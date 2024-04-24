ENVIRONMENTAL, SOCIAL AND
GOVERNANCE REPORT
環 境、社 會 及 管 治 報 告
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
ABOUT THE REPORT
Introduction
The Group (or we) prepared and released the Environmental, Social and Governance ("ESG") Report 2023 ("Report"), which is in compliance with the ESG Reporting Guide set out in Appendix C2 of the Listing Rules of The Stock Exchange of Hong Kong Limited (the "Stock Exchange") and is based on the Group's actual conditions. The Report presents the Group's environmental and social policies, strategies, practices and performance in 2023. For more information on corporate governance, please refer to the "Corporate Governance Report" of the annual report.
關 於 本 報 告
報 告 概 要
本集團（或我們）根據香港聯合交易所有限 公司（「聯 交 所」）上市規則附錄C2《環境、 社會及管治報告指引》的要求以及本集團 實際情況，編制並發佈2023年度的《環境、 社會及管治（「ESG 」）報告》（「本 報 告」）。 本報告概述了本集團2023年度在環境和社 會相關領域的方針、策略、實踐及表現。 有關企業管治的資料，請參閱本年報「企 業管治報告」部分。
Reporting Period and Scope
報 告 期 間 及 範 圍
This Report supplements the remaining parts of the Group's annual
本報告披露本集團於2023年1月1日至2023
report and discloses performance and progress on sustainable
年12月31日的可持續發展表現和進展情
development from 1 January to 31 December 2023. The scope of
況，與年報其餘內容相輔相成。本報告範
this Report covers the Company and its major subsidiaries. The
圍涵蓋本公司及其主要附屬公司，所載資
information stated in this Report was obtained from the Group's
料皆來自本集團各類報告或日常作業記錄。
various reports and records of daily operations.
Reporting Principles
滙 報 原 則
Materiality: We conduct stakeholder communication and materiality
重要性：我們每年進行利益相關方溝通及
assessments annually to identify significant environmental,
重要性評估，以識別與環境、社會及管治
social and governance issues. For more details, please refer to
相關的重大議題。更多詳情請參閱「利益
"Stakeholder Communication and Engagement" and "Materiality
相關方溝通及參與」及「重要性議題評估」
Assessment" sections.
章節。
Quantitative: The standards, methodologies and source of
量化：我們適時附註列明計算數據時採用
conversion factors used in calculating the data are disclosed in due
的標準、方法以及所使用的轉換係數來源。
course.
Consistency: This Report has been prepared in a consistent manner
一致性：我們採用與往年一致的編備方式
with previous years in order to enhance coherence and provide
編制本報告，旨在增強連貫性及與往年表
a meaningful comparison with previous years' performance. 現作出更有意義的比較。所採用方法如有 Appropriate disclosure and explanation will be provided for any 變動，將提供適當披露及解釋。 changes in methodologies.
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
Feedback
The Group considers sustainable development as its imperative long-term goal. We would highly appreciate any comments on improving the content and information delivery of this Report. If you have any queries or suggestions, please feel free to contact us.
Contacts
Goldpac Group Limited
Address:
Room 1301, 13th Floor,
Bank of East Asia, Harbour View Centre,
No. 56 Gloucester Road, Wanchai, Hong Kong
Telephone:
(852) 2838 6202
Fax:
(852) 2834 6759
Email:
goldpac@goldpac.com
SUSTAINABILITY MANAGEMENT
Governance Structure
As one of the major suppliers in offering smart secure payment total solutions in the world, the Group upholds the mission of "Making Transactions More Secure and Convenient" and the vision of "Becoming a Trustworthy Provider for Fintech Products and Services" to deliver quality products and services for customers across the world.
The Board understands the importance of sustainable development for the community and the Group itself, actively integrates ESG factors into important business decisions and is committed to being a responsible leader in the industry. The Board is ultimately responsible for the Group's ESG issues and the Board acknowledges its responsibility to ensure the integrity of the Report and to the best of its knowledge that this Report addresses all material issues and fairly presents the Group's ESG performance. The Board confirms that it has reviewed and approved this Report.
We simultaneously hold certifications by Visa, MasterCard, American Express, China UnionPay, JCB and Diners Club. Ensuring product quality and customer data security are defined as our top priorities. At the same time, we endeavour to explore and investigate suitable corporate operational processes to cohere with the Group's sustainability development pattern. The Group successfully obtained SA8000 certification for its social responsibility management system and was awarded the "2022 CLS•ESG ZhiYuan Award - Social (S) Pioneer Enterprise Award" in 2022. The Group won the "2023 CLS•ESG ZhiYuan Award - Governance (G) Pioneer Enterprise Award" for its outstanding achievements in the areas of fintech digitalisation strategy, industry competitiveness, sustainable development and shareholder rewarded policy.
