Governance and Ethics

Sustainability at F&NHB is governed by our Board, which is kept updated on our performance by our Sustainability Management Committee (SMC) that oversees a Sustainability Development Working Team. Our governance framework ensures both that: 1) sustainability policies approved by the Board are implemented on the ground; and that 2) performance on the ground is reported to the Board. At the Board, sustainability is overseen by the Sustainability & Risk management Committee as our sustainability strategies support F&NHB’s risk management.

RISK MANAGEMENT

At F&NHB, we focus on three key areas in overall risk management framework:

  1. Business Operational Risks
  2. Integrating material sustainability issues
  3. Emerging risks which may impact us in mid or even long-term basis

We have integrated the material sustainability issues into our overall risk management framework by identifying specific risks, opportunities, and key priorities for the financial year to drive our strategic decisions. Specific sustainability risks are managed as part of the Enterprise Risk Management. This helps us to develop better products and create more meaningful value for our stakeholders.

Risk appetite and risk tolerance statements are reviewed by the SRMC and approved by the Board annually. At the end of the financial year, the Board receives assurance from the CEO and Chief Financial Officer that the risk management and internal control system in place for the Group is adequate and effective to address risks which the Group considers relevant and material to its operations through the ERM Validation Report and Comfort Matrix.

For the managing of risk management activities, we apply the “Three-lines of Defence” model as follows:

  1. First line of defence: Operational Risk Ownership
  2. Second line of defence: Risk Management and Compliance Oversight
  3. Third line of defence: Independent Audit Unit – The risk management process is periodically reviewed by the Internal Audit team in accordance with its annual audit plan approved by the Audit Committee.

Innovation is critical to maintaining leadership and competitive advantage in a rapidly evolving market. During product development and approval process, we consider the below risks:

  • High investment costs in R&D & equipment with uncertain commercial returns
  • Balancing between the risk of non- acceptance by consumers & the risk of being overtaken by competitors
  • Replication & improvement by competitors riding on products, processes, and packaging of innovator

Considering the above risks, we have implemented several initiatives:

  • Continuous products development to meet the changing needs and preferences of consumers and to deliver high-quality products, with the right nutritional values and tastes
  • Collaborate with research institutes to access cutting-edge research and scientific studies
  • Offer innovative packaging formats to reduce environmental footprint, as well as appeal to consumers’ demand for convenience and flexibility without comprising product quality and integrity.

Our risk management process is aligned with ISO31000:2018 Risk Management – Guidelines. Risk review and reporting is performed on quarterly basis.

Aspects of our risk review process as below:

Key Risk Description Mitigation Actions
Extreme weather events and other environmental concerns Rising concerns associated with environmental impact such as extreme weather events, water-related risks, waste and pollution risks, and biodiversity loss.
  • Establishment of Environmental, Safety and Health Policy, which ensures all major plants in the group are ISO 14001:2015 (environmental management system) certified.
  • Various environmental-related sustainability targets and metrics have been established, monitored, tracked and reported on periodic basis.
  • Undertake Environmental Impact Assessments prior to any project.
  • Partner with local communities to protect and preserve the environment.
  • Zero waste as well as zero pollution policy through continuous improvement of our environmental management system.
Significant increase in commodity/ key material prices Commodities and material prices are influenced by the global and local supply and demand, weather conditions as well as regulatory changes imposed by the government. As such, any significant increase in prices of commodities and materials could impact the cost and profitability of our products.
  • Negotiate effectively for bulk purchases or long-term contracts, aim to secure the most favourable prices
  • Optimise the production process and fully leverage production capacity to maintain competitive pricing through economies of scale.
  • Forward purchase of key commodities, active monitoring of commodities price trends, and vigilant sales forecasting and production planning.
Risks
Emerging Risks Climate Change Risk Risk from disruptive digital technology and disruption
Category
  • Environmental
  • Technological
Description The Malaysian government’s emphasis on the energy transition aligns with global efforts to combat climate change and underscores Malaysia’s commitment to a sustainable and prosperous future. For instance, Malaysia had revised the Nationally Determined Contribution (NDC) to reduce the intensity of greenhouse gas (GHG) emissions by 45 per cent by 2030 compared with 2005 levels.

The globalisation of the world’s economy is vulnerable and prone to the impacts of climate change such as fires, floods, heat waves, windstorms, cold fronts etc which may result in loss of human life, damage to ecosystems, destruction of property and/or financial loss at a global scale. The volatility of global weather disruption may influence the economic activities. As such, any significant increase in prices of commodities and materials could materially affect the cost and profitability of our products.

It is therefore a new risk that may occur in the future and affect F&N’s business operations.

