A modernized statutory compliance tool is making it easier for Microsoft to manage its compliance program around the world, thanks to an opportunity that came out of one of its major corporate acquisitions.
Microsoft owns and manages hundreds of legal entities around the world. The company continually acquires or creates new entities to meet expanding business goals. With statutory compliance being an imperative at Microsoft, these international subsidiaries must maintain their own compliance in accordance with local regulatory requirements, as well as corporate and legal frameworks that regulate Microsoft’s consolidated Security and Exchange Commission (SEC) filings in the US.
For 15 years, Microsoft has managed these compliance requirements using an internally developed tool called STAT. It’s what statutory controllers use to track the company’s legal entities, monitor and manage statutory filings and processes like financial statements and tax returns, and store information like tax rates and audit findings.
That tool, however, has been showing its age.
Microsoft has completed over 150 key acquisitions over the lifetime of the current tool. The subsequent increase in system load and data storage has led to user experience performance issues. Inconsistencies across the practices of acquired entities made reporting a complex and labor-intensive process. The tool didn’t meet Microsoft’s goals for accessibility and required extensive operational support and maintenance to sustain current global demand.
The tool also relied on high levels of manual effort to complete certain processes. Risk factors inherent in manual processes used in older legacy systems can now be easily mitigated with modern automation. That’s important in a space where errors or late filings can have consequences like fines, personal responsibility for Microsoft employees, or even jail time in some jurisdictions.
LinkedIn, which Microsoft acquired in 2017, was also trying to move away from manual legacy compliance systems.
As it was being onboarded into Microsoft’s ecosystem, LinkedIn was exploring options for improving its statutory filing management. Acquiring an existing third-party statutory compliance tool was on the table, as was building an internal solution. LinkedIn asked about participating in Microsoft’s existing system, but the legacy tool didn’t have the needed security sophistication, so allowing access to users not on the Microsoft domain was prohibited.
We decided we needed to not only modernize the old statutory compliance platform, but bring standardization to the process across all Microsoft subsidiaries.
– Sugandha Sharma, program manager, Microsoft Commerce + Ecosystems
With this as the backdrop, Blake Hollingsworth and Sugandha Sharma saw a pivotal opportunity take shape. They work on controls and compliance for Microsoft’s Commerce + Ecosystems organization.
“This gave us a rare chance to pitch a new modern, multitenant platform and also eliminate this wasteful spend that would have recreated the same product in a different way for LinkedIn,” says Sharma, a program manager for Commercial Financial Services Finance Engineering.
A multitenant platform allows users from more than one domain to have access, without increasing security risks.
“All of these things synthesized in a way where we decided we needed to not only modernize the old statutory compliance platform, but bring standardization to the process across all Microsoft subsidiaries,” Sharma says. “We also needed to make sure that we’re being inclusive of the individualistic needs of newly acquired entities, offering enough flexibility to empower them to run their own business.”
Adding to the converging factors was the potential to pilot the new system with a subsidiary company of ideal size, says Hollingsworth, a senior software engineering manager for the Microsoft Audit and Compliance team.
“We had the opportunity to build a new system and introduce it to LinkedIn first. There were a lot of factors for an early adopter program that we could leverage as a proof of concept,” he says. “We would be able to validate the success of the project before interrupting Microsoft as a whole to integrate the solution, while providing a faster transition to LinkedIn.”
Linking in to something bigger
Angel Lim remembers the first time she saw Microsoft’s STAT tool. As director of accounting for International Policy and Compliance for LinkedIn, she paid a visit to Microsoft’s Redmond headquarters in 2018 and saw the potential in the legacy version for automating the statutory workflow and creating efficiencies in the LinkedIn statutory compliance process.
She didn’t yet know that a reimagining of the platform, which the engineering team was calling STAT vNext, was being hatched.
“LinkedIn was planning to build or purchase a statutory compliance tool for compliance oversight,” Lim says. “We were storing and tracking information manually in Excel spreadsheets.”
As Lim worked with the STAT team at Microsoft, she learned that LinkedIn couldn’t gain access to the legacy system because of its single-tenant limitations. “However, they told us that the next year they planned to launch the vNext project and that LinkedIn could be the first to be onboarded,” Lim says.
As the engineering team worked on the new design, they partnered with their colleagues at LinkedIn as well as corporate accounting stakeholders who oversee Microsoft’s global statutory compliance and reporting. They took a collaborative and agile development approach using Kanban principles of visualizing work, limiting the amount of work in progress, focusing on flow and continuous improvement based on experience.
This method enabled the team to design and flight key features, gather feedback, and build toward an MVP (minimum viable product) to deliver to LinkedIn. “We knew there was a critical time sensitivity around this, that we needed to provide them with a solution soon,” Sharma says.
