Integrity

A safe working environment and ethical behaviour among employers and employees are important to Stedin Group: a business culture in which our employees and stakeholders can build and rely on our core standards and values.

Code of conduct and guidelines for conduct

Those standards and values and statutory rules are laid down in Stedin Group’s Code of Conduct. This code, which lays down the norms and rules regarding our conduct and interaction, describes the behaviour that we demand from our employees: amongst one another and towards external parties such as customers, shareholders, suppliers and other contacts of Stedin Group. Topics in the code of conduct include health and safety, conflicts of interest, how to treat confidential and other information and company property, harassment and sexual harassment and unacceptable behaviour. Unacceptable behaviour includes fraud and theft, bribery and other forms of corruption, abuse of power, intimidation and harassment, aggression, violence and discrimination in any form whatsoever. We do not tolerate unacceptable conduct. Any such conduct will be investigated and the perpetrators will be punished. The code of conduct and guidelines for conduct (including non-discrimination) are also the starting point for HR processes such as recruitment, selection, promotion, remuneration and training. See the ‘Good employment practice’ section.

Our code of conduct is not a document without obligations. All our permanent employees, hired staff and interns are expected to endorse, know and comply with the contents of our code of conduct and to accept their responsibility to protect Stedin Group’s reputation. All employees sign the employee regulations and a non-disclosure agreement. In this context, our supervisors play a vital role in promoting an ethical business culture. After all, integrity starts with setting a good example. A compulsory e-learning course on desirable behaviour, developed in 2022, was presented to all our employees in December and has since been completed by over 3,000 of them.

Any failure by an employee to comply with the code of conduct, or guidelines covered by the code of conduct, can have serious consequences for Stedin Group. In the event of a reported suspected violation of the code of conduct, a detailed investigation will always take place in accordance with an established protocol. This investigation may lead to us taking measures. The nature and severity of the violation determine the sanction to be imposed, with due regard for the given circumstances. Sometimes we impose a disciplinary measure while on other occasions we may decide to offer the person concerned a second chance, and serious cases may result in instant dismissal.

Within Stedin Group, we work with guidelines for specific topics such as competition and tendering. These guidelines are part of the code of conduct. The detailed guidelines are available for employees on the intranet and are regularly brought to their attention by us. In 2022, four workshops and awareness sessions were held on risks and learning points. On five occasions in 2022 (two in 2021), we also requested attention for integrity and compliance via the general means of communication.

The Board of Management supervises compliance with the code of conduct of Stedin Group. The Compliance Officer creates awareness, monitors the effectiveness of the code of conduct and reports the numbers and nature of any incidents at regular intervals to the Board of Management and the Supervisory Board (via the Audit Committee and the SRA Committee).

Fraud prevention

Stedin Group has a fraud risk prevention policy that has been approved by the Supervisory Board and is subject to an annual update. Based on discussions with the departmental management teams, fraud risk consultations produce a fraud risk analysis from which control measures may ensue. Fraud risk consultations are held at regular intervals (on three occasions in 2022) and are attended by the Internal Audit, Control and Risk managers and the Compliance Officer. They discuss the risk of fraud in a structured manner, also including practical cases tabled by the Compliance Officer, which may be used as a basis for control measures.

Reporting Facilities

Stedin Group has an ‘Integrity & security’ reporting facility. The Compliance Officer investigates every report, also including reports of fraud. Integrity incidents are handled on the basis of the Guideline for Integrity Incidents and Abuses. There is also an information security reporting facility and a privacy issues reporting facility.

In 2022, 186 reports (2021: 256 reports) of possible breaches of the code of conduct were received within Stedin Group at the Integrity & security reporting facility. Of these reports, 51 (2021: 70) have been designated as involving an integrity element. In the first half of 2022, attention in broader society for undesirable conduct and intimidation and sexual harassment did not result in an increase in the number of reports on this topic. It did however receive extra attention from the Board of Management and integrity staff.

