Risk management
Risk management is integrated in Vesteda’s strategic and operational processes. We have defined our risk management policy and implemented a risk management framework in line with the core fund risk profile, as defined in the Vesteda Residential Fund’s Terms and Conditions, extending to all levels of the organisation and all lines of business.
Vesteda has developed its internal risk management framework on the basis of the recommendations of the Committee of Sponsoring Organisations of the Treadway Commission (COSO), the aim of which is to create a reasonable level of assurance on the achievement of organisational targets. Vesteda’s internal control systems include various measures for achieving adequate segregation of duties, prompt recording of significant transactions and data security. Internal accountability and management reports, management reviews and other internal research into the design and operation of the internal controls are an integral part of the internal control systems.
Vesteda also uses the ‘Three lines model’ with respect to managing risks (first line: Management; second line: Business control, Risk committee and Compliance officer; third line: Internal Audit). This model enhances the awareness of the risk culture within Vesteda and underlines and supports accountability for the management of risks and internal controls.
The three lines model emphasises that focus should be on the contribution risk management makes to achieving (strategic) objectives and creating value, as well as to matters of ‘defence’ and the protection of value. Vesteda also supports the principles to the effect that:
-
There must be regular interaction between Internal Audit and management to ensure the work of Internal Audit is relevant and aligned with the strategic and operational needs of the organisation.
-
There is a need for collaboration and communication across both the first and second line roles of management and Internal Audit to ensure there is no unnecessary duplication, overlap, or gaps.
Vesteda’s Internal Audit department provides assurance and advice on the adequacy and effectiveness of governance and risk management (including internal controls) to support the achievement of organisational objectives and to promote and facilitate continuous improvement.
Risk appetite
The INREV core fund risk profile implies that Vesteda has a relatively low-risk profile since it typically invests in income-producing real estate investments. Vesteda employs relatively low levels of leverage and has limited exposure to real estate development. A significant and stable proportion of its returns are generated through rental income. Overall, Vesteda has a relatively low risk appetite. Please see Note 27 to the consolidated financial statements for a description of our financial risk management objectives and policies.
Vesteda’s risk management framework
Vesteda’s risk management framework is described in the following section.
Risk Committee
Vesteda’s risk management activities are overseen by the Risk Committee. The Committee’s tasks include, but are not limited to:
-
Providing support and advice to the Management Board and Management Team with regard to the periodic identification of Strategic Risks and their assessment and management;
-
Formulating policy frameworks for operational risk management and ensuring compliance with them;
-
Making method(s) and techniques available that support line management in the risk management of Operational Risks;
-
Monitoring Operational Risks and Compliance Risks and their control;
-
Stimulating risk awareness in the organisation;
-
Providing insight into the risk profile of the organisation.
The Risk Committee explicitly does not focus on identifying and monitoring Strategic Risks. These are risks that could negatively affect Vesteda’s strategic objectives and are formulated in the most recent Business Plan. This is the responsibility of the Management Board and the Management Team. However, should the Risk Committee identify a risk in the context of its activities that could have an impact on Vesteda's strategic objectives, the Risk Committee will immediately report its findings to the Management Board.
The Risk Committee is chaired by the CFO, who is charged with risk management at Vesteda. Other members of the Risk Committee include the COO, the General Counsel, the Control Manager, the D&I Manager and the Compliance Officer. The Internal Audit Manager also joins the meetings of the Risk Committee but is not a member of the Risk Committee. A Risk Charter defines the roles and responsibilities, the tasks, authorities and reporting requirements of the Risk Committee. The Risk Charter was last updated and approved by the Management Board in October 2022. Vesteda’s Risk Management Policy forms the basis of the activities of the Risk Committee. It sets out the goals, frameworks and responsibilities in the field of risk management for Vesteda. It also discusses how Vesteda has implemented its risk management process at various levels in the company.
The scope of risk management
Vesteda distinguishes the following three main risk areas:
1. Risks related to strategic targets as defined in the Business Plan
This relates to specific risks regarding tenants, portfolio, participants (equity funding), organisation and debt funding.
The Management Board and the Management Team primarily focus on:
-
Identifying and assessing the Strategic Risks annually on the basis of the most recent Business Plan;
-
Monitoring the Strategic Risks and the effectiveness of the associated control measures on a quarterly basis;
-
Adjusting the control measures with regard to the Strategic Risks if these are not considered sufficient.