Peeling back the onion
Rather than fixing the parts of the existing tool that were falling short, the team took a step back to listen and learn how business needs and processes have changed in the last decade as Microsoft has gone from 200 legal entities to more than 646 and counting. This scale of organizational growth has been driven by new Microsoft Azure data center construction to stay ahead of cloud computing demand and merger and acquisition activity, and to more efficiently operate in regions across the world.
“We defined our north star goal as collaboratively building the best technology solution to meet the dynamic statutory compliance needs of Microsoft,” Hollingsworth says.
The Commerce + Ecosystems team established a weekly rhythm for design sessions with business partners. In these sessions, Hollingsworth says they “peeled back the onion” by focusing questions and discussion around pain points in the existing systems and the wish list of enhancements.
“There were real challenges inherent to the domain,” Hollingsworth says. “This process empowered the team to propose and validate ‘outside of the box’ ideas—many of which resulted in highly transformative improvements.”
The engineering team used world-class cloud-native Microsoft Azure components such as Azure Active Directory, Azure App Service on Linux, Azure SQL, Azure Service Bus, and Azure Functions to quickly build secure, scalable, and cost-effective applications and APIs. This architecture enabled the team to focus on solving the business problems through continuous delivery and minimized the burden of operational support and maintenance.
The team rebuilt the transformed statutory compliance tool from the ground up to standardize the process across Microsoft’s subsidiaries, resolve pain points, and add enhancements. With LinkedIn, other large acquisitions like GitHub and ZeniMax, and future prospects in mind, the team needed to develop a solution that allowed more workflow flexibility. Replacing manual tracking processes with automated features made workflows in the tool more efficient and supported the ability to track delivery in a timely manner.
Lindsay Malanog, a senior manager of statutory compliance and reporting for LinkedIn, works in the tool daily. In the past, the LinkedIn team used Outlook calendars and spreadsheets to remind them of upcoming deadlines.
She recently filed her first report using STAT vNext.
“I don’t have to remember which Excel sheet I logged something in,” Malanog says.
Now she gets automated messages right in the tool and has a centralized source of documentation.
“It will reduce a significant number of hours in cross-checking static data,” she says. “And I’m just really excited about how we’ll have one source of truth for oversight.”
The engineering team also added performance enhancements and a more accessible and streamlined UI, and integrated communication flows that previously happened outside the tool via email. They built in multitenant capabilities to make the vNext statutory compliance tool a truly modern product that looks toward Microsoft’s future.
“Our research indicated that we track an average of seven processes in parallel for each subsidiary,” Hollingsworth says. “It’s critical that these processes are managed consistently for the 646 legal entities across the planet. The team engineered a solution that met current needs while providing capabilities to rapidly respond to changes in policy, process, and continued dynamic organizational growth.”
Compliant, one and all
Jolene Goodson and Ruth Rose work in Corporate Accounting for Microsoft and are the key business stakeholders of the company’s statutory compliance policy and the STAT tool. They worked directly with LinkedIn and the Commerce + Ecosystems engineering team to identify specific pain points that needed to be addressed.
I’ve been pleasantly surprised a couple of times where the engineers took my description of my business problem and came up with a better solution than I thought possible.
– Jolene Goodson, senior finance manager, Microsoft Corporate Accounting
For them, letting go of ingrained notions about how business processes have to work was a key part of the solution.
“As a business person I come in expecting it to be linear, and I’ve been pleasantly surprised a couple of times where the engineers took my description of my business problem and came up with a better solution than I thought possible,” says Goodson, a senior finance manager for Microsoft Corporate Accounting.
Beyond the initial release to LinkedIn, Goodson and Rose have been sharing STAT vNext with legal, tax, and treasury teams at Microsoft, who also play roles in global compliance and are excited for the new tool to launch. They’ve also engaged a group of global super users from the larger audience of testers to obtain feedback and participation in brainstorming solutions to pain points.
“This super user group has been pivotal to ensure that our end customer’s voice is incorporated while we design for the new features,” Sharma says.
As they plan to roll the new statutory compliance tool out to Microsoft’s other entities around the globe, the team expects the roadblocks that it eliminates and the automated features to fuel excitement as users gain more efficiency and the ability to customize the workflow. This will eliminate errors in tracking timeliness due to offline management of certain details.
“Modernizing our statutory workflow tooling is helping Microsoft scale into new businesses and geographies, all while maintaining strict compliance with regulatory standards,” says Kent Rosema, the group program manager for Finance Management in Microsoft Commerce + Ecosystems.
What’s more, they’ll be able to document and report their compliance metrics and data to Microsoft leadership with greater ease and efficiency thanks to improved reporting features. Because the test group has provided live feedback to ensure the solutions resolve the users’ process issues, the compliance team is confident that the tool will add immediate, real value to the daily work of people across the globe.
“It has been really refreshing to present a visionary view of the issue and see that there are all these solutions possible that can lead to more functionality and benefit our global users,” Rose says. “This has been a very collaborative project with participation from engineering, oversight, and daily system users, so, as it launches, everyone will gain value across our compliance community.”
Tags: digital transformation