Skip to website navigation Skip to article navigation Skip to content
Annual Report 2024
directly to annual report
download PDF

Compliance and integrity

The role of compliance in the organisation

Compliance and integrity are closely related. Both acting with integrity and complying with applicable legal and regulatory requirements safeguard Vesteda’s reputation and the reputation of the industry we operate in. For Vesteda, it is not enough to simply abide by laws and regulations; integrity should be embedded in day-to-day business and decision-making processes and we expect the same from our suppliers.

To ensure that compliance and integrity are and remain top of mind in Vesteda’s business activities, Vesteda has a dedicated Compliance Officer and Compliance team. The role of the Compliance Officer is formally defined and documented in Vesteda’s Compliance Charter. The Compliance Officer reports periodically to the Management Board and the Supervisory Committee, while reporting functionally to the General Counsel. Additionally, the Compliance Officer has a direct line to the CFO and the Supervisory Committee.

The compliance function fits into Vesteda’s ‘three lines model’. This model helps to identify structures and processes that best help Vesteda to achieve its objectives and facilitate strong governance and risk management within Vesteda. The first line is formed by the business. The compliance function is part of the second line and operates independently from the business. The third line is formed by the Internal Audit function, which periodically assesses the effectiveness of Vesteda’s internal control framework, including compliance.

The Compliance Officer’s tasks include the identification, evaluation, monitoring and reporting of and advising the Management Board and Management Team on compliance risks within the organisation, as well as advising on, drafting and monitoring of policies and procedures. The Compliance Officer is a member of the Risk Committee and discusses incidents, trends and (regulatory) developments that (could) have an impact on Vesteda’s corporate integrity. The Compliance Officer is the first point of contact for integrity notifications within the organisation. The Compliance Officer operates at both a strategic level, advising the Management Board and senior management, and at an operational level, advising the business on day-to-day compliance matters.

Focal points in scope of compliance function

Subject

Brief description

Market

This covers risks related to the non-compliance with laws and regulations, such as the Dutch Financial Supervision Act, including the Alternative Investment Fund Managers Directive, the Anti-Money Laundering and Anti-Terrorist Financing Act, Sanctions Act and the General Data Protection Regulation.

Employees

This covers risks related to the non-compliance with the internal Code of Conduct and related policies.

Business conduct

This covers risks related to non-compliance with rules related to:
- Outsourcing.
- Competition.
- Anti-bribery.

Clients

This covers counterparty risks and the screening and monitoring of transactions of tenants and business partners in accordance with Anti-Money Laundering and Anti-Terrorist Financing Act, and Sanctions Act.

Vesteda’s view on compliance and integrity

Integrity starts with the tone at the top. Vesteda has a Code of Conduct, which employees sign upon entering employment and subsequently on an annual basis. The Code of Conduct includes provisions on topics such as bribery and anti-corruption and conflicts of interests. It also includes the gift policy that applies to all Vesteda employees. The Compliance Officer reminds employees of this Code on an annual basis and employees are asked to confirm that they are aware of and have read the Code and that they have complied and will continue to comply with the Code of Conduct. When communicating about compliance-related matters to the organisation, the Compliance Officer will, to the extent relevant, always refer to the Code of Conduct as the guiding principle within the organisation.

Vesteda has an Internal Reporting Procedure for reporting misconduct and integrity incidents and any suspicions by employees and external parties, either in person or anonymously, via the SpeakUp platform or directly with the Compliance Officer. Under the Internal Reporting Procedure, any reported (suspected) misconduct and incidents are always investigated by two independent functions, the Compliance Officer and Internal Audit Manager.

The Compliance Officer keeps a register of all reported incidents. When an incident is reported, the Compliance Officer evaluates whether the reported incident should be classified as material or not. This would be the case when a) there is a considerable risk of a regulatory fine or sanction, or b) it could have a serious adverse impact on the relationship with key stakeholders or c) it could result in substantial reputational damage.

Key performance indicators with respect to integrity are:

  • Number of incidents reported to the Compliance Officer: 27. Vesteda explicitly does not strive to have zero incidents reported. Employees are encouraged to speak up to colleagues and management before formally reporting an incident to the Compliance Officer. Vesteda is of the opinion that the reporting of incidents can contribute to risk awareness and is a sign of a company culture in which employees do not fear repercussions for reporting an incident. Incident reporting can help to identify trends or risks.

  • In 2024, the number of reported incidents was 27. There were no material incidents. A material incident could be: criminal acts, corruption, a violation of applicable legal and regulatory requirements, a breach of our internal Code of Conduct, a threat to the environment, health or safety, misleading supervisory authorities, intimidation, withholding or manipulation of data or any other act that damages Vesteda directly or indirectly. It is noted that seven of the 27 incidents reported involved forgery and unjustified payments of key money to third parties. Eight incidents were related to subversive criminal activities, including alleged subletting. Other incidents were related to minor data breaches (12). The Compliance Officer addressed incidents and, depending on the severity of the case, discussed these with the Management Board and reported them to the Supervisory Committee.

  • Percentage of employees that confirm adherence to Vesteda’s Code of Conduct: 97.6%

  • In 2024, 97.6% of all employees, including the Management Team, confirmed their compliance with Vesteda’s code of conduct. The percentage of non-compliance was mainly due to long term absence. 

