Legal Compliance and Ethics at Microsoft
Our commitment to corporate responsibility and integrity
Prevention
To prevent compliance issues from arising in the first place, we focus on promoting a culture of ethics and integrity. We do this through creating a culture of compliance throughout our company, and through our Standards of Business Conduct, policies, and training, while also using data analytics, risk assessment, proactive investigations, third party vetting, and other compliance efforts to minimize potential risks.
Detection
We detect potential legal compliance issues in several ways, including testing by our Internal Audit group, monitoring through our compliance analytics program and by our Controls & Compliance teams, investigating concerns reported by employees and others, and analyzing trends through our Compliance and Ethics team. Compliance is a team effort at Microsoft. Every employee is responsible for upholding our standards, fostering the culture of compliance in their Microsoft team and partners, and reporting concerns.
Remediation
We strive to assess the root cause of problems, and continually enhance our controls and processes to minimize the risk of recurrence. This process is a core component of our compliance program and growth mindset culture. We discipline employees who violate our policies and standards, regardless of their level, and we prohibit doing business with partners and suppliers who don’t meet our ethical standards.
How we build trust
We achieve more when we apply our culture and values to build and preserve trust with our customers, governments, investors, partners, representatives, and each other. Employees who violate our standards face disciplinary action, up to and including termination of employment. Our policies make anyone who engages in retaliation against someone for raising a compliance concern subject to disciplinary action up to and including termination of employment.
Microsoft Standards of Business Conduct - our Trust Code
Our Trust Code reflects our culture and values, and the principles that guide our behavior. Our employees use these standards to understand what is required of them, get help when needed, and make good decisions that build trust and empower our customers and partners to achieve more.
Reporting concerns and non-retaliation
Our commitment to building and maintaining a culture of trust, ethics, and integrity depends on our employees and representatives telling us if they are aware of, or have a concern about, compliance with our Standards of Business Conduct, policies, or the law.
Again, our policies prohibit retaliation. Employees will not suffer adverse consequences or retaliation for:
- Refusing to do something that violates the Microsoft Standards of Business Conduct, policies, or the law, even if this refusal results in the loss of business to Microsoft.
- Raising a concern about potential misconduct in good faith, or for cooperating with an investigation.
Our policies make anyone who retaliates against an employee for engaging in any of these activities will be subject to disciplinary action, up to and including termination of employment or business relationship.
We provide multiple ways to report concerns. When you report a concern or issue, you can expect that your report will be treated seriously, fairly, and promptly.
Administration and oversight
The Vice Chair and President serves as our Chief Compliance Officer and has overall responsibility for the management of our compliance and ethics program. He reports directly to the CEO and, for this purpose, also directly to the Audit Committee of Microsoft’s Board of Directors. The Vice Chair and President, through the Vice President and Deputy General Counsel of Compliance and Ethics, oversees the Compliance and Ethics team. The Deputy General Counsel has direct access and reporting obligations to the Audit Committee.