ESG Report

Governance toward sustainable development

Adhering to Vietnamese laws governing its business activities and management systems aligned with international standards, FPT constructs and maintains a comprehensive management framework comprising the Corporate charter, management regulations, process manuals, and regulatory documents across the Corporation. These measures ensure the establishment of a professional, effective, and disciplined management system extending from the Corporation to its subsidiaries. In doing so, FPT upholds its governance principle of prioritizing shareholder interests while harmonizing development goals, fostering happiness, and demonstrating responsibility to society and the environment.

100% of management staff attending training sessions about corruption and conflicts of interest	AI to be utilized in financial risk management and conflict of interest prevention
ISO 27001:2013 Information security management systems	ISO 14001:2015 Environmental Management Systems

Implementing management procedures under international standards

Utilizing standard management processes is essential for the Corporation to uphold compliance and efficiency in pursuing sustainable development objectives, bolstering its competitiveness and stature, and delivering value to relevant parties.

In 2023, FPT persisted in advancing the adoption of management methodologies utilizing Objectives and Key Results (OKRs) across the Corporation, aiming to align individual objectives with each department's/subsidiary's/Corporation's goals. This approach ensures alignment with the overarching strategy and direction, thereby enhancing operational efficiency and labor productivity. The objectives and results of the Corporation, subsidiaries, departments, and individual employees were reported, updated, tracked, and periodically evaluated using the OKRs management tool for precise measurement. The degree of individual goal-setting completion rates ranged from 95% to 97% across various periods.

Moreover, the Corporation's activities overall, as well as each core activity area specifically, were also adhering to and attaining prestigious international standard certifications, such as: ISO 9001:2015, ISO/IEC 27001, ISO 22301, ISO/IEC 27017, CMMiDEV/ 5, Uptime Design Tier III, ISO 22301, ISO 21001:2018…

Toward sustainable procurement

To advance the sustainability objectives, especially in global markets, FPT is committed to cultivating a sustainable supply chain. This involves establishing and rigorously adhering to internal guidelines on green procurement.

Accordingly, procurement and service utilization activities within the Corporation are assessed, selected, implemented, and monitored by the Procurement Department to ensure compliance with procedures and regulations specific to each service and commodity group. Concurrently, the Corporation consistently enhances its investment and procurement practices while advocating for similar improvements within its supply chain partners.

The Corporation pledges to refrain from engaging with suppliers whose operations adversely impact health, labor safety, and the environment. Moreover, all service procurement contracts incorporate provisions ensuring compliance with human rights, labor standards, and environmental regulations.

To ensure sustainability, FPT meticulously evaluates and selects suppliers that adhere to legal requirements, prioritize environmental protection, and uphold ethical business practices from the outset. Supplier selection is based on a comprehensive set of criteria encompassing factors such as pricing, reputation, quality, availability, delivery, as well as social and environmental responsibility. FPT allows for supplier selection to be customized to align with the specific type of goods/services, ensuring the optimal choice of supplier that maximizes benefits for both FPT and its suppliers. FPT assesses these criteria on a scale and assigned varying weights depending on the service groups. Additionally, the Corporation measures and evaluates various indicators, including the number of suppliers assessed for risks related to CSR, the percentage of target suppliers whose contracts include provisions covering environmental, labor, and human rights requirements, the percentage of target suppliers that have undergone CSR assessments…

Every two years, the Corporation conducts social responsibility training sessions for its suppliers, aiming to enhance their understanding of FPT's social responsibility requirements and collectively work toward building a sustainable supply chain. Additionally, preferential incentives and policies are developed for suppliers who adhere to the code of conduct related to sustainable development.

Data centralization

Data management and general principles

The activities of collecting, processing, archiving, and using data of related parties in the data management process are regulated uniformly throughout the Corporation to ensure the following criteria: (1) Confidentiality; (2) Integrity; (3) Availability; and (4) Accessibility and quality of data.

The collection, processing, storage, and use of data are subject to the following principles:

Legality: All actions taking place inside the data management system must comply with the provisions of the Law;
Proper purposes: Data is processed only for registered and approved legitimate purposes;
Data quality: Data must be available, complete, and fit for use throughout its life cycle;
Confidentiality: Information security in data collection, processing, storage, and usage must be guaranteed. Do not disclose confidential information to anyone outside the organization except in cases of work requirements. Accordingly, appropriate safeguards must be conducted, such as making confidentiality agreements with related parties before the disclosure;
Management: The data pertaining to customers of subsidiary companies is comprehensively gathered, leveraged, utilized, and managed by the Corporation, centrally stored with the purpose of adjusting, updating, securing, and enhancing the products, services, solutions, applications, and equipment that FPT currently provides and will continue to offer to its clients.

