Risk management

Vesteda has fully incorporated risk management in its strategic and operational processes. It has defined its risk management policy and implemented a risk management framework in line with the core fund risk profile, as defined in the Terms and Conditions of Vesteda Residential Fund, extending to all levels of the organisation and all lines of business. The Vesteda Managing Board assesses the proper functioning of the framework on a regular basis and continues to pursue further improvement and optimisation of the internal risk management and control procedures.

Focus on achieving organisational targets

Risk management and internal control are dynamic processes designed to provide reasonable assurance regarding the achievement of strategic goals and objectives relating to operations, reporting and compliance. Vesteda believes it is extremely important that risk management is an integral part of effective operations at strategic and operational levels. As a result, Vesteda’s stakeholders, such as employees, tenants, investors and financiers, can rely on the fact that the business is run in a controlled way, focused on the achievement of strategic goals and objectives, with results that justify the risk profile.

Risk appetite

The INREV core fund risk profile implies that Vesteda has a relatively low risk profile since it typically invests in income producing real estate investments. Vesteda employs relatively low levels of leverage and has limited exposure to real estate development. A significant and stable proportion of its returns are generated through rental income. Overall, Vesteda has a relatively low risk appetite.

Integral part of business operations

Risk management is an integral part of Vesteda’s business operations and process management. To put this into practice, Vesteda identifies the risks associated with business operations and - if the Managing Board believes it is necessary - reduces these risks to the desired level through control measures. Vesteda regularly - at least annually - identifies and evaluates the strategic, operational, compliance and financial risks and has defined relevant risk limits. Vesteda has developed its internal risk management framework on the basis of the recommendations of the Committee of Sponsoring Organisations of the Treadway Commission (COSO), the aim of which is to create a reasonable level of assurance on the achievement of organisational targets. These enable management to assess the proper functioning of the risk mitigating measures that have been adopted. The internal controls cannot, however, offer absolute assurance due to the possibility of unforeseen circumstances, human errors of judgement and mistakes, collusion by employees, breaches of regulations, cost/benefit considerations or the occurrence of inherently minor incidents with significant consequences.

Managing Board’s responsibility and the four lines of defence

The Managing Board is ultimately responsible for managing the control environment and the risks inherent in Vesteda’s business activities. It is also responsible for ensuring that the company complies with relevant legislation and regulations.

Senior management and the designated process owners have day-to-day responsibility for the continuous monitoring of the design and operation of the risk management measures. They represent the first line of defence in the framework. A Risk Management Officer (RMO) has been appointed to design and maintain the overall framework, to coordinate and advise on the measures to be implemented, and to evaluate the assessment and reporting of senior management with regard to the proper functioning of the measures. Together with the control staff, the RMO represents the second line of defence in the risk management framework.

The so-called third line of defence is the internal audit role, which audits the operational processes and reports to the Managing Board and the Supervisory Committee. In 2015, the role of the internal auditor was strengthened by defining the Vesteda Internal Audit Charter, designing and implementing an Internal Audit Plan and improving the coordination of its activities with the risk management role. In 2016, the internal audit role was transferred from the control department to an appointed Internal Auditor.

External supervision constitutes the fourth line of defence. The Supervisory Committee, the external auditor and the depositary together constitute this fourth line of defence.

2016: sixteen risks areas

In the first quarter of 2016, the Managing Board evaluated the list of most relevant and significant risks for Vesteda. This risk assessment resulted in the following list of sixteen risk areas that were considered the most relevant and significant risk areas for Vesteda:

One of the criteria for selecting these sixteen risk areas is that they should satisfactorily cover ongoing strategic, operational, compliance and financial risks. Vesteda conducts an annual evaluation of the extent to which the set of identified risks covers Vesteda’s risk universe. In other words, this is an assessment of whether new risk areas should be added to the existing list, or whether risk areas can be removed from the list based on operational developments, the real estate and financial markets, stakeholders, etc. The impact of the assessment on the control activities is also evaluated and changes are made when necessary. In 2016, no changes were made to the set of the risks identified. The sixteen risk areas are addressed in detail below.

