Microsoft: Why we are adopting ISO 37001

Several weeks ago, Microsoft announced that it would become the first U.S. and multinational company to seek ISO 37001 certification. In a recent blog post, Microsoft’s deputy general counsel explained further the reason behind that decision and why other companies should do the same.

First, a bit of background: In October 2016, the International Organization for Standardization (ISO)—an independent, non-governmental group with a membership of 162 national standard-setting bodies—published the final version of ISO 37001. It is the first internationally recognized and certifiable anti-bribery minimum standards program, designed to help organizations of all sizes in the public, private, and non-government sectors combat bribery risk in their own operations and throughout their global supply chains.

Seeking certification means that companies like Microsoft can obtain certification from accredited third parties if their anti-bribery compliance programs meet the standard’s stringent criteria. Microsoft, itself, was closely involved in the development of ISO 37001.

Although most companies maintain an anti-corruption compliance program, satisfying the legal requirements of different jurisdictions is a challenge, “which also involves trying to comply with a patchwork of often inconsistent guidance from different government agencies as well as nongovernmental organizations and non-government experts,” explained David Howard, deputy general counsel, litigation, competition law and compliance.

“The problem is even worse for our thousands of partners and suppliers, who often must try to meet not only their legal obligations, but also the often-different compliance requirements of Microsoft and the many other companies with which they do business,” Howard wrote. “This is inefficient, leads to confusion and, ultimately, increases risk.”

ISO 37001 establishes a common language to help solve the cross-border problem of corruption, he said. “We think a consistent approach to anti-corruption programs is a good thing,” Howard wrote. “We encourage other major companies to adopt ISO 37001, and we invite other U.S. companies to work with us on a new Technical Advisory Group to ensure that the standard remains relevant and effective.”