Responsible Business Practices and Governance
Compliance Risk Analysis
Process analysis
We performed a Group-wide compliance risk analysis during the reporting period in order to evaluate Vonovia’s core business processes from a compliance perspective. This risk analysis used a web-based questionnaire that covered the topics of money laundering, social compliance, antitrust law, active and passive corruption and cyber security. Our aim was to identify any risks in our compliance management system (CMS) and provide a reliable foundation for Group-wide international comparisons. We plan to repeat this process every five years, but with varying groups of people and questions.
Identifying areas of improvement
The responses we received from 139 senior executives in Germany, Austria and Sweden provided the company with valuable information and pointed out specific areas of the CMS that could be improved. The six compliance areas mentioned above, which are covered by the compliance risk analysis, were found to involve a low or moderate level of risk. Potential for improvement was identified in the areas of money laundering prevention and cyber security – both of which involve a moderate level of risk. The lowest level of risk was identified in the area of social compliance. The questions related to this area covered topics such as the speak-up culture and compliance culture at Vonovia.
Measures
A comprehensive report was prepared on the findings of the compliance risk analysis. Based on this report, Vonovia Compliance Management has put together a package of measures for improvements. The first measures to be implemented include aligning Vonovia’s guideline management with the Swedish company Victoriahem, and implementing the strict Austrian money laundering verification process – in line with best practices – in Germany and Sweden. The remaining measures are set to be implemented over the course of the year.