The Compliance function is a centralised function which is headed by the compliance manager for both a.s.r. and the supervised entities. The compliance function, part of the second line of defence, is considered a key function in line with the Solvency II regulation. The CEO bears ultimate responsibility for the compliance function and the compliance manager has a direct reporting line and access to the CEO.
The compliance manager also has an escalation line to the chair of the A&RC and / or the chair of the SB in order to safeguard the independent position of the compliance function and allows it to operate autonomously. The compliance manager is entitled to scale up critical compliance matters to the highest organisational level or to the SB.
Encouraging compliance with relevant legislation and regulations, self-regulation, ethical standards and the internal standards derived from them (the rules) by providing advice and formulating policies.
Monitoring compliance with the rules.
Monitoring management of compliance risks by further developing adequate compliance risk management, including, where necessary, advising on business measures and actions.
Creating awareness of the need to comply with the rules and desired ethical behaviour.
Coordinating interaction with regulators in order to maintain effective and transparent relationships.
Developments in rules and in the management of (identified) compliance risks and action plans provide the basis for the annual compliance plan and compliance monitoring activities. a.s.r. continuously monitors changing legislation and regulations and assesses their impact on a.s.r. and the corresponding measures to be taken.
Customer Due Diligence (CDD) related risks (including anti-money laundering) remain relevant for a.s.r. in order to guarantee sound and controlled business operations. To ensure that a.s.r. performs the CDD process correctly and in full, parts of the CDD screening and tooling have been centralised. The central CDD desk, consisting of Compliance, Investigations, Legal and representatives of the business lines, functions as an expertise centre and recommends ensuring a consistent screening approach. On the basis of the monitoring of compliance with CDD regulation and policy performed in 2020, compliance has been further assured and the governance has been sharpened. In 2021, the Authority for the Financial Markets (AFM) conducted an investigation into compliance of the Wet ter voorkoming van witwassen en financieren van terrorisme (Anti-Money Laundering and Anti-Terrorist Financing Act) and the 1977 Sanctions Act at the business line Asset Management. The AFM noted that Asset Management is compliant on many aspects. However, some shortcomings have been identified regarding tailoring CDD to the risk sensitivity of some customer files. The AFM has not proceeded with formal enforcement and has closed the investigation in view of the findings. Measures are drafted to address the shortcomings.
The central CDD desk has developed an uniform monitoring framework for demonstrable compliance with the CDD policy with the business lines and is intensifying the training programme.
Increasing attention has been given to sustainability and the implementation of regulations as announced under the EU Taxonomy Regulation. Detailed information can be found in chapter 4.4.
a.s.r. considers it important that personal data are handled with care. After the General Data Protection Regulation (GDPR) entered into force in 2018, attention was devoted to this in the recent years. The following themes were included in the monitoring study performed in 2021: the rights of data subjects, the policy on keeping data, keeping data out of sight and awareness on the topic. The resulting actions are almost completed. More information on this topic can be found in chapter 3.4.5.
Other monitoring activities at Group and business line level included compliance with the rules and regulations and the policy on remuneration, the PARP, handling of customer requests, intra-group outsourcing, internal exchanges of business-sensitive and / or price-sensitive information and the registration and reporting of data breaches and the quality of information provided to customers. Compliance was also involved with a.s.r. Vooruit and BND IORP.
Moreover, in order to guarantee sound and controlled business operations, a.s.r. has taken a number of control measures to prevent, identify and combat unethical behaviour, including corruption. In 2020 a.s.r. introduced computerised in-employment screening. The implementation of tooling to further improve monitoring and awareness throughout the business with respect to insiders, incentives and outside business activities and material non-public recording of information took place in the course of 2021.
The compliance manager issues quarterly reports on compliance matters and on the progress made regarding advised business measures and actions at Group level, supervised entity (OTSO) level and business line level. The quarterly report at division level is discussed with the management responsible and with the relevant Business Risk committees. The quarterly report at Group and OTSO level is presented to and discussed with the individual members of the EB, with the NFRC, the a.s.r. Risk Committee and with the A&RC of the SB. The report is shared and discussed with DNB, the AFM and the internal and external auditor.