ISO 37001:2025 - What the Updated Anti-Bribery Standard Means for the Lottery and Gaming Sector

Governance expectations across regulated industries continue to increase, with organisations expected to demonstrate that anti-bribery controls are not only in place, but effective in practice.

In a recent digitalRG webinar, Elda Varrone (Flutter) and Effie Kakaflika (Bally’s Intralot) explored what the transition from ISO 37001:2016 to ISO 37001:2025 means for organisations in the lottery and gaming sector, highlighting both strategic changes and practical implementation considerations.

A central message from the session was clear: certification alone is not the objective. The goal is building a functioning anti-bribery management system embedded into everyday governance and decision-making.

Why ISO 37001 is gaining importance

ISO 37001 provides an internationally recognised framework for preventing, detecting and responding to bribery risks across organisational activities, including third-party relationships, governance structures and reporting mechanisms.

As discussed during the webinar, organisations are increasingly encountering expectations related to ISO 37001 in procurement processes, regulatory interactions and supplier due diligence requirements. In trust-sensitive sectors such as lotteries and gaming, certification can strengthen credibility with regulators, partners and stakeholders while supporting participation in integrity-focused RFP processes.

A shift from compliance controls to governance culture

One of the key messages from the session was that ISO 37001:2025 represents an evolution rather than a redesign of the existing framework.

While the 2016 version focused largely on compliance controls, the revised standard places stronger emphasis on leadership accountability and organisational culture. Governing bodies are now expected to take a more visible role in supporting anti-bribery frameworks, with compliance teams acting as facilitators rather than sole owners of the system.

The updated standard also strengthens expectations around structured training for third parties and encourages organisations to move from one-off due diligence checks towards more continuous monitoring approaches.

ESG risks and conflict-of-interest controls receive greater attention

Another notable development discussed during the webinar is the integration of ESG-related risks into anti-bribery risk assessments. Organisations are expected to consider how environmental, social and governance exposures may create corruption-related vulnerabilities across operational environments.

The revised framework also strengthens expectations around conflict-of-interest management, encouraging more structured monitoring processes such as recurring declarations, formal registers and defined approval workflows.

Transition timelines organisations should be aware of

For organisations already certified under ISO 37001:2016, the transition to the revised standard will follow a defined timeline:

• Transition becomes available from March 2026
• New certifications must follow the 2025 version from August 2026
• All existing certifications must comply by February 2027
• Certificates issued under the 2016 version will be withdrawn from March 2027

Early preparation may therefore be particularly relevant for organisations operating in procurement-driven environments.

Implementation often builds on existing controls

A key takeaway from the session is that organisations rarely need to start from scratch when implementing ISO 37001.

Many already operate relevant controls across procurement, internal audit, HR, whistleblowing systems and financial oversight processes. In practice, implementation often focuses on aligning existing governance structures rather than creating entirely new frameworks.

Strengthening governance and supporting market positioning

Although organisations do not typically quantify the financial return of ISO 37001 certification directly, the speakers highlighted consistent benefits in strengthening governance oversight and supporting credibility in regulated environments.

Certification can help demonstrate that anti-bribery controls are structured, monitored and independently verified, reinforcing trust with regulators, partners and stakeholders across the lottery and gaming sector.

Access the full Insights article and webinar recording

A more in-depth Insights article, including detailed explanations of the ISO 37001:2025 revisions and practical implementation perspectives shared by Flutter and Bally’s Intralot, is available to digitalRG Premium members.

Premium members can also access the full webinar recording, featuring additional discussion on governance expectations, third-party oversight, ESG integration within anti-bribery frameworks, and transition planning for organisations currently certified under ISO 37001:2016.

To find out more about membership and how digitalRG can support your organisation with tools, templates and expert-led insights, contact hello@digitalrg.com or book time for a chat here: https://calendly.com/digitalrg/quick-intro-call.