Annual Report 2025 Report Switch
Mobiles Menu Mobiles Menu Close
Annual Report 2025 Report Switch
Language Switch Mobiles Menu Close
Deutsch Deutsch English English
Search Mobiles Menu Close
HomeManagement ReportSustainability StatementESRS G1 – Business ConductG1-3 – Prevention and Detection of Corruption and Bribery

G1-3 – Detection of Corruption and Bribery

As a measure to implement our policy for managing the material impact associated with “Violations of applicable bribery and corruption regulations undermine the confidence that relevant stakeholders place in the company’s integrity,” Vonovia has implemented an extensive Group-wide complaints management system (see also G1-1). Our Swedish subsidiary operates its own whistleblowing system.

Reports of corruption and bribery can be submitted via the whistleblower portal, which is available in eight different languages; a satisfaction survey promotes engagement of the stakeholders (using the system) and ensures efficiency. The portal complements and extends the existing system of the independent ombudsman and has been integrated into the Business Partner Portal. The ombudsperson is selected and appointed by the Compliance Committee. Reports can also be sent by email or telephone to the compliance hotline set up by the external law firm GSK, the works council, the HR department or the mailbox compliance@vonovia.de. The effectiveness of the system is ensured through various accessible reporting channels, which were intentionally established to provide multiple options for submitting reports. As part of the whistleblowing system (BKMS) process, users are also surveyed on topics such as communication channels for compliance matters, familiarity with compliance processes and support provided by Compliance. Positive feedback was received in all areas. The technical and organizational accessibility of at least one digital and one analog reporting channel for every employee is ensured by the Group, with external support when necessary.

Complaints are treated as confidential and are only processed and evaluated by authorized individuals. Information from the system is not shared with third parties, except when absolutely necessary for processing, in the context of investigations, court proceedings, or when information has to be disclosed due to statutory requirements. Data is stored only as long as necessary for its intended purpose. Our guidelines and the anonymous reporting system provide our employees with full protection against reprisals.

We provide our employees with proactive information on the various reporting channels available. This is achieved on the one hand through mandatory compliance training and on the other, via the intranet or in ad hoc articles published in-house and in employee newsletters. The employee survey also included questions on compliance culture and employees’ understanding of compliance. The use of the channels and feedback from the departments and the works council indicates that our employees are aware of them and consider them to be reliable. After reviewing reported incidents, individual, proportionate measures are taken on a case-by-case basis.

The CEO is responsible for implementation of the entire CMS, including all the policies and measures described. A Compliance Committee comprising the Chief Compliance Officer, compliance officers, the ombudsperson, representatives of the Internal Audit, Risk Management and HR Management departments, the works council and the companies outside of Germany meets on a quarterly basis and regularly adapts the system to current requirements. In this context, the Chief Compliance Officer acts as a central contact point within the company for compliance matters and suspicions. The Chief Compliance Officer serves as the primary contact for compliance-related questions and concerns, maintaining independence by reporting directly to both the CEO and the Supervisory Board’s Audit, Risk and Compliance Committee. In addition, the Chief Compliance Officer is not subject to instructions from other company departments. His activities are supported by the compliance officers and managers in the individual departments.

The Chief Compliance Officer reports directly to the CEO at least once a month and immediately if necessary. The Management Board receives quarterly reports, while the Audit, Risk and Compliance Committee is provided with extensive information semi-annually about compliance issues and corruption as well as existing guidelines and procedures. The compliance report provides information on suspected cases, measures and other compliance-relevant and data protection issues. If required, the entire Supervisory Board is informed.

Information on corporate governance and reporting channels is available to internal and external parties on both the Investor Relations website and the corporate website. Our employees also receive compliance information on the intranet, while business partners receive it via the Business Partner Code.

In order to address the material negative impact “Violations of applicable bribery and corruption regulations undermine the confidence that relevant stakeholders place in the company’s integrity,” Vonovia takes further action by conducting several mandatory training sessions to prevent corresponding violations of applicable corruption and bribery regulations. These training sessions, typically conducted virtually, last between 45 and 60 minutes and cover legal requirements and practical case studies to help employees recognize and appropriately address potential fraud and corruption risks. In Germany, all employees are required to complete an annual 60-minute training session on the content of the Code of Conduct (basic compliance knowledge), which also covers topics including anti-corruption and conflicts of interest, among other things. In Austria and Sweden, our employees receive annual compliance training covering anti-bribery and anti-corruption topics as part of a combined training program (for further details, see the explanations on Code of Conduct training under G1-1).

Functions-at-risk are also required to complete additional, mandatory and individually tailored training. In Germany, all managers complete a 45 to 60-minute online anti-corruption training session every two years (in Austria, this training is provided annually). In Sweden, all employees are given training on compliance issues (including bribery and corruption) when they join the company and then every year in a 45 to 60-minute refresher session. Specific employee groups are assigned additional compliance training if they are considered exposed to particular risks. Employees involved in sales, in particular, undergo a 60-minute AML training course every two years.

The training sessions described above were introduced across the Group in the fiscal year, with training for functions-at-risk introduced in Sweden in April 2025.

Functions-at-risk are defined as those with specific exposure to corruption and bribery risks due to their job functions. These risks are mitigated through the assignment of relevant training. This encompasses all managers at Vonovia. In the Group as a whole, around 75% of employees in functions-at-risk have completed the anti-corruption training sessions.

The Management Board undergoes the same mandatory training as all Vonovia employees; the Supervisory Board is not required to participate in compliance or anti-corruption training.

Download chapter Related links
Last year comparison
G1-1 – Policies for Business Conduct and Corporate Culture
To Top
G1-4 – Cases of Corruption and Bribery