Risk management has been embedded in Vesteda’s strategic and operational processes. We have defined our risk management policy and implemented a risk management framework in line with the core fund risk profile, as defined in the Terms and Conditions of Vesteda Residential Fund, extending to all levels of the organisation and all lines of business.
Vesteda has developed its internal risk management framework on the basis of the recommendations of the Committee of Sponsoring Organisations of the Treadway Commission (COSO), the aim of which is to create a reasonable level of assurance on the achievement of organisational targets. Vesteda’s internal control systems include various measures for achieving adequate segregation of duties, prompt recording of significant transactions and data security. Internal accountability and management reports, management reviews and other internal research into the design and operation of the internal controls are an integral part of the internal control systems.
The INREV core fund risk profile implies that Vesteda has a relatively low risk profile, since it typically invests in income producing real estate investments. Vesteda employs relatively low levels of leverage and has limited exposure to real estate development. A significant and stable proportion of its returns are generated through rental income. Overall, Vesteda has a relatively low risk appetite. We refer to Note 25 in the section 'Notes to the consolidated financial statements' of this report for a description of our financial risk management objectives and policies.
Vesteda’s risk management framework
Vesteda’s risk management framework is described in the following section.
Vesteda’s risk management activities are overseen by the Risk Committee. The Committee’s tasks include (but are not limited to):
Advising the Managing Board and the Management Team on risk management
Advising and facilitating the design and maintenance of the operational risk management policy
Ensuring the appropriate yearly review of the risk management policy by the Managing Board and the Management Team
Designing and maintaining the strategic risk management policy
Increasing awareness of risk management throughout Vesteda
Monitoring the effectiveness of key controls relating to strategic risks, compliance risks and operational risks
Reporting on risk management to the Managing Board and the Management Team, the Audit Committee and the Supervisory Committee
The Risk Committee is chaired by the CFO, who is already charged with risk management at Vesteda. Other members of the Risk Committee include the director Operations, the Corporate Secretary/General Counsel and the Compliance Officer. The Internal Auditor also joins the meetings of the Risk Committee but is not a member of the Risk Committee itself. A Risk Charter defines the roles and responsibilities, the tasks, authorities and reporting requirements of the Risk Committee. The Audit Committee approved the Risk Charter in November 2017.
The scope of risk management
Vesteda distinguishes the following three main risk areas:
1. Strategic risks relating to risks with respect to the strategic targets of Vesteda and the five-year Business Plan
In the second half of 2018, Vesteda reviewed the most relevant and significant strategic risks. This is described in more detail below in the section Strategic risk analysis.
2. Operational risks relating to failure of systems and processes
Operational risk management is part of the business processes and is governed by specific guidelines, policies and key controls designed to manage these operational risks and that are subject to internal reviews and external audits, where appropriate.
Each year, Vesteda’s external auditor provides assurance with respect to the design and effective operation of controls based on the International Standards on Assurance Engagements (ISAE), Standard 3402, type II. The relevant controls to be audited and concluded upon in the assurance report are selected by Vesteda and relate to key controls within the most important business processes, primarily Acquisition, Property Sales and Operations. In 2018, the ISAE controls were reviewed and extended to controls relating to portfolio sales and external property management (following the acquisition of the former Delta Lloyd residential portfolio from NN Group).
3. Compliance risks related to non-compliance with legislation and regulations
Vesteda has a dedicated Compliance Officer who reports on a quarterly basis to the Managing Board and Supervisory Committee. The scope of the work of the Compliance Officer is set out in a Compliance Charter which was approved by the Managing Board in May 2017. Both internal and external developments, such as trends, risk-increasing developments, incidents and new or changed laws and regulations, can lead to the (partial) revision or adjustment of a once-established programme. The Compliance Officer constantly monitors these developments, responds to them and discusses them (where necessary) in the quarterly consultation or on an ad hoc basis with the Managing Board and/or the Supervisory Committee. If necessary, the Compliance Officer adjusts its activities (advice, monitoring) accordingly. The annual compliance programme therefore has a dynamic character. It is also possible that the results of (un)planned compliance monitoring leads to the prioritisation of a topic where this was not previously planned. The compliance charter gives substance to this dynamic of compliance activities in various areas.
The Risk Committee, as described above, focuses on providing support and advice with respect to strategic risks and defining the policy framework for operational risk management. Operational risk management continues to be the responsibility of the business. The Risk Committee will monitor the effectiveness of operational controls and compliance.
Strategic risk analysis
In 2017, Vesteda conducted an extensive risk analysis focusing on the risks associated with Vesteda’s strategic objectives relating to tenants, information technology, organisation, portfolio strategy, participants, funding and corporate sustainability and social responsibility. Vesteda assessed the risks that the strategic objectives may not be met within a time horizon of three years.
For each risk identified, the following analysis was performed:
The gross risk: the inherent risk related to the specific strategic building block
The likelihood that the risk will occur within the time horizon
The control measures taken to mitigate and/or prevent the risk
An evaluation as to whether and to what extent the current control measures are sufficient to mitigate and/or prevent the risk, which results in the net risk
The impact of the risk if the risk actually occurs. The impact depends on the specific risk and was measured against strategic targets (e.g. performance against MSCI benchmark, participant and tenant satisfaction, GRESB score, etc.) or was expressed in financial terms (e.g. percentage of group equity, impact on rental income, etc.)
For the strategic areas where the net risk, in combination with the potential impact of the risk and the likelihood of occurrence, could be regarded as relatively high, the Risk Committee performed an additional review and evaluation of the control measures in 2018, including (if necessary) additional control measures to be taken.
