G1-1 – Business Conduct Policies and Corporate Culture

Vonovia defines Corporate Governance as responsible, sustainability-driven business conduct and oversight based on trust and transparency. Corporate governance is an issue for Vonovia that includes every area of the company. The Management Board and the Supervisory Board have made a comprehensive commitment to the principles of corporate governance as set out in the German Corporate Governance Code.

These principles are the basis for the sustainable success of the company and therefore serve as guidelines for conduct in the company’s daily management and business. Good corporate governance strengthens the trust of our shareholders, business partners, employees and the general public in Vonovia. It increases the company’s transparency and strengthens the credibility of our group of undertakings. With balanced corporate governance, the Management Board and the Supervisory Board wish to safeguard Vonovia’s competitiveness, strengthen the trust of the capital market and the general public in the company and sustainably increase the company’s value.

Our comprehensive set of policies and measures aimed at preventing compliance violations in connection with corporate governance is consolidated within our Compliance Management System (CMS). The CMS at Vonovia encompasses all policies, regulations and works agreements, such as the Code of Conduct. The CMS is based on three pillars: prevention, detection and response. The CMS is subject to a periodic audit, which is carried out by an external auditor. Preparations were made in the reporting year for the external CMS certification in the area of anti-corruption; the adequacy of the CMS is to be reviewed in the coming reporting year. This certification will confirm the adequacy and effectiveness of the CMS in anti-corruption efforts. At the top of our internal compliance framework is the Group Anti-Corruption Policy, which serves as a binding framework linking all policies and regulations to create a unified compliance structure.

The CMS applies without exception to all Group subsidiaries (including Care segment), ensuring that all business activities and processes comply with applicable laws, regulations and administrative requirements, as well as contractual obligations and internal corporate policies. Whenever legislation in Austria or Sweden conflicts with Group-wide rules, a different rule is adopted for the subgroup in the form of a national guideline. The ultimate responsibility for this lies with the respective managing directors.

Vonovia employs the following policies to manage the identified material risks and positive impacts and to promote corporate culture.

Operational responsibility for the implementation, monitoring and further development of the policies relating to corporate culture, bribery and corruption is shared between Human Resources, Legal, Compliance, Corporate Communications and Internal Audit departments. Ultimate responsibility lies with the Management Board. The Chief Compliance Officer, who leads the Compliance and Data Protection department, is responsible for identifying compliance risks, implementing appropriate preventive and detection measures and ensuring a suitable response to confirmed compliance risks.

Corporate Culture

Our approach to promoting corporate culture is outlined in our Code of Conduct. On the basis of the Code of Conduct, we define the ethical and legal framework within which we act, ensure commercial success and aim to achieve positive impacts on our employees through a positive working atmosphere and a trusting, constructive management style. It reflects our corporate values and applies to all employees at Vonovia. The focus is on dealing fairly with each other but also in particular on dealing fairly with our tenants, business partners and investors. That is also why we place such an emphasis on compliance with applicable legislation, without exception. Adhering to the legal framework conditions and regulations does not just apply to our own employees but also for the suppliers and service providers we work with.

We also communicate in our Declaration of Respect for Human Rights, which has the same status as a Group policy and which applies throughout the Group, our clear conviction for a pluralistic democratic society and zero tolerance of human rights violations and our commitment to respect human rights in all aspects of our business. We adhere to the core labor standards of the International Labour Organization (ILO), the UN Guiding Principles on Business and Human Rights and the principles of the UN Global Compact, which we committed to in 2020. Our Code of Conduct also takes account of our stance regarding respect for human rights.

Through our policy of “Positive impacts on employees through Code of Conduct and the development of a corresponding corporate culture,” Vonovia aims to foster a corporate culture that supports continuous development and individual potential promotes diversity, and helps us attract and retain top talent. Our corporate culture ensures fair wages and considers principles such as respect and diversity as fundamental. We are also committed to creating a future-oriented, attractive and safe working environment that provides the foundation for our joint success and contributes to the satisfaction of our employees.

