Governance & Compliance Initiatives, LLC

A New Firm to Create Value from a New Standard: ISO 37001

ISO 37001 update:

Who is Doing What So Far with ISO 37001?

ISO 37001: Anti-bribery management systems was released in October 2016 and is now getting 2017 traction. Several European companies have already received 37001 certifications. US momentum is similarly building. Just prior to the March Ethisphere Summit, Microsoft announced plans to adopt the anti-bribery standard. Other U.S. companies (not wishing to disclose their intentions just yet), are preparing for 37001 certification through readiness activities — taking their anti-corruption / FCPA compliance programs to a certifiable 37001 anti-bribery management system. As the business benefits of ISO 37001 become more widely appreciated (listen to this audio recording), and as certification becomes possible in the US later this year, early initial 37001 interest will take the form of a growing number of noteworthy certification announcements.

In the US, the entity that undertakes accreditation for professional service firms to act as independent third party system auditors, ANAB (ANSI/ASQ Accreditation Standards Board), is now accepting ISO 37001 system applications. Many professional service firms are going through this process. Based on numerous discussions at the Ethisphere Summit and elsewhere, once firms become accredited later this year, there are many US companies that wish to differentiate themselves by becoming certified.

A quick primer:

What is ISO 37001, and What are its Benefits?

CIPE event photo

What are the business benefits of ISO 37001?
Worth MacMurray answers that question while participating in a 9 December 2016 panel discussion about ISO 37001 co-hosted by the Center for International Private Enterprise (CIPE) and Women in International Trade (WIIT). The other panel participants were Shruti Shah, Vice President of Programs and Operations, Transparency International-USA, Jesse Spiro, WorldCheck Research Manager, Thompson Reuters and John Morrell, Regional Director for Asia, CIPE. Listen to an audio recording of this part of the panel discussion above.

This new business standard was created by 36 ISO member counties (including Brazil, China, France, the UK and the US) and issued in October 2016 to help organizations establish, implement, maintain and continuously improve an anti-bribery system. It is a requirements standard, written in plain English (not legalese), containing certain mandatory business process components and activities. Companies' ISO 37001 systems can be independently certified. A priority is operationalizing compliance — placing controls in higher bribery risk operations at appropriate levels (as close to the identified risk as possible), and then measuring and monitoring.

There are business and legal benefits to obtaining ISO 37001 certification, as detailed below.

The business and legal benefits of becoming ISO 37001 certified

From a business perspective, certified companies are a better business partner because they represent less of a bribery risk. This is a valuable differentiator in today's communications-intensive environment, where even the hint of an entity's possible corrupt activities can cause significant financial and reputational loss to those associated with it.

Certain large organizations, in the readiness process of preparing for ISO 37001 certification, also see cost savings as a strong reason for standard adoption. They intend to require that their major suppliers also obtain ISO 37001 certification, thus introducing a common anti-bribery language into their business relationship. Risk (and cost) is thereby reduced by eliminating negotiation and oversight of varying anti-bribery contractual provisions. Those suppliers choosing not to phase in ISO 37001 over some reasonable period will be phased out of the purchasing organization's supply chain.

An additional business benefit is ISO 37001's use of proven business methods and leading practices to fight bribery. Many US corporate executives are frustrated by the cost, complexity and ambiguity of traditional anti-corruption compliance programs. An ISO 37001 approach can help simplify and improve an organization's anti-bribery activities by using business concepts and metrics to support and measure system performance.

From a legal perspective, ISO 37001 aligns with US Department of Justice (DOJ) anti-corruption compliance priorities and the emphasis on compliance program operationalization. An organization's ISO 37001 certification is a tangible demonstration of the entity's intent to be a good corporate citizen. By adopting the standard's mandatory anti-bribery measures and undergoing independent certification testing, the organization voluntarily elects to follow and adhere to the most detailed and rigorous global anti-bribery guidance presently in existence.

