Business Conduct

GOV-1 - Role of the administrative, management and supervisory bodies

The role and expertise of the administrative, management and supervisory bodies related to business conduct is covered in the section GOV-1 & GOV-2 - The role of the administrative, management and supervisory bodies in relation to sustainability matters.

IRO-1 - Description of the processes to identify and assess material impacts, risks and opportunities

Vesteda identifies material impacts, risks, and opportunities related to business conduct matters by evaluating criteria such as location, activity, sector and structure of the transaction, with particular attention to local laws and regulations in the Netherlands. This supports strategic risk management and alignment with business goals. This process is covered in detail in the sections GOV-5 – Risk management and internal controls over sustainability reporting and SBM-1 – Information on the market position and strategy of the company.

G1-1 - Policies

Integrity starts with the tone at the top. Vesteda has a Code of Conduct, acknowledged and signed by all employees upon joining the company. The Code of Conduct includes provisions on topics such as bribery and anti-corruption and conflicts of interests, in which the Code is guided by the United Nations Convention against Corruption. It also includes the gift policy that applies to all Vesteda employees. The Code emphasises acting with integrity and honesty, complying with legislation, regulations, and international standards on responsible business conduct. The subjects of Vesteda’s Code of Conduct are integrated in the risk management process (including an annual compliance risk assessment), training and awareness programmes, as well as monitoring and reporting mechanisms. New employees are required to sign a statement acknowledging their commitment to comply with the Code of Conduct as a condition of their employment contract. When communicating about compliance-related matters to the organisation, the Compliance Department will, to the extent relevant, always refer to the Code of Conduct as the guiding principle within the organisation.

Functions-at-risk are those functions deemed to be at risk of corruption and bribery due to their tasks and responsibilities, where there are instances of actual or potential contact with third parties that present active and passive bribery opportunities. These are defined by the Employment Screening Policy with three risk levels (low, medium, high). Oversight and accountability for this policy document rest with the Management Board. At Vesteda, functions-at-risk are the high-risk function as per the Employment Screening policy. The high-risk roles involve significant decision-making power and are designated integrity-sensitive under the Dutch Financial Supervision Act (Wft). Vesteda's statutory directors and Supervisory Committee are screened for reliability and suitability by the AFM. Vesteda does not separately determine the percentage of functions-at-risk covered by training programmes, as they are included in the overall training rate.

In addition to the Code of Conduct, Vesteda has a Supplier Code of Conduct in place, in which it is stated that all forms of corruption and bribery are unacceptable for Vesteda’s suppliers and that these practices are not tolerated. The Vesteda Supplier Code of Conduct outlines Vesteda's commitment to socially responsible and sustainable business practices. It sets expectations for suppliers to adhere to these principles and comply with legal and regulatory requirements.

Vesteda has an Internal Reporting Procedure for reporting misconduct and integrity incidents and any suspicions by employees and external parties, either directly to the Compliance Department or anonymously via the SpeakUp platform. Under the Internal Reporting Procedure, any reported (suspected) misconduct and incidents are always investigated by two independent functions, the Compliance Department and Internal Audit. An employee who files a complaint is protected by a prohibition against retaliation, in line with the principle of non-retaliation that Vesteda applies across its entire approach to managing complaints. This principle is protected by law. Examples of retaliation include, but are not limited to, dismissal or suspension, demotion, denial of promotion, negative evaluations, discrimination, harassment, bullying, defamation, or termination of a contract for goods or services. Additionally, the protection extends to individuals assisting the complainant, such as a confidant or any third parties involved, such family members and colleagues, if they have a working relationship with the subject of the complaint. Internal investigators or those responsible for handling the internal report are also protected. The confidentiality of the report and the identity of the complainant and others involved are safeguarded by the Compliance Department. Furthermore, the procedure also includes the requirements of the (EU) Whistleblower Directive[1].

1 The EU Whistleblower Directive mandates that member states establish secure and confidential reporting channels for whistleblowers, both internally within organisations and externally to competent authorities. It ensures protection against retaliation for whistleblowers and requires that their reports are properly investigated and acted upon. Individuals can report breaches of European Union law in areas such as anti-money laundering, product and transport safety, environmental protection, public health, consumer protection, and data privacy.

G1-2 - Management of relationships with suppliers

Vesteda’s approach to its relationship with suppliers takes into account sustainability matters and social and environmental criteria for the selection of suppliers. This is implemented in two ways.

Firstly, as part of our internal sustainability governance, sustainability risks and impact on sustainability factors form an important part of Vesteda’s investment decision making process. Vesteda applies its technical standards to assess whether new (potential) investments comply with Vesteda’s sustainability and technical requirements. Vesteda uses an ESG risk framework to determine a sustainability impact score (SIS) for our residential properties. This contributes to a broader scope on relevant sustainability risks and factors, including the screening of suppliers.