2. Operational risks related to the failure of systems and processes
Operational risk management is part of Vesteda’s business processes and is governed by specific guidelines, policies and key controls designed to manage these operational risks, which are subject to internal reviews and external audits where appropriate.
Each year, Vesteda’s external auditor provides assurance with respect to the design and effective operation of controls based on the International Standards on Assurance Engagements (ISAE), Standard 3402, type II. Vesteda selects the relevant controls to be audited and concluded upon in the assurance report and these relate to key controls within the most important business processes, primarily Acquisitions, Property and Portfolio Sales and Operations.
3. Compliance risks related to non-compliance with legislation and (internal) regulations
Vesteda has a dedicated Compliance Officer who reports on a quarterly basis to the Management Board and Supervisory Committee. The scope of the Compliance Officer’s work is set out in the Compliance Charter. Both internal and external developments, such as trends, risk-increasing developments, incidents and new or changed laws and regulations, can lead to the (partial) revision or adjustment of an established programme. The Compliance Officer constantly monitors these developments, responds to these and discusses them (where necessary) in the quarterly consultations or on an ad-hoc basis with the Management Board and/or the Supervisory Committee or addresses these matters in the Risk Committee. If necessary, the Compliance Officer adjusts these activities (advice, monitoring) accordingly. The annual compliance programme therefore has a dynamic character. It is also possible that the results of (un)planned compliance monitoring gives cause to prioritise a topic, while this was not previously planned. The Compliance Charter gives substance to this dynamic of compliance activities in various areas. For more detailed information, please see the Compliance and integrity section of this report.
Fraud risks and measures to prevent fraud are evaluated as part of the annual review of the design and effective operation of controls based on the ISAE, Standard 3402, type II, as well as part of the annual Systematic Compliance Risk Analysis (SCRA, see page 44). This SCRA includes relevant fraud risk scenarios based on likelihood, impact, risk appetite and mitigating control measures. Furthermore, in 2023 Vesteda made further improvements of internal controls based on an assessment by the Internal Auditor and the Compliance Officer of Vesteda’s business operations and possible areas that may be vulnerable to irregularities and fraud. This assessment was benchmarked against a report by the Association of Institutional Property Investors in the Netherlands (IVBN) on managing fraud risk in the institutional real estate sector (IVBN publication: ‘Beheersing van frauderisico’s in de institutionele vastgoedsector’).
As mentioned in the Compliance and integrity section of this report, the Compliance Officer and Internal Audit Manager conducted several investigations regarding potential fraud by employees in 2023. The findings from these investigations are also used to improve internal controls.
Strategic risk analysis
Vesteda’s strategic risk analysis is based on the following assessment, which is executed by the Management Board and Management Team jointly:
-
Identification of strategic risks, based on the strategic targets and key performance indicators within the three strategic pillars: economic value, societal value and organisation. These strategic targets and risks are based on the five-year Business Plan, subject to approval by Vesteda’s Participants each year in December, and actual developments;
-
An assessment of the level of risk Vesteda is willing to accept in achieving its strategic targets (risk aversion) to provide guidance for decisions related to risk and return management. The outcome of this assessment also serves as a basis for the review of the effectiveness of the nature and level of internal controls for each risk. The level of risk aversion is measured based on a scale of 1 to 5: Risk averse, Limited risk, Cautious, Flexible, Open.
In alignment with the key characteristics of Vesteda as a Core INREV fund, with a conservative funding policy focusing only on residential real estate in the Netherlands, limited risks or a cautious approach is necessary for Vesteda’s strategic targets (risk aversion of mostly 2, partly 2-3).
-
Classification of identified risks based on impact (high – low) and to what extent the risk is manageable (ranging from largely manageable – not manageable);
-
Defining the internal controls (implemented or to be implemented) for each of the identified risks, the required level of effectiveness for these controls and the relevant key performance indicators to monitor effectiveness.
The outcome of this review is depicted in the Vesteda Risk Profile figure on the next page:
Vesteda Risk Profile
For each of the risks shown in the Vesteda Risk Profile above, the main internal controls are:
External risks, potential high impact, no or limited controls on risk occurring
Risk: Changes in (rental) laws and regulatory requirements
Changes in laws and regulatory requirements related to rent (increases), investments (local requirements or product-specific requirements, e.g. regulated mid-rental segment), building requirements (sustainability), fiscal laws impacting investments in real estate, etc.
