Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

Deficiencies in ISO 37001

Tom Fox | February 6, 2018

The drumbeat of those supporting ISO 37001 continues. The Man From FCPA finds it to be misplaced as anything close to the international standard for anti-bribery/anti-corruption programs. It leads both the recipients of the certification and those who make the mistake of relying upon it in the same position, worrying more about the paper part of compliance than actually doing compliance through operationalizing it into the DNA of your organization.

Structural Deficiencies

While there is certainly nothing wrong with laying what should go into a compliance program, ISO 37001 has features which make it less than ideal. The first is the claim that the standard is as good a law. Make no mistake, the standard is not law. Next is the focus on having a paper program. The DOJ and SEC jointly issued 2012 FCPA Guidance made clear that an effective compliance program is based upon a company assessing its own risks and then setting up a program to manage... To get the full story, subscribe now.