  1. Strategic vision;

  2. Portfolio Strategy;

  3. Asset management;

  4. Acquisitions & Development;

  5. Property sales;

  6. Property management;

  7. Treasury;

  8. Investor Relations;

  9. Financial reporting;

  10. Human Resource Management;

  11. Integrity;

  12. Continuity of IT;

  13. Tax;

  14. Contractual obligations;

  15. Corporate Sustainability and Social Responsibility;

  16. Valuations.

a Strategic vision

Description of the risk

The risk that Vesteda’s strategic vision is not in line with external developments, not in line with investors’ visions, or is not translated into effective implementation measures.

Control measure(s)

Developing and updating the strategic vision using internal and external research information in consultation with the investors. Shaping this strategic vision, using all available knowledge and expertise and monitoring of implementation measures. For example, in 2016, at the informal Annual Participants Day, Vesteda invited all participants to reflect on relevant Business Plan subjects before establishing and presenting the final plan to the participants in the General Meeting of Participants. We also organised regular inspiration sessions with our Advisory Committee to exchange ideas on the developments that will be important to our tenants in the future.

b Portfolio Strategy

Description of the risk

The risk that Vesteda’s strategy is not properly translated into an effective portfolio strategy, due to lack of alignment with investor objectives, incorrect market development expectations or unqualified sources of information upon which the portfolio strategy is built.

Control measure(s)

The portfolio strategy is designed, implemented, monitored, analysed, evaluated and benchmarked continuously. Shareholder alignment is created through the annual Business Plan process, in which the portfolio strategy and investment criteria are discussed and approved by the participants. In 2016, Vesteda thoroughly redefined the sustainability goals with regard to its portfolio and started the transition and realisation phase.

c Asset management

Description of the risk

The risk that Vesteda’s asset management activities are not aligned with the defined portfolio strategy compiled in close consultation with participants and the Supervisory Committee, and may fail to achieve optimal operating results or may lead to lower appreciation of the portfolio. Asset management should have sufficient tenant satisfaction focus in the deployment of its activities.

Control measure(s)

By performing hold/sell analyses and defining the tactics for the Vesteda properties, asset management can achieve the predefined objectives. The execution of the tactics is closely managed and monitored. The returns are compared to the industry benchmark MSCI and the targets outlined in the Business Plan every quarter.

d Acquisitions & Development

Description of the risk

The risks that may arise from having inadequate control with regard to the acquisition process of (new or existing) projects, focusing on the financial consequences and quality of the projects.

Control measure(s)

Vesteda no longer engages in new project development activities, but seeks to acquire turnkey projects and existing projects or portfolios. Secured forward funding is considered to be an effective measure in the acquisition process. Customer due diligence, external independent valuation checks, financial guarantees and a standardised programme of project requirements are also part of the control framework.

e Property sales

Description of the risk

The risk that the sales volume and margins aimed for in the Business Plan are not (properly) achieved in business operations.

Control measure(s)

Continuous reconciliation and fine-tuning of projects in the sales phase in line with the requirements of the target portfolio and taking into account market developments. Close monitoring of the sales process as compared to the Business Plan objectives. Pre-sale CDD screening of buying parties is standardised in the sales process of residential complexes. In 2016, Vesteda moderated the sales volumes in the light of the strongly improving market conditions and the value growth of the portfolio.

f Property management

Description of the risk

The risk that Vesteda cannot effectively manage its properties via its in-house property management organisation, which might lead to a decline in tenant satisfaction or higher vacancy and potentially lower operating results.

Control measure(s)

Operations are planned based on a long-term plan, which is established in close cooperation with Vesteda’s asset management activities. Rent levels are continuously marked to market, performance of suppliers is monitored and evaluated and tenant satisfaction is measured and reported upon. Lean and mean processes are increasingly based on web-based client interaction.

g Treasury

Description of the risk

The risk that Vesteda cannot attract the necessary debt capital on competitive terms and conditions to achieve its strategy and targets. Obtaining debt capital involves an interest rate risk and a volume risk. The interest rate risk is the risk that Vesteda may be confronted with undesirable fluctuations in interest rate charges. Treasury also deals with the risk that Vesteda does not generate sufficient cash to meet its financial obligations or financial covenants.

