Insight · February 18, 2026
What ISO 37001 taught me about compliance programs that survive scrutiny
A certification exercise is only useful if it changes behaviour after the auditor leaves.
Most anti-bribery management systems are built to pass an ISO 37001 audit, not to change how decisions get made. You can tell within the first hour of a walkthrough: does the person in the room know the policy, or did they just read it before the visit.
The certifications that hold up are the ones where the control lives inside a workflow someone already uses every day, procurement sign-off, third-party onboarding, gift registers, not bolted on as a separate compliance task.
Twenty-five-plus years across law, in-house compliance leadership and now assurance taught me the same lesson every time: a management system is only as strong as the person who has to use it on a Tuesday when nobody's watching.
Written by Scott Lane, Founder & Chief Executive Officer, Speeki
Contact for media →Cite this page
Lane, S. (2026). What ISO 37001 taught me about compliance programs that survive scrutiny. Speeki Experts. Retrieved July 14, 2026, from https://experts.speeki.com/scott-lane/insights/iso-37001-lessons