The data management system consists of functional features: (1) Collecting and archiving; (2) Extracting valuable data; (3) Analyzing to correspond to multiple purposes. The Corporation also utilizes technology in data management and especially promotes data governance to each subsidiary for the most flexible and purposeful data delivery.

FPT's data management model is defined to ensure the following factors simultaneously:

Leadership is committed to the highest levels while collecting, processing, storing, and using data;
Authoritative determination of the Corporation's data-related decisions;
Defining standards, procedures, and processes to guide the management and exploitation of data;
Identifying technology and infrastructure to be used uniformly in the Corporation to ensure safety and security when exploiting data;
Enforcing strictly relevant policies issued throughout the Corporation;
Monitoring compliance and identifying risks in the event of data leaks.

Customer data privacy and security

The Corporation respects the personal privacy of all individuals, including employees, customers, partners, suppliers, and their data confidentiality. Accordingly, it may collect and use personal data following corporate values on a legal basis.

FPT Corporation and its subsidiaries always manage to protect the privacy of customers' personal information. We take all possible technical measures to ensure completeness and accuracy while collecting, processing, and sharing our customers' personal data. In addition, we guarantee that all essential information security measures are in place to prevent any illegal access, collection, use, disclosure, copying, or processing of customers' data.

FPT has implemented a Personal Data Privacy Policy concerning customers' personal data handling. This policy aims to provide customers with a clear understanding of the purposes and scope of information processing by FPT, as well as the measures taken to protect customer information and rights. Additionally, FPT has established regulations on information security management and incident response protocols to ensure the timely detection and resolution of any incidents, thereby maintaining the normal operation of the information system.

In 2023, the Corporation successfully avoided any information security incidents that could have had a detrimental effect on its reputation. Additionally, all employees in the Technology and Telecommunications departments underwent training to enhance awareness and prevent information security violations.

Scope of corporate policy and the incident response plan

The data protection policy is applied thoroughly across the Corporation and its subsidiaries in accordance with governance standards. Response plans when data security incidents arise fully adhere to two levels:

Prevention: Based on understanding the root causes, prevention plans will also be devised and strictly enforced.
Remedy: Security breaches will immediately be prevented, and highly specialized security departments will remedy security holes. Impact assessment to check relevant data areas will also be performed to avoid outbreaks. The critical point of all the above data safety plans is that all procedures and actions are systematically designed throughout the Corporation.

The important point of all of these data security plans is that all plans and actions are systematically designed throughout the Corporation. At the same time, the tasks and responsibilities of each department are controlled, monitored and reported by a specialized department.

Data security training programs

Training programs on data security, risks, and security-related processes were periodically conducted for all employees on FPT's online learning platform. In addition, all new staff is well-trained in data security regulations, methods, principles, and behaviors based on hypothetical scenarios. The department in charge of the data management system conducts training for personnel operating the system periodically or when making any changes. For instance, in FPT's IT services for foreign markets, 100% of employees are trained in information security.

Risk management

Depending on the characteristics of each business sector, the risk management framework is directed, approved, and improved by the CEO every year. In terms of sustainable development, FPT identified four core risk groups: Strategic risks; Operational risks; Financial risks; and Regulatory risks.

Strategic risks

Strategic risks include: Strategic and visionary risks and Competitive threats. Strategic risks can lead to misidentifying the development orientation, which means unreasonable investment allocation as well as failure to explore new business segments and launch high-value products/services to meet market demands. Most of the Corporation's business sectors have low entry barriers and yet have faced enormous challenges as foreign or emerging competitors arrive and seize market shares.

Risk management measures:

Participating in major economic and technological events globally to get updates on the latest tech trends and explore new business opportunities;
Organizing annual strategic governance conferences to keep abreast of the latest trends in business and technology, thereby consistently and promptly adjusting the visions and strategies;
Providing end-to-end services and gradually enhancing its prestige in the IT value chain. This strategy will help continuously improve the competitiveness of the Corporation;
Promoting staff training and development, especially for technologists, in order to enhance technological capabilities and meet competitive needs. FPT's total number of employees stands at 48,162;
Continuously enhancing business models, information systems, and internal processes to optimize operations and expenditures based on modern corporate governance systems;
Promoting in-house digital transformation to assure unified and transparent operations toward a real-time data-driven corporation. This significant factor helps build competitiveness, steadily overcoming challenges as economic recovery suffers after the Covid-19 pandemic. In 2022, the concentration on in-house digital transformation significantly enhanced the Corporation's management, operations, and business activities.