意 見 反 饋
本集團視可持續發展為長遠發展方針。我 們高度重視您對本報告內容或信息傳達方 面的寶貴意見。若 閣下對本報告有任何 疑問或建議，歡迎隨時聯繫我們。
聯 繫 方 式
金邦達寶嘉控股有限公司
地址： 香港灣仔告士打道56號 東亞銀行港灣中心 13層1301室
電話： （852）2838 6202
傳真： （852）2834 6759
電郵： goldpac@goldpac.com
可 持 續 發 展 管 理
管 治 架 構
本集團作為全球智能交易整體解決方案的 最主要供應商之一，以「讓交易更安全、更 便捷」為使命，以「成為值得信賴的金融科 技產品和服務提供商」為願景，為全球客 戶提供優質的產品與服務。
本集團董事會深知可持續發展對社會及企 業自身發展的重要性，積極將ESG因素融 入重要業務決策中，矢志成為負責任的行 業領導者。董事會對本集團ESG管治工作 及報告負最終責任，肩負起確保本報告的 完整性的責任，承諾公正地披露ESG表現， 及盡其所知涵蓋所有有關的重大事宜。董 事會已審閱批准本報告。
本集團同時獲得Visa、萬事達卡、美國運 通、中國銀聯、JCB和大萊六大信用卡組織 認證。保證產品質量和客戶數據安全是本 集團的首要工作。同時，我們更是在企業 運營過程中不斷發掘、探討和嘗試適合本 集團的可持續發展模式。2022年，本集團 成功通過SA8000社會責任管理體系認證， 並憑藉在金融科技數字化戰略、行業競 爭力、可持續發展、股東回饋政策等領域 的突出實踐成果，繼獲得2022財聯社ESG 致遠獎 • 社會（S ）先鋒企業獎後，再榮獲 2023財聯社致遠獎 • 公司治理（G）先鋒企 業獎。
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
The Group is committed to integrating its businesses with the development of environment and society, pursuing a sustainable development. We have established an effective ESG governance structure: the Board is responsible for making decisions on ESG management policies and strategies, assessing and identifying ESG-related risks, overseeing the implementation of related matters and the approval of ESG reports; management and management representative are responsible for formulating ESG-related measures in accordance with ESG management policies, and reporting implementation progress and feedback; employees of all departments are the practitioners of ESG works, who implement ESG measures into their daily practice. During the year, we continued to promote the collection and reporting of environmental and social performance information through collaboration among various departments, e.g. internal control department, corporate business management department, human resource department, administration department, engineering department and etc. Staff at all levels fully cooperated with sustainability management work to implement the concept of sustainable development into practice.
本集團一直致力將業務與環境和社會共同 發展相結合，推動本集團實現可持續發展 的願景。我們建立了有效的ESG管治架構： 董事會負責ESG管理方針及策略方面的決 策，評估及確認ESG相關風險，監管相關 事宜的實施情況及ESG報告審批；管理層 和管理者代表負責根據ESG管理方針制定 相關ESG政策措施，並向上滙報實施工作 進程和反饋；各部門員工是ESG工作的實 踐者，將ESG措施落實到日常工作中。回 顧年內，通過由內控部、企管部、人力資 源部、行政部、工程部等多部門配合的模 式，我們持續推進環境和社會表現信息的 收集和滙報工作；各級員工全力配合相關 管理工作，將可持續發展理念落到實處。
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
In order to manage sustainable development better, we
為更好進行可持續發展管理，我們與各利
continuously communicate with stakeholders, assess and prioritise
益相關方持續溝通，對識別出的ESG議題
the identified ESG issues based on their materiality, and set up
進行重要性評估和排序，制定重要目標及
key goals and work plans. For goals and measures, please refer to
工作計劃。有關目標及措施，請查閱「環境
"Environmental Management" section.
