We are committed to the highest standards of corporate governance and support the principles of openness, integrity and accountability.

Ethics and Integrity

“Ethics is the new competitive environment.”

Peter Robinson, CEO

1. DMPL ranked #1 among midcap companies and #15 overall or within the top 3% among 577 Singapore-listed companies evaluated in the Singapore Governance and Transparency Index in August 2020.
   
   
2. The Company maintains strong corporate governance principles. The Board of Directors is composed of a majority of independent directors. All members and chairpersons of the Board committees (Audit and Risk, Nominating and Governance, and Remuneration and Share Option) are independent directors. The Company’s Board of Directors and management are accountable to the shareholders.
   
   Executive Chairman Rolando C. Gapud receiving the Best Managed Board Award from then Singapore President Dr. Tony Tan
   
3. Both compliance and risk issues are reported to the Board of Directors.
   
   
4. DMPL implements a Securities Dealings Policy, which prohibits designated people within the Group, including Directors and key management personnel, to deal with the Company’s securities while in possession of unpublished material or price-sensitive information, or to provide such information to others.
   
   
5. The Group implements a Whistleblower Policy that aims to deter and uncover any corrupt and unethical act detrimental to its interests that may be committed by officers and employees, as well as third parties or any other persons such as suppliers and contractors.
   
   
6. Del Monte Foods, Inc. (DMFI) in the U.S. has a whistleblower hotline, Lighthouse, which may be used in all U.S. locations and foreign subsidiaries. Lighthouse offers web access, international numbers for our foreign locations, multilingual agents, and is available 24/7.
   
   
7. DMFI aligns with the prescribed Anti-Corruption program of the U.S. Department of Justice.
   
   
8. DMFI periodically performs a third-party risk assessment and evaluates procedures for the Company’s high-risk third parties. Criteria used for evaluating risk are:
   
        a. The country where third parties are based and the associated                        Corruption Perception Index of that country;
   
        b. Whether transactions are material or not; and
   
        c. The nature of the business partner relationship.
   
   
9. DMFI has an Employee Code of Conduct and Supplier Code of Conduct.
   
   
10. Del Monte Philippines, Inc. (DMPI) has a Manual on Corporate Governance that embodies the Company’s governance framework. The Company’s Board has approved DMPI’s policy with respect to related party transactions and interested party transactions, which is expected to be implemented in FY2022.
    
    
11. DMPI has an Interested Person Transactions policy, which prescribes the monitoring procedures and approval requirements for any transaction of the Company and its subsidiaries with any interested person such as a director, the Chief Executive Officer, any controlling shareholder, or associates of these persons.
    
    
12. The Company has a Code of Business Ethics which directors, management, and all employees abide by. All employees are required to provide information on related party and conflict of interest.
    
    
13. DMPI has a stringent policy against fraud and corruption. The Code of Business Ethics is supplemented by the Employee Code of Conduct and Supplier Code of Conduct, which guides employees and suppliers in making decisions every day. Adherence to these codes helps employees and business partners to have sustainable business relationships.
    
    
14. The Company’s whistleblower line is accessible to employees, suppliers, customers and other third parties through a specified phone number. The whistleblower program is translated into the country’s regional dialects.
    
    
15. DMPI has a Business Continuity Plan (BCP), headed by the Chief Operating Officer, to ensure continuous operations and supply of products to the market. The BCPs are reviewed annually to prevent threats and disruptions. The Company’s BCPs were implemented during the COVID-19 pandemic.
    
    
16. The Company performs internal audits to assess corporate, facility, and subsidiary processes to ensure compliance with the foregoing policies and to mitigate risk of breaches, fraud, and both financial and reputational damage.
    
    DMPI’s Internal Audit department identifies audit areas by reviewing external audits’ scope, process, and audit results as a basis if further audit is required.

Data Protection and Cybersecurity

DMPL strengthens governance through data protection, privacy, and cybersecurity.

1. IT assets are vital to support tactical business functions. In line with this, the Group is revisiting the process of its existing Information Security Policy to set forth high-level controls for protecting information and then assess compliance.
   
   
2. The Group is likewise committed to protecting its confidential business data and privacy of individuals. The same applies to cybersecurity laws and regulations, which have also become increasingly complex.
   
   
3. DMFI takes data security and privacy seriously, employs workstation encryption, blocks non-encrypted USB devices, and utilizes multi-factor authentication on most applications.
   
   
4. To ensure data protection in an unsecured environment, more features have been added to our endpoint protection, such as the Endpoint Detection and Response. The cybersecurity program is also being aligned with ISO27001:2013.
   
   
5. DMFI programs its firewall content protection to enhance the endpoint protection capabilities and protect users from malicious websites or programs.
   
   
6. DMFI implemented a work-from-home scheme for employees using a system that allows web-enabled applications on personal computers such as Okta apps like Box, RingCentral, and Outlook Web Access to prevent Company data from being stored in personal computers. Technical support was also made available to the employees for other network concerns.
   
   
7. In the Philippines, Del Monte implemented and launched policies that are deployed and enforced in Data Loss Prevention. These policies are now at the monitoring, notification, and management phases including other cybersecurity implementations on network access control, network segmentation, advanced persistent threat protection, and encryption.
   
   
8. To sustain the program, DMPI has rolled out the cybersecurity awareness and training initiative, which was attended mostly by employees in the Philippines. The feedback gathered from the sessions will be used to improve the existing Information Security Policy.
   
   
9. The Company made significant progress in the roll-out of Advanced Persistent Threat protection for endpoint systems, Encryption and Data Loss Protection systems to key end user devices and pilot departments, respectively.
   
   
10. Ongoing audit and assessment, in collaboration with Group Internal Audit through third-party consultants, are conducted to assess the effectiveness of the roll-out.
    
    
11. DMPI mitigated cybersecurity risks to address the vulnerabilities that were identified during the Vulnerability Assessment and Penetration Testing of key Company websites.
    
    
12. The IT team secured the network system access to DMPI network of employees who work from home during the pandemic. Technical guidelines and support were also provided to employees for working remotely.
    

Data Privacy

The Group has adopted a Data Privacy Manual to ensure organizational, physical, and technological measures that guarantee the safety and security of personal data. The Group conducts continuous training to build its employees’ competency in the area of personal data privacy.

1. Del Monte in the U.S. held bi-annual Privacy Task Force meetings to address privacy concerns and review changes in privacy laws and compliance.
   
   
2. DMFI engaged a third party to audit its systems and mitigate risks relating to data privacy and cyberattacks.
   
   
3. DMPI started an awareness initiative on Data Privacy led by the Data Privacy Officer in the Legal Department.
   
   
4. The level of awareness of employees was assessed and among the respondents handling private data, 51% are familiar with the general idea of the regulations.