Governance
Deliver Growth
SF is committed to achieving business values and social values together. We integrate sustainability into our company culture and implement it in our work every day.
SF has established a sound internal control and risk management system to strengthen and standardize the Company’s internalmanagement, constantly improves the Company’s risk prevention and control effects, and promotes the sustainable and healthy development of the Company.
SF has established a risk management structure led by the Risk Management Committee of the Board of Directors. The Risk Committee under the Risk Management Committee of the Board of Directors is a professional body for the overall management and control of the Group’s risks, mainly responsible for deliberation and decision-making of the Group’s risk management system, policies, major risk prevention and major crisis responses. The Risk Committee reports to the Risk Management Committee of the Board quarterly and annually.
SF fully integrates environmental, social and governance risks in the identifying and sorting of risk information databases, as well as the classification of level 1, 2, 3 and 4 risks. At present, the identified ESG risks include a total of 15 level 2 risks such as natural disaster risks, intellectual property risks, fraud risks, production safety risks and human resource management risks, and level 4 risks such as carbon neutrality risks and extreme weather operation risks, covering multiple aspects of the ESG field.
In 2022, the signing rate of the Letter of Commitment to Anti-corruption was 94.6%, representing an increase of 1.7% compared with 2021, among which, the signing rate of third-tier managers reached 96.5%.The suppliers’ signing rate of the Integrity Agreement reached 100%. SF arranged the integrity index survey and special training on combating corruption and promoting integrity, and organized all employees to learn regulations to ensure them know and abide by regulations. A total of 20 offline anti-corruption training sessions were conducted in 2022, with a total of 21,300 hours of anti-corruption education for employees.
SF always stays alert for information security and network security risks.SF has established a three-tier data privacy and cyber security management schema, covering decision-making, management and implementation. The technical committee, as the ultimate leadership organization, is responsible for information security decisionmaking, appointments and instructions, and the CEO serves as its chairman and is the highest responsible person for information and data security.
SF has formulated its internal system, such as the Emergency Plan for Information Security Incidents of SF Group, Regulations on Network Security Incident Management, etc., clarifying the response mechanism and handling measures in the event of cyber security incidents. Through cyber security programmes such as network security loophole detection and network security practical exercises, the Company strives to enhance its security defense and promote network security. Since 2020, SF has set up a professional cyber security blue army, carried out internal red-blue confrontation drills from time to time, and constantly spotted its own cyber security defense weaknesses through simulating various external cyber security attack methods. Also, it has further reviewed and improved its system accordingly, so as to improve the collaborative combat ability of the security team and safeguard the Company’s operation. In 2022, SF carried out a total of 4 red-blue drills.
SF attaches great importance to information security management and is committed to preventing the occurrence of information security incidents. In 2022, the Company updated the Measures for the Management of High-Risk Behaviors in Information Security as well as the Administrative Measures for Rewards and Penalties for Information Security, clarifying cyber security high-risk behaviors and the corresponding punishment principles on violations, and lifting security awareness of all staff to protect internal information of the Company through the establishment of a special reward and punishment mechanism.