Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.

Last update: March 2017

PM3: Due Diligence Requirements (DDR) questionnaire for New Vendor (Life entities)

This Due Diligence Requirements (DDR) questionnaire is to assist and support due diligence activities
and requirements in the Procurement process when identifying potential Third Parties to do
business with for Life entities (East spring has a different and separate DDR questionnaire). The areas
for due diligence (DD) in this DDR questionnaire are not exhaustive and additional DD requirements
may be needed depending on the type of Third Party arrangement you have, especially if you are
dealing with a potential Critical arrangement. If uncertain, please consult with LBU Risk or LBU
Procurement initially.

Guidance Note:
This DDR is intended (preferred by PCA) to be completed by LBU Procurement (or LBU Business
Owner if there is no Procurement Department). If instead you wish to send this questionnaire to be
completed by the Third Party, please ensure a Non-Disclosure Agreement (NDA) has already been
executed.

Please note that sign-off completion of this DDR is required. By signing-off, the signee confirms that
the information provided in this DDR questionnaire has been evidenced or validated; and is correct
and true. Evidence or supporting information may be requested at any time to demonstrate the
completeness of this Due Diligence activity.

Instructions:
Please complete the DDR questionnaire below and file this with your Vendor Profile Summary(PM3). You
may be required to produce this as evidence that DD activity has occurred. Supporting documentation
should also be attached to this questionnaire specified within the Sections.

Responses should be:

No / Yes : Please state if the diligence activity was completed and if any adverse or negative results in the
due diligence activities were identified. Additional guidance or information may be required.
N/A. If not applicable, please state why the due diligence activity is not relevant.

Sample: AML / Sanctions check completed?

Yes, activity was completed.
Result: no negative results.

Part A: Sections 1 & 2

Complete Part A to demonstrate that sufficient back-ground due diligence has been conducted on the Third
Party in order to proceed to engage them in the Procurement process (ie. invite to tender, have discussions
about doing business, explore a potential business arrangement).

Part A is MANDATORY for all Third Parties for all classifications of Contract. (Third Party is defined in the
PMF and for the avoidance of doubt, includes outsourcing, intra-group and inter-group companies).

Part B: Sections 3 - 13
Complete Part B according to the classification of your contract. These are indicated as below in the top
right corner of each question set:
[T] Transactional Contracts [SM] Standard Material Contracts [C] Critical Contracts

Section B is Mandatory to be completed before you contract with the Third Party as information from this
section may require you to include additional clauses into your contract and require negotiations.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

Mandatory for all classification of Contracts

Part A:
1. Company Background (Section 1, 1.1 – 1.9 may be amended accordingly to suit local company
registration requirements. 1.10 – 1.13 and Section 2 may not be amended)

1.1 Company name registration

SWIRE COLD STORAGE VIET NAM

1.2 Registered Date

08/01/1998

1.3 Registered Address

No. 18, Road no. 6,SONG THAN 1 IZ,DIAN WARD,DI AN TOWN,BINH DUONG
1.4 Registered (certificate) Number
3700239399
1.5 Company name changes on record
NA

1.6 Capital Information

124,180,600,000VND

1.7 Shareholder / directorship information (specify the individuals to enable screening – related
to Q1.10 – 1.13)

1.8 Litigation Search on subject company

1.9 Bankruptcy proceedings search on subject company

1.10 AML & Sanctions screening on the vendor and its directors using Dow Jones Factiva.

If positive match (i.e. Special Interest Person/Entity, Politically Exposed Persons, Sanctions) is
found, escalate the case to LBU AML Compliance. Please keep a copy of the results.

Positive matches N

1.11 If the contract is classified “Critical”, please identify the vendor’s beneficial owners (persons
owning 25% or more) of the vendor and screen the names using Dow Jones Factiva.

If positive match (i.e. Special Interest Person/Entity, Politically Exposed Persons, Sanctions) is
found, escalate the case to LBU AML Compliance. Please keep a copy of the results.

