Strengthening Governance

 

  1.  

 

We are committed to the highest standards of corporate governance and support the principles of openness, integrity and accountability.


 
4.1-Governance-Intro-Photo-003

Del Monte Pacific Board of Directors Rolando C. Gapud, Benedict Kwek Gim Song, Godfrey E. Scotchbrook, Yvonne Goh, Joselito D. Campos, Jr., Edgardo M. Cruz, Jr., Emil Q. Javier with Del Monte Foods Directors, Luis F. Alejandro, and Jeanette Naughton

 

DMPL’s corporate governance structure ensures that the Board and management are accountable to shareholders while operating in an ethical manner. Its Board of Directors directs the long-term strategy of the Group, evaluates the performance of the Board and Management, reviews material issues, and provides guidance on matters relating to governance.

The Group has implemented a set of environmental, social and governance (ESG) related key performance indicators based on the recommendation of the Singapore Exchange.

For more information regarding our governance principles, please refer to our FY2023 Annual Report at www.delmontepacific.com/corporate-governance.

 

awards fy24

 
 
 
 
 
 
 
 
 
 

Board Governance

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 
 
 
 
 
 
 
 

Del Monte Pacific Ltd. Board and Board Committee roles in Sustainability Governance

1. DMPL maintains corporate governance principles. Four out of seven members of the Board are independent directors. Three chairpersons and all members of two Board committees (Audit and Risk, and Remuneration and Share Option) are independent directors. The Company’s Board is accountable to the shareholders.

 

2. Four out of six members of the Nominating and Governance Committee (NGC) are independent directors. The NGC has formalized procedures for the selection, appointment and re-appointment of Directors. Letters of appointment are issued to new Directors setting out their duties, obligations, and terms of appointment, as appropriate.

 

The Board is of the view that all Directors objectively performed their duties and responsibilities at all times as fiduciaries, in the best interest of the Company.

 

3. The NGC, on an annual basis, determines whether or not a Director is independent, taking into account the 2018 Code’s definition. Independence is taken to mean that Directors are independent in conduct, character and judgement, and have no relationship with the Company, or its related corporations, its substantial shareholders or its officers that could interfere, or be reasonably perceived to interfere, with the exercise of the Director's independent business judgment in the best interest of the Company.

 

Disclosures of Directors’ interests and their interest in transactions are standing agenda items in all Board meetings, and such disclosures would be circulated and tabled for Board members’ information, as appropriate.

 

4. The Board has adopted a Board Diversity Policy which recognizes the importance of diversity. The Board firmly believes that its effectiveness and decision-making will be enhanced as it harnesses the variety of skills, industry and business experiences, gender, age, ethnicity and culture, geographical background and nationalities, tenure of service, and other distinguishing qualities of its own diverse Board. The NGC is responsible for administering this policy and for evaluating it annually.

 

5. The Group’s Board is headed by the Executive Chairman and performs the following duties –

a. Steers the leadership and ensures the effectiveness of the Board in all aspects

b. Leads its relationships with stakeholders
c. Sets the course for the Company to reach greater heights
d. Sets the tone of Board meetings
e. Pilots acquisitions, joint ventures and strategic alliances of the Company

 

6. The Board is required to undergo annual training relevant to the effective discharge of their responsibilities.

 

7. Five directors have completed the Sustainability E-Training for Directors in 2022, as required by the SGX.

 

8. Sustainability, compliance and risk matters are reported regularly to the Board.

 

9. DMPL prohibits designated people within the Group, including Directors and key management personnel, to deal with the Company’s securities during closed window periods or while in possession of unpublished material or price-sensitive information, or to provide such information to others in compliance with the Security Dealings Policy.

 

10. The Group implements a Whistleblower Policy to deter and uncover any corrupt and unethical act detrimental to its interests that may be committed by officers and employees, as well as third parties or any other persons such as suppliers and contractors.

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 

 

 

 

 

 

 

 

 

 

Ethics and Integrity

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
governance-01
  Executive Chairman Rolando C. Gapud receiving the Best Managed Board                            Award from then Singapore President Dr. Tony Tan

With respect to ethics and integrity, the DMPL Group supports the principles advocated by the Singapore Exchange Securities Trading Limited, the Philippine Stock Exchange, Inc., and the Securities and Exchange Commission of the Philippines.