Confidential advisers

Employees can also contact one of the organisation’s confidential advisers. Stedin Group has six internal confidential advisers. One external confidential adviser was added to the internal team of advisers on 1 November 2022, bringing the total of confidential advisers to seven. Confidential advisers work strictly confidential, have a duty of secrecy and never act on their own initiative or without the approval of the person reporting. A confidential adviser receives a fee for this work.

Whistleblower procedure

If an employee believes that an abuse within the company has not been addressed or has not been addressed adequately in accordance with the internal procedure, and if the abuse concerned is relevant to society in general, the employee can opt to report it to the external House for Whistleblowers. In 2022, no reports were made to the House for Whistleblowers. We refer to this national whistleblower procedure in the Guideline for Integrity Incidents and Abuses.

Prevention of market abuse

As Stedin has issued publicly traded bonds, we have laid down a guideline on inside information and the possession of and transactions in securities in our ‘Stedin Group Disclosure Policy’ and in the ‘Guideline on private investments’. This guideline builds on our Code of Conduct.

Within Stedin Group, we use an insiders list of persons who have access to price-sensitive information. Sharing inside information and insider trading in bonds of Stedin Group are prohibited for Stedin’s employees. The ‘Guideline on private investments’ also applies to the members of the Board of Management and the Supervisory Board. They are required to comply with all legal rules concerning disclosure and insider trading. All employees require the prior approval of the Compliance Officer to engage in private investments in financial instruments of Stedin Group. Any suspicion of abuse of price-sensitive information must be immediately reported to the Compliance Officer. The Compliance Officer reports at regular intervals to the Board of Management and the Audit Committee of the Supervisory Board; any cases of abuse of price-sensitive information are also included in those reports. With its approach, Stedin Group complies with the European Market Abuse Regulation. There were no cases of abuse of price-sensitive information in 2022. In the event of abuse of inside information, the Disclosure Committee will decide whether a press release is required to be published on the incident. This will depend on the seriousness of the breach and on applicable laws and regulations.

Compliance with laws and regulations

In addition, Stedin Group attaches great importance to regulatory compliance. This is a shared responsibility of the board, the management and employees. They are supported in this by Compliance & Integrity. Stedin Group has an effective and efficient compliance process in place to ensure that we implement all new and existing laws and regulations into our business processes correctly and in a timely manner. Twice a year, the Legal Compliance Officer reports to the board on legal compliance developments within and outside of Stedin Group. In 2022, supervisory authorities did not impose any sanctions on Stedin for non-compliance with laws and regulations.

Stedin applies appropriate processes to ensure compliance with all relevant laws and guidelines. These processes cover bribes and corruption, fair competition and taxation.

Stedin is subject to Dutch taxation. Most of its tax liability concerns corporate income tax, turnover tax, dividend withholding tax, and payroll tax and social security contributions. In its dealings with the Dutch Tax and Customs Administration, Stedin is committed to a type of collaboration based on mutual trust, mutual understanding and transparency, and always strives to pay its fair share in taxes. This is implemented in further detail in Stedin’s tax policy.

Privacy

Within Stedin Group, we exercise due care when handling personal data, in line with the General Data Protection Regulation (GDPR). The exercise of due care when handling personal data is part of our Code of Conduct. Each department has one or more Privacy Coordinators (totalling 32). They are joined by the Legal Privacy Officer, who serves as an adviser and provides support to the organisation. Lastly, the Data Protection Officer has an independent role and performs a monitoring and advisory function as an internal supervisor.

Stedin maintains a constant focus on making and keeping its people aware of the importance of due care in the processing of personal data of customers and employees. One of the ways we raise awareness on this issue is by organising an e-learning course that all employees are required to complete. In 2022 we made considerable progress in assuring the careful processing of personal data. For example, we updated our privacy policy, highlighting the crucial role of governance in this field. In addition, we updated guidelines and procedures and formulated basic rules for all employees regarding the careful processing of personal data. Those basic rules are shared via the intranet and discussed regularly in the various consultation platforms.

There were 39 reports of data breaches in 2022 (2021: 36 / 2020: 42). Five reports were submitted to the Dutch Data Protection Authority (2021: 2 / 2020: 4).