Internal controls
As changes in laws and regulatory requirements are beyond Vesteda’s direct control, the main focus in addressing this risk is on identifying and discussing possible changes and alerting and preparing the organisation. This is realised through our multiple contacts with the sector association IVBN and contacts with city councils, politicians, developers, etc. Where relevant, we take the effect of potential changes in laws and regulatory requirements into account in our business planning, including impact analyses and stress testing, where relevant.
With respect to the risk related to rental regulation, we are taking an active role in the affordability debate, together with the IVBN. We believe it is important to behave as a socially responsible investor and to highlight the role we have in responsibly investing pension savings and insurance premiums entrusted to us by our participants in residential real estate for middle-income tenants.
We execute stress tests to calculate the impact of (potential) new regulatory requirements on Vesteda’s portfolio and rental income.
In addition, Vesteda follows the legislative developments on sustainability closely to stay on top of (reporting) requirements. Vesteda also executes a periodic review of its technical standards for new-build homes. We have also recalibrated our complex tactics based on an accelerated ESG strategy. In addition, Vesteda is closely monitoring the outcome of court verdicts on rent increase clauses, the prejudicial questions submitted to the Dutch Supreme Court, and the potential impact on Vesteda.
Risk: Homes are not compliant with legislation
Our homes cannot meet all requirements set by (EU) legislation with respect to climate mitigation and sustainability.
Internal controls
Vesteda has implemented a number of internal controls for this specific risk, the most important of which are:
An investment programme to improve the energy labels of our homes. Please see the Environmental section of this report.
Vesteda has a ‘Policy on the integration of sustainability risks and factors into the investment decision-making process’, which provides insight into which potential sustainability risks Vesteda has identified and how these risks and principal adverse impacts on sustainability factors are integrated in investment decisions related to new acquisitions or renovation projects.
Sustainability and climate risks form an important part of Vesteda’s investment decision process for new acquisitions and renovation projects. Vesteda applies its technical standards to assess whether new (potential) investments comply with Vesteda’s sustainability and technical requirements (which focus on climate change mitigation and adaptation) and reviews these technical standards on a periodic basis. Vesteda uses an ESG framework to determine a sustainability impact score for each project to provide a broader view of relevant sustainability risks and factors and to ensure new projects meet the applicable ESG requirements to qualify as sustainable.
Please see the Environmental and the Acquisitions and property sales sections of this report.
Risk: Climate incidents
Climate incidents affecting our portfolio, such as flooding, heat stress, earthquakes, etc.
Internal controls
This is also a risk that is largely beyond Vesteda’s direct control. However, in terms of mitigating the impact of climate incidents, Vesteda has taken the following measures:
A climate risk scan for the entire portfolio. Based on this scan, we devote specific attention to the risks of heat stress and flooding in our long-term maintenance programme per building complex. Climate risks are also a recurring topic when reviewing our insurance programme. Please see the Physical climate risks section in the Environmental section of this report.
Risk: Affordability under pressure
Affordability of housing is under pressure due to high energy prices and inflation.
Internal controls
Vesteda is taking several measures to manage and improve the affordability of housing. We invest in the sustainability of our assets and inform tenants about energy-saving possibilities, to lower energy costs. We also invest in new-build projects in the mid-rental segment, to add affordable homes to the housing market. Furthermore, by executing a thorough income check prior to entering into a rental agreement and monitoring our tenants’ payment behaviour once they have become a tenant, we can take action, for example by offering more affordable housing to tenants in difficulty. We also inform our tenants on how to reduce their own energy consumption.
Risk: Annulment of rent increases
During 2023, district courts, starting in Amsterdam but spreading across the country, started the trend of applying the ex officio review to rent agreements in court cases regarding rent arrears and/or evictions. Various district courts ruled that specific rent increase clauses (CPI plus a maximum top-up percent) were not deemed fair and therefor null and void. This could imply that all rent increases under such a contract are deemed not valid and therefore should be repaid by the lessor.
Internal controls
This is also a risk that is largely beyond Vesteda’s direct control. However, in terms of mitigating the impact, Vesteda has taken the following measures:
Starting appeal procedures against court verdicts that have annulled the rent increase clause. Submitting an ‘interested party’ statement to the Dutch Supreme Court regarding prejudicial questions that have been asked by the Amsterdam court regarding this topic.