Our corporate culture is founded on transparent reporting and corporate communications, on corporate governance aimed at the interests of all stakeholders, on fair and open dealings between the Management Board, the Supervisory Board and employees as well as on compliance with the law. Employees are regularly trained on diversity topics (see S1-4 for details) to raise awareness of inclusion and equality of opportunity, with dedicated programs such as the Women’s Network, Female Leadership Forum, and mentorship initiatives for high-potential female employees (see S1-4 for details). These measures are implemented across the Group on an ongoing basis. The three programs to promote equality of opportunity were initiated in the reporting year. Since these measures are part of a continuous process and are regularly adapted to current circumstances, no specific timeline for completion exists.

Another key measure for the promotion of corporate culture is the Business Partner Code, which outlines our expectations and requirements for suppliers, who are required to sign it. These requirements relate in particular to compliance with human rights – from legal conformity and the fulfillment of legal standards for working conditions to an assurance of freedom of association and the exclusion of child labor, forced labor and discrimination. Minerals, and particularly conflict minerals, are to be procured responsibly in accordance with OECD guidelines. We also expect our business partners to subject their own business partners at all stages in their supply chain to the obligation to comply with the same standards and principles. As part of the regular evaluation of our major suppliers and contractors via our partner portal, we strive to ensure that the criteria stated in the Business Partner Code are complied with. In the event of incidents and breaches, a structured management of measures is activated, which – once all other resources have been exhausted – may result in blocks on orders or the blocking of a particular supplier. We also use long-term cooperation in the spirit of partnership to build a close relationship of trust with our contractual partners. This is largely the responsibility of the procurement department and allows any misconduct to be addressed. In Germany and Austria, contractual conclusion is preceded by an automatic check against relevant sanctions lists, with the compliance department informed immediately in the event of a hit. In Austria, the procurement department reviews all new creditors and regularly reviews existing ones on a half-yearly basis as part of a compliance check that also includes an inspection of sanctions lists (via KSV1870). The procurement department in Austria also implemented a partner portal for suppliers and service providers in the reporting year. The portal is based on its German counterpart and has been adapted to reflect national standards. Vonovia’s Business Partner Code of Conduct applies across the entire Group. However, local adaptations are permitted within the subsidiaries in Austria, Sweden and the Care segment if required by country-specific or operational considerations. Since this is an ongoing measure, no fixed completion timeline exists. Updates to the Business Partner Code are also made as needed, with an update during the fiscal year. In addition, the Group Compliance Policy, the Anti-Corruption Policy, the Anti-Money Laundering & Terrorist Financing Prevention Policy and the Whistleblowing Policy were reviewed and updated.

Corporate culture is a multifaceted topic that cannot be fully captured through singular or multiple quantitative targets, which is why we have not set measurable, outcome-oriented targets.

Nevertheless, two quantitative indicators of employee satisfaction and the proportion of women in leadership roles (both of which are sub-indicators of the SPI) serve as reference points for evaluating the effectiveness of our corporate culture policies and measures and their positive impact on employees through the Code of Conduct and the design of a corresponding corporate culture. A strong corporate culture contributes to high employee satisfaction, while a higher proportion of women in leadership roles demonstrates a culture that fosters diversity and attracts talent.

Vonovia aims to achieve its target of at least 77% employee satisfaction by 2030. The Management Board proposes these targets as part of the LTIP planning process, with validation by the Supervisory Board. Similarly, the target for the proportion of women in leadership roles (first and second levels below the Management Board) is targeted to reach at least 30% by 2030. Additional details can be found in S1-5.

The Compliance Committee meets quarterly to discuss corporate culture, the current status of the Compliance Management System (CMS), and any necessary adjustments. New policies and measures are developed as needed.