Control measure(s)

Vesteda has reduced the refunding risk by extending the average maturity in the current funding. Multiple sources and types of financing are used to avoid dependence on single segments or providers. Furthermore, Vesteda aims to keep the level of debt capital below 30%. At least 70% of interest rate risks are hedged. Control measures have been adopted to assure compliance with the financial covenants and the Treasury Policy Statement. Stress testing is one of the measures taken to monitor the risks involved. Furthermore, periodic reporting on KPIs such as leverage, cost of debt, hedging levels and average maturity dates ensure that Vesteda is alerted about any deviations from risk limits set.

h Investor Relations

Description of the risk

The risk that Vesteda cannot attract the necessary equity funding to achieve its strategy and targets.

Control measure(s)

Researching investor preferences through increased interaction with investors, the structuring of the issue and redemption process and continuous information flows to current and potential new investors. Since 2015, Vesteda has been strengthening the frequency and methods of communications with current and potential participants. For example, Vesteda introduced an annual satisfaction survey among its participants. In 2016, based on participants’ feedback, Vesteda adapted the distribution policy with regard to the frequency of payments. As of 2017, quarterly distributions will be made to the participants.

i Financial reporting

Description of the risk

The risk that Vesteda presents incorrect and/or incomplete and/or late financial reports to its stakeholders. In addition to this: the risk of incorrect determination of the net asset value of the fund.

Control measure(s)

A complete set of internal control and compliance measures have enabled the Managing Board to issue an ’in control’ statement on financial reporting risks since 2007.
Control measures are implemented to ensure a transparent and professional administrative and reporting process, compliant with relevant legislation and regulations. In 2016, Vesteda adjusted its annual reporting in line with new INREV guidelines, and improved a number of its financial reports based on wishes expressed by management and other stakeholders.

j Human Resource Management

Description of the risk

The risk that Vesteda has insufficient qualified staff and/or too few people to achieve its targets.

Control measure(s)

Vesteda has many measures in place related to selection, appraisal, remuneration and the development of its staff. These measures are primarily executed through Vesteda’s ongoing performance management programme. In 2016, Vesteda decided to reshape the organisation into a more effective, efficient, fully integrated and centralised company. The migration to this new organisation in 2017 poses risks that require careful management attention. Measures have been put in place to monitor the reorganisation process.

k Integrity

Description of the risk

The risk that Vesteda focuses insufficiently on controlling integrity risks, which might lead to extra costs and reputation damage.

Control measure(s)

Vesteda uses a set of procedures and measures to reduce the risk in processes related to conflict of interest situations, to avoid fraud, or to avoid improper social behaviour. All staff must act in accordance with a code of conduct and there is a whistle blower procedure in place for recording and reporting any instances of fraud to the Managing Board and Supervisory Committee, under which corrective measures are taken when necessary. In 2016, all Vesteda employees received a request to affirm the amended Code of Conduct as a basis for their professional behaviour.

l Continuity of IT

Description of the risk

The risk that one or more business processes cannot be performed or are hindered as a result of the non-performance, insufficient or non-availability of key systems or the inappropriate use of the systems by unauthorised persons.

Control measure(s)

A control environment using specific ITIL (Information Technology Infrastructure Library) processes, such as service level management, change management, availability and capacity management, security management and other management tools must safeguard the specific IT control objectives. In 2016, Vesteda improved the level of control with regard to these processes through the outsourcing of the service delivery function. Furthermore, last year the company hired a new IT manager, who is drawing up a new plan for the IT department aimed at taking it to a higher quality level in the face of continuous changes in standards and practice.

m Tax

Description of the risk

The risk of non-compliance with tax regulations and with the obligations stemming from Vesteda’s corporate structure.

