RESPONSE TO MEMBER QUESTIONS FROM FEBRUARY 22

Address: 200 –Can

Partnering Governments. Providing Solutions.

RESPONSE TO MEMBER QUESTIONS FROM FEBRUARY 22, 2021 TESTIMONY

BEFORE THE

HOUSE OF COMMONS STANDING COMMITTEE

ON CITIZENSHIP AND IMMIGRATION

FEBRUARY 26, 2021

Corporate structure of VFS Global Inc. parent companies, subsidiaries, contractors and

subcontractors

VF Worldwide Holdings Ltd (“VFS Global” or “VFS”), registered in Dubai, is the company’s global

operational entity.

As we have stated to Canadian media and the committee, VFS Global has no Chinese ownership. All

of VFS Global’s operations and entities, including those in China (operating as VFS China), are

structured under our corporate entity VFS Global. VFS Global is owned and controlled by EQT, a

global investment organization based in Stockholm, Sweden. The Swiss-based Kuoni and

Hugentobler Foundation has a minority investment stake in VFS Global. VFS Global is part of EQT’s

investment fund EQT VII. VFS Global AG and VFS Global Investments AG, both registered in

Zurich/Switzerland are part of EQT’s investment fund EQT VII.

VFS operations in China

In China, VFS Global’s operations are registered under VFS Business Information Consulting

(Shanghai) Co., Ltd ("VFS China"), which is 100% owned by VF Worldwide Holdings Ltd. VFS

Business Information Consulting (Shanghai) Co. Ltd. was incorporated in 2005 and started visa

application operations in China in 2005. VFS China has no subsidiaries within or outside of China. It

has four branches - in Beijing, Shanghai, Chongqing and Guangzhou. VF Services (Hong Kong) Pvt

Limited provides our services in Hong Kong.

It is common practice in China that state-owned organizations are invested in commercial entities in

many different industries. All foreign companies in China in the visa application sector, like VFS

Global, operate with locally-owned or state-owned Facility Management Companies (FMCs).

Key dates for VFS Global’s relationship with the Government of Canada

2007: VFS Global was awarded the initial contract for operating the Canada Visa Application

Centers (VACs) in China

2008: VFS Global started operations of the VACs in 4 cities in mainland China - Beijing,

Shanghai, Chongqing and Guangzhou

2012: VFS Global was awarded a global VAC contract to operate Canada VACs in several

countries across the globe including China

2013: VAC operations under this global contract began in China and Hong Kong in 2013.

2017: VFS Global expanded the Canada VAC network in mainland China to 11 cities by

commencing operations in the cities of – Wuhan, Shenyang, Jinan, Hangzhou, Nanjing,

Chengdu and Kunming

Address: 200 –Can

Partnering Governments. Providing Solutions.

2018: After a competitive tender process, VFS Global was once again awarded a global VAC

contract to operate Canada VACs in several countries across the globe including 11 VACs

in mainland China and 01 VAC in Hong Kong.

Beijing Shuangxiong Foreign Service Company (BSFSC)

Beijing Shuangxiong Foreign Service Company (BSFSC) was our sole FMC in 2005 for our pan-

China VAC operations. We accordingly recommended their name to all our client governments who,

in turn, and in accordance with established protocols and local law requirements, nominated them to

the Chinese Ministry of Public Security, authorizing them to operate VACs in the relevant cities of

operations in China for that particular client government.

When VFS Global responded to the 2007 RFP for the outsourcing of Canada VAC operations in

China, full details of all our FMCs operating across the different cities in China were included in our

proposal.

The visa outsourcing business, referred to as the “Entry & Exit Services” in China, required foreign

companies to partner with local companies for operations of VACs in accordance with Chinese

law. Virtually all foreign companies in China, like VFS Global, operate with locally owned or state-

owned FMCs.

Prospective FMCs are required to have “Entry & Exit Services” or “Visa-related Services” mentioned

in the scope of their business licenses. Prospective FMCs need to be financially sound to set up VAC

infrastructure, hire and retain quality resources, procure and deploy equipment (e.g. office, furniture,

displays, keyboards etc.) following VFS guidelines.

VFS followed the established protocol of recommending BSFSC to the Canadian Embassy for them

to conduct their due diligence on the FMC and to have them appointed to operate the Canada VAC in

Beijing. Once approved by Canada, the Canadian Embassy confirmed this in writing to the Chinese

Ministry of Public Security.

As our services for Canada expanded in China, we accordingly recommended other FMCs to the

Canadian mission for operations of Canada VACs in other cities.

Please refer to the details of all our FMC’s managing the Canada VACs in mainland China and Hong

Kong:

Address: 200 –Can

Partnering Governments. Providing Solutions.

Note that TT Services is a fully owned entity of VFS Global Investments AG, Zurich/Switzerland. TT

Services does not operate in China. It operates Canada VACs in the Americas.