Secondly, Vesteda has in place a Supplier Code of Conduct that includes sustainability considerations and is aligned with international standards on responsible business conduct. The Vesteda Supplier Code of Conduct requires suppliers to adhere to practices in:

Environmental sustainability, such as energy efficiency, waste reduction, and the use of sustainable materials;
Social sustainability: suppliers must respect human rights, including non-discrimination, health and safety, and the prohibition of forced and child labour.

Vesteda also works to make sure the key risks relating to human rights are explicitly addressed in the Supplier Code of Conduct. Where suppliers have an adverse impact on human rights in the value chain, they shall address these issues appropriately. To this end, Vesteda aims to support the supplier and provide guidance where necessary. Nonetheless, if Vesteda suspects or discovers that a supplier fails to comply with the Supplier Code of Conduct, either structurally or incidentally but with significant impact, this may eventually be grounds for terminating the agreement with the supplier. In the event that a supplier violates our Supplier Code of Conduct (or is suspected of same), depending on the severity of the impact, we will initially suspend our business relationship to engage with the supplier to determine corrective actions aimed at mitigating any negative impacts. We will provide reasonable notice to the supplier and continuously review the decision. If there is no reasonable expectation of successful remediation, we may decide to terminate the business relationship for the activities concerned, especially if the adverse impact is severe. Before making such decisions, we will assess whether the adverse impacts of suspension or termination could be more severe than the original issue.

G1-3 - Prevention and detection of corruption and bribery

As described in G1-1 Policies, Vesteda has an Internal Reporting Procedure for reporting misconduct and integrity incidents. These complaints are dealt with on an individual basis with feedback to the Management Team after review by Compliance. When an incident is reported, Compliance evaluates whether the reported incident should be classified as material or not. A material incident would be the case when:

There is a considerable risk of a regulatory fine or sanction;
It could have a serious adverse impact on the relationship with key stakeholders; or
It could result in substantial reputational damage.

The Compliance department and the investigating team handling the complaint suggest an approach on how to mitigate the issues. The compliance and integrity incidents are structurally reported on a quarterly basis to the Management Board and the Supervisory Committee, informing them of the nature of these incidents and any mitigating measures taken.

Vesteda’s Code of Conduct includes guidelines for the acceptance and giving of gifts and invitations. Employees are advised to refuse and report any offers that may be intended to influence them, particularly if these involve personal favours or gifts. Gifts or invitations valued at up to €100 annually from the same source are acceptable, while those exceeding this amount require managerial approval and must be reported to the Compliance department. Cash and gift vouchers are never accepted. Additionally, gifts should only be received at the office. Vesteda also ensures that corporate gifts given to external parties do not exceed €100, except on special occasions and with management approval, plus they are only sent to business addresses. Employees are encouraged to contact the Compliance department if they have any doubts regarding the appropriateness of receiving or giving a gift. Vesteda ensures that its Internal Reporting Procedure and Code of Conduct are effectively communicated to all employees.

Vesteda’s Supplier Code of Conduct includes a strict policy against offering or accepting gifts with the intent to improperly influence or gain unfair competitive advantage. Suppliers must ensure that any gifts or invitations in their relationship with Vesteda do not violate this standard.

Vesteda regards the provision of training through various delivery methods as a crucial tool for enhancing business conduct and fostering a positive corporate culture among its workforce. Accordingly, the Compliance Department has developed a comprehensive training programme, which is reviewed on an annual basis as part of the annual compliance year plan. This plan consists of identifying which topics need to be part of the yearly training, as well as type of training and audience. The training programme addresses a selection of topics (e.g., the Vesteda Code of Conduct, including dilemma sessions, antitrust law, privacy awareness, and anti-money laundering). Additionally, Vesteda ensures that members of the administrative, management, and supervisory bodies receive training on anti-bribery and corruption to maintain high standards of integrity and compliance. New employees attend a mandatory in-person training on the Code of Conduct. Other training courses are given via e-learning courses, which are available to all employees.

G1-4 - Confirmed incidents

The Compliance Department keeps a register of all reported incidents in which Vesteda or its employees are directly involved. In 2025, there were no convictions or fines for violation of anti-corruption and anti-bribery laws. Subsequently, no actions were needed to address breaches in procedures and standards of anti-corruption and anti-bribery.

All incidents were addressed by the Compliance department and, depending on severity, discussed with the Management Board and reported to the Supervisory Committee.

Vesteda explicitly does not strive to have zero incidents reported. Employees are encouraged to speak up to colleagues and the Management Team before formally reporting an incident to the Compliance department. Vesteda is of the opinion that the reporting of incidents can contribute to risk awareness and is a sign of a company culture in which employees do not fear repercussions for reporting an incident. Incident reporting can help to identify trends or risks.