Control measure(s)

Permanently safeguarding and monitoring the tax and other conditions for the tax status as stated in rulings and legislation. In order to do so, Vesteda has a continuous dialogue with the Dutch Tax Authorities via so called Horizontaal Toezicht (horizontal monitoring).

n Contractual obligations

Description of the risk

The risk that flawed contracts are drawn up and that there is a lack of adequate checks and balances in contract preparation or lack of insight into outstanding obligations.

Control measure(s)

Proper contract preparation and monitoring that is in line with the mandatory policy, strategy and frameworks and signatory authority of management, Managing Board and Supervisory Committee.

o Corporate Sustainability and Social Responsibility

Description of the risk

The risk of insufficient focus on corporate sustainability and social responsibility, which may lead to inadequate increases in the value of the investments over time, reduced attractiveness for current or potential tenants, investors and employees, potential loss of income and damage to image.

Control measure(s)

Identifying the requirements and wishes of stakeholders to set up, implement and maintain a clear CSSR strategy. Close monitoring of and reporting on the execution of the policy and benchmarking of the results.

p Valuations

Description of the risk

The risk of an improper process of valuation of the real estate portfolio, which hinders the timely and reliable determination of the fund’s net asset value, impairing the valuation, pricing decisions and performance measurement.

Control measure(s)

Creating a standardised periodic external and objective valuation process using selected professional external appraisers. Control environment safeguarding valuation process in line with valuation principles approved by the participants, as well as compliance with relevant legislation and regulations, such as the NRVT guidelines.

Dynamic and continuous process

The above risk management framework is embedded in the planning and control cycles. The internal control systems include other measures for achieving adequate segregation of duties, prompt recording of significant transactions and data security. Internal accountability and management reports, management reviews and other internal research into the design and operation of the internal controls are an integral part of this approach.

The Managing Board regularly assesses the effectiveness of the risk management and internal control systems. Internal reporting on the risk management framework by the RMO and of the findings of the internal auditor is part of the relevant input for the Managing Board. The Managing Board reports at least quarterly to the Audit Committee and Supervisory Committee on the main business risks and the structure and operation of the risk management and internal control systems and continuously seeks to improve and optimise this framework.

Evaluation and adjustments to the risk management framework

Vesteda evaluates its internal risk management and control system annually, or whenever necessary. As a result of the announcement of the reorganisation and restructuring, the risk assessments have to be updated to bring them in line with these internal changes. This process was started at the end of 2016 and will be finalised during 2017.

In 2016, Vesteda initiated closer coordination of the work of the Internal Auditor and the Risk Management Officer. This will be continued in 2017, to further improve efficiency and effectiveness in internal control systems.

‘In control’ statement

The Managing Board is responsible for implementing and maintaining adequate risk management and internal control systems and for assessing the effectiveness of these systems.

During the year under review, we evaluated and monitored our risk management and internal control systems, as further described in the Risk Management section of this report. Based on this assessment we have concluded with reasonable, but not absolute, assurance that:

  1. the annual report provides sufficient insights into any failings in the effectiveness of the internal risk management and control systems;

  2. the aforementioned systems provide reasonable assurance that the financial reporting does not contain any material inaccuracies;

  3. based on the current state of affairs, it is justified that the financial reporting is prepared on a going concern basis; and

  4. the annual report states those material risks and uncertainties that are relevant to the expectation of Vesteda’s continuity for the period of twelve months after the preparation of the report.

It is important to note that effective risk management, with embedded internal control, no matter how well designed and implemented, provides the Managing Board with only reasonable assurance regarding the achievement of Vesteda’s objectives. The achievement of objectives is affected by limitations inherent in all management processes. Therefore, in this context ‘reasonable assurance’ refers to the degree of certainty that would be satisfactory for a prudent manager in the management of his business and affairs in the given circumstances.

Amsterdam, 17 March 2017

Vesteda Managing Board

Gertjan van der Baan (CEO) and Frits Vervoort (CFO)