The role of compliance in the organisation
Compliance and integrity are closely related. Both acting with integrity and complying with applicable rules and regulations safeguard Vesteda’s reputation and the reputation of the industry we operate in. For Vesteda, it is not enough to simply abide by laws and regulations; integrity should be embedded in day-to-day business and decision-making processes.
To ensure that compliance and integrity are and remain on top of mind in Vesteda’s business activities, Vesteda has appointed a Compliance Officer. The role of the Compliance Officer is formally defined and documented in Vesteda’s compliance charter. The Compliance Officer reports periodically to the Management Board and the Supervisory Committee, while reporting functionally to the General Counsel. Additionally, the Compliance Officer has a direct line to the CFO and the Supervisory Committee.
The compliance function fits into Vesteda’s ‘three lines model’. This model helps to identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management within Vesteda. The first line is formed by the business; the compliance function is part of the second line and operates independently from the business. The third line is formed by the Internal Audit function, which periodically assesses the effectiveness of Vesteda’s internal control framework, including compliance.
The Compliance Officer’s tasks include the identification, evaluation, monitoring and reporting of and advising on compliance risks within the organisation. The Compliance Officer is part of the Risk Committee and discusses incidents, trends and developments that (could) have an impact on Vesteda’s corporate integrity and is the first point of contact for integrity reports within the organisation. They operate at both a strategic level, advising the Management Board and senior management, and an operational level, advising the business on day-to-day compliance matters.
The Compliance Officer focuses on the areas detailed in the schedule below.
Focal points in scope of compliance function
This covers risks related to the non-compliance with laws and regulations, such as the Alternative Investment Fund Managers Directive, Dutch Financial Supervision Act, the Anti-Money Laundering and Anti-Terrorist Financing Act and the General Data Protection Regulation.
This covers risks related to the non-compliance with the internal code of conduct and related policies.
This covers risks related to non-compliance with rules related to:
This covers counterparty risks and screening of tenants and parties Vesteda does business with.
Vesteda’s view on compliance and integrity
We strive to ensure integrity on all fronts. Vesteda employees sign a code of conduct and Vesteda has an internal reporting scheme, including anonymous reporting via a SpeakUp line, to report (suspected) compliance and integrity incidents. The Compliance Officer reminds employees of this code and the reporting scheme on an annual basis and employees are asked to confirm that they are aware of the code and the scheme and that they will comply.
The Compliance Officer keeps a register of all reported incidents. When an incident is reported, the Compliance Officer evaluates whether the reported incident should be classified as material or not. This would be the case when a) there is a considerable risk of a regulatory fine or sanction, or b) the relationship with key stakeholders could be adversely affected in a serious manner or c) it could result in substantial reputational damage.
Key performance indicators with respect to integrity are:
Number of incidents reported to the Compliance Officer. In this respect, Vesteda explicitly does not strive to have zero incidents reported. In addition, employees are encouraged to speak up to colleagues and management before formally reporting an incident to the Compliance Officer. Vesteda is of the opinion that the reporting of incidents can contribute to risk awareness and is a sign of a company culture in which employees do not fear repercussions for reporting an incident. Incident reporting can help to identify trends or risks. In 2020, the number of reported incidents declined slightly to 16 (which were mainly minor data breaches and (alleged) conflicts of interest). The incidents were addressed by the Compliance Officer and, depending on the severity of the case, discussed with the Management Board and reported to the Supervisory Committee.
The number of material incidents. No material incidents were reported in 2020. Material incidents are: criminal acts, corruption, a violation of applicable laws and regulations, a breach of our internal Code of Conduct, a threat to the environment, health or safety, misleading supervisory authorities, intimidation, withholding or manipulation of data or any other act that damages Vesteda directly or indirectly.
Percentage of employees that confirm adherence to Vesteda’s code of conduct. In 2020, 98% of all employees confirmed their compliance with Vesteda’s code of conduct. The Compliance Officer contacted employees who did not confirm in a timely manner, to gain an understanding of any underlying reasons.
Vesteda’s compliance with applicable rules and regulations is the foundation of its license to operate. Two of our main objectives are to incur no (monetary) sanctions and to retain our AFM license. Vesteda met both of these objectives in 2020.
Compliance focal points 2020
The Compliance Officer conducted the annual Systematic Compliance Risk Analysis (SCRA) in Q4 2020. The SCRA is an instrument the Management Board and the management team use to identify and analyse compliance and integrity risks in a structured manner. The analysis included an assessment of whether existing control measures were (still) sufficient to prevent or mitigate these identified risks or whether new measures were required. The outcome of the SCRA forms the basis of the Compliance year plan for 2021.
Vesteda updated and launched its Code of Conduct.
The Management Board presented an online employee meeting on Vesteda’s new Code of Conduct in Q4 2020 for all of Vesteda’s employees. The aim of this was to (further) increase employee awareness with regard to integrity and the Code of Conduct. Nearly all employees participated in the meeting.
Vesteda sent out the annual confirmation reminder of Vesteda’s Code of Conduct. Vesteda’s goal is to have 100% of its employees confirm the Code on an annual basis. In 2020, 98% of employees confirmed their compliance with the code of conduct. The Compliance Officer contacted the employees who did not confirm their adherence to the Code.
The Compliance Officer recorded compliance and integrity incidents and reported on a quarterly basis to the Management Board and a subcommittee of the Supervisory Committee about these incidents and any measures taken. The number of recorded incidents declined slightly in 2020.
The Compliance Officer and Internal Audit department conducted an internal investigation into a conflict of interest of an employee in Q3 2020. Following this investigation, Vesteda took disciplinary measures.
Vesteda was in contact with the Dutch Authority for the Financial Markets (AFM) on the rectification of the registered policy makers and parties having a qualified holding in Vesteda.
Vesteda submitted its input on various market questionnaires of the AFM.
The Compliance Officer led projects focused on updating Vesteda’s client due diligence policies and procedures, and the (automated) monitoring of potentially unusual transactions.
In addition to the new ERP system, Vesteda worked on the development of a new client portal. This also entails the monitoring of General Data Protection Regulation (GDPR) compliance.
Vesteda updated privacy statements and published these on its website and the online rental portal.