We believe that a robust infrastructure supported by the right culture, values and behaviors, both at the top and throughout the entire organization is an imperative. A well-defined and well-structured corporate governance structure ensures good long-term relationships within the organization, with internal and external stakeholders and with society at large.
LeasePlan is incorporated under the laws of the Netherlands. Its head office is in Amsterdam, the Netherlands as well as its statutory seat. LeasePlan operates in over 30 countries across the globe. These operations are conducted through various local LeasePlan companies.
In addition to an effective global corporate governance infrastructure, LeasePlan is subject to supervision by competent supervisory authorities worldwide. In the Netherlands, we are supervised by among others the Dutch Authority for the Financial Markets (AFM) and the Dutch Central Bank (DNB). In Ireland, where LeasePlan Insurance is located, the Central Bank of Ireland (CBI) supervises the insurance activities of the company. Several other LeasePlan companies are being supervised by relevant local supervisory authorities.
Applicable laws and codes
As LeasePlan meets the criteria listed in the Dutch Civil Code, we have been subjected to the large company regime (structuurregime) since 9 February 2013. As of 21 March 2016, we comply with the full large company regime. Additionally, we are subject to certain EU legislation (including amongst others CRR/ CRD IV), which has an impact on the regulation of our businesses in the EU, and the regulations and supervision by local supervisory authorities of the various countries in which we do business.
As LeasePlan is not a listed entity we are not subject to the Dutch Corporate Governance Code (Code). However, we do use the Code as a reference point for good corporate governance and therefore apply the principles and best practice provisions of the Code. Since 2017 we have used the new Dutch Corporate Governance Code, placing more emphasis on long-term value creation and risk management as a benchmark for assessing any further improvements to our governance framework and policies.
As part of our diversified funding strategy, we obtain funds from savings deposits in the Netherlands and Germany through LeasePlan Bank. We have a banking licence pursuant to which we are obliged to comply with banking regulations such as the Banking Code. This code covers areas such as governance, remuneration, audit and risk management. On an annual basis, we are obliged to disclose information on how we have complied the Banking Code in practice.
More information with respect to corporate governance and our compliance therewith (documents such as Code of Conduct, Supplier Code of Conduct, Banking Code Compliance and Articles of Association) can be found on our website: www.leaseplan.com.
02. Governance structure
LeasePlan is governed by a two-tier board comprising a Supervisory Board and a Managing Board. Both boards perform their duties and powers as laid down in the relevant laws, rules, regulations and our Articles of Association.
The Supervisory Board is responsible for supervising the Managing Board and the general course of affairs of LeasePlan and its Group companies. In addition, the Supervisory Board advises the Managing Board in determining the strategic direction.
It also is responsible for the appointment, yearly assessments of the remuneration and other conditions of employment of the Managing Board members.
As of 31 December 2018, the Supervisory Board consisted of six members with one vacancy outstanding. More detailed information with respect to the members of the Supervisory Board can be found in the Supervisory Board report.
LeasePlan believes that the Supervisory Board has sufficient diversity in the background, knowledge and expertise of the individual members to warrant proper supervision of the overall management of the Group by the Managing Board.
The Managing Board’s responsibility is -inter alia, setting the overall strategy, the resulting business approach and policies for LeasePlan and its Group companies. It is well aware of the importance of the right tone at the top and the positive effects thereof for the rest of the organisation.
Moreover, the Managing Board is responsible for maintaining proper accounting records, for safeguarding assets and for taking reasonable steps to prevent and detect fraud and other irregularities.
It is responsible for selecting suitable accounting policies and applying them on a consistent basis and making judgments and estimates that are prudent and responsible.
It is also responsible for establishing and maintaining internal procedures that ensure the Managing Board is informed of all major information, to ensure the timeliness, completeness and accuracy of external financial reporting.
This means the Managing Board is responsible for the system of internal control that is designed to safeguard controlled and sound business operations and ensure the quality of internal and external reporting and compliance with applicable laws, regulations and codes of conduct.
In devising internal controls, the company has taken into account the nature and extent of the risks that may affect the soundness of the entire enterprise, the likelihood of risks occurring and the cost of control.
In 2018, the Managing Board consisted of Mr L.W. (Tex) Gunning as Chairman and Chief Executive Officer, M.T.A. (Marco) van Kalleveen as Chief Operating Officer Europe (until 7 November), Ms Y.J.M.A. (Yolanda) Paulissen as Chief Strategic Finance and Investor Relations Officer, Mr G. (Gijsbert) de Zoeten as Chief Financial Officer (until 7 November) and Ms F.P.C.G. (Franca) Vossen as Chief Risk Officer. As of 7 November, the Managing Board has a vacancy for the position of the Chief Financial Officer. Toine van Doremalen, from LeasePlan’s finance function, is acting as SVP Corporate Control and interim Chief Financial Officer and is directly reporting to the Managing Board.
More detailed information with respect to the members of the Managing Board can be found on page 65. The Managing Board continues to have sufficient diversity in background, knowledge and expertise of the individual members to warrant proper execution of the overall management of the Group. The division of tasks within the Managing Board is determined by the Board itself and has been approved by the Supervisory Board. The members of the Managing Board are fully supported in performing their duties by the advice and services provided by a mixed and diverse management team.
LeasePlan operates a lifelong learning programme for the members of the Managing Board and the Supervisory Board. The various training sessions are conducted by internal and external experts.
LeasePlan is committed to attracting and retaining the finest human talent as this ensures top business performance and delivers a competitive advantage. We recruit from all cultural, linguistic and national backgrounds as this allows us to meet the needs of our customers, whilst also providing us with valuable knowledge for understanding complex markets. Taking into account the above, LeasePlan aims to obtain an equal division of gender in the Managing Boards and Supervisory Boards and operates a formal policy to this end. This means that every time a position within either a Managing Board or a Supervisory Board becomes vacant, the gender diversity aspect will be taken into account during the procedure of selection and appointment of the candidates.