In the second half of 2018, the above-described risk analysis and follow-up actions were evaluated in a meeting with the Risk Committee, the Managing Board and staff involved in these strategic areas. This evaluation also included an assessment as to whether new risks had occurred in 2018 and to what extent the risks identified in 2017 had changed in 2018, as a result of measures taken or external developments. Based on this evaluation, the following risks are now regarded as the most significant risks in terms of likelihood of occurrence and potential impact.
Risks related to Information Technology (IT)
This IT risk is partly mitigated by the outsourcing of our IT service delivery function to a third party service provider, which is subject to an annual ISAE 3402 Type II Service Organisation Control Report.
In 2018, Vesteda started on the implementation of a new ERP system, which is expected to be fully operational in 2019. At year-end 2018, we ran the first detailed testing sessions of the new system. When implemented, this new system will also reduce the risk of system failures, by reducing the number of legacy applications and applying more recent and stable technology.
Following a review of the measures relating to the continuity of our IT hardware and systems, Vesteda took additional disaster recovery measures. We will implement a new Information Security Policy in 2019.
Risks related to Portfolio Strategy
A number of city councils, such as Amsterdam and Utrecht, have announced proposals, plans and/or concrete measures to regulate the renting out of residential properties, restricting rights of landlords to lease rental properties in the mid-rental or other segments through measures such as capping the rents of new-build residential properties, capping rent increases and prescribing a minimum amount of square metres for new-build residential properties. Such increased regulation may have a negative impact on the realisation of Vesteda’s portfolio strategy.
We play an active role in negotiations with city councils and various representative bodies, such as the capital’s mid-segment rental organisation Platform Amsterdam Middenhuur (PAM) and the Dutch association of institutional property investors (IVBN), to explain Vesteda’s view that maintaining a balanced residential supply, also in core urban regions, is to the advantage of all stakeholders.
The IVBN is currently in discussions with local and central governments about the increase of affordable homes without additional regulation.
In 2018, we capped our annual average rent increase to CPI plus 2%. This had a negative impact of 0.2% of our total rental income.
Risks related to Tenants
We recognise that finding affordable housing is a growing problem for middle-income households in larger cities. Media headlines on excessive rental increases have led to growing attention for the housing market in the ongoing political debate. We will also accept our responsibility and moderate our annual rental increase in the coming years to inflation plus a maximum of 2% (on the condition that the mid-rental market is not regulated). Improving the sustainability of our homes will help us, because lowering energy costs will reduce the total cost of living for our tenants. (See also: “Risks related to Portfolio Strategy”).
Risks related to Corporate Sustainability and Social Responsibility (CSSR)
This is the risk that Vesteda is unable to meet its CSSR targets and ambitions.
Vesteda’s two ambitious CSSR targets are:
With regard to our GRESB rating, we were awarded our first five-star rating in 2018 and we came in second in our peer group. However, it is unlikely that we will achieve first place in 2019. The main reason for this is that we would need to certify our entire portfolio. We believe the currently available certificates for residential real estate are not of sufficient quality and will not help us to improve our sustainability in the future. Instead, we are investigating the merits of alternative certificates. We are participating in pilots and are actively contributing to initiatives to develop a certificate that truly helps to improve the sustainability of our portfolio. We have therefore postponed our target to be number one for one year. We will apply clear sustainability targets to our portfolio and our organisation and report regularly on our performance. At the same time, we will devote a great deal of attention to the sustainable behaviour of our organisation, our employees, our tenants and our suppliers.
By the end of 2020, at least 80% of Vesteda’s homes will have energy label A, B or C; no more than 20% of Vesteda’s homes will have energy label D; and Vesteda will have no homes with labels E, F or G.
At year-end 2018, we were ahead of our schedule to comply with the Dutch government’s Energy Agreement in 2020.
To mitigate the risk of Vesteda not meeting its CSSR ambitions (please refer to the section CSSR for more detailed information), Vesteda has implemented various control measures, such as:
Vesteda has a strong and supportive investor base. The sharp increases in the prices and values of (residential) real estate have resulted in historically high total returns on equity in recent years. However, the high valuation gains have simultaneously put pressure on the fund’s direct returns. We also see the risk of further regulation (see section Market developments of this report), which could potentially lead to decelaration in rent increases.
The high valuation gains in recent years in combination with the risk of regulation might lead to future redemption requests from our participants. Vesteda will always strive to provide its participants with optimal service. Participant satisfaction is one of our key performance indicators. In this light, we seek to continuously improve the dialogue with all our participants, as well as with potential new participants.
‘In control’ statement
The Managing Board is responsible for implementing and maintaining adequate risk management and internal control systems and for assessing the effectiveness of these systems.
During the year under review, we evaluated and monitored our risk management and internal control systems, as further described in the above Risk management section of this report. Based on this assessment we have concluded with reasonable, but not absolute, assurance that:
the annual report provides sufficient insights into any failings in the effectiveness of the internal risk management and control systems;
the aforementioned systems provide reasonable assurance that the financial reporting does not contain any material inaccuracies;
based on the current state of affairs, it is justified that the financial reporting is prepared on a going concern basis; and
the annual report states those material risks and uncertainties that are relevant to the expectation of Vesteda’s continuity for the period of twelve months after the preparation of the report.
It is important to note that effective risk management, with embedded internal controls, no matter how well designed and implemented, provides the Managing Board with only reasonable assurance regarding the achievement of Vesteda’s objectives. The achievement of objectives is affected by limitations inherent in all management processes. Therefore, in this context ‘reasonable assurance’ refers to the degree of certainty that would be satisfactory for a prudent manager in the management of his business and affairs in the given circumstances.