SpeekiExperts

Insight · February 18, 2026

What ISO 37001 taught me about compliance programs that survive scrutiny

A certification exercise is only useful if it changes behaviour after the auditor leaves.

ComplianceCorporate governance

Most anti-bribery management systems are built to pass an ISO 37001 audit, not to change how decisions get made. You can tell within the first hour of a walkthrough: does the person in the room know the policy, or did they just read it before the visit.

The certifications that hold up are the ones where the control lives inside a workflow someone already uses every day, procurement sign-off, third-party onboarding, gift registers, not bolted on as a separate compliance task.

Twenty-five-plus years across law, in-house compliance leadership and now assurance taught me the same lesson every time: a management system is only as strong as the person who has to use it on a Tuesday when nobody's watching.

Written by Scott Lane, Founder & Chief Executive Officer, Speeki

Contact for media →

Cite this page

Lane, S. (2026). What ISO 37001 taught me about compliance programs that survive scrutiny. Speeki Experts. Retrieved July 14, 2026, from https://experts.speeki.com/scott-lane/insights/iso-37001-lessons