5.5.1Compliance risks

a.s.r. continuously tracks evolving laws, evaluates their impact on the organisation, and determines the necessary measures to address them. These actions, combined with managing identified compliance risks, form the foundation of the annual compliance plan and monitoring activities. a.s.r. monitors business operations, including the management of reputational risks. The framework for monitoring and reviewing is based on the rules, regulations and standards of a.s.r. itself, including the a.s.r. Code of Conduct.

In 2024, a.s.r. focused on several key areas:

  • Customer due diligence (CDD), including anti-money laundering and anti-terrorist financing.

  • Privacy laws and regulations, including the General Data Protection Regulation (GDPR). a.s.r. considers it important for personal data to be handled with care.

  • EU sustainability regulations, such as the SFDR, the EU Taxonomy Regulation and the CSRD.

  • The further development and safeguarding of the Product Approval and Review Process (PARP), in collaboration with the PARP Board and the relevant business units.

  • Compliance participated  in conversion processes of portfolios and systems from Aegon to those of a.s.r.

In addition, a.s.r. continued to work on further improving ongoing monitoring activities by reviewing the compliance risk and monitoring framework and its translation into the business units’ risk control matrix (RCM). This effort also aims to integrate behaviour and culture as part of optimising the NFR. a.s.r. aspires to increasingly incorporate behaviour into its monitoring surveys. A thorough understanding of behaviour and culture, combined with the analysis of process design and monitoring, provides a comprehensive view of the control environment.

The CDD Office is continuously working on an improvement plan for CDD-related risks, using insights and good practices from Aegon NL.