Governance and Compliance
Our Corporate Governance Principles
Corporate governance covers all of the functions, processes and frameworks, and ensures our company is managed and monitored responsibly and independently. It means the management has clear and functional rules to follow in order to fulfill the company’s social responsibilities and its responsibilities toward employees, suppliers and customers. Group-wide guidelines and business principles include our Business Philosophy, our Code of Conduct, the Business Partner Code and our Declaration of Respect for Human Rights.
We also live up to this responsible attitude with our independent Supervisory Board and our commitment to the principles of the German Corporate Governance Code (GCGC, see Corporate Governance Declaration). Our Supervisory Board consists exclusively of independent members that are individually recommended and elected. We publish the individual attendance figures for the Supervisory Board meetings in our Annual Report. Comprehensive information regarding corporate governance can be found in the investor relations website. This includes disclosures on shares held in the company by members of our Management and Supervisory Boards. In addition to the GCGC, we are also committed to the principles of the Institute for Corporate Governance of the German housing industry.
That is also why we place such an emphasis on compliance with applicable legislation and tenancy law. Adhering to the legal framework conditions and regulations does not just apply to our own employees but also for the suppliers and service providers we work with (see Human Rights Due Diligence and Supply Chains).
Compliance Management and Whistleblowing System
The compliance management system (CMS) supports the corporate governance’s direction and is intended to prevent employee misconduct and safeguard the company against misconduct. At Vonovia, the CMS is based on three pillars: prevention, detection and response. These pillars are underpinned by an extensive system of measures and processes as part of the compliance program. The basis takes the form of the Compliance Guidelines, which follow the Principles for the Proper Performance of Reasonable Assurance Engagements Relating to Compliance Management Systems (IDW PS 980). The CMS is subject to a periodic audit, which was last carried out by an independent auditor (in 2021). An effectiveness review and certification of the CMS is being prepared for 2023.
Strict adherence to compliance rules protects the integrity of employees, customers and business partners, and shields our company from negative influences. This is an indispensable prerequisite for being perceived as a reliable and trustworthy partner.
The Chief Executive Officer (CEO) is responsible for implementation of the CMS. The Chief Compliance Officer reports directly to the Chief Executive Officer. A Compliance Committee comprising the Chief Compliance Officer, Compliance Managers, the external ombudsperson, representatives of the Internal Audit, Risk Management and HR Management departments, the works council and companies outside of Germany regularly updates the system in line with current requirements and is responsible for its ongoing development. In this context, the Chief Compliance Officer acts as a central contact point for compliance-related questions and suspicions. The Chief Compliance Officer has also been appointed Human Rights Officer since January 1, 2023. His activities are supported by the compliance managers and specialists in the individual departments.
CMS is also supported by our web-based whistleblowing hotline. Compliance breaches can be reported in German and English (as well as in four other languages in the future), online and anonymously. The whistleblowing system is open to employees, suppliers, customers and other stakeholders. In addition, a reporting mailbox has also been set up in the HR department to identify potential violations of the General Act on Equal Treatment in particular (Allgemeines Gleichbehandlungsgesetz). The whistleblower report, prepared externally every six months, is included in the compliance report. One of the key performance indicators in this area is the total number of proven cases of corruption in Germany. In the 2022 reporting year, 28 (2021: 45) suspected cases of corruption or compliance issues had been reported and carefully investigated in Germany. No material compliance violations were uncovered. There were no proven cases of corruption. The severity of all reported cases was determined to be minor. The reported cases can be assigned to the following categories, among others: incidents with tenants, conflicts of interest involving employees, information regarding allegations of fraud (involving commission) relating to employees, but also external persons, notifications of material theft and vehicle break-ins.
The CMS and whistleblowing system apply to the entire Group. Deutsche Wohnen also maintains its own legal and compliance department, which is supported by Vonovia’s compliance and data protection department under the terms of the agency agreements. Whenever legislation in Austria or Sweden conflicts with Group-wide rules, a different rule is adopted for the subgroup in the form of a national guideline. Responsibility for this lies with the respective managing directors.
On March 7, 2023, Vonovia SE received information from the Bochum public prosecutor’s office regarding investigations against current and former members on the basis of a search warrant issued by the Local Court of Bochum. According to the information provided, it is suspected that Vonovia SE or selected affiliated companies have suffered damage due to organized and commercial fraud, breaches of trust in the form of anticompetitive agreements in connection with tenders and particularly serious cases of passive and active corruption in business transactions. To what extent tenants have suffered damage due to this is currently being reviewed in the internal investigation that has been launched.
Measures have been taken to clarify the incidents in full. The auditing firm Deloitte has also been engaged to conduct an independent investigation. Initial internal investigations have revealed that the allegations made in the context of the investigations are based exclusively on collusion between the defendants, meaning that existing, otherwise effective control mechanisms can be circumvented. As only completed processes are included in the presentation of the key figures for the respective reporting year, this incident has no relation to the key figures presented for 2021 and 2022 (see Key Figures – Governance, Reviewing Taxonomy-eligible Economic Activities for Taxonomy Alignment, Combating Corruption and Bribery).
