Governance
Promoting High-quality Development
SF is committed to achieving business values and social values together. Keeping in mind the good vision of sustainable development of the industry, we actively explore the path for sustainable development of the enterprise.
SF passed the ISO 37301
Compliance Management System certification
100%
Suppliers sign the Integrity Agreement
Sustainable Development Management
SF integrates ESG principles into its corporate development strategy, builds a scientific and professional ESG management system and a clear and transparent ESG governance structure, fully implements ESG-related strategies, and supports the sustainable development of the Company's business.
<2023 S.F. HOLDING CO., LTD Sustainability Report>
Risk Control and Compliance Management
SF has established a sound internal control and risk management system to strengthen and standardize the Company's internal management, constantly improves the Company's risk prevention and control effects, and promotes the sustainable and healthy development of the Company.
Risk Management System
SF has established the Risk Management Committee of the Board of Directors, as a specialized risk management organization, which leads the Group’s risk control and compliance management direction and guides the Group’s risk control and compliance management work on behalf of the Board of Directors. The Risk Committee under the Risk Management Committee of the Board of Directors is a professional decision-making body for overall management and control of risk control and compliance of the Company. It is led by the Chief Financial Officer (CFO) of the Company and is mainly responsible for deliberating and making decisions on the construction, system, process, authorization, prevention and response of major risks of the Company. The Risk Committee reports to the Risk Management Committee of the Board of Directors on a quarterly and annual basis. The Risk Control and Compliance Office of the Company coordinates the management of risk control and compliance; while the leader of each functional department, BG (Business Group), BU (Business Unit) and region has the primary responsibility for the relevant risk control, responsible for the formulation of specific risk control measures and implementation rules, as well as the identification and assessment of daily risks and the implementation of control measures.
ESG Risk Management
SF regularly carries out the identification and sorting of risk information database, and fully integrates environmental, social and governance risks into the original level 1, 2 and 3 risk level databases. The ESG risk management structure is consistent with SF’s risk management organizational structure, with the Risk Management Committee of the Board of Directors as the highest risk management body responsible for the identification, prevention and control of ESG risks.
SF incorporates ESG risks such as intellectual property risks, anti-corruption risks, occupational health and safety risks, human rights and human resources management risks, and environmental risks into the risk management framework, and regularly evaluates and monitors related ESG risks. Among them, environmental risks include climate change transition risks, carbon target management risks, energy use monitoring risks, etc.
SF's Defensive Lines for Integrity Supervision
In 2024, the signing rate of the SF practitioners’ Anti-Corruption Commitment Letter reached 99.5%, The suppliers' signing rate of the Integrity Agreement reached 100%.
The Company continues to strengthen the construction of integrity culture, and conducts regular integrity index surveys to gain a comprehensive understanding of the effectiveness of internal integrity construction. At the same time, the Company conducts training on ethical standards to all employees (including part-time employees and contractors) through system interpretation, integrity briefings and anti-corruption announcements, so as to effectively enhance employees’ anti-corruption awareness. In 2024, SF adopted a combination of “online cases + offline training” to carry out positive promotion of integrity culture and negative warning of fraud cases, and organized all employees to learn, know and abide by the rules.
Information and Network Security Management
SF strictly abides by national laws, regulations and industry norms, always maintains high alertness to information security and network security risks, and continues to improve the construction of internal information and network security management system.
The Company has established a three-level information security and privacy protection management structure consisting of decision-making level, management level and executive level. The Information Security and Privacy Protection Committee is the highest decision-making organization, responsible for information security and privacy protection decisions, appointments and instructions. The Group’s Information Security and Privacy Protection Working Group is set up under the Committee, which is led by the Chief Information Security Officer, to support the Company’s information security and privacy protection governance and ensure the efficient operation of the management system.
Information and Network Security
SF has established internal policies such as the Information Security Incident Emergency Response Plan and the Cybersecurity Incident Management Regulations, larifying the response mechanisms and handling measures in the event of cybersecurity incidents. Through cybersecurity vulnerability detection and cybersecurity drills, the Company enhances its security defense capabilities and safeguards its cybersecurity.
The Company’s information and network security management system has passed ISO 27001 information security management system certification and ISO 27701 privacy information management system certification, covering the Company’s main business operation scenarios. In addition, SF Express App has passed the network security level protection level three protection evaluation and CCRC mobile Internet application (App) Android/IOS security certification, providing all-round guarantee for user data security.
Personal Information Protection
SF attaches great importance to the protection of customers’ personal information security. Based on laws, regulations and industry best practices, SF has built a comprehensive privacy protection management system, formulated and continuously improved a personal information security and compliance system covering the entire life cycle of data, and ensured personal privacy protection work carried out in an orderly manner. In order to implement the protection of personal information, the Company has taken diversified measures covering the entire digital life cycle to effectively protect customers’ privacy and security with a responsible attitude. In 2024, there were no major personal information security incidents in SF.
Information and Network Security
SF has established internal policies such as the Information Security Incident Emergency Response Plan and the Cybersecurity Incident Management Regulations, larifying the response mechanisms and handling measures in the event of cybersecurity incidents. Through cybersecurity vulnerability detection and cybersecurity drills, the Company enhances its security defense capabilities and safeguards its cybersecurity.
The Company’s information and network security management system has passed ISO 27001 information security management system certification and ISO 27701 privacy information management system certification, covering the Company’s main business operation scenarios. In addition, SF Express App has passed the network security level protection level three protection evaluation and CCRC mobile Internet application (App) Android/IOS security certification, providing all-round guarantee for user data security.
Personal Information Protection
SF attaches great importance to the protection of customers’ personal information security. Based on laws, regulations and industry best practices, SF has built a comprehensive privacy protection management system, formulated and continuously improved a personal information security and compliance system covering the entire life cycle of data, and ensured personal privacy protection work carried out in an orderly manner. In order to implement the protection of personal information, the Company has taken diversified measures covering the entire digital life cycle to effectively protect customers’ privacy and security with a responsible attitude. In 2024, there were no major personal information security incidents in SF.
