Developments in rules and in the management of (identified) compliance risks and action plans provide the basis for the annual compliance plan and compliance monitoring activities. a.s.r. continuously monitors changing legislation and regulations and assesses their impact on a.s.r. and the corresponding measures to be taken.

In 2022 a.s.r. paid specific attention to:

• Customer Due Diligence (CDD);

• Privacy laws and regulations, including the GDPR. a.s.r. considers it important that personal data are handled with care. More information on this topic can be found in chapter 4.8.2;

• Sustainability regulation, such as the SFDR,  the EU Taxonomy Regulation and the CSRD. Increasing attention has been given to sustainability and the implementation of regulations as part of the EU Green Deal. Detailed information can be found in chapter 4.9.1.

CDD-related risks (including Anti-Money Laundering and Anti-Terrorist Financing) are relevant to a.s.r. Commissioned by the Business Executive Committee (BEC), the Central CDD Review project was launched in 2020 with the following objectives:

• Making the review results of all business units transparent through central recording;

• Strengthened continuous demonstrable compliance with the a.s.r. CDD policy;

• Implementing central management of hits on sanction and PEP-lists, monitoring and reporting, and establishing (decentralised) knowledge rules regarding the assessments to be performed;

• Establishing the processes required for this, and for governance and its implementation.

Within the investigation department, a central CDD-Ultimate Beneficial Owner (UBO) desk has been set up for the central handling of business customers (e.g. if the UBO cannot be determined automatically and in the case of hits on Politically Exposed Person (PEP) and/or sanction lists). In 2023, a.s.r. will complete the central process handling to identify UBO's. The centralised review of private relationships is also in progress. This process will be completed in 2023.

In addition, a.s.r. has set up a CDD Center that centrally manages compliance with CDD policy and reports centrally on this. The CDD Center has drawn up an action plan to further shape compliance with the relevant laws and regulations. The CDD Center uses the advice of the central desk consisting of Compliance, Investigations, Legal and representatives of the business segments.

a.s.r. monitors sound and controlled business operations, including reputational risks. The framework for monitoring and reviewing is based on the rules, regulations and standards of a.s.r. itself, including the a.s.r. code of conduct. In 2022, a.s.r. monitored compliance with e.g. the rules, regulations and policies on CDD, privacy, remuneration, the digital agenda, sustainability, the product approval and review process, handling of client requests, intra-group outsourcing, and the registration and reporting of data breaches, and the quality of information provided to customers.

In addition, a.s.r. focused in 2022 on further improving ongoing monitoring activities by reviewing the compliance risk and monitoring framework and its translation into the business units’ Risk Control Matrix (RCM). Also in 2022, Compliance launched a behaviour and culture pilot on the subject of professional competence. It is the ambition of a.s.r. to increasingly integrate behaviour and culture into its monitoring surveys. Good insight into behaviour and culture, together with the analysis of process design and monitoring, provides an integral picture of the control environment. In addition, behaviour and culture influence the ethical and controlled business operations and are a deciding factor in decision-making. Thus, they become an important part of the compliance monitoring activities. Behaviour and culture studies will be part of the compliance monitoring activities and the monitoring cycle in 2023.