 

  1. Del Monte Foods, Inc.’s (DMFI) Code of Conduct, prohibits employees, contractors and consultants from engaging in any bribery, payments, and improper influence, directly or indirectly that induces government employees, employees of government-controlled businesses, political parties or candidates.

 

  1. DMFI adopted the International Anti-Corruption Policy to establish the specific standards and procedures to be followed by employees, consultants and business partners to prevent official corruption and improper payments in the conduct of Del Monte’s business worldwide.

 

  1. Anti-corruption training is provided to management and certain personnel that may potentially interact with government officials, including personnel from Legal, Accounting, HR, Procurement, Internal Audit, Operations and Accounting in foreign subsidiaries. The training is provided to this group biennially and training is tracked and followed up by HR to ensure its completion.

 

  1. DMFI's goal is to incorporate anti-corruption provisions into third party contracts and purchase order terms and conditions. Its Supplier Code of Conduct was provided to new suppliers and is available at: http://www.delmontefoods.com/sites/default/files/Del-Monte-Foods-Supplier-Code-of-Conduct.pdf

 

  1. Del Monte in the U.S. has a Lighthouse whistleblower hotline in all U.S. locations and subsidiaries, which offers web access, international numbers, and multilingual agents 24/7. This is aligned with the prescribed Anti-Corruption program of the U.S. Department of Justice.

 

  1. Del Monte Foods, Inc.’s (DMFI) Code of Conduct requires disclosure of any conflicts of interest. Training is conducted upon employment with DMFI and periodically thereafter.

 

  1. DMFI regularly performs a third-party risk assessment and evaluates procedures for the Company’s high-risk third parties. Criteria used for evaluating risks are:
    1. The associated Corruption Perception Index of the country where third parties are based;
    2. Whether transactions are material or not; and
    3. The nature of the business partner relationship.

 

  1. Del Monte Philippines, Inc. (DMPI) has a manual on Corporate Governance that embodies the Company’s governance framework. The Company’s Board has approved DMPI’s related party transactions and interested party transactions policies.

 

  1. The Company has a Code of Business Ethics which directors, management, and all employees adhere to. All employees are required to disclose related party transactions and conflicts of interest.

 

  1. DMPI has a stringent policy against fraud and corruption. The Code of Business Ethics is supplemented by the Employee Code of Conduct and Supplier Code of Conduct to guide employees and suppliers in making decisions every day.

 

  1. Training on the Code of Business Ethics, Employee Code of Conduct and Supplier Code of Conduct is part of the onboarding of new employees which includes related party transactions, conflict of interest, anti-corruption and fraud.

 

  1. The Company’s whistleblower hotline is accessible to employees, suppliers, customers and other third parties, translated in different dialects.
  2. DMPI updates its Business Continuity Plan (BCP) annually to prevent threats and disruptions. The pandemic did not create a substantial disruption to the Company since its BCP was in full gear.
  3. Del Monte performs periodic internal audits to assess corporate, facility, and subsidiary processes and ensure compliance with policies to mitigate risk of breaches, fraud, and both financial and reputational damage.

 

  1. DMPI’s Internal Audit department implements a risk-based approach in identifying auditable areas. Fraud risks are considered. The auditable areas are periodically assessed to take into consideration changes in business conditions and priorities. The Internal Audit department also coordinates with the External Auditor.

 

  1. DMPL strengthens governance through data protection, privacy, and cybersecurity.

 

IT assets are vital to support tactical business functions. In line with this, the Group is revisiting the process of its Information Security Policy at least annually, to set forth high-level controls for protecting information and assessing compliance.

 

  1. The Group is likewise committed to protecting its confidential business data and privacy of individuals. DMPL complies with cybersecurity laws and regulations.

 

    1. DMPI has an Interested Person Transactions policy, which prescribes the monitoring procedures and approval requirements for any transaction of the Company and its subsidiaries with any interested person such as a director, the Chief Executive Officer, any controlling shareholder, or associates of these persons.
 

