EASTSPRING INVESTMENTS FUND MANAGEMENT LIMITED LIABILITY

DUE DILIGENCE QUESTIONNAIRE

Period of Review

Entity under Review (“Entity”): SWIRE COLD STORAGE VIETNAM COMPANY

LIMITED

Address: No. 18, Street No. 06, Song Than 1 Industrial Zone, Di An District,
Binh Duong Province

Name of Contact: Thai Hoang To Thu

Title:
Telephone:
Email:

Description of Services being outsourced: Document storage service

Relevant Agreement:

Date of Review Completion:

Signature of Completing Officer: _____________________

Name:

Signature of Supervising Officer: _____________________

Name:

Instruction
Please answer ALL questions with a “Yes” or “No” answer.

1
For questions which are not applicable to you, please write “NA” in the comments column.
All “NA” answers will be subject to subsequent verification and follow up.
All “No” answers must be explained in written form

2
Item
No. Questions Answer
1 Financial Strength and Resources
a) Since your last response to our ICQ or DDQ, Don’t have any change
has there been any change in your company’s
experience and competency to implement and
support the contracted activity?

b) Is your company’s financial strength and
resources such that you can service
commitments even under adverse conditions?
If possible, please provide an update on the
current market share of your company’s
business.
c) Please provide a copy of the company’s latest
audited financial statement.
Yes, we can ensure that all commitment
in service with your company are under
control and following the contract
requirements and conditions
Now our current makert are focus in
cold storage, cross docking serive,
labeling, document storage…. All
customers are from big customer such
as Prudential, DHL, Pepsil, Bayer… to
small customer also.

So sorry ,we cannot share our finance

d) Does your company have adequate insurance report to any customer or third party
coverage for the contracted activity?

2 Regulatory and Legal

Since your company’s last response to our ICQ or
DDQ, has
a) there been a change in the regulatory or No
licensing status of your company? If yes,
please provide details of the changes.
b) the company been or is the company currently
involved in any compliance, regulatory, No
fraudulent or criminal investigation? If yes,
please provide details of the nature and
outcome/status of the investigation. What
were the actions taken to rectify the incident
and prevent similar incidents from happening?
c) there been any complaint and/or No
actual/potential legal action taken against your
company? If so, please provide details of the
nature and outcome/status of the legal action.

3 Compliance and Control

Since your company last response to our ICQ or DDQ,

has there been a change in your company’s policies and
internal control process pertaining to the areas listed

3
 below? If so, please provide details of the changes. Yes, from Head Quarter (it is from
a) Does your company have a stand-alone Swire Group, we need to ask for
Compliance and/or Internal Audit department? permission)
If so, please provide details of the current
resources (staff strength, qualification and
years of experience of the staff). Who does the
team/department report to?
Yes, yearly, we had yearly internal
b) Do Internal Audit or Compliance professionals report and it is submitted to CEO
periodically test compliance with guidelines,
other regulatory restrictions and internally set
policies and procedures? If so, how often?
Are there any written reports? To whom are
they submitted?

c) Do you have key policies that cover internal We don’t have policies but we had a
controls, fraud etc.? Please provide a copy of procedure to follow our compliance
the current monitoring programmed in respect
of compliance with the regulations and internal
policies and procedures, specifically in relation
to the contracted services.
Yes, all compliance and risk are
d) Have written policies and procedures with reviewd yearly and QHSE manger
regard to regulatory compliance and risk will be responsible for updated.
management been updated? Who is
responsible for updating? How often? What
process is in place to ensure compliance with
such procedures?

4 Audits

a) Have the external auditors issued any No

management report for your company’s latest
audited accounts? If yes, does the report
contain comments that have an impact on the
company’s capability to perform the contracted
services? If so, please provide details of the
comments and the rectification measures
taken/to be taken by the company.

b) Since your company’s last response to our ICQ Yes, we noted to send you the
or DDQ, has the company been subject to any document related to our internal audit
internal audit? If so, please provide details of
any significant matters raised.

