Compliance and integrity
The role of compliance in the organisation
Compliance and integrity are closely related. Both acting with integrity and complying with applicable rules and regulations safeguard Vesteda’s reputation and the reputation of the industry we operate in. For Vesteda, it is not enough to simply abide by laws and regulations; integrity should be embedded in day-to-day business and decision-making processes.
To ensure that compliance and integrity are and remain top of mind in Vesteda’s business activities, Vesteda has a dedicated Compliance Officer. The role of the Compliance Officer is formally defined and documented in Vesteda’s compliance charter. The Compliance Officer reports periodically to the Management Board and the Supervisory Committee, while reporting functionally to the General Counsel. Additionally, the Compliance Officer has a direct line to the CFO and the Supervisory Committee.
The compliance function fits into Vesteda’s ‘three lines model’. This model helps to identify structures and processes that best help Vesteda to achieve its objectives and facilitate strong governance and risk management within Vesteda. The first line is formed by the business. The compliance function is part of the second line and operates independently from the business. The third line is formed by the Internal Audit function, which periodically assesses the effectiveness of Vesteda’s internal control framework, including compliance.
The Compliance Officer’s tasks include the identification, evaluation, monitoring and reporting of and advising on compliance risks within the organisation, as well as advising on, drafting and monitoring policies and procedures. The Compliance Officer is part of the Risk Committee and discusses incidents, trends and (regulatory) developments that (could) have an impact on Vesteda’s corporate integrity and is the first point of contact for integrity notifications within the organisation. The Compliance Officer operates at both a strategic level, advising the Management Board and senior management, and at operational level, advising the business on day-to-day compliance matters.
Focal points in scope of compliance function
Subject | Brief description |
Market | This covers risks related to the non-compliance with laws and regulations, such as the Dutch Financial Supervision Act, including the Alternative Investment Fund Managers Directive, the Anti-Money Laundering and Anti-Terrorist Financing Act, Sanctions Act and the General Data Protection Regulation. |
Employees | This covers risks related to the non-compliance with the internal code of conduct and related policies. |
Business conduct | This covers risks related to non-compliance with rules related to: |
Clients | This covers counterparty risks and the screening and monitoring of transactions of tenants and business partners in accordance with Anti-Money Laundering and Anti-Terrorist Financing Act, and Sanctions Act. |
Vesteda’s view on compliance and integrity
Integrity starts with the tone at the top. Employees sign a code of conduct and Vesteda has an internal reporting scheme, including anonymous reporting via a SpeakUp line, to report (suspected) compliance and integrity incidents. The Compliance Officer reminds employees of this code and the reporting scheme on an annual basis and employees are asked to confirm that they are aware of the code and the scheme and that they have complied and will continue to comply with both the code and the scheme. When communicating about compliance-related matters to the organisation, the Compliance Officer will, to the extent relevant, always refer to the code of conduct as the guiding principle within the organisation.
The Compliance Officer keeps a register of all reported incidents. When an incident is reported, the Compliance Officer evaluates whether the reported incident should be classified as material or not. This would be the case when a) there is a considerable risk of a regulatory fine or sanction, or b) the relationship with key stakeholders could be adversely affected in a serious manner or c) it could result in substantial reputational damage.
Key performance indicators with respect to integrity are:
-
Number of incidents reported to the Compliance Officer: Vesteda explicitly does not strive to have zero incidents reported. Employees are encouraged to speak up to colleagues and management before formally reporting an incident to the Compliance Officer. Vesteda is of the opinion that the reporting of incidents can contribute to risk awareness and is a sign of a company culture in which employees do not fear repercussions for reporting an incident. Incident reporting can help to identify trends or risks. In 2023, the number of reported incidents was 18, including one material incident. A material incident could be: criminal acts, corruption, a violation of applicable laws and regulations, a breach of our internal Code of Conduct, a threat to the environment, health or safety, misleading supervisory authorities, intimidation, withholding or manipulation of data or any other act that damages Vesteda directly or indirectly. It is noted that 10 of the 18 incidents reported were related to subversive criminal activities. Other incidents were related to minor data breaches and (alleged) conflicts of interest. The incidents were addressed by the Compliance Officer and, depending on the severity of the case, discussed with the Management Board and reported to the Supervisory Committee;
-
Percentage of employees that confirm adherence to Vesteda’s code of conduct: In 2023, 95.4% of all employees, including the Management Team, confirmed their compliance with Vesteda’s code of conduct. The percentage of non-compliance was mainly due to long term absence due to illness or absence prior to termination of employment. The Compliance Officer contacted employees and their managers who did not confirm in a timely manner, to gain an understanding of any underlying reasons.
