Our objective is to ensure open and functional corporate governance. In our business operations, we adhere to our values, our Code of Conduct and good insurance practice. We act ethically and fairly.  

Compliance and risk management are embedded in the tasks of every director and manager. Every single Veritas employee is responsible for adhering to the guidelines and regulations as well as for risk management in their own work.   

Compliance and risk management supporting good governance

As a pension company, we operate as a private enterprise, while simultaneously managing a vital societal task governed by laws and regulations. For this reason, it is important that what we do is transparent and in line with our task. Alongside legislation, Veritas has comprehensive internal operating guidelines. Through the use of these guidelines and related training, we endeavour to ensure that all Veritas employees adhere to commonly agreed rules. 

Compliance

The compliance function refers to the independent oversight of the lawfulness of a company’s operations and adherence to any other external and internal rules pertaining to its business. 

The task of the Compliance function is to support business, particularly in the identification and management of legal and compliance risks, as well as to supervise and report them to the Executive Group and the Board of Directors.   

At Veritas, Compliance consists of the following elements: 

Proactive

  • Monitor and communicate legislative changes, advise on the need for changes to the requirements of the law
  • Identify and assess legal risks and implementation of undesirable business models, issue recommendations to remedy situations
  • Participate in the approval of business models and assess their compliance
  • Assess the performance of the organisation from a compliance perspective
  • Draft, maintain and communicate compliance policies
  • Provide training and advice

Supervisory

  • Draft action plans based on risk assessment
  • Perform audits, process compliance notifications and make recommendations on any observed deficiencies
  • Monitor the implementation of the compliance recommendations
  • Report to the Board of Directors and Executive Group

Responsive

  • Initiate necessary remedial measures if any activity contrary to regulations or otherwise incorrect is detected.
  • Coordinate internal investigations in cases of malfeasance.

Compliance is embedded in the tasks of every director and manager.

All Veritas employees are responsible for adhering to the guidelines and regulations in their own work.

The Compliance function begins with top management, i.e., the CEO and the Board of Directors, who are responsible for the lawfulness of the company’s operations.  

Veritas has additionally appointed a Compliance Officer, whose superior is the General Counsel. The tasks of the Compliance Officer include, inter alia, reviewing the compliance of different functions and segments in accordance with the action plan devised on the basis of risks, receiving compliance notifications and monitoring the progression of the remedial measures related to them. Their tasks also include the provision of training and communication concerning compliance matters, as well as the related procedures. The Compliance Officer reports to the Board of Directors twice a year and to the Executive Group at least every two months.
  
At Veritas, the Compliance function is supported by the compliance network. The network consists of the Compliance Officer and the legal counsels supporting the business, along with other designated persons.  

The compliance network convenes regularly. The responsibilities and tasks of the network members cover the entire Veritas organisation. The network helps to ensure that the company’s operations are in keeping with the law. The individuals of the compliance network support both the first line of defence regarding compliance and the independent Compliance function within their areas of responsibility. The members of the network monitor legislative developments. They train and advise the business functions on legal matters that fall within their sphere of responsibility and the related requirements concerning the company. Any pending EU-level and national regulatory initiatives are regularly communicated to the different functions, Executive Group and Board of Directors.  

The Compliance function is engaged in planning new business models or in any plans to change the current business models. This serves to ensure that matters set forth in regulations and guidelines are considered in any changes and the related liabilities remain clear even in changing situations.

Whistleblowing channel

Veritas employees have at their disposal a whistleblowing channel to report any misconduct and suspected misconduct detected by them. The whistleblowing channel is intended for the use of Veritas employees, agents and other interest groups, who have dealings with Veritas through their work. Not a single whistleblowing notification was submitted in 2023.

Compliance in 2023

The Compliance Officer conducted audits of compliance within different functions and segments in accordance with the devised risk-based action plan. Compliance-related matters were reported to Veritas’ Executive Group every other month (with the exception of July). The Executive Group received reports, for example, on the conducted audits and related observations and compliance recommendations, on notifications pertaining to compliance risks as well as on other current affairs. A compliance report was submitted to the Board of Directors twice during 2023.

The Board of Directors approved the updated operating principles regarding compliance, as well as the updates to the statutory operating guidelines, such as related-party guidelines, operating principles for conflicts of interest situations and anti-bribery guidelines.

Audits by the Financial Supervisory Authority in 2023

The Financial Supervisory Authority conducted a thematic review of the outsourcing of pension institutions in terms of their exercise of public authority. The objective of the review was to ascertain the compliance of the earnings-related pension insurance companies with valid regulations, which do not allow the companies to outsource the exercise of public authority. Veritas has not outsourced the exercise of public authority.

In autumn 2023, the Financial Supervisory Authority carried out the follow-up of the audits concerning the company’s administration and compliance. Both follow-up rounds found that the recommendations, requests and related planned measures concerning the audit observations had been completed properly.

Risk management

The geopolitical situation has continued to be at least as challenging as it was the previous year. On the one hand, uncertainties have increased, and on the other, major decisions affecting the entire society in Finland have been made. The most notable of these is undoubtedly the country’s NATO membership.

In the autumn, the National Emergency Supply Agency urged companies that are critical to security of supply to raise their preparedness level. Veritas contributes to maintaining security of supply. The company has actively monitored the development of the situation, both within the company itself and in other sectors of society. No significant disturbances were noted within its own operations.

Measures to ensure normal continuity and incident management have been reviewed. The company has participated in the sector’s joint business continuity exercise (FATO) and the digital security exercise (TAISTO ) organised by the Digital and Population Data Services Agency as well as organised its own internal exercises.

When making investment decisions, consideration of climate risks has already been part of our process for a long time. Emerging risks, including climate risks, are regularly monitored and assessed by the risk management function. In this context, we also estimate to what extent and how they should be taken into account in the company’s own risk and solvency assessment. A fairly large proportion of emerging risks are such whose generation and development we have no or very little control over. Moreover, some of these risks are such that it is not necessarily even possible to prepare for them through any type of concrete measures. It is, however, important to assess these risks as they provide vital information for the development of our activities.

Risk surveys provide a comprehensive and diverse picture of the risks the company is facing. The main focus of the risk surveys is on the most severe risks. Risk surveys seek to identify all significant risks related to the company’s operations. Since 2022, sustainability risks have been included in the surveys.

Reporting channel for risk events

Our employees have at their disposal a reporting channel through which they are able to report any realised risks or near-miss incidents.

« Towards carbon neutral real estate investments
Data protection and information security are at the core of good governance »