The role of compliance in the organisation
Compliance and integrity are closely related. Both acting with integrity and complying with applicable rules and regulations safeguard Vesteda’s reputation and the reputation of the industry we operate in. For Vesteda, it is not enough to simply abide by laws and regulations; integrity should be embedded in day-to-day business and decision-making processes.
To ensure that compliance and integrity are and remain on top of mind in Vesteda’s business activities, Vesteda has appointed a Compliance Officer. The role of the Compliance Officer is formally defined and documented in Vesteda’s compliance charter. The Compliance Officer reports periodically to the Management Board and the Supervisory Committee, while reporting functionally to the General Counsel. Additionally, the Compliance Officer has a direct line to the CFO and the Supervisory Committee.
The compliance function fits into Vesteda’s ‘three lines model’. This model helps to identify structures and processes that best assist the achievement of objectives and facilitate strong governance and risk management within Vesteda. The first line is formed by the business; the compliance function is part of the second line and operates independently from the business. The third line is formed by the Internal Audit function, which periodically assesses the effectiveness of Vesteda’s internal control framework, including compliance.
The Compliance Officer’s tasks include the identification, evaluation, monitoring and reporting of and advising on compliance risks within the organisation, as well as advising on, drafting and monitoring policies and procedures. The Compliance Officer is part of the Risk Committee and discusses incidents, trends and (regulatory) developments that (could) have an impact on Vesteda’s corporate integrity and is the first point of contact for integrity notifications within the organisation. The Compliance Officer operates at both a strategic level, advising the Management Board and senior management, and at operational level, advising the business on day-to-day compliance matters.
Focal points in scope of compliance function
This covers risks related to the non-compliance with laws and regulations, such as the Dutch Financial Supervision Act, including the Alternative Investment Fund Managers Directive, the Anti-Money Laundering and Anti-Terrorist Financing Act and the General Data Protection Regulation.
This covers risks related to the non-compliance with the internal code of conduct and related policies.
This covers risks related to non-compliance with rules related to:
This covers counterparty risks and the screening and monitoring of transactions of tenants and business partners in accordance with Anti-Money Laundering and Anti-Terrorist Financing Act, and Sanctions Act.
Vesteda’s view on compliance and integrity
Integrity starts with Vesteda's employees. They sign a code of conduct and Vesteda has an internal reporting scheme, including anonymous reporting via a SpeakUp line, to report (suspected) compliance and integrity incidents. The Compliance Officer reminds employees of this code and the reporting scheme on an annual basis and employees are asked to confirm that they are aware of the code and the scheme and that they have complied and will continue to comply with both the code and the scheme. When communicating about compliance-related matters to the organisation, the Compliance Officer will, to the extent relevant, always refer to the code of conduct as the guiding principle within the organisation.
The Compliance Officer keeps a register of all reported incidents. When an incident is reported, the Compliance Officer evaluates whether the reported incident should be classified as material or not. This would be the case when a) there is a considerable risk of a regulatory fine or sanction, or b) the relationship with key stakeholders could be adversely affected in a serious manner or c) it could result in substantial reputational damage.
Key performance indicators with respect to integrity are:
Number of incidents reported to the Compliance Officer. In this respect, Vesteda explicitly does not strive to have zero incidents reported. In addition, employees are encouraged to speak up to colleagues and management before formally reporting an incident to the Compliance Officer. Vesteda is of the opinion that the reporting of incidents can contribute to risk awareness and is a sign of a company culture in which employees do not fear repercussions for reporting an incident. Incident reporting can help to identify trends or risks. In 2022, the number of reported incidents was 18, including one material incident. A material incident could be: criminal acts, corruption, a violation of applicable laws and regulations, a breach of our internal Code of Conduct, a threat to the environment, health or safety, misleading supervisory authorities, intimidation, withholding or manipulation of data or any other act that damages Vesteda directly or indirectly. It is noted that 10 of the 18 incidents reported were related to illegal hemp plantations. While it is not possible to fully prevent this from happening, this issue has our ongoing attention. Most of the other incidents were related to minor data breaches and (alleged) conflicts of interest. The incidents were addressed by the Compliance Officer and, depending on the severity of the case, discussed with the Management Board and reported to the Supervisory Committee;
Percentage of employees that confirm adherence to Vesteda’s code of conduct. In 2022, 97.2% of all employees, including the Management Team, confirmed their compliance with Vesteda’s code of conduct. The Compliance Officer contacted employees and their managers who did not confirm in a timely manner, to gain an understanding of any underlying reasons.
