This interview appeared in a special report on ESG engagement, reporting and integration by IR Magazine sister publication Corporate Secretary
How did the ESG function come about at Microsoft, and how did you get involved?
I’ve been at Microsoft for 11 years, always in an ESG [capacity] although we’ve used other terms. It started off being called citizenship and we evolved that term to CSR, but it’s really focused on the ESG topics at Microsoft. We sit within what’s now called our corporate external and legal affairs department. [We report] up to our president and chief legal officer Brad Smith, who sits on our senior leadership team. The topic always had that representation at the senior leadership level.
We’ve had a great partnership between the CSR function looking at transparency and reporting and our investor relations (IR) team and corporate secretary’s office. Functionally, our engagement with investors on these ESG topics has gone on for a long time with collaboration between those groups. In the last year we have formally pulled that outreach function from the CSR team to the corporate secretary’s office.
How many people work solely on ESG issues?
It’s so widely embedded across Microsoft that the cast of characters numbers in the hundreds, if not more, across the span of issues. When it comes to thinking about transparency, reporting and engagement with investors, that quickly becomes a much more centralized group of probably two or three people. But again, that’s relying on great partnerships and collaboration with many hundreds of colleagues across Microsoft.
Your approach to ESG reporting uses a variety of platforms, including a privacy dashboard and blog posts. What are some of the key tools you use, and how do you ensure they deliver valuable disclosure rather than just marketing materials?
In terms of our formal CSR reporting, we’ve been a long-term proponent of global reporting initiatives and sustainability reporting guidelines – which are now reporting standards – and look a lot to global external standards to guide that reporting.
We’re a signatory to the UN Global Compact and we issue our annual communication on progress. We were one of the first companies to follow the UN Guiding Principles on Business and Human Rights, and there’s a UN Guiding Principles Reporting Framework. We’ve released at least one white paper that bucketed the work we do according to the UN Sustainable Development Goals.
We also look at [SASB] or the Task Force on Climate related Financial Disclosures to help guide our reporting. We seek to ensure our reporting follows those external multi-stakeholder frameworks and I think that helps keep it robust and evidence-based.
The other thing I would say is that in the age of Twitter and 280 characters we’re starting to go the other way in terms of communicating about important issues in book length [publications]. Last year we put out a book – The future computed: Artificial intelligence and its role in society – that looked at what the ethical framework is for evaluating AI. The audience for that was certainly other firms but also regulators, policy-makers and public society, [with the aim of sparking] evidence-based discussion.
Brad and Carol Ann Browne, our director of executive communications, also have a book coming out called Tools and weapons: The promise and the peril of the digital age. Again, we are trying to stimulate an informed discussion about issues as opposed to saying we can fit the right answer into a soundbite. The right approach is complicated and will take multi-stakeholder efforts. We’ve called for government regulation of the use of facial recognition technology, for instance. We’ll have to wait and see whether [our] approach works in this age of limited attention. We think it’s worth the effort to try.
How do you decide what the key ESG issues are for your company? Is that something you reappraise on an annual basis, or do you take a more ad hoc approach?
I think there is an evolution. What’s helpful sitting within what’s essentially the legal department is that the department maps to every part of Microsoft. Every business and operational group and every geographical subsidiary has a lawyer who is thinking not just about legal risk but also about brand and reputation and stakeholder interests.
As a result, we have a fairly cohesive but broad community of people who are seeing emerging issues, whether those are legal and regulatory issues, more reputational issues or issues that employees are raising. That group gets together once a year for a global meeting. It’s about 1,000 people who come together from around the world in Redmond, [Washington] to look at a set of preselected questions. That takes place about six months before the start of the next fiscal year when budgets are set, and we have a chance to shape our thinking and look at emerging issues
Are those just ESG issues or the full range of issues the company may be facing?
I think both. At this point those two sets almost overlap. They look at geopolitical risk, emerging regulatory frameworks or emerging businesses Microsoft might be looking to expand in, but also core ESG subjects, whether that’s AI ethics, privacy, environmental sustainability, human rights, the rights of LGBT employees around the world – it’s a broad range.
How do you collect data for reporting purposes?