Vesteda’s compliance with applicable legal and regulatory requirements is the foundation of its license to operate. Two of our main objectives are to incur no (monetary) sanctions and to retain our AFM license. Vesteda met both objectives in 2024. No (monetary) sanctions were imposed by regulators in 2024.

Compliance focal points 2024

Management conducted the annual Systematic Compliance Risk Analysis (SCRA) in Q4 2024, under the guidance of the Compliance Officer. The SCRA is an instrument management uses to identify and analyse compliance and integrity risks in a structured manner. The analysis included an assessment of whether existing control measures were (still) sufficient to prevent or mitigate the risks identified or whether new measures were required. The outcome of the SCRA serves as input for the Compliance Annual Plan for 2025.

Integrity:

  • The Compliance Officer recorded compliance and integrity incidents and reported on a quarterly basis to the Management Board and a subcommittee of the Supervisory Committee about these incidents and any measures taken. The number of recorded incidents was 27 in 2024;

  • The Compliance Officer and Internal Audit Manager conducted five internal investigations regarding potential fraud by employees, service providers and other external parties. Following these investigations, Vesteda took disciplinary measures and amended certain internal procedures. While Vesteda strives for the highest ethical standards, incidents may occur. When they do occur, management strives, to the extent (legally) possible, to use them as examples and discussion topics throughout the company;

  • The Compliance Officer provided training on integrity and the Code of Conduct during the onboarding day for new employees. The training includes information about Vesteda as a regulated institution and topics and dilemmas related to the Code of Conduct, including (potential) conflicts of interest, and unethical and inappropriate behaviour;

  • The Compliance Officer facilitated an in-house training on Competition Law for the Acquisition & Development department;

  • Vesteda implemented a Supplier Code of Conduct for service providers who provide services related to the real estate portfolio;

  • Vesteda updated its employment screening policy to include new integrity-sensitive positions, which require a more intensive level of screening. Whether a position is classified as integrity-sensitive depends on the level of risk and sensitivity to bribery and corruption;

  • Vesteda sent out the annual confirmation reminder of Vesteda’s Code of Conduct in Q4 2024. Vesteda’s goal is to have 100% of its employees confirm the Code on an annual basis. By December 2024, 97.6% of employees had confirmed their compliance with the Code of Conduct. The Compliance Officer has looked into the reasons why employees failed to provide this confirmation (a number were related to absence due to long-term illness) and contacted employees who did not confirm their adherence to the Code where required.

Regulatory:

  • In December 2022, Vesteda signed a covenant (‘Convenant Horizontaal Toezicht’) with the Tax Authorities for a period of three years. As part of the covenant requirements, Vesteda performed a tax risk analysis and implemented a process to monitor, audit and review the operating effectiveness of the system of internal controls to cover the tax risks and to ensure correct tax returns. The findings of this process in 2023 and 2024 confirmed that the design and operation of these controls provide a sufficient basis to ensure correct tax returns. In 2024, Vesteda set up a Tax Committee to oversee the compliance with the covenant and to monitor the continuing quality and effectiveness of the tax controls;

  • Vesteda notified the Financial Intelligence Unit (FIU) Netherlands of ‘suspicious transactions’ in relation to rental income and proposed transactions regarding the rental and sale of residential property;

  • Vesteda provided input for a market information request by the Dutch Financial Markets Authority;

  • The Compliance Officer updated policies that Vesteda is required to have in place to comply with the Alternative Investment Fund Managers Directive;

  • The Compliance Officer advised on the amendment of internal policies related to granting priority to certain individuals in the letting process.

Client integrity:

  • The Compliance Officer actively advises the business on the review of (high-risk) customer due diligence (CDD) files and acts as a sparring partner for the business regarding client due diligence procedures. Vesteda employs dedicated CDD analysts to advise the business on and/or carry out certain client due diligence investigations. In accordance with the policy on CDD, clients are considered to be prospective tenants of Vesteda's residential and commercial real estate, prospective buyers of individual or collective homes and complexes, suppliers and participants;

  • The Compliance Officer provided in-house training on anti-money laundering (AML) principles and indicators, and the recognition of potential fraud to employees responsible for client due diligence assessments;

  • The Compliance Officer published several news items on CDD and related topics on Vesteda's Intranet to create awareness about client due diligence.

  • The Compliance Officer launched the Vesteda CDD Portal for digitally onboarding prospective residential buyers and conducting CDD investigations on them.

Privacy:

In the past year, Vesteda focused on further enhancing privacy awareness and data protection within the organisation. This included the execution of the following actions:

  • Vesteda updated the privacy statements for website visitors, (prospective) tenants, buyers and third parties, employees and job candidates;

  • Vesteda revised the model agreements for the processing and exchange of personal data with third parties;

  • The Compliance Officer created awareness for the use of processing or data exchange agreements;

  • The Compliance Officer administered a Privacy Awareness e-learning course, based on GDPR principles, among Vesteda employees.

  • The Compliance Officer analysed and advised on privacy in relation to planned changes in the letting process and on necessary adjustments within both processes and applications; Vesteda identified twelve data breaches (mentioned as incidents). The data breaches were reviewed and were deemed not to have led to risks for clients and/or Vesteda. As a result, Vesteda did not report these to the Dutch Data Protection Agency (Autoriteit Persoonsgegevens).