Our commitment to anti-corruption & anti-bribery
We prohibit offering or paying bribes, kickbacks, or other improper benefits to anyone.
Our Anti-Corruption Compliance Program
As a company, we do not and will not tolerate violations of our standards and policies. Our Anti-Corruption Compliance Program is designed to prevent, detect, and fix compliance issues. We approach compliance with a growth mindset and a process of continuous improvement, and we invest heavily in innovative and fresh approaches.
Our Trust Code
We want our employees to feel comfortable speaking up and sharing their concerns. Our company-wide Trust Code drives awareness of the importance of compliance and ethics, highlighting resources to report concerns regarding misconduct, including corruption.
Our anti-corruption standard and policy
We prohibit offering or paying bribes, kickbacks, or other improper benefits to anyone. We will forego business rather than secure it through a bribe, kickback, or other improper benefit.
We prohibit improperly giving, promising, offering, or authorizing payment of anything of value in order to obtain or keep business or to secure some other advantage for Microsoft.
We offer multiple ways for employees or third parties to report potential compliance concerns, including anonymously through an external hotline provider. We maintain a comprehensive, global compliance investigation team to review and, if necessary, investigate reported concerns. If the investigation uncovers violations of policy or law, the company takes appropriate remedial action, including discipline of employees and sanctions or removal of partners or vendors. The investigations team reports on data and trends and educates employees through case studies.
We offer multiple ways for employees or third parties to report potential compliance concerns, including anonymously through an external hotline provider. We maintain a comprehensive, global compliance investigation team to review and investigate reported compliance concerns. If the investigation uncovers violations of policy or law, the company takes appropriate remedial action, which may include discipline of employees, enhanced controls, and removal of partners or vendors. The investigations team reports on data and trends, and we train our employees using lessons learned from our investigations.
Our training courses
We are committed to ensuring our employees understand what is expected of them and to grow their skills around ethical decision-making. Our training program focuses on policy requirements, values, and culture-based learning through in-person and online courses, such as our award-winning Standards of Business course, anti-corruption workshops, role-targeted training, and integrity skills programs. We require anti-corruption training for our partners and suppliers.
Compliance Analytics Program
We are using compliance professionals and digital technologies to detect and mitigate corruption risks and are working hard to expand these efforts to cover additional enterprise risk areas. Our analytics program focuses on flagging high risk deals and partners and prioritizing risk mitigation efforts so that our compliance professionals and investigators can apply additional oversight. To accomplish this, we rely on cloud-based data analytic solutions that use statistics, machine learning, and artificial intelligence to unearth trends, patterns, relationships, and anomalies. These insights are shared throughout the compliance community, and with senior leadership to improve our overall risk management practices and policies. Collectively, this community of data scientists, analysts, and domain experts comprises the company’s Compliance Analytics Program. Learn how we monitor sales transactions.
A sales quote is created
The sales team or reseller creates a sales quote in Microsoft’s customer relationship management (CRM) solution.
The quote is screened by a risk model
The Compliance Analytics Program applies an algorithm against the quote to calculate a risk score based on data attributes in real-time.
Flagged quotes are reviewed
Compliance personnel review quotes identified as requiring additional scrutiny and conduct control checks and mitigate any risks with stakeholders and those involved in the transaction.
Deals are approved or stopped; outcomes flow back to analytics team
The Compliance Analytics Program continues to monitor risks. Compliance personnel will only approve a quote for processing if identified risks are mitigated and controls are satisfied. The outcomes are used to improve our Compliance Analytics Program.
More about our program
Managing third parties
We require our partners, suppliers, and other representatives to comply with the Anti-Corruption Policy for Microsoft Representatives. We conduct risk-based due diligence and vetting of our representatives. The vetting process now uses data analytics to identify higher risk representatives through an algorithm that calculates a risk score for representatives based on internal and external data attributes. We began using these data analytics in 2019 to conduct due diligence on some representatives and continue to work on expanding this unique program. We require that higher risk representatives undergo enhanced vetting allowing us to determine whether they will be permitted to start or renew a business relationship with us. Our partner compliance analytics also provide real-time insights, allowing Microsoft to make more informed compliance and business decisions.
Our corruption and bribery risk assessments help drive our decisions and priorities for enhancing controls, processes, and monitoring. Our vetting and transaction monitoring programs are based on sophisticated risk analytics.
ISO 37001 certification
We’ve taken steps to ensure that our compliance program meets the highest standards for such programs, including ISO 37001, the new Anti-Bribery Management System Standard. Independent and accredited certification bodies have reviewed our implementations of ISO 37001 to date, based on all the work that we’ve done in the last few years, and have certified that the subsidiaries and global business group reviewed meet ISO 37001 requirements.