Operational risks

Operational risks include: Risks of information disclosure, Human resource risks, Reputation/brand risks and Information security and cyber security risks.

Risk management measures:

Fully updating regulations related to information disclosure for listed companies;
Setting up internal processes of information provision and disclosure to provide timely, accurate reports on operational and financial activities;
Keeping regular contact with the person in charge of information disclosure at SSC and HOSE to monitor the sufficiency and accuracy of information to be disclosed;
Making FPT a learning organization, developing a highly qualified workforce, and being well-organized toward a long-term vision. In 2023, training programs were widely deployed throughout the Corporation, with 851,874 training sessions, an increase of 26% over 2022. The number of technology certificates also increased from 8,712 in 2022 to 14,487 in 2023, a corresponding increase of 66%;
Developing fair, transparent, and competitive remuneration policies based on the "Do more – Get more" criteria. Employees' income would be commensurate with their performance and contribution to the organization. Additionally, FPT also implemented other policies such as housing and vehicle subsidies;
Creating an equal and happy work environment to enhance the employer brand and gain more talent;
Establishing vibrant educational institutions within FPT Education to attract students across various educational levels, fostering high-quality human resources for both the market and FPT's workforce;
Collaborating with esteemed partners to implement training programs in emerging technology sectors like AI and semiconductors;
Partnering with domestic universities to facilitate internships and research opportunities at FPT and its subsidiary companies, providing support through scholarships, educational materials, laboratory access, and employment prospects;
Developing a customer feedback system for gathering and implementing consumer opinions to adjust customer services promptly. Periodically surveying stakeholders' satisfaction;
Setting up a process of crisis communications management;
Developing the media code of conduct;
Monitoring daily and hourly information related to the Corporation and its subsidiaries on media and social networks to promptly handle the potential reputational crisis;
Thoroughly applying anti-data loss and system safety measures to ensure the IT security of the Corporation;
Increasing investment in cybersecurity systems and solutions, revising processes, and applying the latest security standards. In addition to outsourced systems, FPT has been developing some cybersecurity products, such as CyRadar and FPT EagleEye…;
Periodically checking and evaluating the entire system.

Financial risks

Financial risks include: Exchange rate risks and Ordinary business risks (Risks in business activities include bad debts and high inventories). In particular, exchange rate fluctuation is a potential risk in FPT's overseas IT services.

Risk management measures:

Strictly monitoring factors that affect foreign exchange rates, diversifying resources of foreign-earned income;
Applying exchange rate hedging policies, especially for Japanese Yen;
Using currency swaps to hedge against possible exchange rate risks with foreign currency loans;
Deploying flexible sales policies based on exchange rate fluctuations;
Complying with sales-purchasing processes and contractual management procedures… to reduce operational risks in business;
Utilizing technology and AI to predict customer requirements, automate debt confirmation processes, and manage and authorize payments. This approach enhances quality control, facilitates prompt and accurate decision-making, and mitigates reliance on human intervention;
Utilizing AI and data analytics to create the solution for procurement optimization. The solution helped scan and identify products to be purchased, recommend suitable suppliers, then track and spot suspicious transactions in the procedure-to-pay process with vendors;
Building the AI-based solution to predict how likely a customer will churn or different reasons trigger customers to terminate their contracts while using telecommunications and television services. Then, the solution supported the customer care team to implement proactive loyalty programs, promptly identify customer complaints, and advise for handling, which enhanced customer retention;
Creating liability management and inventory management policies;
Developing an automated monitoring and approving software system to improve management efficiency and minimize risks;
Strictly analyzing and monitoring overall business processes right from the stage of quantifying customer needs.

Regulatory risks

FPT's growing scale of operations has gone beyond Vietnam's territory. The global expansion requires compliance with local legislation, especially the Law on migrant workers in the countries where FPT operates. Besides, cultural differences in a multinational workforce and among its partners present increasing challenges.

Risk management measures:

Swiftly following the policies and crucial directions of the Government and state agencies; actively researching and making recommendations to competent authorities in order to promote the role of IT in boosting economic growth;
Researching, keeping abreast of and complying with provisions, and respecting the cultural and business environment of international markets;
Proving training courses in local cultures and laws.

The prevention of interest conflicts, fraud, and corruption

Conflicts of Interest Principles

FPT Corporation always takes precautions against conflicts of interest and strictly handles any violations of financial discipline. Employees are expected to adhere to the following codes of conduct to avoid conflicts:

Avoid conflicts of interest in business investment that negatively affects decision-making and the interests of the Corporation;
Avoid conflicts of interest with investment activities of employees' relatives. Employees must declare to the Corporation and report to their line managers if any relatives contribute capital to or hold executive positions at any companies on the list of FPT's customers, suppliers, or competitors;
Avoid conflicts of interest in giving and receiving presents within FPT Corporation;
Avoid conflicts of interest in employee selection and promotion. Be transparent in the selection and management of human resources, following clear evaluation criteria of capacity, experience, and skills that meet the actual needs of the Corporation.

