VNET's efficient operations benefit from a sound governance structure and clear management responsibilities. Our robust governance structure consists of the general meeting of shareholders, the Board of Directors and its subordinate committees and management. The Board of Directors provides consultation and suggestions on the management of various divisions, including formulating relevant strategies, supervising their implementation, and monitoring the operational and financial performance of the Group, ensuring soundness of internal control and risk management systems.
We value the Board independence and diversity. The Audit Committee, the Nominating and Corporate Governance Committee and the Compensation Committee of the Board of Directors are all led by non-executive independent directors. Various factors, including but not limited to expertise, industry experience and qualifications, educational and cultural background, gender, race, etc., are considered in the selection process and the appointment of Board members. This course of action ensures that a diverse range of skills, experience, knowledge and perspectives can be brought to the enterprise.
We encourage our directors to participate in appropriate professional training and courses, as well as providing them with legal and regulatory updates for reference and study, aiming to enhance the Board's compliance awareness and capacity to perform duties.
As of April 2024, the Board of Directors consisted of seven members, including two executive directors and five independent directors. Independent directors account for 71% of the total.
The Group has established an ESG governance structure with the Board of Directors taking the responsibility, management taking the lead, enhancing cross-functional cooperation and cross-level collaboration. The Group has incorporated ESG management philosophy into Group's major decisions to promote high-quality development of the enterprise. The Board of Directors, as the highest decision-making body, provides overall guidance and supervision of the Group's ESG efforts. The Board of Directors and management are responsible for ensuring that the Group's ESG strategy and related activities, including climate-related issues, are both relevant and effective.
Effective risk management and internal control are essential to the successful operation of the Group. Based on the Internal Control-Integrated Framework (hereinafter referred to as “Framework”) issued by the Committee of Sponsoring Organizations of the Treadway Commission (hereinafter referred to as “COSO”), we develop risk management and internal control systems tailored to the characteristics of our business development. We identify and give early warnings to financial and non-financial risks in the operation process to form an effective risk prevention and control mechanism. We also clearly define the roles and responsibilities of the Board of Directors, management, internal control teams and external audit agencies in the risk prevention and control system to ensure both soundness and effectiveness.
Based on the COSO Framework and in compliance with the requirements of the Sarbanes-Oxley Act, we have established the three lines of defense for risk management, clarifies the level and role of risk management and develops specific control procedures for various risks.
We carried out annual risk identification and materiality assessment, including risks of information security, human resource, and climate change. The risk assessment results and internal control system effectiveness were reported to the Board of Directors and accepted its supervision.
We conduct annual test and self-evaluation of the effectiveness in the design and execution of the internal control system using appropriate control criteria. At the same time, we engage external auditors annually to audit the Group’s financial report and related internal control, and the auditors issue an evaluation of whether there are significant deficiencies in internal controls over financial reporting. The full text of the audit conclusions is published on the Group's website for the review and supervision of all relevant parties.
We maintain a favorable risk management culture through incentive mechanisms, regular organizational training and other ways to raise risk awareness and risk response capability of our employees. We incorporate metrics concerning risk management, including but not limited to information security, anti-corruption and occupational health and safety, into the performance evaluation criteria and incentive systems for executives, department managers, and employees. The evaluation and assessment results based on these indicators affect the results of performance bonuses, salary adjustments and promotions of the corresponding personnel.
The Group organizes risk management specialized training for its board members to keep them up to date with the latest risk management trends and practices. We provide risk-related training involving topics such as anti-corruption and work safety for all staff in various ways to raise their risk management awareness.