管理」章節。
The Board oversees the overall management of the Group's risks,
董事會全權監督本集團整體的風險管理，
continually overseeing the Group's risk management and internal
持續監控本集團的風險管理及內部監控系
control system and reviewing their effectiveness through Audit
統，並透過審核委員會檢討其成效。本集
Committee. The Group has in place a risk management framework,
團建立了風險管理辦法，該辦法為集團提
which enables the Group to adopt a proactive and systematic
供一個清晰和系統的方法去識別和管理風
approach to identify and manage risks (including ESG-related risks)
險（包括ESG相關風險），以及評估風險的
as well as to evaluate risk severity and likelihood of occurrence.
嚴重性和發生的機率。
To achieve environmental sustainability, the Group complies with
為實現環境可持續發展，本集團遵從與運
all related environmental laws, regulations (Appendix 1) and
營和產品有關的環境法律法規（附錄1）及
standards. Starting from the energy saving, emission reduction
標準，以節能減排和廢棄物管理為重點，
and waste management as key aspects, we established a series of
通過制定一系列的內部程序和制度，使員
internal procedures and systems to help our employees properly
工能夠更有效地妥善處理廢棄物，提高營
handle the wastes generated in the operation process. As a result,
運效率，減少對環境的負面影響，全面肩
we are able to enhance operation efficiency, reduce the negative
負對環境保護的責任。
impact on the environment, and fully shoulder the responsibility of
environmental protection.
The Group not only abides by relevant laws and regulations
本集團不僅遵守相關僱傭和安全法規（附
relating to employment and safety (Appendix 1), but also pays
錄1），而且關注員工的福利和身心健康安
considerable attention to employee welfare and safety, and at
全，為員工提供包容、公平、安全、健康、
the same time it devotes itself to a well-established management
愉快的工作環境，同時通過完善的管理程
and training system, offering employees a broader development
序和培訓，為員工提供充分的發展空間，
space in an inclusive, fair, safe, healthy and harmonious work
實現人才可持續發展。
environment, to realise the talents sustainable development.
Appendix 1 presents the list including but not limited to laws and
附錄1呈列包括但不限於與環境、社會及
regulations relating to ESG issues and with significant impacts on
管治議題相關且對本集團具有重大影響的
the Group.
主要法律法規列表。
Stakeholder Communication and Engagement
利 益 相 關 方 溝 通 及 參 與
We are grateful to every stakeholder for their support on our
本集團的成長與進步離不開各利益相關方
growth and improvement. In order to lay a solid foundation for
的支持，因此我們努力了解投資者、客戶、
the success of our sustainable development, we have made great
供貨商、員工、社區等利益相關方的期望
efforts to understand opinions suggested by stakeholders, e.g.
及訴求，致力為各利益相關方創造持久價
investors, customers, suppliers, employees, community. We have
值，為本集團的持續發展奠定良好基礎。
established multiple communication channels for stakeholders to
本集團建立了多重溝通渠道，以便各利益
deliver their comments on our ESG performance and future policies
相關方向我們傳遞他們對於可持續發展績
to us.
效和未來政策的意見。
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
Stakeholders
Areas of concern
Communication and engagement channels
利 益 相 關 方
關 注 領 域
溝 通 及 參 與 渠 道
Investors
•
Financial performance
•
Annual general meeting
•
Business strategies
• Regular disclosure on financial and operational
•
Operation in conformance of laws and
information
regulations and corporate governance
•
Investor relations management
- Sustainable development and risk control • The Group's website
- Social media, e.g. WeChat official account
投 資 者
• 財務表現
• 股東大會
• 業務策略
• 定期披露財務信息及運營信息
• 合規經營與企業管治
• 投資者關係管理
• 可持續發展與風險管控
• 本集團網站
• 社交媒體，如微信官方公眾號
Customers
• Product and service quality
• Customer service specialist
• Client information security
• Customer satisfaction survey
• Business ethics
• The Group's website
• Social media, e.g. WeChat official account
客 戶
• 產品及服務質量
• 客戶服務專員
• 客戶信息安全
• 客戶滿意度調查
• 商業操守
• 本集團網站
• 社交媒體，如微信官方公眾號
Suppliers
• Fair competition and dealing
• Supplier site visit
• Mutual benefit and long-term
• Regular assessments
cooperation
• Continuous direct communications
• Business ethics
供 貨 商
• 公平競爭與交易
• 供貨商現場走訪
• 互利共贏與長期合作
• 定期評估
• 商業操守
• 持續直接溝通
Employees
• Training and development
• Management mailbox
