Triodos Bank defines compliance risk as the risk of legal or regulatory sanctions, material financial loss or loss to reputation that Triodos Bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory standards, and codes of conducts applicable to its banking activities. Internal policies, procedures and awareness activities are in place to guarantee that co-workers in all functions comply with relevant laws and regulations.

The compliance function independently monitors and challenges the extent to which Triodos Bank complies with laws, regulations and internal policies, with an emphasis on customer due diligence, anti-money laundering, treating customers fairly, preventing and managing conflicts of interest, data protection and the integrity of co-workers.

The Central Compliance Department is part of the risk organisation. Compliance Officers are present in every business unit with a functional line towards the Central Compliance Department. Resources of the local Compliance function are tailored to the size of the business unit and the regulatory environment. Significant compliance risks are reported to the Non-Financial Risk Committee and to the Supervisory Board’s Audit and Risk Committee on a quarterly basis. The Director Risk and Compliance reports to a member of the Executive Board.

Compliance risks are identified, assessed, mitigated, monitored and reported via a compliance risk management cycle. Controls to mitigate compliance risks are embedded in business processes. The compliance function monitors the effectiveness of controls by means of a risk-based Compliance Monitoring Plan.

In 2018 Triodos Bank has continued to enhance its controls related to anti-money laundering, counter terrorist financing and sanctions regulations. Policies and procedures were updated to ensure compliance with changes in anti-money laundering and counter terrorist financing laws and guidance by regulators. A group wide systematic integrity risk analysis was executed.

In 2018, the Dutch Central Bank (DNB) conducted a thematic, sector wide survey among Dutch banks, focussing on the measures that the banks have taken to prevent money laundering and terrorism financing. From this survey, DNB concluded that Triodos Bank is required to implement enhancement of its measures concerning customer due diligence and monitoring of customer transactions. Triodos Bank agrees with the required improvements as articulated in an instruction of DNB and is taking the necessary steps to remedy this situation. DNB may publish details of its instruction in due course. Triodos Bank expects to be able to implement the required improvements.

In 2018 there was a compliance incident in the Spanish branch concerning the information relating to costs for consumer mortgages. The Spanish regulator imposed a fine, after the applicable reductions, of EUR 174,000. Triodos Bank completed voluntary payment of the fine on 10 December 2018.

Triodos Bank was not involved in material legal proceedings or further sanctions associated with non-compliance with legislation or regulations in terms of financial supervision, corruption, advertisements, competition, data protection or product liability.