by Gwendolyn Lee Hassan, JD, CCEP
The headlines are compelling: “Microsoft and Wal-Mart seek ISO 37001 Anti-Bribery Certification.”1
Compliance professionals working for
other US-based multinationals see these
types of announcements and cannot help
but wonder, “Gee, if Walmart
and Microsoft are doing it, does
that mean my company should
be seeking certification also?”
Does it make sense to be out front
on this? Should we advise our
senior management to seek this
I would argue the answer to
these questions is “no,” or at least “not yet.”
There seems to be little value to being an
early adopter when it comes to seeking ISO
A roundtable discussion on the
new anti-bribery standard was held as
part of Compliance Week 2017. Among
the roundtable participants, there was
broad consensus that there are too many
unanswered questions to make seeking
this certification truly valuable to most
US multinational companies at this point.
The following questions were raised by
1. What is this going to cost us?
No one really knows what seeking (and
maintaining) ISO 37001 certification
will ultimately cost. Anecdotal
evidence related to the cost of obtaining
certification to other ISO standards
(such as ISO Environmental Standard
14001) would seem to indicate the costs
will vary widely depending on the size
and complexity of the organization and
whether you seek to obtain site-specific
certifications or a corporate-level
certification. This is especially true
when you take into account the amount
of employee time and effort required to
prepare for the certification audits.
2. Who could certify us if we wanted to
Only a handful of providers are
actively seeking accreditation as an
ISO 37001 certifier. EY is rumored to
have set up a separate foreign entity
outside of the United States for the sole
purpose of certifying clients under
the new standard. (One can theorize
Is there benefit in being an
» Estimated costs to obtain ISO 37001 certification are unknown at this time.
» Very few accredited certifiers currently exist.
» There are no indications obtaining certification will result in enforcement leniency.
» The “return on investment” in obtaining certification is unknown at this point.
» A wait‑and‑see approach seems advisable for most US‑based multinational companies.