 Like many industries, food and beverage industry is prone to be affected by the development and employment of technologies and innovations to increase production efficiency, decrease the dependence on human labour, save costs for the business in the long run, and respond to the ever-changing demand of consumers.  Hence, there is a risk which the company could not adapt itself to keep pace with technological advancement in terms of products, business model, and route-to-market resulting in significant impact on the Company in the long run.
Impact
  • Potential impact on revenues and financial performance ie reduced profit margins, increase in production and operating costs from the tax levy through the enforcement of laws and regulations for climate change mitigation
  • High insurance premium and disaster restoration costs
  • Loss of competitive advantage
  • Potential impact on revenue and financial performance ie. Inability to achieve targeted revenue and business growth plans
  • Loss of competitiveness and market share
  • The threat of new and smaller entrants, including existing competitors which leads to more intense business competition
  • Impact on corporate value and brand loyalty
Mitigating Actions
  • Conduct climate risk assessment for all sites
  • Established structural flood mitigation measures to protect the facilities and mitigate the damage in the event of flood
  • Identify and analyse possible risks to the organisation from climate change
  • Keep sufficient inventory on hand to supply business and customers in the event of natural disaster damage
  • Sufficient insurance coverage to insure high risk components
  • Commodities and materials price risk is managed through forward purchase of key commodities, active monitoring of commodities price trends, and vigilant sales forecasting and production planning
  • Define and continuously refine the digital vision and strategy to align the organisation with the needed change
  • Stay up-to-date with latest innovations and technology trends thru following tech news, attending online training/ webinars and follow industry social media accounts
  • Continually assess and invest in new technologies to leverage the strength of our product portfolio, enhance the capabilities of our people, improve the efficiency of our manufacturing and distribution, and innovate in our route-to-market
GOVERNANCE

We have in place various policies and guidelines that ensure a high level of integrity across the organisation such as our Anti-Bribery and Anti-Corruption (ABAC) Policy, Code of Business Conduct and Human Rights Policy. These are aligned with the UN Guiding Principles on Business and Human Rights, International Labour Organisation (ILO) guidelines, Thailand’s Labour Protection Act and Malaysia Employment Act 1955.

Policies are communicated through internal mobile app, intranet, training sessions and new employee on-boarding sessions. Our Risk Management team works closely with Human Capital team to roll out and ensure completion for the Integrity Pledge & Conflict of Interest (COI) Declaration, as part of the implementation of the codes and practices. Our Human Capital team ensures completion of compliance modules by enforcing that they are mandatory and non compliance will affect their appraisal during the financial year.

Any violation of Code can be reported via these mechanisms, managed internally by F&N:

The mechanisms provide internal and external parties with a way to raise concerns on our business conduct. We ensure non-anonymous parties are treated confidentially, and that reported cases are investigated through internal channels of communication. The reporting party will be kept informed of the case outcome, including follow-up actions to assure our external stakeholders.

At F&NHB, we launched risk and compliance training modules via our online e-learning platform, including Whistleblowing, Code of Conduct, Business Continuity Management, Bribery Prevention, Fundamentals of Risk Management. The training is compulsory for employees across F&NHB group. Various regular focused training for all employees aim to raise awareness level and enhance skill on risk management and constant updates linked to our key material issues and risks, which are:

  • occupational health & safety to manage productivity risk from injuries, occupational diseases, lost days and fatalities by conducting regular safety training and awareness programmes
  • cyber security to manage risks from cyber criminals which may compromise data integrity and even leakage of confidential information by conducting regular training and constant updates related to cyber threats to maintain awareness level.

The Regular risk management education, is included as part of training programmes attended by our Board of Directors. This is in compliance with the Listing Requirements of Bursa Securities. The risk training and knowledge sharing sessions covered risks related topics such as  Balancing Risk & Business in Protecting Compliance Standards, Aligning Risk Management to Strategy & Purpose, Crisis Simulation Masterclass, Market Risks, Strategic Approach to Cyber Resilience, AI Security Risks, Navigating ESG Risk in the Supply Chain, Board Oversight of Climate Risk & Opportunities, The Chair’s Role in Navigating the Climate Transition, Climate Risk Stress Testing, Understanding Directors’ Duties in Climate Risk, Navigating the Geopolitical Landscape, and more.

As part of compliance system, the anti corruption system is audited once every 4 years. The corporate governance related matters are audited by our Internal Audit department every year.

Senior executive’s level has a performance-based compensation that is linked to the risk management KPIs, as aligned with F&N sustainability strategy. There are 4 key indicators, which are Energy & Climate Change – Climate Risk, Water – Water Availability Risk, Occupational Health & Safety – Safety Risk on employees, and Human Capital – Talent Management & Succession Planning. The annual financial incentives (bonus) are determined based on the achievement of risk management plan of sustainability strategies, including increasing risk awareness among employees about occupational health and safety to achieve zero lost time injury frequency rate, level of risk responding to climate change by improving energy intensity ratio, effectiveness of risk mitigation and prevention by improving water intensity ratio to manage water risks, which can help to fulfil our 2025 group sustainability achievements.

Over the past financial years (FY2020 – 2024), to the best of our knowledge, there have been no incidents of corruption or bribery, discrimination or harassment, breaches of customer privacy data, conflicts of interest, money laundering or insider trading.

Our Cybersecurity Framework is built on industry best practices, including NIST and ISO 27001, and is aligned with our ERM Policy and Guidelines. Through the ERM risk assessment process, we identify relevant cyber threats and implement measures for effective identification, protection, detection, response, and recovery. Our Business Continuity and Incident Response Plans are regularly tested via crisis simulations. In FY2024, KPMG conducted an independent audit of our IT Management System, focusing on Access to Programs & Data and Automated Business Controls, with action plans completed to close gaps. Internal audits, vulnerability analyses, and ISO27001-compliant policies (Access Control, Change Control, Data Loss Prevention, Third-Party & Outsourcing, Security Operations) further strengthen our defences. Employees are trained via online platform, phishing simulations, and SCADA-specific modules, with escalation supported by a dedicated IT helpdesk, incident reporting email, and Outlook’s Phish Alert button. In FY2024, we recorded zero information security breaches.

Read Our Codes and Policies
Read More