• Remuneration and welfare policies
• Performance assessments
• Occupational health and safety
• Employee training
• Equal opportunities and culture inclusion
• Internal exchange forum
員 工
• 培訓與發展
• 管理層信箱
• 薪酬及福利政策
• 績效評估
• 職業健康及安全
• 員工培訓
• 平等機會與文化包容
• 內部交流座談會
Community
• Fair employment and opportunities
• Regular communications to pay attention to
• Environmental protection
society issues and neighborhood
• Epidemic prevention and control
• Social Media, e.g. WeChat Official Account
• Community activities
社 區
• 公平就業機會
• 定期溝通，關注社會民生
• 環境保護
• 社交媒體，如微信官方公眾號
• 疫情防控
• 社區活動
Government
• Operation in compliance with laws and
• Forums, thematic meetings, trainings
regulations
• Visiting relevant government departments
• Business strategies and sustainability
• Regular compliance reports
政 府
• 合規經營
• 論壇、專題會議、培訓
• 商業策略及可持續性
• 走訪政府相關部門
• 定期合規報告
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
We believe that proactive two-way communications with
我們堅信，與各利益相關方的積極雙向溝
stakeholders will help formulate business strategies better
通，有助於我們制訂更加符合其需求與期
conforming to their expectations and requirements, improve
望的業務戰略，提升風險預見能力，鞏固
the ability of risk forecast, strengthen crucial relationships, and
重要關係，携手各方共同實現經濟、社會
finally realise sustainable development in economies, society and
和環境的可持續發展。
environment together.
Materiality Assessment
重 要 性 議 題 評 估
We identified 26 ESG issues with reference to industry-related laws
本集團通過參考行業相關法律法規及全球
and regulations, the important topics identified by global industry
同行已識別的議題，結合集團經營範圍、
peers, the business scope of the Group, ESG risks identified,
ESG風險識別、宏觀政策及熱點等共梳理
macro policies and hot topics. Questionnaires and interviews
出26項ESG議題。我們通過問卷調查及訪
were conducted to understand the views of management and
談的方式，了解管理層和各利益相關方對
stakeholders on these issues, and to assess the materiality of
這些議題的看法，從而對這些議題的重要
these issues. The results serve as an important basis for the
性進行評估。其結果作為編寫本報告和提
preparation of this Report and the promotion of future sustainable
升未來可持續發展工作的重要依據和基礎。
development efforts. The assessment result has been reviewed and
本年度評估結果已提交至董事會審核確認。
approved by the Board.
層
Management
理
管
重 要 性 評 估
非常重要
Materiality Assessment
Very Important
19
17
25
22
18
12
3
14
13
21
2
15
20
16
8
1
6
5
9
23
7
4
24
11
26
10
重 要
利益相關方 Stakeholder
Important
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
Environment Protection 環 境 保 護
- Usage and recycling of materials
物料的使用及回收再利用情況
- Energy consumption and saving measures
能源消耗及節能措施
- Usage of water resources and saving measures
水資源使用及節水措施
- Greenhouse gas emissions and reduction measures
溫室氣體排放及減排措施
- Wastes and their disposal
廢棄物的產生及處置
- Air pollutant emissions and reduction measures
廢氣排放及減排措施
Employee Policy 員 工 政 策
- Talent management policies and status
人才管理政策及現狀
- Protection of employees occupational health and safety
保障僱員職業健康與安全
- Employee development and training
僱員發展與培訓
Operation Management 運 營 管 理
- Wasted water discharge and reduction measures
廢水排放及減排措施
- R&D on clean technologies and green products
清潔技術及綠色產品的研究與開發
- Compliance with environmental laws and regulations
遵守環境法律法規情況
- Protection of biodiversity
保護生物多樣性
- Concerns for and responses to climate change
關注及應對氣候變化
- Internal communications
內部溝通情況
- Anti-Childand Anti-Forced labour
反童工及反強制勞工
- Compliance with laws and regulations of protection of labour rights and interests
遵守勞工權益保障法律法規情況
26. Community engagement
社區參與
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
Looking ahead, we will interact with stakeholders and review
展望未來，我們會持續與各利益相關方開
our performance as always. We persist in taking the social and
展溝通工作，檢視自身發展表現。我們將
environmental responsibilities, optimising our sustainability
繼續肩負社會和環境責任，優化各項促進
initiatives and integrating our business with environmental
可持續發展的相關措施，持續把業務與環
management and social impact to stimulate business growth.