We have a deep understanding of the importance of upholding business ethical and strictly abide by the relevant laws and regulations, including the Company Law of the People's Republic of China, the Anti-Unfair Competition Law of the People's Republic of China, the Anti-Monopoly Law of the People's Republic of China, the Foreign Corrupt Practices Act of the United States, and the Sarbanes-Oxley Act. We have also formulated and issued the Code of Business Conduct and Ethics, requiring employees of the Group and third parties associated with the Group to engage in business activities accordingly. We also provide ethical training for all employees (including part-time) and suppliers. We have established a comprehensive business ethics and compliance management system tailored to the Group, which specifies certain issues, such as legitimate competition, anti-monopoly, intellectual property management, and anti-corruption. This systematically defines the responsibilities, reporting lines, and accountability mechanisms of each department.
VNET takes a zero-tolerance approach toward corruption. Adhering to the principles of supervision, education and punishment, the Group has implemented a comprehensive integrity management system. Through internal documents, including the Integrity Inspection System and the Gift Registration System, detailed regulations have been made regarding supervision management, integrity education, investigation and punishment. In addition, we require all employees and third-party suppliers to sign the Anti-bribery Commitment Letter.
VNET has established an anti-corruption risk identification management process and conducts annual inspections to identify risks and urge relevant departments to resolve risks in a timely manner. We have developed a risk identification, evaluation, and control process, and created a risk identification and evaluation system model to identify potential integrity risks and management loopholes within the Group. When a risk is identified, the relevant departments conduct investigations and carry out analyses of integrity risks. For whistleblowing reports from external channels, we also investigate post responsibilities and corruption risks, aiming to identify the risk of bribery incidents and promptly address them. Currently, a number of sites involved in the Group's main business have been certified to the Anti-bribery Management Systems (ISO 37001). In 2023, there were no concluded legal cases regarding corrupt practices brought against the Group or its employees.
We carry out anti-corruption training and publicity programs at multiple levels to improve the ability of all employees to prevent integrity risks, and cultivate a transparent and honest integrity culture. Drawing on the unique business characteristics of each department, we provide tailored integrity training and educational seminars to departments and positions with higher risks of corruption. Additionally, these departments undergo focused supervision as part of their daily management. We conduct interviews with executives to communicate and explain the Group's anti-fraud policy at the management level to establish awareness of clean practices among all employees. For employees, we include anti-corruption training courses in our employee training system to increase their understanding of the Group's anti-bribery culture, penalties for bribery, reporting requirements, and whistleblower protection measures. We conduct anti-corruption training for new employees every month and include anti-corruption training test results in new employee assessments during their probation period. Meanwhile, the Group has set up an Integrity Education column on the i-Vnet platform to regularly post integrity education content and cautionary cases. In addition, as a member company of the Enterprise Anti-Fraud Alliance, VNET actively participates in online courses and offline training sessions organized by the Alliance to help cultivate a clean business environment.
This year, VNET provided anti-corruption training for 100% of directors and employees, and achieved a 100% pass rate in anti-corruption training exams for new employees. We attended 11 monthly meetings organized by the Enterprise Anti-Fraud Alliance, published 12 online articles related to integrity education for employees, and put up 8 warning posters in the office area.
VNET has developed various systems such as the Regulations on the Handling of Whistleblowing and Complaints and the Integrity and Whistleblowing Rewards Program, outlining the procedures for accepting whistleblowing reports and complaints. Internal and external stakeholders can make non-anonymous or anonymous whistleblowing reports and complaints via email, telephone, and other channels. For any whistleblowing reports and complaints that require further investigation, we immediately initiate the investigation procedures and processes, and report the investigation results directly to the management and the Board of Directors.
We respect and protect every whistleblower and complainant. We strictly control the access to information related to whistleblowing reports and complaints within the Group. Confidential materials that are involved in the investigations are protected through several means as technical encryption and physical isolation. We do not disclose the personal information of the complainants or whistleblowers without their consent, and strictly safeguard their legitimate rights and interests. The Group also accepts anonymous whistleblowing reports and makes channels readily available. The Group takes strict action against investigators who violate the confidentiality provisions and improperly fulfill their duties, as well as those who retaliate against the complainants and whistleblowers or take hostile measures against investigators. and those with serious circumstances will be handed over to the judicial authorities.