4
 c) Since your company’s last response to our ICQ No
or DDQ, has the company been subject to any
inspection by the regulator(s)? If so, please
provide details of any significant matters
raised.

d) If the company has been audited, please Yes, please noted to receive the copy
provide a copy of the audit report.

5 Sub-Contracting
a) Since your company’s last response to our Not yet
ICQ or DDQ, has your company appointed
any new sub-contractor to perform the
contracted service? If so, please furnish
company details of sub-contractor(s).
b) Has your company ensured that the Yes
provisions in our service agreement and the
prudent practices as per your standards are
adhered to?

6 Corporate Governance

Since your company’s last response to our ICQ or No

DDQ, has there been a change in your company’s
approach in ensuring good corporate governance? If
so, please provide a brief description of the changes.
(Where relevant, please include information on the
types of management oversight committees, members,
terms of references and frequency of meetings)

7 Confidentiality and Security of Client Information

a) Since your company’s last response to our No change

ICQ or DDQ, has there been a change in the
control procedures in your company:
- to ensure confidentiality of customers’
information?
- to prevent unauthorized access to the
computer system to
change/amend/delete any transaction
details or customers’ static
information.

5
 - to prevent unauthorized disclosure of
customer information to any other
party.
- for reviewing access rights, to ensure
such rights are updated promptly,
accurately and are appropriately
assigned according to staff job
functions and segregation of duties.
b) If so, please provide details of the changes.

c) Please confirm that your company is able to

isolate and clearly identify customer’s Yes, we confirm
information, documents and records and
assets.

d) Please confirm that your company has ensured

that customer information is used strictly for Yes, we confirm
the purpose of the contracted services?

e) Since your company’s last response to our ICQ

or DDQ, has there been instance of No
unauthorized access or breach of security and
confidentiality by your company or sub-
contractors that affect our customers? If so,
please furnish details.

f) Does the company review and monitor its

security practices and control processes on a
regular basis, including commissioning or
obtaining periodic expert reports on security
adequacy and compliance in respect of the
operations and the requirement to disclose
security breaches? If so, please provide a copy
of the latest report.
Yes, we review yearly with the service:
- Take a security survey with team
leader and discuss some points need
to consider
- Make a minute to record and
implement

8 Technology and Business Contingency

a) Is there a limit to the volume of transactions No limit, if have we will noted and
that your system can process? What are the inform
implications on machine performance relating
to volume or additional accounts?

6
 b) Is there a dedicated technical support group? Yes, IT group

c) Since your company’s last response to our ICQ Yes, we are review and update BCP in
or DDQ, has there been any change in your yearly
company’s BCP, the frequency of tests, and the
location/firm utilized for recovery? If so,
please provide a brief description of the
changes.

d) Please confirm if your firm is in compliance Yes, we confirm

with the practices and standards set out by
your company/Group. If not, please highlight
areas of non-compliance.
e) When was the last BCP test and what were the In 2017. It is in our control
results? Did these results impact your ability
to service and fulfill your obligations to
perform the contracted services?
f) Has your company encountered any disaster or Not yet
significant interruptions (such as power
failure)? What is the maximum duration for
which your systems have failed to operate?
Were the Business Continuity Plans effective
in ensuring swift recovery of operations?

9 Anti-Money Laundering
Where applicable, please state whether there have been We had Code of Conduct and our
changes to the procedures taken by your company to employee were trained when working in
prevent any possible money laundering so as to comply Swire
with relevant AML regulations. If so, please provide
details on the changes.

10 Others
a) Are there any external factors (such as the No
political, economic, social and legal
environment of the jurisdiction in which your
company operates, and other events) that may
impact your service performance? If so, please
elaborate.

a) b) Are there any issues that we should be No

aware of with regards to your company or to
your obligations to provide the contracted
services?