 Governance 2

Data Protection and

Cybersecurity

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DMPL strengthens governance through data protection, privacy, and cybersecurity. IT assets are vital to support tactical business functions. In line with this, the Group is revisiting the process of its Information Security Policy to set forth high-level controls for protecting information and assessing compliance.

The Group is likewise committed to protecting its confidential business data and privacy of individuals. The same applies to cybersecurity laws and regulations, which have also become increasingly complex.

1. DMFI takes data security and privacy seriously, employs laptop device encryption, blocks non-encrypted USB devices, and utilizes multi-factor authentication on most applications.

 

2. To ensure data protection in an unsecured environment, more features have been added to our endpoint protection, such as the Endpoint Detection and Response. The cybersecurity program is also being aligned with ISO27001:2013.

 

3. Del Monte in the U.S. programs its firewall content protection to enhance the endpoint protection capabilities and protect users from malicious websites or programs.


4. DMFI implemented a work-from-home scheme to all employees using a system that allows web-enabled applications on personal computers such as OKTA apps like Box, RingCentral, and Outlook Web Access to prevent Company data from being stored in personal computers. Technical support was also made available to the employees for other network concerns.

5. In the Philippines, Del Monte implemented sets of guidelines and procedures based on its Information Security Manual that adopted the standards of Information Security Management System (ISMS) and principles of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
6. DMPI security includes firewalls, web filtering/anti-virus/anti-malware protection, advanced persistent threat protection, ransomware protection, data encryption, a strong password policy, and OKTA multi-factor authentication. 

 

7. User setup/deactivation and access rights follow required approvals from both Operations and IT. The networks for DMPI are also physically and logically segmented. 

 

8. DMPI updated and replaced outdated end-of-life/end-of-support network switches and devices to ensure that security configurations and patches are current.

 

9. Del Monte in the Philippines is using CISCO Identity Services Engine (ISE) to automate the management of security and network access policies for endpoint devices.

 

CISCO ISE provides full visibility into everything connected to the network in real-time. Coupled with the Cisco AnyConnect Secure Mobility Client, CISCO ISE scans devices trying to connect to the network for security-related compliance requirements including operating system, security settings, anti-virus, anti-malware, etc. Non-compliant devices are prevented from accessing the network even if proper user IDs and passwords are provided.

 

10. CISCO ISE permits access only to a pre-defined segment of the network. The guests’ devices are confined within a separate visitors segment of the network.

 

11. Endpoints are protected by Sophos Advanced Endpoint Security solution with detection and response capabilities. These solutions are superior to strengthen data protection.

 

12. Internal Audit (IA) conducted a control self-assessment of DMPI’s back-up policy and procedures of individual user files excluding server files. IA’s review involves conducting surveys on regular employees and third party partners to determine appropriateness of its back-up policy and procedures.

 

Based on the audit results, Internal Audit secured approval from management to provide Box Cloud storage with unlimited size to department executive assistants of each major division    
 
 
 
 
 
 
 
 
 

 

 
 

Data Privacy

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The Group has adopted a Data Privacy Manual to ensure organizational, physical, and technological measures that guarantee the safety and security of personal data. The Group conducts continuous training to build its employees’ competency in the area of personal data privacy.

 

1. Del Monte in the U.S. held bi-annual Privacy Task Force meetings to address privacy concerns and review changes in privacy laws and compliance.

 

2. DMFI engaged a third party to audit its systems and mitigate risks relating to data privacy and cyberattacks.

 

3. DMPI started an awareness initiative on Data Privacy led by Legal Department’s Data Privacy Officer.

 

4. Del Monte Philippines ensures the management of data security and privacy by mandatory full-disk encryption of all computers using Bitlocker and integrated into Sophos Central. 

 

In case a computer is lost or stolen, all its contents cannot be accessed even if the hard drive is removed is taken out and slaved to another device.

 

5. DMPI conducts regular cybersecurity awareness campaign by publishing tips and security advisories to mitigate risks.

 

6. The Company is using SAP software, a comprehensive business management solution that ensures operational stability.

 

7. DMPI migrated all SAP applications to Azure Cloud including email threat and firewall protection using Sophos.

 

8. IT regularly tests its firewalls at least once a month as part of network operations responsibility and performs Vulnerability Assessment and Penetration testing annually. No material cybersecurity breaches were noted in FY23.