Social Impacts: People
Social Impacts: Clients and Suppliers
Social Impacts: Community
Responsible Governance
CEO Message
Approach to Sustainability
Environmental Stewardship
Appendices
About This Report
About Kum Shing
Business Ethics and Integrity
Legal Compliance
Our commitment to ethical business conduct includes a zero-tolerance policy for any form of corruption, bribery, extortion, fraud and money laundering. All employees must adhere to the Anti-fraud Policy and the Code of Conduct, taking steps to prevent violations. Board members and employees annually acknowledge their understanding of and commitment to upholding these policies and declare conflicts of interest. Violations of our Code of Conduct may result in disciplinary action, potentially affecting performance appraisals and compensation. We periodically communicate the Vendor Code of Conduct to active suppliers, including subcontractors, and incorporate it into our agreements and orders.
To foster a culture of ethical behaviour and prevent misconduct, training is another critical component of our efforts. New employees must complete integrity training as part of their onboarding process, and all employees are required to complete an annual online refresher training. The training facilitates their understanding of our policies and their roles and responsibilities in combating corrupt practices. In addition to mandatory training, we periodically organise specialised training sessions for specific business departments. In early 2025, we partnered with ICAC to deliver integrity training to Power Systems Department.
Violations of laws and regulations could pose adverse impacts on our business operations, performance, financial position and reputation. We put in place internal policies, guidelines and procedures to ensure we operate in compliance with all applicable laws and regulations
and ethical business practices. Our Code of Conduct sets out guidelines that all employees must adhere to. No material violations were reported and no confirmed legal cases of corruption were brought against the Group or its employees during the Year.
Aspects
Number of Cases
Anti-corruption
No reported cases
Governance
Information security and privacy
No reported cases
Employment practices and labour standards
No reported cases
Social
Occupational health and safety
No reported cases
Whistleblowing
Product and service responsibility
No reported cases
Environment
No reported cases
We value integrity and transparency as crucial elements in building trust with our stakeholders. As such, we have established the Whistleblowing Policy and procedures that enable employees and other stakeholders, including suppliers, business partners, clients and other stakeholders, to raise concerns about any misconduct, malpractice or irregularity through a confidential reporting channel. Once a report is received, an assessment will be conducted to decide whether the case will proceed to investigation. All reports and investigations will be dealt with promptly and fairly, following the appropriate procedures. The identities and information reported are treated with strict confidentiality and are only disclosed when required by law or regulation, or when referred to the appropriate regulators or law enforcement authorities. This ensures whistleblowers can report any concerns or issues without fear of reprisals.
Construction Industry Integrity Charter
Information Security and Privacy
Key Security Controls
Information security and data privacy are core elements of our ethical business practices and crucial for maintaining stakeholder trust and ensuring business continuity. We make every effort to protect all data entrusted to us.
Physical security Strict access controls for critical areas such as server rooms with monitoring, allowing only authorised personnel. Access control Electronic access controls following “need-to-know” and “need-to-use” principles, with regular access rights reviews and duty segregation. Threat Intelligence and Technology Vulnerability Regular penetration tests and vulnerability scans to assess the effectiveness of security controls and identify areas for improvement. Anti-Malware and Password Management Enhanced network infrastructure with advanced firewalls, intrusion detection, network segmentation and multi- factor authentication.
As signatories to the "Construction Industry Integrity Charter 2.0", jointly introduced by the HKSAR Development Bureau, the Independent Commission Against Corruption (ICAC) and CIC, Kum Shing has pledged to implementing robust corporate governance and internal controls across its business processes, enforcing integrity policies and providing comprehensive integrity training to senior management.
Management System
Our ISO/IEC 27001:2022 certified Information Security Management System (ISMS) guides us to implement controls and procedures that follow a continual improvement framework and align with industry best practices. The ISMS addresses a wide range of risks for critical business processes, from data breaches to emerging cybersecurity threats, ensuring the confidentiality, integrity, and availability of information assets.
Anti-corruption
Policy and Guidelines