The internal control system (ICS) comprises the basic principles, procedures and regulations introduced in the company to ensure due, proper and reliable internal and external accounting. It also ensures compliance with the legal provisions that apply to the company. The Internal Audit department regularly audits the functionality of the internal control system and submits reports regarding the internal control system to the Supervisory Board’s Audit Committee in the quarterly status reports and the Annual Report. Based on findings from internal or external audits, we make continuous improvements to our internal control system. Another component of our internal control system is regular monitoring, on the basis of which any weak points identified are eliminated. The effectiveness of the internal control system was once more confirmed for the 2022 reporting year. In this regard, we refer to the explanatory information concerning the appropriateness and effectiveness of the ICS in the combined management report (see Corporate Governance).
In order to acknowledge the increasing significance of compliance topics, the existing Compliance office became an independent Compliance department in April 2023 and was moved out of the previous structure (attached to the Legal department). The role of Chief Compliance Officer, reporting directly to the Chief Executive Officer, was created to head the department.
The Management and Supervisory Board offices coordinate the cooperation between the various management committees and organize the flow of information between the Management Board and the Supervisory Board. The Legal department, Management Board and Supervisory Board office work together closely to decide how to implement resolutions taken by the decision-making bodies. The Supervisory Board Audit Committee regularly reviews the Compliance report and Internal Audit’s status report (see Annual Report).
While the Legal department, which is responsible for CMS, is under the direct supervision of the CEO, the Tax department is headed by the CFO.
Integration of New Companies
When we integrate new companies into the structures of the Group, as recently occurred with Deutsche Wohnen, we determine which policies are already in effect and identify any changes that are required in the course of the integration. The responsible managers review our guidelines throughout all Group areas every two years to determine if they have to be updated.
The Compliance Guidelines and other individual guidelines were adapted to the Austrian legal system and published as a national guideline for the Austrian subgroup in the reporting year. During this process, both the Business Partner Code and the Code of Conduct were reviewed and some small changes were made. The new Compliance Guidelines were presented to all BUWOG employees in Austria during an information event in order to raise awareness and clarify our position in this area.
Objectives and Measures
Across the Group, our aim is for full compliance with guidelines, applicable laws, values, corporate governance principles and the code of conduct.
The Group-wide (excluding Deutsche Wohnen), web-based compliance risk analysis that was conducted at management level in the 2021 fiscal year had identified potential for improvement in the areas of money laundering prevention and IT security, while performance in the other areas were considered good to very good. One measure resulting from this was the restructuring of the data protection department, which was merged with the central compliance department on January 1, 2022. This serves to simplify internal processes, thus making them easier to safeguard. The next compliance risk analysis is planned for 2023 and will include requirements from the Supply Chain Due Diligence Act.
Regular training courses, planned and implemented by the Compliance and HR departments, form the basis of our work to prevent misconduct. A comprehensive catalog of regular and mandatory training events is already firmly established and has been adapted for the various internal target groups. The procurement department, for which the issue is particularly relevant, receives special training on corruption and criminal law pertaining to corruption, for example. In the reporting year, we extended compliance training by another five new formats that we intend to repeat annually:
- Mandatory training on dealing with conflicts of interests (for all employees)
- Mandatory anti-corruption training (for all employees)
- Training format for the sales department on money laundering (in response to recommendations in the compliance risk analysis)
- Training to recognize corruption and fraud (for all management levels)
- Training on completing contracts (for the development area)
In the past, we have heard about cases of third parties acting as “intermediaries” between potential tenants and our landlords in order to collect commission for procuring housing. This is not permitted. Vonovia’s rental process is standardized and binding in all cases. In order to raise awareness of this among our landlords and to protect potential tenants, we developed the brochure “Fair play in new rentals” in the 2022 reporting year. It was sent with a letter explaining the background to all Vonovia landlords in Germany. The brochure also clarifies how to deal with demands for commission from third parties. It explains which channels can be used to report misconduct and who the correct contact is for questions and reports. We also plan to communicate with Vonovia caretakers about this topic.
Multilingual Whistleblowing System
Over the course of 2023, our whistleblowing system will be made available in up to six more languages to minimize any language barriers.
Tax compliance and tax risk management are an important element of our CMS. We remain committed to continuity and transparency in all areas of our business when it comes to our taxes. As a result, the tax strategy adopted in 2018 is still in effect. We see ourselves as a taxpayer that lives up to its social responsibility in terms of contributing to society financially. Vonovia is committed to the due fulfillment of its tax obligations and has therefore set itself the goals of:
- Meeting its tax obligations in Germany, Austria, Sweden and the Netherlands as a multinational company with operational subsidiaries
- Ensuring full compliance with tax compliance regulations
- Maintaining a tax-compliant culture and organizational structure that ensures that subsidiaries are not misused as vehicles for tax optimization and that no tax havens are used
Our understanding of tax is based on clearly defined responsibility and control processes and a risk management system that comprises the following elements:
- Regular exchange of information between the CFO and the Head of Tax
- Regular information to the Supervisory Board on key topics and risks
- Implementation of an internal tax compliance system (internally and externally audited)
- Complete documentation of tax-related issues
- Whistleblowing system
The appropriateness and implementation as well as the effectiveness of our tax compliance management system was subjected to an external audit by the auditor in Germany for selected tax types in 2021 and successfully certified in January 2022. The Austrian subsidiaries were also successfully audited for adequacy in 2020, followed by an effectiveness audit for the period from July 1 to December 31, 2020, at the beginning of 2021. The auditor did not identify any issues. A partial internal assessment of the tax compliance management system in Germany and Austria was performed by the Internal Audit department in the reporting year. The results confirmed the appropriateness and effectiveness of the measures implemented. You can find more information regarding taxes in the Annual Report and in the Investor Relations section of our website.