Positive matches N

1.12 If the contract is classified “Critical”, conduct adverse media and internet search in both
English and local language on the company, its directors, beneficial owners and its
subsidiaries. For contracts not classified “Critical”, the search need only be completed on the
vendor itself. Please keep a copy of the results.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

If adverse media is found, escalate the case to LBU AML Compliance and; to LBU ABC Team
( where needed according to the Anti-Bribery & Corruption Due Diligence Standards-Third
Party Suppliers).

Positive matches N

1.13 Is the vendor incorporated or registered or has business activities in any of the sanctioned
countries (please refer to LBU AML for full list of sanctioned countries)

If positive match is found, escalate the case to LBU AML Compliance.

Positive matches N

Section 2: Financial Healthcheck

(owned by Adrian Su, Director of Financial and Operational Risk Management)
2.1 Financial summary (audited reports) of results for last 2* years (profits, company liquidity
ratio, balance sheets). *If Critical Contract, require 3 years financial results.
Y

2.2 Obtain a copy of the external audit report on Third Party’s latest audited accounts.

a) Does the report contain comments that have an impact on the company’s capability to
deliver goods / perform the contracted services? N

b) Have any control deficiencies /weaknesses been identified by the Third Party’s External
Auditors? N

If Yes to either question (a) or (b), please provide comments and any rectification measures
taken / to be taken by the Third Party to rectify.

2.3 Any recent change in ownership or capital structure? Y/N. If Yes, please describe the changes.
N

Signature for completion of Part A:

Signature: _____________________________________

Name: ________________________________________ Date: _________________

LBU Procurement Representative or LBU Business Owner

(Note: If there is no LBU Procurement representative, the LBU Business Owner implementing the PMF process shall sign-off)
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

Part B: The following Sections 3-13 are Mandatory to be completed in accordance with the
classification of the contract. These sections cannot be amended.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

Section 3: Additional Financial Healthcheck and Company Background

Complete Section 3 for all Standard Material and Critical contracts.
(owned by Adrian Su, Director of Finance and Operational Risk Management)
3.1 Does the Third Party have other insurers as their clients? N

3.2 Provide an organisation chart as well as a detailed description of the legal structure of the
Third Party providing the delegated activity. Include any relevant related operating entities
or affiliates, including incorporation details and jurisdiction.

3.3 Please describe in detail any significant recent or pending events affecting the Entity’s
operations (e.g., legal action as plaintiff or defendant, mergers, acquisitions, joint ventures,
third-party investments, executive management changes, introduction or termination of a
business line, other products or services)?

3.4 Describe any new services or business undertaken in the last 12 months by the Third Party
and any impact on existing service delivery, especially on current clients. Please note that
client references may be requested to confirm this.

3.5 Describe the nature of corporate parent support, if any.

3.6 Does the Third Party currently sub-contract any of its operations?
a) Provide details of any sub-contracting or outsourcing of the delegated activity to a related
Third Party or independent Third Party. Note if there are service level agreements in place,
describe how the service level standards and requirements are monitored.

b) Describe the due diligence processes to ensure that these sub-contracting parties can
provide services required initially and on an on-going basis. Note that we may extent the due
diligence process to Third Party’s sub-contractors.

c) If No, would they have any intention to do so in the future?

3.7 Describe and provide evidence of the governance structure in respect of the Third Party
providing the sub-contracted activity, including committees, management groups, including
confirmation that minutes are taken, attendance is recorded and matters arising are
documented.

3.8 In last 12 months, has the Third Party lost significant accounts or assets? Have there been
patterns detected of why clients left (ex. poor performance, poor customer service, etc?

3.9 What is the Third Party’s credit rating? (eg. Fitch, Moody’s, Standards & Poor’s).
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

Have there been any adverse changes to the credit rating?

