Risk management

Bouwinvest aims for a healthy balance between risk and return and strives to take risks in a conscious and sustainable manner in the interests of its shareholder and investors. Integrated risk management is a key mechanism to achieve this goal. The mechanism provides for the identification, assessment and understanding of risks inherent in Bouwinvest's services, products, support activities and systems. 

To apply integrated risk management properly, Bouwinvest has implemented a risk governance model, a methodology that aims to match risk appetite to the risk profile of Bouwinvest and its funds and mandates, and to make it possible to measure the applicable risk exposures. The risk appetite determines the maximum acceptable risk that Bouwinvest is willing to take and is aimed at optimising the risk/return ratio. 

Risk governance 

Bouwinvest has a risk governance and decision-making system based on the Three Lines Model (derived from the IIA model). This creates a clear structure for everyone, which helps raise awareness of everyone's role and responsibility on the risk management front. 

The Management Board is ultimately responsible for risk management and provides the organisation with guidance on how to remain within the established risk appetite at strategic, tactical and operational levels. The Supervisory Board is responsible for supervising the Management Board. 

Risk profile 

Bouwinvest uses a risk management framework to manage its risk profile and that of its funds and mandates. This framework helps the organisation to identify and manage all material risks at strategic, tactical and operational levels. 

Risk taxonomy 

The risk taxonomy is a list of the material risks which Bouwinvest is or may be exposed to, and which arise from its business activities. The risk taxonomy ensures that Bouwinvest has insight into the relevant material risks and can manage these risks properly. Bouwinvest has product-specific risk taxonomies for the funds and mandates it manages. 

Bouwinvest updates its risk taxonomy on an annual basis. If Bouwinvest is potentially exposed to a new or evolving type of risk, the risk taxonomy is updated more frequently. 

The main risks Bouwinvest recognises are market risk, credit risk, liquidity risk, business risk, operational risk, ESG risk and compliance risk. These main risks are subdivided into sub-risks and Bouwinvest has defined risk indicators and (early warning) limits for these.

Risk appetite 

Bouwinvest’s risk appetite determines the level of risk it is willing to take at an aggregate level to achieve its strategic objectives. Bouwinvest constantly monitors its risk appetite using a risk indicator framework based on quantitative and qualitative variables.

The risk indicator framework consists of statements for each material risk as included in the risk taxonomy. Each risk indicator has a limit that is used within the current risk profile. In addition, Bouwinvest has early warning limits in place so it can intervene in a timely fashion to prevent itself from exceeding its defined risk appetite. Bouwinvest has defined product-specific risk appetites for the funds and mandates it manages. 

The Management Board discusses Bouwinvest’s compliance with its risk appetite and its outlook with the Supervisory Board on a quarterly basis. Each quarter, Bouwinvest briefs its investors about compliance with the risk appetite for the funds and mandates via individual fund and mandate reports. 

Each year, Bouwinvest reviews and determines its risk appetite and the associated limits of its risk indicator framework. The risk appetite is recorded in a risk appetite statement. This statement is drawn up by the Management Board. Bouwinvest determines the risk appetite for the individual funds and mandates annually in the shareholders meeting and records this in the relevant fund and mandate documentation. 

Risk culture 

Bouwinvest focuses continuously on risk awareness as an integral part of its company-wide risk culture. It does this via communications, risk awareness sessions, as well as the inclusion of risk management targets in individual employee targets.

Employees are also expected to be aware of the risks inherent in the processes they perform or for which they are responsible, and the risks they may take, and are expected to act in accordance with the code of conduct applicable within Bouwinvest. 

Looking back and looking ahead 

Market conditions

The global economy has faced significant challenges with a slowdown in growth, higher interest rates and persistent high inflation since early 2022.

Central banks around the world are increasing interest rates to curb inflation and anchor inflation expectations in their respective economies. These rising interest rates will pose many challenges and risks, which increase financial vulnerabilities. In addition, Russia’s war in Ukraine is increasing the risk of debt distress, food insecurity and geopolitical uncertainty. Debt servicing will be more expensive for companies, governments and households, who have variable rate loans, or when taking on new debt.

Energy markets remain among the significant downside risks and supply shortages could push prices higher. The situation might be even more complicated in the winter of 2023-2024, as replenishing gas reserves could prove more difficult. Volatile gas prices, or outright gas supply disruptions, could entail significantly weaker growth and higher inflation worldwide in 2023 and 2024.

The impact of this on Bouwinvest is difficult to quantify. Risks remain significant and monetary policy has a crucial role. For example, accelerating investment in the adoption and development of clean energy sources and technologies will be crucial to diversifying energy supplies and ensuring energy security.