ISO 37001 certification does not eliminate possible bribery related liability, but it can provide evidence that an organization has sought to be proactive and has taken reasonable steps to prevent wrongdoing. The DOJ has publicly indicated that the existence of an ISO 37001 system may be taken into consideration during settlement discussions, should a bribery event occur.

Pivoting from Program to System

Anti-corruption programs are based on legal standards (sometimes ambiguous and sometimes conflicting) applied to an entity's facts and circumstances. An ISO 37001 system builds on, strengthens and contains many of the same program elements, but also contains certain unique features and a level of business detail not found in most legally-oriented programs.

To obtain ISO 37001 certification, organizations will need to systematically assess their existing anti-bribery programs to identify and rectify system-related gaps. Governance & Compliance Initiatives' products and services help companies and other organizations: (a) systematically and efficiently accomplish this task; and (b) maximize the benefits associated with ISO 37001 certification.

For further reading, see Pivoting from Anti-Bribery Program to Management System — 3 Critical Questions for Compliance Chiefs (Worth MacMurray - Corporate Compliance Insights, 11/03/16)(pdf, 2.2 MB).

Creating Value Through Creative ISO 37001 Solutions:

About Governance & Compliance Initiatives, LLC

Governance & Compliance Initiatives, LLC (GCI) Principal Worth MacMurray is a globally recognized ISO 37001 and anti-corruption compliance expert. He was a member of the US Technical Advisory Group that helped produce ISO 37001, and now leads GCI to guide organizations into and through ISO 37001 certification.

photo of Worth MacMurray

Worth MacMurray
Member of US Technical Advisory Group for ISO 37001

Throughout his career, Worth has focused on ways to improve the efficiency and clarity of legal, regulatory and business processes through graphical visualization. Among other senior executive roles, he has been a global public company General Counsel, a Chief Compliance Officer helping to lead companies under regulatory scrutiny through oversight situations, and a PwC Washington DC office anti-corruption practice leader, advising businesses and governments.

Worth has authored or co-authored a number of articles on ISO 37001, including:

Helping Organizations Prepare for ISO 37001 Certification:

GCI Products and Services

Governance & Compliance Initiatives, LLC offers products and services to help organizations make the pivot from their existing FCPA/anti-corruption compliance programs to an anti-bribery management system that is appropriately positioned and prepared for the independent ISO 37001 certification exercise.


GCI's 37001 EZ-R™ maps help organize and simplify pre-certification readiness tasks through visual depictions of the anti-bribery management system and related processes. These colorful, large-format, and durable maps:

  • Act as a roadmap, to help structure, understand, document and professionally present a company's overall ISO 37001 system, or system parts;
  • Provide an actionable and consistent methodology that guides users to what needs to be done, and how to do it;
  • Summarize and explain what each substantive 37001 section and sub-section say, and what they mean; and
  • Offer practice tips and contextual information increasing users' overall understanding of a given process's purpose, application and relationship to other processes.

GCI's 37001 EZ-R™ maps Document and Simplify the Thinking Process of Experts. They help businesses drive and sustain international growth through a systematic approach to obtaining the many benefits of ISO 37001 business standard certification.

Various map packages are available. For more information, email


GCI provides specialized, creative and efficient consulting services to help prepare organizations for the independent ISO 37001 certification exercise. Our services are based on based on deep anti-bribery experience and expertise. Among other senior executive roles, Worth MacMurray has been a global public company General Counsel, a Chief Compliance Officer helping to lead companies under regulatory scrutiny through oversight situations, and a PwC Washington DC office anti-corruption practice leader, advising businesses and governments.

Worth was a member of the US Technical Advisory Group that worked with other countries over a multi-year period to create ISO 37001.

Our approach emphasizes the reasonable and proportionate aspect of ISO 37001. Business reasons support our recommended processes, procedures and controls.

We use our proprietary 37001 EZ-R™ maps and a practical and action-oriented methodology to produce unique project deliverables — useful both for certification and post-certification system management purposes.

Our services are provided on either a fixed fee or hourly rate basis.

To discuss services, email