Anti-corruption and anti-fraud policy

As one of the large-scale enterprises operating in various countries, FPT developed and published a code of conduct. It laid the foundation for the Corporation's activities, ensuring that personnel at all levels and departments comply with the internal and external code of conduct to prevent conflicts of interest, fraud, and corruption.

Accordingly, the Corporation set out principles to ensure internal confidentiality and a code of behavior for people outside the organization to ensure equal and civilized competition and compliance with relevant legislation. In addition, it also defined clear regulations and policies for employees to avoid conflicts of interest in receiving gifts, whether directly or indirectly in any form. Gifting was stipulated to be conducted by FPT's representatives on behalf of the Corporation.

It was strictly prohibited to take advantage of the company's brand name in gift giving to perform bribery acts to customers or any other third party. In addition, acts of abusing their power or personal relationships at the company to illegally influence competent parties in employee selection or promotion to gain private benefits were also considered violations of the code of conduct.

Compliance with tax regulations

FPT always complies with all strict tax regulations in Vietnam as well as the countries and territories worldwide where it operates. It built a transparent and effective management system and promoted the digital transformation of the internal financial and accounting system. In 2022, FPT put into application the Internal CIT Management System globally, enabling business units operating in all countries around the world to identify, manage and track CIT obligations, including temporary differences in tax accounting and/or deferred tax liabilities, thereby minimizing the risk of tax penalties and loss of tax assets. In addition, FPT continuously organized internal inspection and control meetings to ensure the compliance of the entire system with relevant local tax regulations for related industries.

Anti-corruption policy for suppliers

FPT, together with its direct and indirect subsidiaries, had a zero-tolerance policy against bribery and corruption of any kind. The purchase of goods and services and the selection of suppliers should be made based on actual needs. Quality, price, and criteria are determined specifically and reasonably and must put the organizational interests first. FPT also expected its customers and suppliers to behave in a civilized manner, comply with the Law, and in accordance with the following principles:

Do not directly/indirectly offer, promise or authorize payment of any money or material benefits to any employee, leader, or third party of FPT to achieve improper advantages;
Do not suggest, solicit, or accept any money or material benefits from any employee, leader, or third party of FPT in exchange for improper advantages;
Do not instigate or assist others in violating the above policies. If any violation is detected, it should be reported immediately to FPT and related parties;
Suppliers should keep accurate and complete documents, records, and books for future retrieval. Invoices should be fully kept with receipts and other supporting documentation for any expenses paid on behalf of the Corporation.

In the event that FPT reasonably suspects any supplier violated these terms, it may terminate/restrict the business relationship with the supplier. In addition, any employee found to be infringing or assisting others to violate the above principles may be subject to appropriate disciplinary actions.

Internal control

In order to improve the governance capacity of FPT and its subsidiaries as well as ensure transparency and the interests of shareholders and stakeholders, FPT designed an internal control system in compliance with relevant legislation and in reference to international standards.

To ensure practical internal control activities and minimize risks mainly related to sustainable development, FPT also developed a detailed plan to operate the internal control system. Accordingly, the Head of Compliance Monitoring Department, the Chief Quality Officer, and the Heads of functional departments are responsible for developing compliance control plans corresponding to their scope of work.

For reviewing the system to make timely adjustments, FPT implements unscheduled control sessions depending on the business situation.

During the year, FPT implemented key control activities, including:

Consolidating the internal control system and risk management policy throughout the Corporation and in subsidiaries;
Supervising compliance with legal regulations in the management and operation of business activities of the Corporation and its subsidiaries;
Coordinating with specialized departments of the Corporation to irregularly and periodically inspect subsidiaries;
Supervising activities between FPT/subsidiaries and its suppliers/partners to ensure equality, transparency, and the highest benefits for all parties; prevent and minimize risks in business activities;
Proposing solutions to manage potential risks that may occur in the operations of FPT and its subsidiaries.

Moreover, FPT is expeditiously establishing avenues for reporting violations to concerned parties within and outside the organization. These channels include a telephone hotline, email, conversations, and opinion surveys, ensuring confidentiality for those reporting violations. Upon receipt of any reported violations, FPT conducts thorough investigations, offers timely feedback, and implements corrective measures promptly upon confirmation of the issue.