive direction and common sense, and
  • a growing belief among practitioners actively fighting the given problem that what is needed is a broadly-focused business (and not yet another narrow legal) approach.

ISO 9001's value to business? Trust and transparency emanate from this management system's straight-forward requirements. It emphasizes "how to" rather than "thou shalt not." And it features a respected and independent review process that has seen global acceptance.

ISO 37001 follows the same organizational construct and similarly prioritizes practicality. ISO 37001 is also fast gaining global recognition. Microsoft has announced that it will adopt the standard, Walmart just announced that it is considering ISO 37001 adoption, and the governments of Singapore and Peru are studying ways to apply the standard to public procurements and the private sector.

A study of public U.S. manufacturing companies over a ten-year period indicates that significant financial improvement (sales growth, return on sales and return on assets) occurred after ISO 9001 certification as compared to similarly situated non-certifying peers. ISO 37001-certified companies stand to similarly benefit; internally, through improved processes and visibility, with associated financial improvements; and externally, by making counterparties and stakeholders aware of their improved bribery risk profile.

Compliance cost reduction opportunities are also available to certifying companies that apply ISO 37001 in their supply chains -- through elimination of "one-off" and other labor-intensive processes.

As ISO 9001 has so effectively demonstrated with quality, good business standards reduce complexities and cost and promote sound business practices. ISO 9001 certification (now governed by the 2015 iteration) continues to help companies compete and win business by providing a globally understood "common language of quality."

With ISO 37001's emphasis on the business-oriented nuts, bolts and benefits of fighting bribery, it provides creative opportunities for companies to leverage sunk FCPA anti-corruption program costs and existing program activities -- and with certification as a tangible, positive and marketable result.


Worth MacMurray is a Principal at Governance & Compliance Initiatives (, a Senior Advisor at the Ethisphere Institute ( and can be emailed at

Edoardo Lazzarini , PhD is an Italy-based international pharma compliance professional and can be emailed at

Reader Comments (1)

Here is one question I have about ISO 37001. Why should companies focus on this one ISO standard, instead of ISO 19600, dealing with compliance management systems? Should we expect ISO standards for each compliance area in the future? Will companies be expected to pay consulting companies to "certify" each new compliance ISO standard? And will they be expected to pay for copies of each new standard, since ISO charges for access to each standard? Cheers, Joe
May 9, 2017 | Unregistered CommenterJoseph Murphy
Comments for this entry have been disabled. Additional comments may not be added to this entry at this time.