Vesteda’s compliance with applicable rules and regulations is the foundation of its license to operate. Two of our main objectives are to incur no (monetary) sanctions and to retain our AFM license. Vesteda met both objectives in 2023.
Compliance focal points 2023
Management conducted the annual Systematic Compliance Risk Analysis (SCRA) in Q4 2023, under the guidance of the Compliance Officer. The SCRA is an instrument management uses to identify and analyse compliance and integrity risks in a structured manner. The analysis included an assessment of whether existing control measures were (still) sufficient to prevent or mitigate the risks identified or whether new measures were required. The outcome of the SCRA serves as input for the Compliance year plan for 2024.
Integrity:
-
The Compliance Officer recorded compliance and integrity incidents and reported on a quarterly basis to the Management Board and a subcommittee of the Supervisory Committee about these incidents and any measures taken. The number of recorded incidents was 18 in 2023;
-
The Compliance Officer and Internal Audit Manager conducted an internal investigation regarding potential fraud by employees. Following this investigation, Vesteda took disciplinary measures and amended certain internal procedures. While Vesteda strives for the highest ethical standards, incidents may occur. When they do occur, management strives, to the extent (legally) possible, to use them as examples and discussion topics throughout the company;
-
The Compliance Officer provided training on integrity and the Code of Conduct during the onboarding day for new employees;
-
Vesteda updated its Code of Conduct, to reflect new insights and developments;
-
Vesteda updated its policy for ethical business operations;
-
Vesteda updated its employment screening to include new integrity-sensitive positions that require screening;
-
The Compliance Officer organised a mandatory meeting for all employees, together with internal audit, the Management Board and the Management Team on integrity, the code of conduct and fraud risks. Vesteda sent out the annual confirmation reminder of Vesteda’s Code of Conduct in Q4 2023. Vesteda’s goal is to have 100% of its employees confirm the Code on an annual basis. By late 2023, 95% of employees had confirmed their compliance with the Code of Conduct. The Compliance Officer has looked into the reasons why employees failed to provide this confirmation (a number were related to absence due to long-term illness) and contacted employees who did not confirm their adherence to the Code where required.
Regulatory:
-
In December 2022, Vesteda signed a covenant (“Convenant Horizontaal Toezicht”) with the Tax Authorities for a period of three years. As part of the covenant Vesteda performed a tax risk analysis and implemented a process to monitor, audit and review the operating effectiveness of the system of internal controls to cover the tax risks and to ensure correct tax returns. The findings of this process in 2023 confirmed that the design and operation of these controls provide a sufficient basis to ensure correct tax returns. In 2024 Vesteda will set up a Tax Committee to oversee the compliance with the covenant and to monitor the continuing quality and effectiveness of the tax controls;
-
Vesteda notified the Financial Intelligence Unit – the Netherlands of several ‘suspicious transactions’ in relation to rent payments;
-
Vesteda provided input on several market information requests by the Dutch Financial Markets Authority;
-
The Compliance Officer updated policies that Vesteda is required to have in place in accordance with the Alternative Investment Fund Managers Directive;
-
The Compliance Officer advised on the amendment of internal policies related to granting priority to certain individuals in the letting process.
Client integrity:
-
The Compliance Officer actively advises the business on the review of (high-risk) customer due diligence (CDD) files and acts as a sparring partner for the business regarding client due diligence procedures. A dedicated CDD analyst has been employed to advise the business on and/or carry out certain client due diligence investigations;
-
The Compliance Officer gave presentations to employees on anti-money laundering (AML) principles and the recognition of potential fraud;
-
The Compliance Officer provided in-house training on anti-money laundering (AML) principles and indicators, and the recognition of potential fraud to employees responsible for client due diligence assessments.
Privacy:
In the past year, Vesteda focused on further enhancing privacy awareness and data protection within the organisation. This included the execution of the following actions:
-
Vesteda updated the privacy statements for website visitors, (prospective) tenants and third parties, employees and job candidates;
-
Vesteda revised the model agreements for the processing and exchange of personal data with third parties;
-
Vesteda updated its data breach policy;
-
Vesteda improved the reporting of data breaches for internal and external reporters;
-
Vesteda identified three data breaches (mentioned as incidents). The data breaches were reviewed and were deemed not to have led to risks for clients and/or Vesteda.