We are committed to the highest standards of corporate governance and support the principles of openness, integrity and accountability
Del Monte Pacific Limited (DMPL) has a strong corporate governance structure which ensures that Management is accountable to the shareholders and stakeholders and operates in an ethical and responsible manner. Our Board of Directors directs the long-term strategy of the Group, evaluates the performance of Management, reviews material issues and provides guidance on matters relating to governance.
We were honoured to receive the Best Managed Board (Gold) Award from the Singapore Corporate Awards twice.
With respect to ethics and integrity, the DMPL Group supports the principles advocated by the Singapore Exchange Securities Trading Limited, the Philippine Stock Exchange, Inc and the Securities and Exchange Commission of the Philippines (SEC).
For more information regarding our governance principles, please refer to our FY2020 Annual Report and website at www.delmontepacific.com/corporate-governance.
“Ethics is the new competitive environment.”
Peter Robinson, CEO
1. The Board of Directors and Management are committed to align the Group’s governance framework with the recommendations of the revised 2018 Code of Corporate Governance issued by the Monetary Authority of Singapore, the Singapore Governance and Transparency Index, the ASEAN Corporate Governance Scorecard and the SEC’s Philippine Code of Corporate Governance for Publicly Listed Companies.
2. A team evaluates and manages Risks, and both Compliance and Risk issues are reported to the Board of Directors.
3. DMPL implements a Securities Dealings Policy, prohibiting certain designated persons within the Group to deal in the Company’s securities while in possession of unpublished material or price-sensitive information or to provide such information to others.
4. The Group also implements a Whistleblower Policy that aims to deter and uncover any corrupt and unethical act detrimental to its interests that may be committed by officers and employees as well as third parties or any other persons such as suppliers and contractors.
5. Del Monte Foods (DMFI) in the US has a whistleblower hotline, Lighthouse, which may be used in all US locations and foreign subsidiaries. Lighthouse offers web access, international numbers for our foreign locations, multilingual agents and is available 24/7.
6. DMFI aligns with the prescribed Anti-Corruption programme of the US Department of Justice.
7. DMFI periodically performs a third-party risk assessment and evaluates controls and procedures for the Company’s highest risk third parties. Criteria used for evaluating risk are:
a. The country where third parties are based and the associated Corruption Perception Index of that country;
b. Whether transactions are material or not; and
c. The nature of the business partner relationship.
8. Del Monte in the US has an Employee Code of Conduct and Supplier Code of Conduct.
9. Del Monte Philippines, Inc (DMPI) has an Interested Person Transactions policy and manual which prescribes the review and monitoring procedures and approval requirements for any transaction of the Company and its subsidiaries with any interested person such as a director, the Chief Executive Officer, any controlling shareholder or associates of these persons.
10. DMPI has a Code of Business Ethics which directors, management and all employees abide by. All employees are required to provide information on related party and conflict of interest, and such information is updated annually.
11. DMPI has a stringent policy against fraud and corruption. Supplementing the Code of Business Ethics are the Employee Code of Conduct and Supplier Code of Conduct which help employees and suppliers navigate several decisions and transactions they make and enter into every day. Adherence to these codes helps employees and business partners to have sustainable business relationships.
12. The Company performs internal audits to assess corporate, facility and subsidiary processes and controls to ensure compliance with the foregoing policies and to mitigate risk of breaches, fraud and both financial and reputational damage.
1. DMPL also strengthens governance through data protection, privacy and cybersecurity. The Group has adopted a Data Privacy Manual and organisational, physical and technological measures to ensure the protection of personal data. Additionally, the Group conducts continuous training to build its employees’ competency in the area of personal data privacy.
2. Recognising that IT assets are vital to support tactical business functions, the Group is currently in the process of revising its existing Information Security Policy to ensure that effective protection of information is communicated in a clear and consistent manner.
3. The Group is likewise committed to protecting its confidential business data and privacy of individuals. The same applies to cybersecurity laws and regulations which have also become increasingly more complex.
4. DMFI takes data security and privacy very seriously and employs workstation encryption, blocks non-encrypted USB devices and utilizes multi-factor authentication on most applications.
5. To ensure data protection in an unsecured environment, more features have been added to our endpoint protection, such as Endpoint Detection and Response. The cybersecurity programme is also being aligned with ISO27001:2013.
6. DMFI programmes its firewall content protection to enhance the endpoint protection capabilities and protect users from malicious websites or programmes.
7. DMFI implemented a work-from-home scheme for employees using a system that allows web-enabled applications on personal computers, such as Okta apps like Box, RingCentral and Outlook Web Access, as Company data can never be stored on a personal computer. Technical support was also made available to the employees for other network concerns.
8. To sustain the programme, DMPI has rolled out the cybersecurity awareness and training initiative which was attended mostly by employees from the Philippines. The feedback gathered from the sessions will be used to improve the existing Information Security Policy which will be issued to the entire organisation as soon as the balance work on the programme is completed.
9. The Company made significant progress in the roll-out of Advanced Persistent Threat protection for end point systems, Encryption and Data Loss Protection systems to key end user devices and pilot departments, respectively.
10. DMPI mitigates cybersecurity risks to address the vulnerabilities that were identified during the Vulnerability Assessment and Penetration Testing of key Company websites.
11. The IT team ensures access to DMPI network for employees who work- from-home by regularly checking on internet access, networks, servers and systems. Technical guidelines were also provided to employees regarding syncing of emails via outlook, conducting virtual meetings and accessing the SAP system.
12. Del Monte in the Philippines implements and rolls out policies that are deployed and enforced in Data Loss Prevention. These policies are now at the monitoring, notification and management phases. Regular management, monitoring and periodic maintenance are also being done to the other cybersecurity implementations on network access control, network segmentation, advanced persistent threat protection and encryption.
13. Ongoing audit and assessment, in collaboration with Group Internal Audit through third-party consultants, are conducted to assess the effectiveness of the design and implementation of network segmentation, advanced persistent threat protection and data loss prevention and encryption.
1. DMFI has been holding a bi-annual Privacy Task Force to address privacy concerns and review changes in privacy laws and compliance.
2. We have engaged a third party to audit our systems and mitigate risks relating to data privacy and cyberattacks.
3. An awareness initiative on Data Privacy was also started in the Company, whose head was assigned as the official Data Privacy Officer to the Legal Department.
4. A survey assessed the level of awareness of employees concerning data privacy regulations. Of all the respondents handling private data, 51% are familiar with the general idea of the regulations.