Number of CCP members employed by VFS Global or its subsidiaries or contractors.

a) Number of CCP members from each of the individual subsidiaries and subcontractors

of VFS Global

b) particularly the breakdown for the VAC in Beijing, including Beijing Shuangxion

Chinese law provides workers with equal employment opportunities and equitable conditions of

employment to avoid discriminatory employment practices. Under the law, the employees are under

no obligation to share their political affiliations with their employers. Accordingly, it is not feasible for

an employer to obtain information regarding political affiliations of their employees, while respecting

their privacy rights.

As the committee will know from its study, the Chinese Communist Party (CCP) is the sole governing

party of the People's Republic of China and had more than 90 million members in 2019. CCP

grassroots organizations are common in China and have been established in nearly all state-owned

and private enterprises. It would therefore not be surprising, as would be the case with any company

Address: 200 –Can

Partnering Governments. Providing Solutions.

operating in China, if CCP members were among VFS Global’s employees or the staff of our FMCs in

China.

All of our employees, regardless of their political party membership or affiliation, are subject to the

same rigorous security screening, background checks and protocols that apply to our operations

around the world. In accordance with the requirements of the Canadian government, we conduct deep

identity, credit, criminal, residency, education and employment checks on all of our employees before

they are hired.

We also ensure the following robust physical security and data protection measures at our VACs,

which apply to all employees and visa applicants, comprising Chinese and any third country nationals.

a. Screening of all staff and applicants at the VAC entrance: Screening is performed by IRCC-

cleared personnel at the entrance. This applies to visa applicants as they enter the VAC; and staff

are screened when entering and exiting the VAC, to ensure the staff do not possess any

personally identifiable information (PII) data or office assets.

b. No-mobile policy and implementation: Use of mobile phones inside the Canada VAC is not

permitted. Applicants are requested to switch off their mobiles before entering the premises.

Canada VAC staff hand over their mobile devices to the VAC Managers upon entering the VAC

and retrieve them when leaving for the day. Staff mobiles are kept in a centralized controlled area

with live monitoring by VAC managers.

c. CCTV monitoring: CCTV cameras are installed in the Canada VACs and the digital video

recorder (DVR) is kept in a secured area. The access to CCTV is only provided to IRCC-cleared

VAC Managers for monitoring. The DVRs are password protected.

d. Hardening of devices and monitoring of e-mail traffic: Desktops installed at the Canada VACs do

not permit the copying or downloading of any data. USB access is disabled in all desktops

installed at the Canada VACs to prevent copying of any data to an external media drive. All VAC

staff access their machines through a unique user ID and password and e-mail access is

restricted to those roles requiring its use. E-mail traffic is monitored by the information security

team.

e. Data Management: We do not store any personal data related to a visa application. Data is

purged from our systems within 30 days of a case being closed, in accordance with IRCC

regulations. All data servers transferring China Visa applications to IRCC are located in Canada.

We operate no servers for IRCC in China, and IRCC also conducts unannounced audits to review

the integrity of our systems.

All these measures are managed and controlled by VFS Global. FMC management, owners or

investors have absolutely no access to any data at these visa application centres and no IT

infrastructure access. They cannot influence the visa application process set by client governments.

Notwithstanding any potential CCP related structure or hierarchy in an FMC, party membership has no

influence on the integrity of the visa application process, nor on how a VAC is operated. This process

is defined only by VFS Global in full compliance with the regulations of the Canadian government.

Given all the security safeguards we deploy, there is no basis for the concerns expressed that visa

applicant information collected at VFS-operated VACs is somehow communicated to the CCP, the

government of the PRC or any other unauthorized third parties.

Address: 200 –Can

Partnering Governments. Providing Solutions.

Finally, we underscore that Canada Visa Application Centres do not receive applications from

Canadian nationals or process data belonging to them.

Does VFS or its subcontractors use any Huawei hardware/equipment in its facilities for the

Canadian government in China?

We do not procure or use Huawei branded hardware equipment for the visa application submission

process in any of our Canada VACs in China. In some Canada VACs the Internet Service Providers

(ISP) have installed Huawei routers as part of their connectivity setup. This raises no cybersecurity

concerns. The routers, regardless of brand or configuration, cannot provide a “back door” to the data or

other unauthorized access. All data is fully encrypted in real-time at the point of entry and only

transferred via a 256-bit encrypted VPN tunnel managed by VFS Global and this mitigates

cybersecurity concerns with respect to Huawei routers. VFS Global does not have any servers in China

where applicant data is stored. Applicant data is transmitted fully encrypted to servers in Canada

immediately after the entry. Only IRCC authorized personnel, have access to the fully encrypted visa

application data and biometric data is accessible to Canadian government officials only.

We have deployed security tools and technologies on systems in visa application centres to ensure the

security of our infrastructure and access controls. Security systems and policies are governed and

controlled by VFS Global and undergo regular audits by the client government. Our global IT

Infrastructure is monitored comprehensively by a specialist Security Operations Centre based in the

UK which has the capability to detect and alert any cyber-attack directed towards our systems. In all

our years operating in China, we have not had any cybersecurity incidents for any of our client

governments.