Bouwinvest is exposed to global macro-economic market conditions which are having a negative impact on assets under management. This was highlighted by negative portfolio revaluations in Q4-2022, a decline in market liquidity, potential redemptions and the possible postponement of investments by new and existing investors.

Bouwinvest is closely monitoring the developments in the Netherlands, Europe and worldwide to ensure it can adapt and respond to developments and emerging risks in a timely fashion.

COVID-19

In 2022, COVID-19 had a more limited impact on a global scale and more specifically on the Netherlands than in 2021 and government measures were further relaxed during the first quarter.

At the beginning of the pandemic, Bouwinvest had implemented a number of measures to minimise the impact on its staff and business operations. In 2022, the popularity of working from home did not have an impact on the company meeting its operational and strategic objectives and the IT infrastructure held up well. Bouwinvest will continue to maintain business continuity related measures for any future crisis.

Risk management programme and risk culture

The programme to further improve the risk management maturity level was completed and was validated by a Big Four firm in early 2022. The overall conclusion was that Bouwinvest complies with prevailing regulations and current market practices.

Bouwinvest devoted a great deal of attention to increasing a broad awareness of risk within the organisation in 2022 and will continue the risk awareness programme in the future.

Tax

The Dutch government announced in autumn 2022 that from 1 January 2024, Fiscal Investment Institutions (FIIs) may no longer invest in directly-held real estate. This measure has since been postponed until 1 January, 2025. Although Bouwinvest did not expect this measure to be taken within such a short time frame, the company has been looking at restructuring the open funds into closed Funds for Mutual Account (FMA) since 2020.

The Bouwinvest Dutch Institutional Office Fund has been restructured into an FMA from 1 January 2023. Bouwinvest intends to restructure the Bouwinvest Dutch Institutional Residential Fund and Bouwinvest Dutch Institutional Retail Fund into a tax transparent legal structure as soon as the conditional transfer tax exemption connected to a change in the FII legislation is implemented, probably 1 January, 2025. Bouwinvest expects the FMA will remain the most appropriate tax transparent legal structure.

From 1 January 2023 the RETT rate for investors is set to go up from 8% to 10.4%. The impact of this may well be overshadowed by general market conditions.

Outsourcing

The ongoing shift towards organisations (partly) outsourcing their processes and services, and the related exposure to outsourcing risks, has prompted regulators and supervisory bodies to impose additional requirements on these organisations.

Bouwinvest is also very much aware of this risk exposure and worked hard in the past year to carefully frame and define the risks associated with outsourcing and contractual relationships with third parties. This resulted in a robust outsourcing framework, including a sound outsourcing policy, in line with applicable requirements and market practices. The internal processes that are derived from the outsourcing framework help Bouwinvest to remain in control of its outsourcing relationships and outsourced processes.

ESG

Bouwinvest is paying extra attention to changes in ESG risks in some parts of the portfolio due to the situation in Ukraine and related effects (including the energy and commodity markets). If commodity prices continue to rise, this may put pressure on the feasibility and practicability of some sustainability ambitions.

Bouwinvest continued to add structure to its ESG risks, including the development of the ESG framework and risk taxonomy, and to determine the impact on the existing risk taxonomy of the real estate portfolios and the management organisation. The formats for the fund and mandate plans, quarterly reports and investment proposals were adjusted accordingly.

GRC-tool

In the first quarter of 2022, Bouwinvest implemented a dedicated Governance, Risk and Compliance (GRC) tool to support risk & control monitoring and testing processes. The tool also provides centralised workflow and data management for handling incidents, data breaches and action management. More modules are expected to roll out in 2023, which will broaden the usage of the tool throughout the organisation.

Cybersecurity

In 2022, Bouwinvest continued to devote a great of attention to cyber security. Given the increasingly dominant role of IT in society and business, and the invention of new technologies, the likelihood and impact of cybercrime will also continue to grow. Different phishing tests were performed in 2022 as well as a cyber incident response test with the Business Continuity Team and Incident Response Team. SOC (Security Operations Centre) services have been implemented to monitor suspicious activity in its connectivity and office automation domains. This raises the company’s real-time monitoring capabilities to further strengthen its cyber defence.

Bouwinvest has developed a security awareness programme to keep employees informed of different kinds of cybersecurity risks in 2022 and this will continue in 2023.

The 58 controls which Bouwinvest has set up as part of the Dutch Central Bank’s (DNB) Good Practice Information Security programme are assessed twice a year. In 2022, Bouwinvest continued to score on or above the norm set by the DNB.

