Sustainability Report 2016

5

Code of Conduct and

Whistleblowing Policy

Our Code of Conduct is the

cornerstone of our governance and

operation. It spells out the guiding

principles for our staff behaviour that

must meet high standards of integrity

and honesty. We have additional

codes for staff in particular risk-related

areas to cover conflicts of interest,

bribery, accounting standards and

internal management. Staff are

required to confirm that they have

understood the Code of Conduct

appropriate to their role and position

in the Company on joining and

annually thereafter, ensuring the Group

operates to the highest standards of

business behaviour and ethics in our

engagement with customers, business

partners, shareholders, employees

and the business community. Due

to a constantly changing business

environment, we assess our Code of

Conduct from time to time to ensure

that it reflects the current global best

practices and meets the expectations

of all stakeholders.

VTech operates a Whistleblowing

Policy in order to encourage and assist

whistleblowers to disclose information

relevant to misconduct, malpractices

or irregularities through a confidential

reporting channel. Any cases are

referred to the Chief Compliance Officer

(CCO), who will review the complaints

and determine the appropriate mode

of investigation and any subsequent

corrective action. All reported cases are

handled by the Company with care and

the concerns are investigated in a fair

and proper manner. All reports under

the Whistleblowing Policy are reviewed

by the Group’s Audit Committee twice

a year in order to ensure proportionate

action and identify the need for any

further policy development.

Business Integrity Policy

and Anti-Corruption

Group policy prohibits VTech Group

and its officers, employees and agents

from giving or offering to give money

or anything of value to government

officials, political parties, party officials

or candidates for political office in order

to influence official acts or decisions of

that person or entity, obtain or retain

business, or secure any improper

advantage. The Company does not

make any donations to political parties

in any country, but does not restrict

employees from individual associations

provided that there is no conflict of

interest to their role as an employee

within VTech. Employees must not

purport to represent the Company in

any political forum and should not use

the Company brand, time or assets to

advance the interests of any political

party or group.

As a result, VTech’s management has

an obligation and a responsibility to

ensure that employees are familiar

with our anti-corruption policy, which

is part of our Code of Conduct, and

the control procedures in their job

areas. Employees receive regular

anti-corruption and internal control

training to reinforce their awareness and

understanding of our Code of Conduct.

Risk Management

Effective risk management is crucial for

maintaining our stable daily operation

and indicates our ability to respond and

adapt to the changing environment.

In order to minimise the possible

disturbances to our operation during

the event of disruptions, it is important

to be prepared for emergency and to

build resilience. VTech has implemented

an organisational structure with formal

and clearly defined lines of responsibility

and delegation of authority for risk

management.

To ensure the effectiveness of risk

management, the boards of committee

have been divided into two distinct but

complementary roles for implementing

the risk management policies and

objectives of the Group, and monitoring

the risk management process. The

RMSC, chaired by Dr. Allan WONG Chi

Yun with Dr. PANG King Fai, Mr. Andy

LEUNG Hon Kwong, Mr. WONG Kai

Man, Ms. Shereen TONG Ka Hung and

Mr. CHANG Yu Wai, as members – a

combination of executive Directors,

independent non-executive Directors

and senior management, is responsible

for putting in place policies, procedures

and frameworks for the identification

and management of risks. Risks are

formally identified and recorded in the

risk register for key operations. The risk

register is updated regularly and risk

exposure and mitigation performance

are reviewed biannually.

The RMSC held two meetings

during the financial year to review the

Group’s business and sustainability

risk management and internal control

systems and their effectiveness. The

Audit Committee reviewed the overall

effectiveness of the Group’s system

of internal control over financial,

operational and compliance issues,

risk management process, information

systems security and effectiveness

of financial reporting and compliance

with the Listing Rules, and is satisfied

that such systems are effective and

adequate.

In FY2016, The Data Security

Governance Board was established

with defined terms of reference

reporting to the Risk Management

and Sustainability Committee. The

Data Security Governance Board

is chaired by Group Chairman and

comprises the Group President, CMS

Chief Executive Officer, TEL President,

Group Chief Financial Officer, Company

Secretary and Group Chief Compliance

Officer, and Group Chief Information

Officer. It is responsible for decision-

making, implementation, enforcement,

oversight, compliance and periodic

review of the Data Security Policy.

At management level, department

representatives of each key business

function maintain a risk register

documenting the key risks and the

relevant risk response measures. They

review their risk registers on a biannual

basis to consider if any updates to the

risk registers are required based on

the events of disruption or incidents

occurred. To facilitate the review of

the risk register by the RMSC as

mentioned above, the Internal Audit

Department performs a holistic review

of the updated risk registers maintained

by each key business function and

consolidates all the risk registers into

the Group’s risk register on a biannual

basis.