Professional Documents
Culture Documents
PM3 Due Diligence Swire - BCP Comment
PM3 Due Diligence Swire - BCP Comment
PM3: Due Diligence Requirements (DDR) questionnaire for New Vendor (Life entities)
This Due Diligence Requirements (DDR) questionnaire is to assist and support due diligence activities
and requirements in the Procurement process when identifying potential Third Parties to do
business with for Life entities (East spring has a different and separate DDR questionnaire). The areas
for due diligence (DD) in this DDR questionnaire are not exhaustive and additional DD requirements
may be needed depending on the type of Third Party arrangement you have, especially if you are
dealing with a potential Critical arrangement. If uncertain, please consult with LBU Risk or LBU
Procurement initially.
Guidance Note:
This DDR is intended (preferred by PCA) to be completed by LBU Procurement (or LBU Business
Owner if there is no Procurement Department). If instead you wish to send this questionnaire to be
completed by the Third Party, please ensure a Non-Disclosure Agreement (NDA) has already been
executed.
Please note that sign-off completion of this DDR is required. By signing-off, the signee confirms that
the information provided in this DDR questionnaire has been evidenced or validated; and is correct
and true. Evidence or supporting information may be requested at any time to demonstrate the
completeness of this Due Diligence activity.
Instructions:
Please complete the DDR questionnaire below and file this with your Vendor Profile Summary(PM3). You
may be required to produce this as evidence that DD activity has occurred. Supporting documentation
should also be attached to this questionnaire specified within the Sections.
Part A is MANDATORY for all Third Parties for all classifications of Contract. (Third Party is defined in the
PMF and for the avoidance of doubt, includes outsourcing, intra-group and inter-group companies).
Part B: Sections 3 - 13
Complete Part B according to the classification of your contract. These are indicated as below in the top
right corner of each question set:
[T] Transactional Contracts [SM] Standard Material Contracts [C] Critical Contracts
Section B is Mandatory to be completed before you contract with the Third Party as information from this
section may require you to include additional clauses into your contract and require negotiations.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017
Part A:
1. Company Background (Section 1, 1.1 – 1.9 may be amended accordingly to suit local company
registration requirements. 1.10 – 1.13 and Section 2 may not be amended)
1.7 Shareholder / directorship information (specify the individuals to enable screening – related
to Q1.10 – 1.13)
1.10 AML & Sanctions screening on the vendor and its directors using Dow Jones Factiva.
If positive match (i.e. Special Interest Person/Entity, Politically Exposed Persons, Sanctions) is
found, escalate the case to LBU AML Compliance. Please keep a copy of the results.
Positive matches N
1.11 If the contract is classified “Critical”, please identify the vendor’s beneficial owners (persons
owning 25% or more) of the vendor and screen the names using Dow Jones Factiva.
If positive match (i.e. Special Interest Person/Entity, Politically Exposed Persons, Sanctions) is
found, escalate the case to LBU AML Compliance. Please keep a copy of the results.
Positive matches N
1.12 If the contract is classified “Critical”, conduct adverse media and internet search in both
English and local language on the company, its directors, beneficial owners and its
subsidiaries. For contracts not classified “Critical”, the search need only be completed on the
vendor itself. Please keep a copy of the results.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017
If adverse media is found, escalate the case to LBU AML Compliance and; to LBU ABC Team
( where needed according to the Anti-Bribery & Corruption Due Diligence Standards-Third
Party Suppliers).
Positive matches N
1.13 Is the vendor incorporated or registered or has business activities in any of the sanctioned
countries (please refer to LBU AML for full list of sanctioned countries)
Positive matches N
2.2 Obtain a copy of the external audit report on Third Party’s latest audited accounts.
a) Does the report contain comments that have an impact on the company’s capability to
deliver goods / perform the contracted services? N
b) Have any control deficiencies /weaknesses been identified by the Third Party’s External
Auditors? N
If Yes to either question (a) or (b), please provide comments and any rectification measures
taken / to be taken by the Third Party to rectify.
2.3 Any recent change in ownership or capital structure? Y/N. If Yes, please describe the changes.
N
Signature: _____________________________________
Part B: The following Sections 3-13 are Mandatory to be completed in accordance with the
classification of the contract. These sections cannot be amended.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017
3.2 Provide an organisation chart as well as a detailed description of the legal structure of the
Third Party providing the delegated activity. Include any relevant related operating entities
or affiliates, including incorporation details and jurisdiction.
