Contact
Carolina Cueva
Partner
Head of Compliance CMS Grau

The updated anti-bribery standard introduces new areas of focus: conflicts of interest, compliance culture and climate-related factors as part of the risk context.

The publication of the new ISO 37001:2025, the international standard for Anti-Bribery Management Systems, marks the beginning of a mandatory transition process for all organisations certified under ISO 37001:2016. According to the International Accreditation Forum (IAF), the transition must be completed by 28 February 2027 to ensure continuity of certification.

For Carolina Cueva, Partner in Compliance and Internal Investigations at CMS Grau, the change is significant:

“This is not merely a cosmetic update. ISO 37001:2025 raises the bar for anti-bribery risk management and places greater emphasis on evidence: how risks are managed in practice, how conflicts of interest are prevented, and how genuine the organisation’s culture of integrity really is.”

What is changing and why does it matter?

The new version introduces enhancements aimed at strengthening the effectiveness of anti-bribery management systems and their integration with corporate governance. One of the most significant changes is the more robust approach to conflicts of interest management, with clearer requirements regarding the identification, monitoring, control and transparency of conflict situations.

In addition, the standard reinforces the importance of fostering a strong compliance culture, linking the performance of the anti-bribery management system to leadership, decision-making processes and organisational conduct.

“The standard sends a clear message: having policies in place is no longer enough. Organisations must be able to demonstrate that those policies are effective, implemented in practice and actively supported by leadership,” explains Carolina Cueva.

A notable new feature is the inclusion of climate change considerations within the organisation’s context and risk assessment process.

“This update acknowledges that the operating environment, including climate-related factors, can influence pressures, decisions and risks. It signals the direction in which standards are evolving: compliance that is more integrated, more preventive and more closely connected to the broader context,” she adds.

Next steps: the real risk is waiting

Although the deadline extends until 2027, specialists recommend starting the transition process early to avoid bottlenecks in follow-up audits conducted by certification bodies. Organisations should also take into account the internal adjustments required to their management systems. Key steps include conducting a gap assessment, updating documentation and controls, and planning the transition with the certification body.

“The greatest risk is leaving it until the last minute. Many organisations underestimate the time required to align processes, evidence and internal training. A well-managed transition not only avoids certification-related issues but also strengthens the organisation’s integrity framework.”

The ISO 37001:2025 update also presents an opportunity for organisations to review and modernise their anti-bribery prevention programmes through a more integrated and cross-functional approach.

“Those who use this transition as an opportunity to strengthen governance and risk management will be better prepared for audits, third-party requirements and increasingly demanding compliance standards,” concludes the CMS Grau Partner.

More from CMS