Integrity

A safe working environment as well as ethical behaviour among employers and employees are important to Stedin Group, with a business culture in which our employees and all our stakeholders can build and rely on our core standards and values.

Code of conduct and guidelines for conduct

Those standards and values and rules determined by law are laid down in Stedin Group's Code of Conduct. This sets out how we treat each other and external parties such as customers, shareholders, regulators and other contacts of Stedin Group. DNWG Group applies its own DNWG Code of Conduct, which is based in full on Stedin's Code of Conduct.

Topics that are addressed in the Code of Conduct include health and safety, conflicts of interest, how to treat confidential and other information and company property and unacceptable behaviour. Unacceptable behaviour includes matters such as fraud and theft, bribery and other forms of corruption, abuse of power, intimidation and harassment and discrimination in any form whatsoever. These forms of unacceptable behaviour are not tolerated. The code of conduct and guidelines for conduct (including non-discrimination) are also one of the starting points for HR processes, such as recruitment, selection, promotion, remuneration and training Also see the section on ‘Professionally competent employees’.

Our code of conduct is not a case of take it or leave it. All our permanent employees, hired staff and interns are expected to endorse, know and comply with the contents of the Code of Conduct and to accept their responsibility to protect Stedin Group's reputation. All employees sign the employee regulations and a non-disclosure agreement. Our supervisors play a vital role in promoting an ethical business culture. After all, integrity starts with setting a good example. Stimulating ethical behaviour is included in the Stedin leadership training and programmes. This involves giving and receiving trust, being clear and transparent in what you do and ask for and knowing the effect of your conduct as supervisor on others.

Any failure by an employee to comply with the code of conduct can have serious consequences for Stedin Group. In the event of a suspected violation of the code of conduct, a detailed investigation will be initiated and a meeting will be held with the employee in question. The nature and severity of the violation will determine which measures (disciplinary or otherwise) we will take, which may include instant dismissal.

Within Stedin, we also work with a number of guidelines associated with the code of conduct for specific topics such as competition, tendering, disclosure and private investments. These detailed guidelines are available for employees on the intranet and are regularly brought to their attention.

The Board of Management supervises compliance with the code of conduct of Stedin Group. The compliance officer monitors the effectiveness of the code of conduct and the numbers and nature of any incidents. The compliance officer also reports on this to the Board of Management every quarter. The Board of Management informs the Supervisory Board (Audit Committee) every six months.

In 2020, three awareness sessions were held on risks and learning points. Due to COVID-19 and the resulting need to work from home a lot, we held fewer sessions than planned. We did request attention in 2020 for integrity and compliance via the general means of communication (four times in 2020).

Reporting Facilities

Stedin Group has an ‘Integrity & security' reporting facility. Any report of an integrity incident will always reach the Compliance Officer of Stedin Group, who will then investigate it. Integrity incidents are handled on the basis of the Guideline for Integrity Incidents and Abuses. There is also an 'Information security' reporting facility. Reports to this reporting facility are handled by the Information Security department.

In 2020, 275 reports on possible breaches of the code of conduct were received within Stedin Group at the Integrity & security reporting facility. All reports are always investigated. To date, 76 reports have been designated as involving an integrity element. Within that total, three comprised a discriminating element within the meaning of the article on discrimination in our code of conduct.

Confidential advisers

Employees can also contact one of the organisation's confidential advisers. As in 2019, there were three confidential advisers at Stedin in 2020. DNWG has two confidential advisers. Confidential advisers have an obligation of confidentiality and never act on their own initiative or without the approval of the employee concerned. A confidential adviser receives a fee for this work.

External report

If an employee believes that an abuse within the company has not been addressed or has not been addressed adequately in accordance with the internal whistleblower procedure, and if the abuse concerned is relevant to society in general, the employee can opt to report it to the external House for Whistleblowers. The whistleblower procedure is part of the Guideline for Integrity Incidents and Abuses.

Prevention of market abuse

Stedin Group is not a listed company but does have a listing for bonds in Amsterdam and in Luxembourg. As a consequence, Stedin has laid down a guideline on inside information and the possession of and transactions in securities in its 'Stedin Group Disclosure Policy' and in the ‘Guideline on private investments'. This guideline builds on our Code of Conduct.

Within Stedin Group, we use an insiders list of persons who have access to price-sensitive information. Sharing inside information and insider trading in bonds of Stedin Group is prohibited for Stedin's employees. This 'Guideline on private investments' also applies to the members of the Board of Management and the Supervisory Board. They are required to comply with all rules concerning disclosure and insider trading applicable thereto pursuant to laws or stock exchange regulations. This also follows from the Corporate Governance Code that Stedin complies with. All employees require the prior approval of the Board of Management to engage in private investments in financial instruments of Stedin Group. Any suspicion of abuse of price-sensitive information is immediately reported to the Compliance Officer. The Compliance Officer reports periodically to the Board of Management and also to the Audit Committee of the Supervisory Board; any cases of abuse of price-sensitive information can also be included in those reports. With its approach, Stedin Group complies with the European Market Abuse Regulation. There were no cases of abuse of price-sensitive information in 2020. In the event of abuse of inside information, the Disclosure Committee will decide whether or not a press release is required to be published on the incident. This will depend on the seriousness of the breach and on laws and regulations.

Privacy

The demand for and processing of data as well as advancing automation will develop further in the years ahead and impact how personal data are treated. Treating personal data with due care in line with the General Data Protection Regulation is important to us at Stedin Group. The treatment of personal data is part of our Code of conduct. Stedin is not yet fully compliant in a number of areas, including the implementation of the retention periods and testing that makes use of personal data. Both processes will therefore be given the greatest priority in 2021. In addition, awareness within Stedin remains a continual point for attention.

There are privacy coordinators for each department. The Privacy Office is active as an adviser and provides support to the organisation. Lastly, the Data Protection Officer has an independent role and performs the monitoring function as an internal supervisor.

To maintain awareness of the treatment of personal data among our employees, a mandatory privacy e-learning module was rolled out for all employees in July 2020. In 2020, 90% completed the e-learning module.

There were 42 reports of data breaches in 2020 (2019: 57). Four reports were submitted to the Dutch Data Protection Authority (2019: 3).