Is it done through this network in other business units? Yes. We benefit from having a significant number of long-tenured employees, so this is a community that’s worked together over the years. I will be quite honest in saying that whenever we seek to report new information, it’s a painful process. It takes time to think through a range of issues in terms of what’s meaningful to stakeholders, what will help them judge our performance, what might be confidential and what legal risks there might be.
Over time, however, as we work through those issues, reporting what was once difficult becomes routine. A perfect example is our law enforcement request reports and our content removal request reports, which we’ve done every six months for five or six years now. I was involved in getting those started and it was a very challenging, thoughtful exercise. Now it’s like filing your taxes – it’s just that time of year to get the data together and put it out into the marketplace.
Who do you work with primarily in-house in terms of shareholder engagement? Is it the IR team or the corporate secretary’s office?
We have the luxury now that my role is essentially leading that effort – leading shareholder engagement in an integrated way across ESG topics, including traditional corporate secretary governance topics. Investor relations is a great partner with us. We do about 50 engagement calls with institutional investors on ESG over the summer usually.
We’ve also done a number of ESG roadshows on which we go to markets that really care about these issues, such as London. Starting last year, we did a joint [trip] with IR, our corporate secretary and me across Europe, hitting six or seven countries in order to experiment with having a fully integrated discussion about the business fundamentals and ESG issues.
It feels like we’ve been talking about the same issues for 10 years – what’s changed is who’s interested in listening. Increasingly, where we [once had] those conversations with public pension funds or European investors let’s say five or six years ago, now those conversations are part of almost every governance engagement with the largest names on Wall Street.
Are you finding changes in the information investors want?
The issue that has surprised me – as someone who has been in the field for a long time – is this tremendous and widespread focus on human capital management that’s emerged in the last 24 months or so. We saw a lot of interest in climate, and certainly climate is really important to Microsoft and to a number of investors. But just as we expected climate to hit an inflection point, it felt to me that the conversation shifted to being much more around topics of human capital management.
What has your experience been in terms of getting board directors involved in shareholder engagement?
We have a great board of directors and John Thompson, our independent chair, is a wonderful partner in terms of being interested in leaning in to engage with shareholders. We tend to save his time for a few of our very largest investors, which tend to have been the ones that have asked.
In an effort to reach a broader part of our investor base, we’ve also had John speak. He’s given a keynote at the Council of Institutional Investors, for example. There are other ways to make contact with a wider audience without the time and transaction costs of one-on-one engagement. It’s been a mix of both.
At least in my experience, the majority of investors might be interested in talking to a director every several years or so but, absent a big controversial corporate governance challenge, they otherwise seem quite happy to talk to representatives of management.
What’s your approach to engagement in terms of timing across the year?
Our annual meeting is in late November, early December, which helps a bit in terms of being outside the crush of the annual meeting season. We do the bulk of our one-on-one engagement over the summer before our proxy is published, after which we go back to that same set of investors to offer them the opportunity to connect. In the past year, probably 80 percent or 90 percent of investors have preferred the summer off-cycle and just a handful have wanted to wait and talk after the proxy is filed.
Is it important for your ESG reporting and engagement to address the opportunities presented by these issues, not just the risks?
Definitely – and also to emphasize how some of the risks can be opportunities. One example is around the EU [General Data Protection Regulation] (GDPR), under which fines for violations can be up to 4 percent of global revenue, which is an eye-popping number when you think about Microsoft or any of our peer companies’ revenues. So the risk is there and there’s a significant compliance component.
But what’s interesting about GDPR – and Microsoft welcomed it and we’ve applied the key concepts of it to our customers around the world, not just the EU – is that it changes the value proposition for a number of our callout services. Suddenly if you’re a mid-sized US company with employees or customers in Europe and are subject to the GDPR, do you want to take on that risk in-house and rely on your own IT department? Or do you want to trust Microsoft cloud services where we’ve put in contractual guarantees that will ensure GDPR compliance for you?
That provides a nice example of where something is the right thing to do in terms of protecting customers’ privacy and it’s important from a compliance and legal risk perspective – but it also changes the value proposition of products we offer.