Section 4: Regulatory Compliance

For the avoidance of doubt, this section on regulatory compliance applies to Charity and Corporate
Social Responsibility (CSR) organisations.
Complete Section 4: 4.1- 4.3 for Standard Material contracts.
Complete Section 4: all questions for Critical contracts.
Complete Section 4: all questions for Charity or CSR organisations.
(owned by Albert Chiu, Senior Compliance Manager )
4.1 If the service provided by the Third Party is a regulated activity, or where applicable, provide
a copy of evidence of regulatory approvals/licenses (e.g. CSR organisations or other
equivalent registration documents for regulated activities).

4.2 Confirm whether there have been any historical or pending governmental
investigation/examination/ inquiry, regulatory breaches, warnings, enforcement actions,
sanctions during the last 5 year period. If yes, provide details of any such event.

4.3 Describe the governance processes or frameworks in place to demonstrate that the Third
Party is capable of adhering to our requirements as an Insurer regarding regulatory
requirements, policies and standards? Attach supporting documentation if available that will
support this requirement. (eg. Third Party’s policies or processes).

4.4 Describe the efforts made to ensure the Third Party’s business stays current with regulatory
changes. Please confirm that adequate procedures are in place to ensure that any legislative
changes are implemented on a timely basis.

4.5 Describe the Compliance structure within the Third Party and provide details of who is
responsible for compliance, their reporting lines, qualifications and experience. Please
include an organisational chart.

4.6 Provide a summary of the Third Party’s compliance program or compliance policies and
procedures.

4.7 Confirm that the local Compliance department is adequately staffed to ensure appropriate
oversight of the delegated activity.

4.8 Please list out key internal controls and compliance monitoring perform on delegated
services.
Confirm that internal controls are adequate and continue to operate effectively in respect of
the Third Party’s capacity to deliver the delegated activity. Provide a copy of the latest
available independent verification /certifications (e.g. ISO 9001, Audit letters, SOC1, ISAE
3402, SAS70, etc), if available.

4.9 Describe how staff is kept proactively informed of regulatory developments and compliance
requirements.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

4.10 Provide details of the procedures in place for reporting breach of contract or service
standards and escalation processes.

Section 5: Conflict of Interest & Code of Ethics

Complete Section 5 for all Critical contracts.
(Owned by Albert Chiu, Senior Compliance Manager)
5.1 Provide a copy or describe the policy and processes for dealing with conflicts of interest.
Swire have Code of Conduct to prevent any case with conflict of interest

5.2 Has everyone in the office been trained on Code of Ethics? Y/N
Yes, we had trained for employees about Code of Conduct in yearly

Are there mandatory certifications by staff on their compliance with the Code of Ethics? Y/N
No
List the number of exemptions that have been granted and describe (for each) the type of
exemption granted (past 3 years).
Not clear

Section 6: Information Risk & Privacy, IR&P

Complete Section 6 for all Standard Material and Critical contracts.
(Owned by Mike Usher, Director of Information Risk & Privacy )
6.1 What are the local applicable personal data legislation relevant to this Third Party
Arrangement? (eg. Personal Data Protection, Labour Outsourcing, Cross Border Data
Processing, Outsourcing, etc). Please specify.
None of local personal data legislation is applicable to Swire arrangement for service of
physical document warehouse.

6.2 Is the Third Party capable of adhering to our requirements as an Insurer regarding Privacy
requirements, policies and standards? If Yes, describe the actions you have taken or evidence
you have sighted to satisfy this requirement.
Yes, the Swire is capable of adhering to our requirements regarding Privacy requirements.
Swire has ISO 27001 certificate with sufficient management in term of information security
through its policies and practice.