Bribery and Corruption

Vonovia addresses significant financial risks, including liability and reputational risks related to bribery and corruption, through the Code of Conduct, the Human Rights Policy, the Compliance Guidelines, the Whistleblowing Policy, the Anti-Money Laundering & Terrorist Financing Prevention Policy and the Anti-Corruption Policy. These policies apply Group-wide but are adapted for organizational differences in the Care segment and regional variations in Austria and Sweden. The correct implementation of the Group policies is reviewed by Internal Audit in line with a risk-based approach.

These policies aim to prevent and combat bribery and corruption and mitigate potential negative impacts such as financial penalties, exclusion from tender procedures, reputational damage, employer brand deterioration, rating downgrades, stakeholder trust erosion, and increased costs for Vonovia’s tenants, employees and business partners.

Vonovia’s policies align with IDW PS 980 audit standards, which largely correspond to the United Nations Convention against Corruption. Our objective of preventing and combating bribery and corruption, as well as avoiding related incidents, is pursued through the quantitative indicators of the “number of convictions and the amount of fines for violation of anti-bribery and anti-corruption laws” and the “total number of confirmed cases of corruption and bribery,” covering both our employees and business partners (for details, see G1-4).

Vonovia has implemented several measures to support its anti-bribery and corruption objectives, including:

• Regular compliance self-assessments and the appointment of local compliance officers
• A robust whistleblowing system available to employees and external stakeholders (see G1-3) and
• Extensive training programs, particularly for functions-at-risk.

In the reporting year, preparations were made for the introduction of annual compliance self-assessments in the individual departments within the Group. Starting in the 2025 fiscal year, the compliance risk analysis will be conducted annually (previously every two years) and will also cover Austria and Sweden on a recurring basis. In the 2024 fiscal year, a decentralized compliance structure was also implemented: In relevant business areas, individual employees are being trained as local contacts for compliance issues in order to be able to answer initial questions directly on location and provide quick and straightforward support. The Compliance and Data Protection department is training the local contacts, providing technical advice and is maintaining constant contact with them. This measure has no set completion date as it is an ongoing initiative.

Vonovia also established a comprehensive complaints management system that allows employees, customers, and business partners to report corruption and other misconduct. Reports are processed by a specially trained, independent team. Details are outlined in disclosure requirement G1-3 .

Regular Group-wide training sessions are the cornerstone for preventing misconduct before it happens. A comprehensive catalog of regular and mandatory training events is already firmly established and has been adapted for the various internal target groups. In Germany, all employees with access to a company digital device must complete an annual 60-minute training session covering the Code of Conduct. Employees without such devices receive the Code of Conduct as an annex to their employment contract. Care segment managers also receive specialized training on the Code of Conduct requirements. All employees at SYNVIA receive training on the contents of the Code of Conduct, with the duration of training sessions tailored to individual needs. In Sweden, all employees are informed about the contents of the Code of Conduct upon joining the company and whenever updates occur, and they are required to formally acknowledge it. They then participate in an annual compliance training session lasting 45 to 60 minutes, covering topics related to the Code of Conduct, bribery and corruption. In Austria, employees receive compliance training, including topics on the Code of Conduct and anti-bribery and corruption, during onboarding and on an annual basis thereafter, with sessions also lasting 45 to 60 minutes. During the reporting year, the first compliance training sessions were rolled out via the company’s e-learning platform, Success Factors. Further details regarding the anti-corruption and anti-bribery training conducted in the fiscal year can be found under disclosure requirement G1-3. In addition to training on the prevention of corruption and bribery, Vonovia provides employees with annual training on other compliance-related topics such as conflicts of interest, anti-corruption awareness, anti-money laundering and data protection. For employees in Germany, this includes training on the General Equal Treatment Act. These training programs are regularly updated to reflect changes in the Code of Conduct or legal requirements, ensuring their continued relevance. As such, no fixed timeline exists for the completion of this measure.

In Austria, Sweden and Vonovia Germany, functions that are most at risk of bribery and corruption include procurement, sales, development and management positions. At SYNVIA, all employees are classified as being in functions-at-risk, while in the Care segment, this classification applies to facility managers.