Our objective is to ensure open and functional corporate governance. In our business operations, we adhere to our values, our Code of Conduct and good insurance practice. We act ethically and fairly.  

Compliance and risk management are embedded in the tasks of every director and manager. Every single Veritas employee is responsible for adhering to the guidelines and regulations as well as for risk management in their own work.   

Compliance and risk management supporting good governance

As a pension company, we operate as a private enterprise, while simultaneously managing a vital societal task governed by laws and regulations. For this reason, it is important that what we do is transparent and in line with our task. Alongside legislation, Veritas has comprehensive internal operating guidelines. Through the use of these guidelines and related training, we endeavour to ensure that all Veritas employees adhere to commonly agreed rules. 

Compliance

The compliance function refers to the independent oversight of the lawfulness of a company’s operations and adherence to any other external and internal rules pertaining to its business. 

The task of the Compliance function is to support business, particularly in the identification and management of legal and compliance risks, as well as to supervise and report them to the Executive Group and the Board of Directors.   

At Veritas, Compliance consists of the following elements: 

Proactive

  • Monitor and communicate legislative changes, advise on the need for changes to the requirements of the law
  • Identify and assess legal risks and implementation of undesirable business models, issue recommendations to remedy situations
  • Participate in the approval of business models and assess their compliance
  • Assess the performance of the organisation from a compliance perspective
  • Draft, maintain and communicate compliance policies
  • Provide training and advice

Supervisory

  • Draft action plans based on risk assessment
  • Perform audits, process compliance notifications and make recommendations on any observed deficiencies
  • Monitor the implementation of the compliance recommendations
  • Report to the Board of Directors and Executive Group

Responsive

  • Initiate necessary remedial measures if any activity contrary to regulations or otherwise incorrect is detected.
  • Coordinate internal investigations in cases of malfeasance.

Compliance is embedded in the tasks of every director and manager.

All Veritas employees are responsible for adhering to the guidelines and regulations in their own work.

The Compliance function begins with top management, i.e., the CEO and the Board of Directors, who are responsible for the lawfulness of the company’s operations.  

Veritas has appointed a Compliance Officer who reports to the General Counsel. The tasks of the Compliance Officer include, inter alia, reviewing the compliance of different functions and segments in accordance with the action plan devised on the basis of risks, receiving compliance notifications and monitoring the progression of the remedial measures related to them. Their tasks also include the provision of training and communication concerning compliance matters, as well as the related procedures. The Compliance Officer reports to the Board of Directors twice a year and to the Executive Group at least every two months.

At Veritas, the Compliance function is supported by the compliance network. The network consists of the Compliance Officer and the legal counsels supporting the business, along with other designated persons.  

The compliance network convenes regularly. The responsibilities and tasks of the network members cover the entire Veritas organisation. The network helps to ensure that the company’s operations are in keeping with regulations. The individuals of the compliance network support both the first line of defence regarding compliance and the independent Compliance function within their areas of responsibility. The members of the network monitor regulatory developments. They train and advise the business functions on legal matters that fall within their sphere of responsibility and the related requirements concerning the company. Any pending EU-level and national regulatory initiatives are regularly communicated to the different functions, Executive Group and Board of Directors.  

The Compliance function is engaged in planning new business models or in any plans to change the current business models. This serves to ensure that matters set forth in regulations and guidelines are considered in any changes and the related liabilities remain clear even in changing situations.

Whistleblowing channel

Veritas employees have at their disposal a whistleblowing channel to report any misconduct and suspected misconduct detected by them. The whistleblowing channel is intended for the use of Veritas employees, agents and other interest groups, who have dealings with Veritas through their work. Not a single whistleblowing notification was submitted in 2024.

Compliance in 2024

The Compliance Officer conducted audits of compliance within different functions and segments in accordance with the devised risk-based action plan. Compliance-related matters were reported to Veritas’ Executive Group every other month (with the exception of July). The Executive Group received reports, for example, on the conducted audits and related observations and compliance recommendations, on notifications pertaining to compliance risks as well as on other current affairs. A compliance report was submitted to the Board of Directors twice during 2024.