境管理及社會影響相結合，致力促進業務
增長。
INFORMATION SECURITY AND DATA
信 息 安 全 與 數 據 保 護
PROTECTION
The Group believes that information security is the primary prerequisite for creating secure and quality financial technology services, and we have always attached a strategic importance on the application of information security technologies and the protection of information security.
The Group strictly complies with applicable laws and regulations and adheres to information security and data protection. The compliance risk of newly issued laws, regulations and regulatory requirements is also a key concern. As one of the global leaders in total solutions in the field of smart and secure payments, the Group has established its management system regarding to information security and data protection in strict compliance with the ISO27001 information security management system and the PCI (Payment Card Industry) Data Security Standard. The Group has also passed the Security Accreditation Scheme of GSMA, the Global System for Mobile Communications Association. Our R&D environment has also passed on-site testing for security certification by the International Chip Card Standardisation Organisation (EMVCo). The Group engages third-party organisations to conduct system compliance inspections annually, which can effectively ensure the reliability of the Group's management system of information security and data protection. Meanwhile, the Information Security Management System Manual and its subordinate documents were issued to all the staffs within the Group, in order to comprehensively define the security management structure and information security objectives and planning, and specify the specific security requirements for information processing.
本集團堅信保障信息安全是創造安全、優 質金融科技服務的首要前提，我們始終把 對信息安全技術的應用和信息安全的保護 放在重要的戰略地位。
本集團嚴格遵守適用的法律及法規，堅 守信息安全與數據保護。新發佈法律法 規和監管要求的合規風險亦是需要時刻 關注的關鍵。作為全球智能安全支付領 域整體解決方案的引領者之一，本集團 嚴格按照國際標准化組織的信息安全管 理 體 系（ ISO27001 ）和 全 球 支 付 卡 行 業 PCI（Payment Card Industry ）數據安全標 準（Data Security Standard ）建立了本集 團的信息安全與數據保護的安全管理體 系。本集團已獲得全球移動通信系統協會 GSMA的安全認證（Security Accreditation Scheme），我們的研發環境亦通過了國際 芯片卡標準化組織（EMVCo）安全認證現場 測評等。本集團每年聘請第三方機構進行 體系符合度檢查，能有效保證本集團信息 安全與數據保護的安全管理體系的可靠性。 我們亦向全體員工頒布《信息安全管理體 系手冊》及其下級文件，全面定義了安全 管理架構與信息安全目標、規劃等，明確 了信息處理的具體安全要求。
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT (CONTINUED)
環 境、社 會 及 管 治 報 告（續）
Based on the nature of technological innovation in the Group, we have continuously increased our investment in digital transformation and platform building, proactively using information technologies to identify and control risks with a comprehensive upgrade of the information security system software and hardware. The Group was granted by the certifications of ISO/IEC20000 Information Technology Service Management System in 2020, CMMI Maturity Level 5 - Optimisation Level (the highest level internationally used to evaluate the maturity of an enterprise's software development capabilities) in 2021, and ITSS (Information Technology Service Standards) Information Technology Operation and Maintenance Service Capability Maturity Level 3 in 2022. And in 2023, the Group successfully passed the CMMI Maturity Level 5 reassessment. The development of Internet technologies increases the risk of hacking attacks, which are continuous and constantly changing. The Group's top management has authorised the Information Security Management Team to formulate information security policies, taking into account the internal and external circumstances of the Group. We consistently adhere to the information security policy of "full participation, prevention-oriented, risk control and continuous improvement", doing a comprehensive job in all-oriented information security control and data protection. We are committed to providing a safer, more convenient and more accurate services to our customers.
基於本集團的科技創新基因，我們持續加 大對數字化轉型和平台建設的投入，積極 運用信息技術，識別預防和控制風險，對 信息安全系統軟件和硬件進行全面升級。 繼本集團於2020年通過ISO/IEC20000信息 技術服務管理體系認證、2021年通過國 際上用於評價企業軟件開發能力成熟度的 CMMI最高級別五級－優化級認證、2022 年通過ITSS信息技術運行維護服務能力成 熟度三級認證後，本集團於2023年再次順 利通過CMMI L5高成熟度複評。互聯網技 術的發展會帶來黑客攻擊風險，這些風險 都是持續的、不斷發展變化的。本集團最 高管理層授權信息安全管理小組，結合集 團內部和外部情況制定信息安全方針，我 們始終堅持「全員參與、預防為主、控制風 險、持續改進」的信息安全方針，全面做好 各項信息安全管控和數據保護工作，致力 於為客戶提供更安全、更便捷、更準確的 服務。