Please see Note 32 in the Notes to the consolidated financial statements section of this report.
Strategic risks, potential medium to high impact, reasonable or high level of controls possible on risk occurring
Risk: Investors seek other investment opportunities
Investments in Vesteda (residential real estate) become less attractive for potential new and current investors (primarily as a result of an imbalance between return and risk).
Internal controls
Each year, participants have to approve the Business Plan, which includes the strategy to achieve the targets as set out in the Investment Guidelines of the Terms and Conditions. For example, the outperformance of the three-year MSCI index and a target for the TER. The achievement of the targets is monitored on a monthly, quarterly and annual basis.
During the Business Plan period, management focuses on stable direct returns and increasing dividend yield, providing an inflation hedge for the existing participants and an interesting proposition for potential new investors with a low-risk profile. The required rate of return has been adjusted upwards in 2023 and going forward for 2024.
Vesteda has engaged Van Lanschot Kempen to assist in finding new investors in the fund and thus create more liquidity for existing investors.
We have an active Investor Relations department and have frequent meetings with participants, at which we communicate market developments and the progress of the strategy implementation. In the current market environment, with political discussions on affordability, the impact of rent increases and (potential) new legislation on rent increases, we believe it is important to discuss Vesteda’s strategy as a socially responsible investor, especially when this pertains to decisions regarding tenant satisfaction, rent increases and sustainability.
Risk: Disruptive technology
Vesteda’s business model is disrupted by new innovative technology.
Internal controls
Digital technology provides the residential investment industry (and adjacent sectors) in general and Vesteda specifically with new resources to create and capture value for all stakeholders. This may, for example, mean that a residential property also functions as a platform for the sale of additional goods and services to its users, thereby increasing the tenant’s perception of value and willingness to pay for it. As a result, boundaries between sectors may blur and young, agile and cost-efficient companies may become a competitor for existing players in the relatively traditional housing market. Digital technology may also be a source of optimised rental income streams and structural savings in general, operational and capital expenditures, while at the same time improving sustainability, tenant satisfaction and the risk profile of the investment.
Exploiting the full potential of digital technology requires a deep understanding of the opportunities and risks associated with it and requires a holistic vision on digital technology as a key resource for strategy definition and execution. Vesteda is already applying digital technology in several parts of its business model and processes, and is increasingly working on incorporating digital technology in strategy definition and organisational design. Failure to keep up with these developments may have a negative effect on Vesteda’s competitive position in the longer term and access to new investment products. Vesteda mitigates this risk today by recognising both the opportunities and the risks of digital technology and improving its business model and organisation in phases using digital technology.
Risk: Unable to invest in attractive acquisitions
Vesteda is unable to invest in new attractive acquisition opportunities.
Internal controls
Dutch residential investments are seen as a safe haven with an attractive risk/return profile, due to the scarcity in supply and high demand. Vesteda is active throughout the value chain: Vesteda is proactively interacting with developers, contractors and local authorities using our in-depth knowledge of local markets and developments and positioning itself as a solid long-term partner. We temporary scale-back in acquisition volumes, while the market is still experiencing strong headwinds. However, we aim to stay in the market, since a modest but constant inflow level increases the quality of our portfolio. We will continue long-term business partnerships, to be able to benefit from potential market opportunities in the future. In addition, we will continue to focus on optimising value creation on our standing portfolio.
As part of our acquisition policy, we have also implemented a range of internal controls, including:
-
Monitoring of acquisition leads funnel and conversion of leads;
-
Annual evaluation of IRR requirements;
-
Performance analyses of realised acquisitions compared with investment proposals;
-
Annual approval by participants of the Business Plan, which includes the acquisition strategy and funding of acquisitions.
Preventable risks, medium to low impact, high level of controls possible on risk occurring
Risk: Negative tenant experiences
Vesteda’s image and reputation is affected by negative tenant experiences, which may result in low(er) tenant satisfaction scores.
Internal controls
Vesteda measures tenant satisfaction continuously and this is one of Vesteda’s major key performance indicators. It is included in the annual targets for the Management Team, senior management, departments and employees. Please see the Tenant satisfaction section in the Social section of this report.
