Harry Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Richard L. Cassin Editor at Large

Elizabeth K. Spahn Editor Emeritus 

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« Job: Associate Counsel, Compliance | Main | DOJ refines stance on ephemeral messaging apps »

Attention colleges: ISO 37001 can help

Colleges implicated in Operation Varsity Blues (and those not yet named) can act to prevent similar bribery situations and restore trust without reinventing the wheel: the ISO 37001 anti-bribery system is uniquely suited to help manage these bribery-risk situations.

ISO 37001 addresses the operational risks by a systematic and documented bribery risk assessment. (The domain of “high-bribery risk environments” now appears to include some domestic college admissions offices and athletic departments -- as well as the traditional FCPA-related overseas resource extraction and pharma operations in lesser developed regions.)

ISO 37001 certification shows that a college voluntary submitted to and passed a rigorous audit of its anti-bribery management system, conducted by an accredited independent certifying body -- applying a “reasonable assurance” standard of review (as is applied by public accounting firms when auditing the financial statements of U.S. public companies.)

Certification publicly communicates a simple trust-rebuilding message: “consistent with the seriousness of the situation and our values, we took action -- we’ve implemented and become certified under the leading global anti-bribery management system: ISO 37001.”

Among the issues likely to be faced by colleges in the course of implementing ISO 37001: 

Actual or pending lawsuits and/or investigations – ISO 37001-related activities will largely be prospective, but litigation concerning past events has begun in some cases, and legal counsel’s opinion on any possible privilege-related issues is advisable.

Due diligence – What due diligence procedures should be applied to verify that applicants with claimed special (athletic or other) skills actually have these skills and accomplishments/awards?

Process improvement - Should “accurate and truthful” parent/guardian certifications and/or representations concerning use of an outside college advisor be part of the college’s application package?   

External stakeholders and scope of anti-bribery policy – As part of the standard’s bribery risk assessment consideration of external stakeholder’s views and/or requirements, applicable contractual and/or statutory boundaries will need to be considered -- including those related to federal or state grants, the NCAA and major donors. Should a complete policy also contain provisions dealing with the risk of college athletes, researchers or other college community members as bribe targets?


The country is fascinated and appalled by the breadth of the scandal -- the brazen circumvention and exploitation of existing college admission practices, the amounts involved and the “right in our backyard” aspects of these cases.

As additional facts come to light -- approximately 800 persons are reportedly involved and only around 50 have been identified to date -- the value of a thorough, standards-based anti-bribery methodology applied to the college admissions process will only become more apparent.

ISO 37001 copies can be licensed here.


Worth MacMurray was formerly general counsel of several public companies, a leader within PwC’s DC anti-corruption office, and a member of the U.S. Technical Advisory Group that worked with other countries over a 3-year period to create ISO 37001. He is now Principal at Governance & Compliance Initiatives. He is PECB Certified as both an ISO 37001 Lead Auditor and ISO 37001 Lead Implementer. He can be contacted here.

Reader Comments (1)

An excellent resource for colleges and universities. However, university compliance programs tend to "stop at the door of the athletic department," so that may be a challenge that needs to be faced first.
March 18, 2019 | Unregistered CommenterDavid Dodge
Comments for this entry have been disabled. Additional comments may not be added to this entry at this time.