Human Resource Management

Labour market shortages and the war for talent made it challenging to attract high-quality staff in general and specifically for positions in e.g. Risk Management, Compliance and IT. Bouwinvest sees this reflected in the lead times of its vacancies and the limited numbers of candidates applying for these positions. In the above-mentioned domains Bouwinvest also sees an increase of ‘detavast’ agreements. This trend is expected to continue in 2023.

Compliance 

Compliance function 

The Compliance department supports Bouwinvest by interpreting supervisory legal and regulatory requirements, helps implement these requirements, provides advice, assists in the execution of risk analyses and monitors compliance with regulator-related legal and regulatory requirements and internal policies. Another important part of its task is to strengthen integrity awareness within Bouwinvest by providing training courses.

Compliance cycle 

The head of the Compliance department reports to the CFRO. The Compliance department also reports on a quarterly and annually basis to the Management Board and the Audit, Risk & Compliance committee of the Supervisory Board.

Legal and regulatory requirements 

The Compliance department actively monitors other national and European legislative developments with respect to Bouwinvest’s AIFMD licence and IT, to determine the impact and implement any changes in a timely fashion. 

In 2022, Bouwinvest continued work revising the further implementation of the revised Customer Due Diligence (CDD) policy. The CDD policy includes measures required under the Dutch Prevention of Money Laundering and the Financing of Terrorism Act (Wwft) and relates to both new and existing investors and business associates.

Bouwinvest regularly screens its business associates against sanctions lists and has not identified any violations of these sanctions. In 2022, Bouwinvest carried out additional sanctions screening activities as a result of the war in Ukraine. In July 2022 CDD client investigation and sanctions screening were outsourced to an external service provider and are on schedule. 

Bouwinvest continues to implement Regulatory Technical Standards related to the SFDR (Sustainable Finance Disclosure Regulation) and related legislation such as the CSRD (Corporate Sustainability Reporting Directive).

Management of compliance risks 

Risk management is a key part of conducting business in an ethical manner. The Compliance department supports the organisation to control any identified compliance risks by enhancing the awareness of these risks, how they can be reduced or controlled and what Bouwinvest expects of employees in this regard. 

Every year Bouwinvest carries out a Systematic Integrity Risk Analysis (SIRA). The purpose of the SIRA is to identify integrity risks, assess the effectiveness of the control of the risks and to identify points of attention in relation to risk management. The Compliance department started the preparations for the SIRA 2022 in the last two months of 2022 and will report on the results in the first quarter of 2023.

The Compliance department reached several milestones with regard to the implementation of a professionalised Compliance Risk Framework in 2022. For example, the Compliance Monitoring plan has been improved and updated in line with the integral Risk Framework. In 2022 Bouwinvest started using a GRC tool to improve its control monitoring activities. This tool will also be used for incident- and action management. The system has made the reporting process both simpler and more efficient and allows Bouwinvest to demonstrate the effectiveness of its controls via automated notifications about periodic testing. 

Training and awareness 

Bouwinvest values an open culture in which dilemmas can be discussed and considers this to have an important role in mitigating compliance risks. The Compliance department also revised various policy documents in 2022 and organised additional awareness activities related to these policies.

Reports and advice 

In 2022, Bouwinvest received no reports of incidents, including corruption or fraud. There were 21 data breaches with respect to the processing of personal information. Four of these were reported to the regulator, the Dutch Data Protection Authority. Some of the data breaches occurred at processors, such as property managers. Some of the data breaches were caused by incorrectly sent e-mails. All data breaches were investigated and, where necessary, additional control measures were taken. The data subjects were informed where necessary.

At the beginning of February 2022 Bouwinvest was informed about a cyber-attack on Aareon, a software supplier responsible for the REMS management system used by several property managers contracted by Bouwinvest. After establishing there had been a data leak, Bouwinvest reported the findings to the Dutch Data Protection Authority and contacted all tenants who may have been affected, alerting them to the potential risk and giving them tips about how to protect themselves as a precaution. Shareholders were also informed where relevant.

Aareon has since carried out an investigation into the breach and found that no data from Bouwinvest had been leaked. Bouwinvest has carried out its own evaluation and action will be taken on the results by both Bouwinvest and its property managers.

Investigations by regulators 

Bouwinvest has a licence from the Dutch Financial Markets Authority (AFM) and is subject to its continuous supervision. In 2022, Bouwinvest received market surveys from the AFM relating to the Wwft and liquidity management tools and a questionnaire from the Dutch Central Bank (DNB) about liquidity management.