Vesteda’s compliance with applicable rules and regulations is the foundation of its license to operate. Two of our main objectives are to incur no (monetary) sanctions and to retain our AFM license. Vesteda met both objectives in 2022.
Compliance focal points 2022
Management conducted the annual Systematic Compliance Risk Analysis (SCRA) in Q4 2022, under the guidance of the Compliance Officer. The SCRA is an instrument management uses to identify and analyse compliance and integrity risks in a structured manner. The analysis included an assessment of whether existing control measures were (still) sufficient to prevent or mitigate the risks identified or whether new measures were required. The outcome of the SCRA serves as input for the Compliance year plan for 2023.
The Compliance Officer recorded compliance and integrity incidents and reported on a quarterly basis to the Management Board and a subcommittee of the Supervisory Committee about these incidents and any measures taken. The number of recorded incidents was 18 in 2022;
The Compliance Officer and Internal Audit Manager conducted several internal investigations regarding potential fraud by employees. Following these investigations, Vesteda took disciplinary measures and amended certain internal procedures. While Vesteda strives for the highest ethical standards, incidents may occur. When they do occur, management strives, to the extent (legally) possible, to use them as examples and discussion topics throughout the company;
The Compliance Officer gave various training courses across the company on how to deal with dilemmas;
Vesteda updated its Code of Conduct, to reflect new insights and developments;
Vesteda updated its incident reporting procedure to anticipate new legislation;
Vesteda's updated its employment screening to include new integrity-sensitive positions that require screening;
The Compliance Officer organised a ‘lessons learned’ session, together with the Management Board and Management Team, to discuss Vesteda's view on integrity and remedies;
Vesteda sent out the annual confirmation reminder of Vesteda’s Code of Conduct in Q4 2022. Vesteda’s goal is to have 100% of its employees confirm the Code on an annual basis. In late 2022 and early 2023, 97.2% of employees confirmed their compliance with the code of conduct. The Compliance Officer has looked into the reasons why employees fail to provide this confirmation (a number were related to absence due to long-term illness) and contacted employees who did not confirm their adherence to the Code where required.
In December 2022, Vesteda signed a covenant (“Convenant Horizontaal Toezicht”) with the Tax Authorities for a period of three years. As a general principle of this agreement the relationship between Vesteda and the Tax Authorities will be based on transparency, trust and mutual understanding while respecting applicable laws and regulations. Vesteda is responsible for maintaining an effective system of internal controls, including the monitoring and auditing of its operating effectiveness, to ensure correct tax returns. Supervision on Vesteda by the Tax Authorities will be based on the quality of this internal controls system.
Vesteda was in contact with the Dutch Central Bank (DNB), pursuant to a DNB notification regarding the manager's capital requirements. Vesteda was able to resolve the matter relatively easily in close consultation with the DNB;
Vesteda notified the Financial Intelligence Unit – Netherlands of several ‘suspicious transactions’ in relation to rent payments;
Vesteda provided input on several market information requests by Dutch Financial Markets Authority;
The Compliance Officer updated policies that Vesteda is required to have in place in accordance with the Alternative Investment Fund Managers Directive;
The Compliance Officer advised on the amendment of internal policies related to granting priority to certain individuals in the letting process;
The Compliance Officer facilitated an anti-money laundering (AML) executive training session for the Management Board and the Management Team.
The Compliance Officer actively advises the business on the review of (high-risk) customer due diligence (CDD) files and acts as a sparring partner for the business regarding client due diligence procedures. The Compliance Officer also advised on the (further improvement of the) automated monitoring of potentially unusual transactions;
As a result of sanctions against Russia and Belarus, and a number of their nationals, the Compliance Officer executed an extensive screening of existing customers and business partners;
The Compliance Officer gave presentations to employees on anti-money laundering (AML) principles and recognising potential fraud;
Vesteda offered an in-house workshop on annual accounts and money laundering indicators to employees responsible for CDD assessments.
Vesteda offered an Privacy e-learning course to all employees to maintain the level of knowledge of the GDPR within the organisation.