3.3 Please describe in detail any significant recent or pending events affecting the Entity’s
operations (e.g., legal action as plaintiff or defendant, mergers, acquisitions, joint ventures,
third-party investments, executive management changes, introduction or termination of a
business line, other products or services)?
3.4 Describe any new services or business undertaken in the last 12 months by the Third Party
and any impact on existing service delivery, especially on current clients. Please note that
client references may be requested to confirm this.
3.6 Does the Third Party currently sub-contract any of its operations?
a) Provide details of any sub-contracting or outsourcing of the delegated activity to a related
Third Party or independent Third Party. Note if there are service level agreements in place,
describe how the service level standards and requirements are monitored.
b) Describe the due diligence processes to ensure that these sub-contracting parties can
provide services required initially and on an on-going basis. Note that we may extent the due
diligence process to Third Party’s sub-contractors.
3.7 Describe and provide evidence of the governance structure in respect of the Third Party
providing the sub-contracted activity, including committees, management groups, including
confirmation that minutes are taken, attendance is recorded and matters arising are
documented.
3.8 In last 12 months, has the Third Party lost significant accounts or assets? Have there been
patterns detected of why clients left (ex. poor performance, poor customer service, etc?
3.9 What is the Third Party’s credit rating? (eg. Fitch, Moody’s, Standards & Poor’s).
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017
4.2 Confirm whether there have been any historical or pending governmental
investigation/examination/ inquiry, regulatory breaches, warnings, enforcement actions,
sanctions during the last 5 year period. If yes, provide details of any such event.
4.3 Describe the governance processes or frameworks in place to demonstrate that the Third
Party is capable of adhering to our requirements as an Insurer regarding regulatory
requirements, policies and standards? Attach supporting documentation if available that will
support this requirement. (eg. Third Party’s policies or processes).
4.4 Describe the efforts made to ensure the Third Party’s business stays current with regulatory
changes. Please confirm that adequate procedures are in place to ensure that any legislative
changes are implemented on a timely basis.
4.5 Describe the Compliance structure within the Third Party and provide details of who is
responsible for compliance, their reporting lines, qualifications and experience. Please
include an organisational chart.
4.6 Provide a summary of the Third Party’s compliance program or compliance policies and
procedures.
4.7 Confirm that the local Compliance department is adequately staffed to ensure appropriate
oversight of the delegated activity.
4.8 Please list out key internal controls and compliance monitoring perform on delegated
services.
Confirm that internal controls are adequate and continue to operate effectively in respect of
the Third Party’s capacity to deliver the delegated activity. Provide a copy of the latest
available independent verification /certifications (e.g. ISO 9001, Audit letters, SOC1, ISAE
3402, SAS70, etc), if available.
4.9 Describe how staff is kept proactively informed of regulatory developments and compliance
requirements.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017
4.10 Provide details of the procedures in place for reporting breach of contract or service
standards and escalation processes.
5.2 Has everyone in the office been trained on Code of Ethics? Y/N
Yes, we had trained for employees about Code of Conduct in yearly
Are there mandatory certifications by staff on their compliance with the Code of Ethics? Y/N
No
List the number of exemptions that have been granted and describe (for each) the type of
exemption granted (past 3 years).
Not clear
6.2 Is the Third Party capable of adhering to our requirements as an Insurer regarding Privacy
requirements, policies and standards? If Yes, describe the actions you have taken or evidence
you have sighted to satisfy this requirement.
Yes, the Swire is capable of adhering to our requirements regarding Privacy requirements.
Swire has ISO 27001 certificate with sufficient management in term of information security
through its policies and practice.
6.3 Confirm whether there have been any historical or current Privacy breaches, warnings,
enforcement actions, sanctions for the Third Party during the last 5 year period (or whether
any are pending). If yes, provide details of any such occurrences.
There is no historical or current Privacy breaches, warnings, enforcement actions, sanctions
for Swire during the last 5 year period
6.4 Confirm whether the Third Party has been subject to any Privacy inquiries or examinations
during the period (or whether any are pending) and any significant findings which may impact
the Services which have not been disclosed in the normal course of reporting. If yes, provide
details of any such inquiries.
Swire has not been subject to any Privacy inquiries or examinations during the period and any
significant findings which may impact the Services which have not been disclosed in the
normal course of reporting.
