Integrated risk management and compliance
Risk management
Bouwinvest aims for a healthy balance between risk and return and strives to take risks in a conscious and sustainable manner in the interests of its shareholder and investors. Integrated risk management is a key mechanism to achieve this goal. The mechanism provides for the identification, assessment and understanding of risks inherent in Bouwinvest's services, products, support activities and systems.
To apply integrated risk management properly, Bouwinvest has implemented a risk governance model, a methodology that aims to match risk appetite to the risk profile of Bouwinvest and its funds and mandates, and to make it possible to measure the applicable risk exposures. The risk appetite determines the maximum acceptable risk that Bouwinvest is willing to take and is aimed at optimising the risk/return ratio.
Risk governance
Bouwinvest has a risk governance and decision-making system based on the Three Lines Model (derived from the IIA model). This creates a clear structure for everyone, which helps raise awareness of everyone's role and responsibility on the risk management front.
The Management Board is ultimately responsible for risk management and provides the organisation with guidance on how to remain within the established risk appetite at strategic, tactical and operational levels. The Supervisory Board is responsible for supervising the Management Board.
Risk profile
Bouwinvest uses a risk management framework to manage its risk profile and that of its funds and mandates. This framework helps the organisation to identify and manage all material risks at strategic, tactical and operational levels.
Risk taxonomy
The risk taxonomy is a list of the material risks which Bouwinvest is or may be exposed to, and which arise from its business activities. The risk taxonomy ensures that Bouwinvest has insight into the relevant material risks and can manage these risks properly. Bouwinvest has product-specific risk taxonomies for the funds and mandates it manages.
Bouwinvest updates its risk taxonomy on an annual basis. If Bouwinvest is potentially exposed to a new or evolving type of risk, the risk taxonomy is updated more frequently.
The main risks Bouwinvest recognises are market risk, credit risk, liquidity risk, business risk, operational risk, ESG risk and compliance risk. These main risks are subdivided into sub-risks and Bouwinvest has defined risk indicators and (early warning) limits for these.
Risk appetite
Bouwinvest’s risk appetite determines the level of risk it is willing to take at an aggregate level to achieve its strategic objectives. Bouwinvest constantly monitors its risk appetite using a risk indicator framework based on quantitative and qualitative variables.
The risk indicator framework consists of statements for each material risk as included in the risk taxonomy. Each risk indicator has a limit that is used within the current risk profile. In addition, Bouwinvest has early warning limits in place so it can intervene in a timely fashion to prevent itself from exceeding its defined risk appetite. Bouwinvest has defined product-specific risk appetites for the funds and mandates it manages.
The Management Board discusses Bouwinvest’s compliance with its risk appetite and its outlook with the Supervisory Board on a quarterly basis. Each quarter, Bouwinvest briefs its investors about compliance with the risk appetite for the funds and mandates via individual fund and mandate reports.
Each year, Bouwinvest reviews and determines its risk appetite and the associated limits of its risk indicator framework. The risk appetite is recorded in a risk appetite statement. This statement is drawn up by the Management Board. Bouwinvest determines the risk appetite for the individual funds and mandates annually in the shareholders meeting and records this in the relevant fund and mandate documentation.
Risk culture
Bouwinvest focuses continuously on risk awareness as an integral part of its company-wide risk culture. It does this via communications, risk awareness sessions, as well as the inclusion of risk management targets in individual employee targets.
Employees are also expected to be aware of the risks inherent in the processes they perform or which they are responsible for, as well as the risks they may take, and are expected to act in accordance with Bouwinvest’s code of conduct.
Compliance
Compliance function
The Compliance department supports Bouwinvest by interpreting supervisory legal and regulatory requirements, helps implement these requirements, provides advice, assists in the execution of risk analyses and monitors compliance with regulator-related legal and regulatory requirements and internal policies. Another important part of its task is to strengthen integrity awareness within Bouwinvest by providing training courses.
Compliance cycle
The head of the Compliance department reports to the CFRO. The Compliance department also reports on a quarterly basis to the Management Board and the Audit, Risk & Compliance committee of the Supervisory Board.
Legal and regulatory requirements
The Compliance department actively monitors national and European legislative developments with respect to Bouwinvest’s AIFMD licence, to determine the impact and implement any changes in a timely fashion.
In 2023, Bouwinvest continued work revising the further implementation of the revised Customer Due Diligence (CDD) policy. The CDD policy includes measures required under the Dutch Prevention of Money Laundering and the Financing of Terrorism Act (Wwft) and relates to both new and existing investors and business associates.
Bouwinvest regularly screens its business associates against sanctions lists and has not identified any violations of these sanctions.
Management of compliance risks
Risk management is a key part of conducting business in an ethical manner. The Compliance department supports the organisation to control any identified compliance risks by enhancing the awareness of these risks, how they can be reduced or controlled and what Bouwinvest expects of employees in this regard.
Every year Bouwinvest carries out a Systematic Integrity Risk Analysis (SIRA). The purpose of the SIRA is to identify integrity risks, assess the effectiveness of the control of the risks and to identify points of attention in relation to risk management. The Compliance department presented the SIRA report and its findings, based on the analysis and interviews with employees, to the Management Board. In addition, the Compliance function monitors all outstanding actions prepared as a result of SIRA.
The Compliance department reached several milestones with regard to the implementation of a professionalised Compliance Risk Framework in 2023.
Training and awareness
Bouwinvest values an open culture in which dilemmas can be discussed and considers this to have an important role in mitigating compliance risks. The Compliance department also revised various policy documents in 2023 and organised additional awareness activities related to these policies.
Reports and advice
In 2023, Bouwinvest received no reports of incidents, including corruption or fraud. There were 28 data breaches with respect to the processing of personal information. Five of these were reported to the regulator, the Dutch Data Protection Agency. Some of the data breaches occurred at processors, such as property managers. The data breaches were caused by, amongst others, incorrectly sent e-mails. All data breaches were investigated and, where necessary, additional control measures were taken. Bouwinvest has informed the data subjects where necessary
Investigations by regulators
Bouwinvest has a licence from the Dutch Financial Markets Authority (AFM) and is subject to its continuous supervision. In 2023, Bouwinvest received market surveys from the AFM relating to the Wwft and sanctions regulations and a reguest for information regarding the costs of investment institutions. From the Dutch Central Bank (DNB) we received a questionaire regarding credit risk management and a questionaire regarding the management of the risks to capital. We did not receive (individual) feedback from any of these information requests.