Risk Management Statement

tt the end of December 2023, an agreement was reached by market actors to introduce into the Dutch Corporate Governance Code (the “Code”) the obligation to include a “statement on risk management” (hereinafter to be referred to by the Dutch acronym, the “VOR“) in the annual report.

This agreement was made public by the so-called ‘supporting parties’, (CNV and FNV, VEB and Eumedion, Euronext, the Association of Securities Issuing Companies (VEUO) and VNO-NCW) on December 27, 2023. The agreement provides that the VOR will have to be included in annual reports from January 1, 2025.

In this article, I briefly explain what the Code and the VOR are. I also explain how you, as a shareholder, can use parts of the Code to gain more control over the management of your company.

What is the Code?

The Code is an instrument of self-regulation, and therefore not the same as a law. It is a regulation originating from representatives of market participants. The Code contains rules for the management of companies and accountability for the management conducted.

Yet the Code is not entirely without legal significance. Through Article 2:391, paragraph 5 of the Dutch Civil Code, the Code is mandatory for Dutch listed companies in accordance with the ‘comply or explain’ principle. Listed companies with a registered office in the Netherlands must either apply the provisions of the Code or explain in their annual accounts why they do not do so.

Pressure from The Hague

The agreement to include the VOR in the Code came after pressure from the Dutch Parliament. There, the De Jong/ Van Weyenberg motion was adopted. The motion threatened legislative action if the Code did not make VOR mandatory by January 1, 2024.

Political pressure mounted after a modified version of the Code was proposed by the supporting parties that did not include the VOR. The VOR had previously been declared controversial by the drafters of the Code. The pressure from The Hague was therefore instrumental in this matter.

Relevance of the Code to shareholders

The Code is not only relevant for listed companies. In fact, the Code is quite often (partly) used by larger organizations, such as hospitals and insurers. Making (select parts of) the Code compulsory for the management board via the General Meeting offers the shareholder the opportunity to improve the quality of governance within their company. For example, the Code contains strong standards to promote the provision of information to the shareholder. And can thus help you keep a grip on your business.

The Code also generally provides guidance on interpretation for an objective standard of good management. As a result, the assessment of management actions in comparison with the provisions of the Code in, for example, a dispute between shareholders and directors can be relevant. This can be so, even if the Code has not been explicitly declared applicable, although the argument is of course substantially strengthened by having the operative part of the Code be adopted through the General Meeting of shareholders.

The VOR

Now the Code shall be amended to include the VOR. The inclusion of the mandatory VOR is a long-standing desire from the world of corporate accountancy. The VOR is a statement that shall be issued by the board in the yearly management report. Moreover, the board (of a Code following company) will have to make substantiated statements that:

1. That the report provides adequate insight into deficiencies in the operation of internal risk management and control systems;
2. that these systems provide reasonable assurance that the financial reporting does not contain material misstatements;
3. that these systems provide at least limited assurance that the sustainability reporting does not contain material misstatements;
4. what level of assurance these systems provide that operational and compliance risks are effectively controlled;
5. that the current state of affairs justifies that financial reporting has been prepared on a going concern basis; and
6. that the report discloses the material risks and the uncertainties, insofar as they are relevant to the expectation of the continuity of the company for a period of twelve months after the preparation of the report.

Which risks are written about in the management report is in principle up to the board itself. The board identifies and analyzes the risks to the company’s chosen strategy. However, examples are given in the notes, such as climate change, social inequality, tax risks, fraud risks, financial risks, money laundering risks and risks in the field of cyber security and ICT.

Questions about the Code or the VOR?

Are you considering implementing (parts of) the Code? Are you curious about the meaning of the VOR for your company? Then contact one of our lawyers by mail, telephone or fill in the contact form for a free initial consultation. We will be happy to think along with you.