Since the newly created ISO 37001 has been published, in October, many professionals are talking about anti-corruption which is, per se, already great. Not enough to fight the problem though.
Why my concern and why another post?
Because, among these super enthusiastic articles, I read one thing that made me think. people would be more keen to do business with certified companies not to perform, or, at least, to perform some sort of ‘slim’ audit on them.
This idea is spreading quite rapidly and this is not good, especially in light that between 60% and 90% of corruption happen via third parties.
ISO37001 is not, in fact, law, therefore, it cannot be used as a defense for not having performed appropriate due diligence and/or audit; adherence to the standard is certified by private entities whose statements can be very well ignored by a Prosecutor or other relevant Authority.
Besides performing due diligence and exercising audit rights, I aways suggest my clients to use the ‘walking away’ anti-corruption clauses while negotiating with third parties. (here the relevant article)
You can read about due diligence here.
If, from one side, it is crucial raising awareness towards bribery, it is equally important not to create a false sense of security.