G1-3 – Detection of Corruption and Bribery

As a measure to implement our policy for managing the material risk of bribery and corruption, Vonovia (including SYNVIA) has implemented a comprehensive, Group-wide complaints management system (see also disclosure requirement G1-1). SYNVIA was connected to Vonovia’s whistleblower system during the reporting year. The Care segment has its own whistleblower system. In addition, access to Vonovia’s whistleblower system was also expanded during the reporting year by setting up an additional category for the Care segment. Vonovia’s Swedish subsidiary also operates its own whistleblowing system.

Reports of corruption and bribery can be submitted via the respective whistleblowing portals, which are available in six languages in addition to German and English. Stakeholders using the system can provide feedback through a satisfaction survey, ensuring its effectiveness. This reporting year, the portal again complements and extends the existing system of the independent ombudsman and has been integrated into the Business Partner Portal. The ombudsperson is selected and appointed by the Compliance Committee. There is also the option of contacting the compliance hotline via telephone or email, which Vonovia has set up at the external law firm GSK. Our employees can report potential or actual misconduct to the works council, the Human Resources department, or the compliance@vonovia.de email address. The effectiveness of the system is ensured through various accessible reporting channels, which were intentionally established to provide multiple options for submitting reports. In the 2023 compliance risk analysis, participants were surveyed on topics such as communication channels for compliance matters, familiarity with compliance processes, and the support provided. Positive feedback was received in all areas. Since the complaints management system is an ongoing measure, no completion date is set. The availability of both digital and analog reporting channels ensures that every employee has access to at least one reporting option. The technical and organizational accessibility of these channels is managed by the Group, with external support when necessary.

Staff handling complaints are bound by confidentiality and are the only ones with access to complaints and related communications. Complaints are reviewed exclusively by this authorized team. Information from the system is generally not shared with third parties, except when required for legal proceedings, regulatory investigations or compliance audits by external legal or accounting firms. Data is stored only as long as necessary for its intended purpose. Employees are informed about the available reporting channels through mandatory compliance training and the corporate website. Additional details on whistleblowing procedures are available in the intranet’s compliance section and are published in employee newsletters, such as Die Profis. The risk analysis includes a question to managers asking whether they are aware of the reporting channels for suspected compliance cases. Future employee satisfaction surveys will also include a question regarding the awareness and trustworthiness of these reporting channels. The regular use of the channels and the corresponding feedback from the departments and the works council indicates that customers are aware of them and consider them to be reliable. After reviewing reported incidents, individual, proportionate measures are taken on a case-by-case basis.

The Chief Executive Officer (CEO) is responsible for implementation of the entire CMS, including all the policies and measures described. A Compliance Committee comprising the Chief Compliance Officer, compliance officers, the ombudsperson, representatives of the Internal Audit, Risk Management and HR Management departments, the works council and the companies outside of Germany meets on a quarterly basis updates the system in line with current requirements. In this context, the Chief Compliance Officer acts as a central contact point within the company for compliance matters and suspicions. The Chief Compliance Officer serves as the primary contact for compliance-related questions and concerns, maintaining independence by reporting directly to both the CEO and the Supervisory Board’s Audit, Risk and Compliance Committee. In addition, the Chief Compliance Officer is not subject to instructions from other company departments. His activities are supported by the compliance officers and managers in the individual departments.

The Chief Compliance Officer reports directly to the Chief Executive Officer at least once a month. In addition, ad-hoc reporting is carried out for essential topics. The Management Board receives quarterly reports, while the Supervisory Board’s Audit, Risk and Compliance Committee is informed semi-annually about compliance issues and corruption along with existing guidelines and processes on a quarterly basis. The compliance report provides information on suspected cases, measures and other compliance-relevant and data protection issues. If required, the entire Supervisory Board is informed.

Comprehensive information about Vonovia’s Corporate Governance policies, including the Group compliance policy, is available on the investor relations section of the corporate website. An overview of all reporting channels for bribery and corruption concerns is also provided on the company’s public website. Employees have access to the latest compliance information through the intranet, While business partners are informed of Vonovia’s expectations via the Business Partner Code.

Vonovia has also introduced mandatory anti-corruption training as an additional measure to mitigate corruption and bribery risks. These trainings, typically conducted virtually, last between 45 and 60 minutes and cover legal requirements and practical case studies to help employees recognize and appropriately address potential fraud and corruption risks. In Germany, all employees are required to complete an annual 60-minute training session on corruption and fraud prevention, conflict of interest management and the Code of Conduct. Care segment managers also receive specialized training on the Code of Conduct requirements and on the topic of anti-corruption. All employees at SYNVIA receive training on the contents of the Code of Conduct, as well as anti-corruption, with the duration of training sessions tailored to individual needs. In Austria and Sweden, our employees receive annual compliance training covering anti-bribery and anti-corruption topics as part of a combined training program (for further details, see the explanations on Code of Conduct training under disclosure requirement G1-1). In Sweden, these training sessions were introduced during the reporting period.

Functions-at-risk are also required to complete additional, mandatory, and individually tailored training: Sales employees undergo an annual 60-minute training session on anti-money laundering, while procurement employees receive specialized annual training sessions of the same duration focusing on corruption and anti-corruption laws. Another mandatory annual 60-minute training course for the entire management level is dedicated to the topic of corruption and detecting fraud. Employees in procurement, compliance and data protection, sustainability, certain business areas, and value-add, as well as all senior executives at the first management level and the Management Board, are also required to complete an annual 60-minute training session on the German Supply Chain Due Diligence Act. In the Care segment and at SYNVIA, all functions-at-risk are required to complete an annual anti-corruption training session lasting 45 to 60 minutes (see disclosure requirement G1-1 for details).

These training programs have been implemented across the Group primarily in previous fiscal years and are considered ongoing measures with no fixed completion date. However, for SYNVIA and the Care segment, the majority of these training sessions were introduced during the reporting year, and they have since been maintained.

Functions-at-risk are defined as those with specific exposure to corruption and bribery risks due to their job functions. These risks are mitigated through the assignment of relevant training. In the Group as a whole, around 68% of functions-at-risk completed the training sessions described above that they were required to complete. In Sweden, the corresponding training will be introduced in 2025.

The Management Board undergoes the same mandatory training as all Vonovia employees; the Supervisory Board is not required to participate in compliance or anti-corruption training.