6.3 Confirm whether there have been any historical or current Privacy breaches, warnings,
enforcement actions, sanctions for the Third Party during the last 5 year period (or whether
any are pending).  If yes, provide details of any such occurrences.
There is no historical or current Privacy breaches, warnings, enforcement actions, sanctions
for Swire during the last 5 year period

6.4 Confirm whether the Third Party has been subject to any Privacy inquiries or examinations
during the period (or whether any are pending) and any significant findings which may impact
the Services which have not been disclosed in the normal course of reporting.  If yes, provide
details of any such inquiries.
Swire has not been subject to any Privacy inquiries or examinations during the period and any
significant findings which may impact the Services which have not been disclosed in the
normal course of reporting.
6.5 Will the Third Party be able to adhere to our requirements regarding security and
confidentiality, audit and inspection if applicable? If Yes, please describe how or what
evidence you have sighted to satisfy this requirement.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

Yes, the Swire is capable of adhering to our requirements regarding security and
confidentiality, audit and inspection. Swire has ISO 27001 certificate with sufficient
management in term of information security through its policies and practice.

6.6 Describe the efforts made to ensure the Third Party stays current with Privacy changes. 
Please confirm that adequate procedures are in place to ensure that any legislative or
regulatory changes are implemented on a timely basis.
There is no specific Privacy regulation which is effective in Vietnam applied to insurers or
other industry such as Swire.

6.7 Please complete the Third Party IR&P Security Questionnaire and obtain LBU IR&P SME sign-
off that they have satisfied themselves as to the DD required on the Third Party in order to
proceed further. Evidence shall be the completion and sign-off of the Third Party IR&P
Security Questionnaire by the LBU IR&P SME. (Note: this same document was also requested
in the Risk Assessment Checklist (RAC)

Has the sign-off been obtained by LBU IR&P SME? Y

Section 7: IT Security Management (ITSM)

Complete Section 7 for all Standard Material contracts (if there is an IT element to your Third Party
arrangement per the Risk Assessment Checklist (PM2: RAC)
Complete Section 7 for all Critical contracts.
(Owned by Mike Mullins, Director if IT Security – Operations)
7.1 Please complete the Third Party ITSM Questionnaire and obtain LBU ITSM SME sign-off that
they have satisfied themselves as to the DD required on the Third Party in order to proceed
further. Evidence shall be the completion and sign-off of the Third Party IT Security
Questionnaire by the LBU IT Security Management SME.

Has the sign-off been obtained by LBU IT Security SME? Y

Section 8: Business Continuity Planning (BCM)

Complete Section 8 for all Critical contracts.
(owned by Wendy Chan, Regional Manager, Business Continuity)
8.1 Please complete the Third Party Business Continuity Checklist and obtain LBU Business
Continuity Manager’s sign-off that they have satisfied themselves as to the DD required on
the Third Party in order to proceed further. Evidence shall be the completion and sign-off of
the Third Party Business Continuity Checklist by the LBU Business Continuity Manager.

Has the sign-off been obtained by LBU Business Continuity SME? Y

Section 9: Anti-Bribery & Corruption (ABC)

The Procurement Function or Business Owner, together with the relevant Subject Matter Experts (where
needed) shall complete the following workbook extracted from the PCA Anti-Bribery & Corruption Due
Diligence Standards-Third Party Suppliers attached in the PMF: PM2 Risk Assessment Checklist (RAC) 5.1.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

Where enhanced ABC due diligence is required, the suppliers might be asked to fill in a questionnaire tailored
case by case.
(Owned by Judie Shen, Director, Anti-Bribery & Corruption)
9.1 Have the ADDR Form and ADD Report been completed with all red flags Y / N / NA
resolved?

Section 10: Anti-Money Laundering (AML)

Complete Section 10 for all Standard Material and Critical contracts.
(owned by Christopher Sykes, Director of Money Laundering Prevention)
10.1 Does the AML compliance programme require the approval of your Board or Y / N / NA
committee?

10.2 Do you have a legal and/or regulatory compliance programme that includes a Y / N / NA
designated Compliance Officer that is responsible for coordinating and
overseeing the AML programme on a day-to-day basis, which has been
approved by your senior management?

Please describe your AML program and provide an organisation chart of the
AML function.

10.3 In addition to inspections by regulators/inspectors, do you have an internal Y / N / NA

audit function or other independent third party that assesses your AML
systems and controls on a regular basis?

