Investor? Demand your portfolio companies get ISO 37001 certified to reduce potential bribery risks

Investors in large companies should demand that their portfolio companies get ISO 37001 certified. It is the easiest method by which an investor can get comfort that the controls in place are consistent with best practices and that the existence of an anti-bribery management system is the best way to ensure that the potential corruption risks are minimised.

If I was an investor, asset manager or a private equity manager of portfolio companies and those portfolio companies were involved in high risk sales to Government, engaged with high risk countries, used third parties and distributors to distribute and sell products around the World, then I would not be hesitant in demanding that the company get ISO 37001 certified. In short, you should be holding the company accountable for their compliance programmes, not just reviewing them once a year in a controlled set of slides from the CCO. It is far better to bring in an independent authority to certify the programme according to a recognised Standard.

The certification should be done by an accredited certification body and should be done by one that has expertise in anti-corruption. The certification process should be managed by the company and be a condition that continuing investment is provided on the basis that the ISO certification is maintained.

The existence of a certification does not guarantee that your portfolio company won't have a corruption issue, or have a crisis around a compliance issue, but it will definitely mean that they are in a better position to manage the fallout if one happens. The likelihood of reputational damage and damage to the stock price of the investment is likely to suffer in the event of an issue arising and the time it takes to recover and resolve any investigation will be years, potentially pushing into your exist strategy.

Given that your investments are often hundreds of millions and the cost to gain a certification is a mere single 100k or less for most companies, it seems just so obvious to manage the risks of corruption through a certification.