2023 annual report
3.7.1Compliance risks

Developments in legislation and in the management of (identified) compliance risks and action plans provide the basis for the annual compliance plan and compliance monitoring activities. a.s.r. continuously monitors changing legislation and regulations and assesses their impact on a.s.r. and the corresponding measures to be taken.

In 2023, a.s.r. paid specific attention to:

  • Customer Due Diligence (CDD), including Anti-Money Laundering and Anti-Terrorist Financing;

  • Privacy laws and regulations, including the General Data Protection Regulation (GDPR). a.s.r. considers it important that personal data are handled with care;

  • Sustainability regulation, such as the SFDR, the EU Taxonomy Regulation and the CSRD. Increasing attention has been given to sustainability and the implementation of regulations as part of the EU Green Deal, as well as to expressions in the field of sustainability; 

  • The further development and safeguarding of the PARP, in collaboration with the PARP Board and the relevant business units;

  • Compliance participated in the so-called baseline risk measurement which started immediately after the Aegon NL transaction was completed.

a.s.r. monitors sound and controlled business operations, including the management of reputational risks. The framework for monitoring and reviewing is based on the rules, regulations and standards of a.s.r. itself, including the a.s.r. code of conduct. In 2023, a.s.r. monitored compliance with e.g. the rules, regulations and policies on CDD, privacy, remuneration, the digital agenda, sustainability (including the assessment of communications expressions), handling of customer requests and the quality of information provided to customers. The CDD Centre is continuously working on an improvement plan for CDD-related risks. The implementation was carried out in line with this plan in 2023.

In addition, a.s.r. continued to work on further improvement of ongoing monitoring activities in 2023, by reviewing the compliance risk and monitoring framework and its translation into the business units’ Risk Control Matrix (RCM). It is the ambition of a.s.r. to increasingly integrate behaviour and culture into its monitoring surveys. Good insight into behaviour and culture, together with the analysis of process design and monitoring, provides an integral picture of the control environment.