10.4 Do you have policies regarding relationships with Politically Exposed Persons Y / N / NA
(PEPs) consistent with applicable legislation and industry best practice?

10.5 Do you have policies to screen against economic sanctions lists, consistent with Y / N / NA
applicable legislation and industry best practice?

10.6 Do you have appropriate record retention procedures in accordance with Y / N / NA

applicable regulation?

10.7 Do you require your AML policy/systems and controls to be applied to all Y / N / NA
branches and subsidiaries in your home jurisdiction and overseas?

10.8 Do you provide AML training to relevant employees that includes the Y / N / NA
identification and reporting of suspicious activities/transactions, examples of
money laundering that involves the type of products you sell and the internal
systems and controls you have in place?

10.9 In addition to staff training at induction, do you conduct regular refresher Y / N / NA

training and additional training when there are changes to existing law, policies
and practices?

Section 11: Management and Staff

Complete Section 11 for all Standard Material and Critical contracts.
(jointly owned by Adrian Su, Director Financial and Ops Risk Mgmt & Cindy Lim, Director Vendor Assurance)
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

11.1 Provide the number of staff and an estimate of the percentage of time they spend working
on the Services.
365/30%

11.2 Provide a breakdown of contractors, consultants and temporary staff in respect of staff
working on Services.
Not clear
11.3 Provide level of staff turnover and describe any policies within the Third Party to ensure
stability of key personnel.
1% staff turnover

11.4 Provide details relating to the induction or specialized training of staff working on Services
directly related to Prudential.
Following the Swire Training Procedure:
1. Job Description/Promotion Request from Units
2. Training for new employees or when we have some updated procedure
3. Testing and approval

11.5 Describe the staff vetting or on-boarding procedures within your hiring practices. Confirm
if you perform any back-ground due diligence or staff vetting checks before hiring a staff
member.
1. To make an announcement in media/service to seek candidates, sort and verified
2. New employees come and interview/making a examination
3. Choice the best person suitable with hiring position base on interview result and
examination result.
4. Training for employee (induction training about safety, quality regulations and
main roles in jobs)

11.6 Please provide profiles of key executives and those responsible for the Services (including
name, title, qualifications, experience and main duties). Include also changes to key
executives in the past 12 months.
Our key executive are loading in WMS, please contact to HR department to more detail (or
Ms Tố Thư)

11.7 Describe any written policies and procedures for supervising employees, including
delegated supervisory functions and tasks. Are they designed to provide reasonable
assurance that violations of the law, regulations and firm policy will be prevented,
detected and reported to management immediately?
We had our management system to prevent, control and emergency contacts in case of
any one to find out something are abnormal case. The contact are list in everywhere of our
warehouse and available in 24/7

Section 12: Policies and Procedures

Complete Section 12 for all Standard Material and Critical contracts.
(Owned by Adrian Su, Director Financial and Ops Risk Mgmt)
12.1 Describe how information related to the delegated activity is segregated from other areas
within your firm as well as from other clients. Describe any information barriers and fire
walls in place between the different entities or departments. Have there been any
material breaches within the Third Party of these requirements? If so, please fully describe
what happened.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017

12.2 Provide details of procedures in place to ensure books and records are stored in
accordance with regulatory/legislative requirements (eg. record retention legislation).

Section 13: Insurance

Complete Section 13 for all Standard Material and Critical contracts.
(Owned by Cindy Lim, Director Vendor Assurance)
13.1 Does the Third Party confirm that it has adequate insurance coverage for the services
contracted? Y / N.

13.2 If Yes to Q12.1, please provide details of insurance coverage (including type of coverage,
certificate of currency confirming expiry date, insured name on policy, insurer, ad sum
insured in aggregate, and event / conduct covered. Please also provide a summary of
changes or claims made during past year.

Signature for completion of Part B:

Signature: _____________________________________

Name: ________________________________________ Date: _________________

LBU Procurement Representative or LBU Business Owner

(Note: If there is no LBU Procurement representative, the LBU Business Owner implementing the PMF process shall sign-off)