By: Aarti Maharaj
Twentieth-century philosopher Albert Schweitzer said: “The first step in the evolution of ethics is a sense of solidarity with other human beings.” As evidenced by the notorious actions of Enron and Bernie Madoff in the decades at the beginning of the current century, his words ring truer today than ever before. Gone are the days where culture was just an element of a company’s compliance program or seen as nice to have. It’s a new age and this necessity has been redefined by the demands of the consumer.
Against this background, employees, customers, suppliers and strategic partners are demanding more. Not only are they expecting quality products and services to be delivered in a timely manner, but they also want to know that the company they work for or do business with embraces strong ethics and empowers its people to behave with integrity.
For the Redmond, Washington-based software giant, it all starts with encouraging a growth mindset fueled by long-term sustainable business practices. This is something Microsoft’s Chief Executive Officer Satya Nadella often emphasizes to cultivate future leaders and maintain trust among stakeholders.
“Growth mindset as well as integrity and honesty are among the pillars of our overall culture under Satya,” said David Howard, Microsoft’s Corporate Vice President and Deputy General Counsel, Litigation, Competition Law and Compliance. “It means we are willing to experiment even if it means we sometimes fail. But we approach things from a learning perspective, always trying to learn from our failures as well as our successes and thinking about ways to innovate and improve. We’ve tried hard to apply these principles to our approach to compliance.”
An important part of Howard’s role at Microsoft is to ensure that Nadella’s message as it relates to issues of ethics and integrity resonates among employees and is consistently reinforced around the world. In an effort to ensure that all employees understand their responsibility to make the right decision, Microsoft’s compliance program takes a unique approach to ensuring that the company’s employees and partners are able to understand and live the company’s core values. The company’s program has embraced traditional as well as innovative compliance measures to keep up with the ever-changing digital and regulatory landscape.
“Our approach to compliance is always evolving and when one works at a global company like Microsoft with over a hundred thousand employees and people in about a hundred and ninety countries, you have to approach it with a certain amount of humility,” said Howard. “The truth is that it’s impossible for a company of our size with the number of employees that we have in all countries where we do business to be perfect. We just have to keep working at it and so when Brad Smith (the company’s President, Chief Legal Officer and Chief Compliance Officer) challenged us to come up with some fresh ideas, we went to work.”
Microsoft Runs on Trust
Embedding and promoting a culture of trust and transparency is never easy. It requires an unwavering commitment that runs through all levels of an organization. Too often companies are unable to reach their full potential because of the lack of trust. Once trust is in place, employees feel empowered, customers feel connected and the industry progresses. The Microsoft Runs on Trust campaign was designed to do just that by ensuring employees understand the fundamental values that should guide their decision and empowering them to make the right choices.
Trust is about having the fluency to move between cultures and generational differences and it’s something that resonates with Microsoft’s mission,” said Jeannine D’Amico Lemker, Assistant General Counsel, Office of Legal Compliance. “As employees come to work everyday and they think about trust and how they are going to do their job—that matters—it matters to their business success and to tie that so deeply to something they often think about means that we are on the right path.” According to Lemker, equally important to the tone at the top is what many have called the echo from the bottom. To ensure the message from the top is received at all levels, Microsoft’s compliance team prepared toolkits for stewards of the program to help move the message throughout the organization. And it does not end there.
The Science Behind Data Science
Now more than ever, compliance is a comparative exercise. As companies are seeing an evolution of change in practices, a real thirst exists for data and information to measure success and anticipate risky areas. Chief compliance officers work in an ever-changing legal, regulatory, social and economic environment. And while their roles continue to expand, their focus must remain on identifying and responding to emerging risks. According to Alan Gibson, Senior Attorney, Office of Legal Compliance at Microsoft, a new approach to help manage an effective compliance program is to “build an early warning and monitoring system for compliance risks by using data science.”
One of Microsoft’s core strengths is using business intelligence to see, manage and ultimately prevent unwanted events. While implementing a program that provides prioritized, risk-based analytics may sound complex, there are a variety of readily available software and online tools, including Microsoft Windows Azure, SQL Server and PowerBI that can consolidate data stored in separate systems. Microsoft applied its own data analytics capabilities to the challenge of managing compliance risks and created new data-based tools to help the company detect potential issues.
This is an approach that can be extended to other organizations and industries. For example, the CCO at another company can start by framing their compliance risks as business problems that can be answered through better analysis of their own data. “The starting point is getting an idea of what problems you are trying to solve. Then there are specific questions that analytics can answer for you,” Gibson said. “It won’t tell you how to fix a problem but it can provide numbers and names allowing you to identify or rank different risks and spot where you may have issues.”
Partner Compliance: No Risky Business
The list of companies tripped up over misconduct by third parties is long indeed. In today’s complex business environment almost every multinational depends on a third party, vendor or a partner to help meet the evolving needs of its business. While this tactic may have many commercial benefits, the associated challenge is taming the risk exposure associated with hiring outside third parties. Even though some companies are tackling this issue head on by establishing vendor governance committees, others rely on existing functions such as a second line of defense—the various risk control and compliance oversight functions established by management—to oversee third parties.
Microsoft has deemed greater channel transparency a high priority. The company has piloted an initiative in five countries to transparently disclose the additional percentage discount Microsoft granted to the partner and identifying the Estimated Retail Price (ERP) for the products sold. The eventual goal is to allow the ultimate customers to use this information as part of their negotiations with the partner. Using what they’ve learned from the pilot, Microsoft launched the program for their enterprise agreements worldwide for government and state-owned customers.
“We view this initiative as a journey with the goal of integrating compliance within our end to end partner management lifecycle,” said Kumar Vijayaraghavan, Director, Office of Legal Compliance. (See Figure 1.) “The variety of partners exploded within the last three to five years and we are seeing a transformation of the channel not just for Microsoft but for many technology companies.” The objective of the program is to transform discrete partner compliance-related activities into a fully optimized program operating within a coordinated framework.
The Power of Narratives
Like many companies, we ask all employees to take an annual Standards of Business Conduct training. “At Microsoft, these videos serve as a powerful medium to take our employees through an ethical dilemma,” said Aaron Thiese, Senior Program Manager, Office of Legal Compliance, Microsoft. Whenever we script a video, we try to make it as realistic to an employee experience as possible. Here are a few best practices that we employ:
- A Cross-Functional Approach: We work with subject matter experts across the company to gain a deeper understanding of the issues and real life scenarios they face.
- Microsoft Runs on Trust and Leadership’s Voice: This has tremendous impact because whenemployees see the leader at the top of their organizational chart talking about what it means to foster trust, they see it as a business priority.
- Shifting from a rules based approach to one of values: People can find reasons that a specific rule doesn’t apply in a situation, but values are different.