An update on Microsoft’s approach to compliance

Later this month, I’ll be moderating a panel of Microsoft’s compliance team at The Global Ethics Summit, an annual event where company leaders exchange ideas and share best practices about compliance issues. At the Global Ethics Summit, I plan to talk about some of the innovations we’ve been bringing to compliance at Microsoft over the past year or so. We’re proud of Microsoft’s strong commitment to doing business in a way that builds and maintains trust with our customers and other key stakeholders, and look forward to sharing some of our thoughts.

We always have to recognize, however, that compliance is an area that we have to approach with more than a small dose of humility. We’re a global company with more than 120,000 employees in more than 190 countries. With our size and scope, we can’t achieve a perfect score on compliance; we’re going to have our share of issues, small and sometimes unfortunately not so small. For instance, we’ve previously disclosed publicly that we have been responding to U.S. inquiries in connection with the Foreign Corrupt Practices Act. That’s why we always want to approach compliance with a growth mindset, learning from our successes and our failures, and thinking hard and creatively about how we can get better.

One way to learn is to hear about what other companies are doing, which is why we are participating in the Global Ethics Summit. We hope to hear about what other companies are thinking, and we are happy to share some information about our new initiatives. In particular, we’ll be talking about these new approaches we’ve been taking:

  • We’re using our technology and best-in-class business intelligence to detect and ultimately prevent transactions that could raise compliance issues.

We’re breaking down data silos to bring together disparate data sets within Microsoft Azure and then using Azure Machine Learning and Power BI to help us identify risky transactions quickly. We are identifying recently completed transactions, and having compliance personnel review and clear them. We will soon be able to flag these deals before they are finalized to prevent potential issues rather than correct them.

  • We’re taking a fresh approach to partner compliance, and we are committed to helping our partners build their own compliance capabilities. 

Like most tech companies, we rely heavily on our ecosystem of partners. We’re holding our partners to a high bar on compliance. We’re also working with our partners to help assess their current competency in compliance, and offering them tools to improve.

  • We’re doubling down on empowering our employees to make the right decisions.

We focused on Microsoft’s complex web of corporate policies, eliminated more than 1,600 unnecessary ones and simplified the remaining 140 policies to make sure that employees all over the world could understand them. We also launched the “Microsoft Runs on Trust” campaign to help connect compliance to our mission and success as a company, and to encourage employees to report things that don’t seem right so we can review and, if necessary, fix them. We’re also rewriting our Standards of Business Conduct to focus on values rather than rules.

  • We’re the first U.S.-based company committing to the ISO Anti-Bribery Management Standard.

Over the last several years, representatives from more than 60 countries worked together to develop an anti-bribery standard for organizations of any size or structure, and in October 2016, the International Standards Organization published ISO 37001 Anti-Bribery Management Systems. After being closely involved in the development of ISO 37001, Microsoft will seek certification from an independent and accredited third party to demonstrate that our anti-bribery program satisfies the requirements of the standard. We hope other companies will do the same. A common consistent and rigorous standard for anti-bribery will cut across countries, industries and all segments of the value chain.

Microsoft is not the only company doing innovative things in compliance; we hope other companies will also share their approaches so we can learn from each other. We will continue to innovate, approaching compliance with a growth mindset to continuously learn to better prevent, detect and fix issues as quickly as possible.