The Board of Directors approved the updated operating principles regarding compliance, as well as the updates to the statutory operating guidelines, such as related-party guidelines, operating principles for conflicts of interest situations and anti-bribery guidelines.

Audits by the Financial Supervisory Authority in 2024

In the spring of 2024, the Finnish Financial Supervisory Authority (FIN-FSA) conducted a thematic assessment to evaluate the level of preparedness of earnings-related pension companies and other financial sector actors operating in Finland. Their assessment showed that the financial sector actors have organised their operations in accordance with the requirements of continuity and preparedness planning in such a way as to ensure the resilience of their operations in both normal and exceptional circumstances.

In the spring of 2024, the FIN-FSA also conducted a thematic assessment concerning the way earnings-related pension providers manage any conflicts of interest. According to the assessment, pension providers mainly comply with the regulations in force. The FIN-FSA only identified minor individual issues. Veritas received no remarks or recommendations on the basis of the assessment.

In spring 2024, the FIN-FSA began to audit Veritas to assess the adequacy of the company’s risk management. The final report of the audit will be completed in early 2025. Additionally, during the same spring, the FIN-FSA carried out follow-ups of the audits concerning the company’s disability risk management and TyEL insurance contributions. Veritas has initiated development measures to address the findings of the above-mentioned supervisory audits.

In addition, the FIN-FSA has conducted a survey of real estate investments and property valuations, as well as the quality and scope of Board materials during 2024. Veritas received no remarks or recommendations on the basis of the survey.

Risk management

The geopolitical situation has become more unstable in recent years. Hybrid operations targeting Finland have also increased.

Together with the preparedness group for the earnings-related pension sector in 2024, Veritas helped to survey the significance of critical infrastructure, experiences of hybrid influence and ICT service providers’ capabilities in the face of abnormal situations or disruptions. Veritas also reviewed its measures to ensure normal continuity and disruption management.

During 2024, the financial sector experienced multiple denial of service (DoS) attacks, mainly targeting banks. The disruptions did not affect Veritas’ ability to provide its services or carry out its own basic tasks, even though its activities are closely linked to the services provided by the banks. Veritas can also enact its own proactive measures to improve its ability to cope with potential disruptions.

During the year, no significant disruptions were observed in its own activities.

Veritas participated in the TIETO24 exercise organised by the security of supply organisation, which specifically focused on the energy sector. In addition, we participated in the Taisto digital security exercise organised by the Digital and Population Data Services Agency and organised two internal exercises within the company.

Veritas regularly conducts risk surveys to gain a comprehensive and diverse picture of the risks the company is facing. The risk surveys endeavour to identify all significant risks related to the company’s activities, with the main focus on the most severe risks. In addition to risk surveys, risks are also assessed as part of the company’s own risk and solvency assessment (ORSA). Risk surveys are part of the ORSA process. An ORSA is a key internal tool used by company management to evaluate and steer their risk management processes. Veritas’ ORSA is conducted four times a year and additionally if required by a particular situation.

When making investment decisions, consideration of climate risks has already been part of our process for a long time. Emerging risks, including climate risks, are regularly monitored and assessed by the risk management function. In this context, we also estimate to what extent and how they should be taken into account in the company’s own risk and solvency assessment. A fairly large proportion of emerging risks are such whose generation and development we have no or very little control over. Moreover, some of these risks are such that it is not necessarily even possible to prepare for them through any of our own concrete measures. It is, however, important to assess these risks as they provide vital information for the development of our activities.

The operating principles for internal supervision and risk management serve as the company’s guiding principles. The Company’s Board of Directors regularly discusses these operating principles.

Reporting channel for risk events

Our employees have at their disposal a reporting channel through which they are able to report any realised risks or near-miss incidents.

« Towards carbon neutral real estate investments
Data protection and information security are at the core of good governance »