In the event of tenant complaints, Vesteda strives to act and communicate quickly and transparently. Vesteda makes sure that cases are evaluated and that lessons learned are shared internally in order to improve future processes. We have increased the focus on our accessibility via telephone in order to ensure our tenants can contact us easily when questions or issues arise.
Risk: Irregularities in the letting process
Vesteda’s image and reputation is affected by irregularities in the letting process.
Internal controls
Vesteda has a customer due diligence procedure in place to comply with anti-money laundering legislation related to tenants, among other things. Vesteda provides employees who are in charge of screening tenants with additional training and reference materials in an easy and confidential way.
Vesteda is working on the further digitalisation of the letting process, in order to ensure a more uniform applicability of the set selection criteria.
The Compliance department provides support to the Operations department in the letting process and the assessment of new tenants. In addition, Vesteda organises internal dilemma workshops. Please see the Compliance and integrity section of this report.
Risk: Insufficient experience and capabilities within the organisation
The risk that Vesteda cannot attract and retain the right talent to achieve its ambitions and the risk that Vesteda’s employees are less engaged and show a lack of performance (due to working from home).
Internal controls
Vesteda has a professional HR department in charge of attracting and retaining highly qualified staff, through recruitment procedures, talent management and training programmes. Please see the Workforce section of this report.
Vesteda aims to become a High Performance Organisation and focuses continuously on actions and milestones to achieve this goal. In order to monitor Vesteda’s status, we conduct a bi-annual survey among our employees. The results of the latest HPO survey shows that our employees are increasingly positive on our organisation and feel connected to the company, even though many employees continue to work from home part of the time. In order to stimulate employee development, Vesteda offers personal education budgets.
In addition, Vesteda updated its remuneration policy in 2023. By offering an updated and benchmarked remuneration package to our employees, we aim to attract and retain staff.
Please see the Organisation section of this report.
Risk: Supply chain shortages
Materials and tooling are not available or extremely high priced with possible delay in start/execution of investments and maintenance.
Internal controls
Vesteda continuously assesses projects for which this could be an issue and has looked into possibilities of delaying projects or providing additional budget. Possible measures include Vesteda setting up its own emergency supply/inventory. We have also added resources to our procurement/technical department in order to improve supplier management.
Risk: Sanctions Russia
Vesteda enters into agreements with parties that are on the EU sanction list.
Internal controls
Vesteda has a due diligence process in place for when it enters into contracts with new suppliers. A sanctions check is part of that.
The monitoring of the above-mentioned strategic risks and the effectiveness of internal controls, as well as the identification of new strategic risks is the responsibility of the Management Board and the Management Team and will be discussed at least quarterly in 2024.
Risk Committee activities in 2023
In the year under review, the Risk Committee frequently discussed Vesteda’s digital organisation and the risks related to our IT systems and possible cybercrimes and attacks with the D&I Manager. The Treasury Manager reported to the Risk Committee on a quarterly basis on the compliance with Vesteda’s funding targets, including stress tests on liquidity and financial covenants. The Internal Audit Manager reported to the Risk Committee on ISAE controls. Furthermore, the Compliance Officer reported on Compliance risks, including matters related to data protection.
Vesteda updated its Risk Management Policy and Risk Charter in 2022.
‘In control’ statement
The Management Board is responsible for implementing and maintaining adequate risk management and internal control systems and for assessing the effectiveness of these systems.
In the year under review, we evaluated and monitored our risk management and internal control systems, as further described in the above Risk management section of this report. Based on this assessment, we concluded with reasonable, but not absolute, assurance that:
-
The annual report provides sufficient insights into any failings in the effectiveness of the internal risk management and control systems;
-
The aforementioned systems provide reasonable assurance that the financial reporting does not contain any material inaccuracies;
-
Based on the current state of affairs, it is justified that the financial reporting is prepared on a going concern basis;
-
The annual report states those material risks and uncertainties that are relevant to the expectation of Vesteda’s continuity for the period of twelve months after the preparation of the report.
It is important to note that effective risk management, with embedded internal controls, no matter how well designed and implemented, provides the Management Board with only reasonable assurance regarding the achievement of Vesteda’s objectives. The achievement of objectives is affected by limitations inherent in all management processes. Therefore, in this context ‘reasonable assurance’ refers to the degree of certainty that would be satisfactory for a prudent manager in the management of their business and affairs in the given circumstances.