6.5 Will the Third Party be able to adhere to our requirements regarding security and
confidentiality, audit and inspection if applicable? If Yes, please describe how or what
evidence you have sighted to satisfy this requirement.
Procurement Management Framework. PMF : PM3 Due Diligence Requirements questionnaire.
Last update: March 2017
Yes, the Swire is capable of adhering to our requirements regarding security and
confidentiality, audit and inspection. Swire has ISO 27001 certificate with sufficient
management in term of information security through its policies and practice.
6.6 Describe the efforts made to ensure the Third Party stays current with Privacy changes.
Please confirm that adequate procedures are in place to ensure that any legislative or
regulatory changes are implemented on a timely basis.
There is no specific Privacy regulation which is effective in Vietnam applied to insurers or
other industry such as Swire.
6.7 Please complete the Third Party IR&P Security Questionnaire and obtain LBU IR&P SME sign-
off that they have satisfied themselves as to the DD required on the Third Party in order to
proceed further. Evidence shall be the completion and sign-off of the Third Party IR&P
Security Questionnaire by the LBU IR&P SME. (Note: this same document was also requested
in the Risk Assessment Checklist (RAC)
Where enhanced ABC due diligence is required, the suppliers might be asked to fill in a questionnaire tailored
case by case.
(Owned by Judie Shen, Director, Anti-Bribery & Corruption)
9.1 Have the ADDR Form and ADD Report been completed with all red flags Y / N / NA
resolved?
10.2 Do you have a legal and/or regulatory compliance programme that includes a Y / N / NA
designated Compliance Officer that is responsible for coordinating and
overseeing the AML programme on a day-to-day basis, which has been
approved by your senior management?
Please describe your AML program and provide an organisation chart of the
AML function.
10.4 Do you have policies regarding relationships with Politically Exposed Persons Y / N / NA
(PEPs) consistent with applicable legislation and industry best practice?
10.5 Do you have policies to screen against economic sanctions lists, consistent with Y / N / NA
applicable legislation and industry best practice?
10.7 Do you require your AML policy/systems and controls to be applied to all Y / N / NA
branches and subsidiaries in your home jurisdiction and overseas?
10.8 Do you provide AML training to relevant employees that includes the Y / N / NA
identification and reporting of suspicious activities/transactions, examples of
money laundering that involves the type of products you sell and the internal
systems and controls you have in place?
11.1 Provide the number of staff and an estimate of the percentage of time they spend working
on the Services.
365/30%
11.2 Provide a breakdown of contractors, consultants and temporary staff in respect of staff
working on Services.
Not clear
11.3 Provide level of staff turnover and describe any policies within the Third Party to ensure
stability of key personnel.
1% staff turnover
11.4 Provide details relating to the induction or specialized training of staff working on Services
directly related to Prudential.
Following the Swire Training Procedure:
1. Job Description/Promotion Request from Units
2. Training for new employees or when we have some updated procedure
3. Testing and approval
11.5 Describe the staff vetting or on-boarding procedures within your hiring practices. Confirm
if you perform any back-ground due diligence or staff vetting checks before hiring a staff
member.
1. To make an announcement in media/service to seek candidates, sort and verified
2. New employees come and interview/making a examination
3. Choice the best person suitable with hiring position base on interview result and
examination result.
4. Training for employee (induction training about safety, quality regulations and
main roles in jobs)
11.6 Please provide profiles of key executives and those responsible for the Services (including
name, title, qualifications, experience and main duties). Include also changes to key
executives in the past 12 months.
Our key executive are loading in WMS, please contact to HR department to more detail (or
Ms Tố Thư)
11.7 Describe any written policies and procedures for supervising employees, including
delegated supervisory functions and tasks. Are they designed to provide reasonable
assurance that violations of the law, regulations and firm policy will be prevented,
detected and reported to management immediately?
We had our management system to prevent, control and emergency contacts in case of
any one to find out something are abnormal case. The contact are list in everywhere of our
warehouse and available in 24/7
12.2 Provide details of procedures in place to ensure books and records are stored in
accordance with regulatory/legislative requirements (eg. record retention legislation).
13.2 If Yes to Q12.1, please provide details of insurance coverage (including type of coverage,
certificate of currency confirming expiry date, insured name on policy, insurer, ad sum
insured in aggregate, and event / conduct covered. Please also provide a summary of
changes or claims made during past year.
Signature: _____________________________________