03. Statement of the Managing Board
The Managing Board is responsible for designing, implementing and maintaining the internal risk management and control systems. The purpose of these systems is to adequately and effectively manage the risks associated with the strategy and activities of the company. In this respect the Managing Board has made an assessment of the design and effectiveness of the internal control and risk management systems, which is described in more detail below.
On the basis of this assessment and in accordance with best practice provision 1.4.3 of the Dutch Corporate Governance Code and Article 5:25c of the Financial Supervision Act, the Managing Board believes, to the best of its knowledge, that:
- the annual report provides sufficient insights into any failings in the effectiveness of the internal risk management and control systems during the financial year 2018;
- the internal risk management and control systems provide reasonable assurance that the financial statements do not contain any material inaccuracies;
- based on the current state of affairs, it is justified that the financial statements are prepared on a going concern basis; and
- the annual report states those material risks and uncertainties that are relevant to the expectations of the company's continuity for the period of twelve months after the preparation of this report.
It should be noted that the above does not imply that these internal risk management and control systems provide absolute assurance as to the realization of the business objectives, or that they can prevent all misstatements, inaccuracies, errors, fraud and non-compliance with legislation, rules and regulations. Nor can they provide certainty that we will achieve our objectives. It is also the case that evaluations of the effectiveness of internal control over financial reporting to future periods are subject to the risk that the controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In view of all the above the Managing Board confirms that to the best of its knowledge that the LeasePlan financial statements give a true and fair view of the position at the balance sheet date, the development and performance of the business during the financial year 2018 and the subsidiaries included in the financial statements, together with a description of the principal risks that LeasePlan is being confronted with.
Background and explanation
The Managing Board is accountable for the management of all risks associated with our company's strategy and activities. To this end, appropriate risk management and internal control systems are in place.
The responsibility for identifying and managing risks lies with LeasePlan's entities. These entities are supported by the Group Risk department and Privacy & Compliance department and are periodically assessed by the Group Audit Department (GAD). Group Risk and Privacy & Compliance report directly to the CRO, and GAD has direct access to the CEO as well as to the Audit Committee of the Supervisory Board.
LeasePlan entities are responsible to set up, maintain, operate and monitor an appropriate risk management and internal control system within their area of responsibility. This responsibility includes the management, monitoring, reporting and controlling of risks. The entities are supported in this by local risk functions. GAD in its role as third line of defence, closes the control cycle through regular assessments of the design and operational effectiveness of the risk management and internal control system.
An In Control Statement (ICS) provides sufficient insights into any failings in the effectiveness of internal risk management and control systems, based on the results of several Risk Management Instruments like identification, registration, assessments and reporting of risks, controls and losses. The aforementioned systems furthermore provide reasonable assurance that the financial reporting does not contain any material inaccuracies.
The risk management and internal control system cover a broad set of risk types, primarily divided in:
- Strategic Risks;
- Financial risks, which covers: Asset Risk, Credit Risk, Treasury Risk and Motor Insurance Risk;
- Non-Financial Risks, which covers: Operational Risk (incl. Business Continuity, Financial Reporting, Model & HR Risks), Information Security Risk, Compliance, Legal and Reputation Risk.
The Group has a framework in place which is continuously being improved and enhanced. Important instruments for the ICS within the Group Include:
- Internal Audit: In the LeasePlan Group, internal audits are performed by GAD through a risk-based audit methodology. The objective of the risk-based audit is to reach opinions of the internal control quality of the company. The quality review of the design and effectiveness of internal control procedures has to be planned in such a way that all major entities and processes in these organisations will be analysed periodically. Group Audit Department executes on a yearly basis the internal audit plan, as approved by and after consideration of the various stakeholders, including the internal audit meeting, the external auditor, the Audit Committee and other global departments.
- Risk Control Self-Assessments (RCSA’s): RCSA’s provide insight into current and potential risk exposures, identify gaps and help prioritise an action plan set out to meet the strategic objectives and appetite thresholds. On an entity level, management performs periodical assessments of Operational Risks and related controls. Every entity needs to use the risk and control register defined in the Governance, Risk & Compliance (GRC) tool for performing these RCSA’s. These are linked to entities of the Group and processes as defined under the LeasePlan Global Process Structure (GPS) linking the risk management cycle with day-to-day business initiatives and priorities.
- Closing The Book Standard: LeasePlan has a uniform set of accounting and reporting principles applied (e.g. Accounting and Reporting Manual and our Closing The Books Standard) throughout the Group based on its application of International Financial Reporting Standards. During the year, financial reporting control deficiencies have been identified, specifically related to the limitations of legacy IT systems and control documentation. Control deficiencies are remediated as part of the the ongoing finance improvement processes as described on page 124.
- Letter of Representation: Managers of the entities submit a letter of representation emphasising the compliance with the uniform set of accounting and reporting principles. The Group of entities that is included in the consolidated financial statements is comprised of subsidiaries acting as separate entities selling LeasePlan’s core products.
- Scenario analysis: LeasePlan defines capital risk scenarios on a Group level. The process is run by Group Risk by aggregating bottom-up various inputs from LeasePlan Entities and other subject matter experts from the Group. Entity scenario analysis is used locally to better understand certain risks and scenario’s.
- Strategic Risk Assessment (SRA): As part of the risk strategy process, LeasePlan identifies and assesses the risks it is exposed to on an annual basis via a SRA. To ensure that we actively manage and mitigate the impact of these risks on our strategic goals, reputation and financial results. The SRA considers the current business, external trends and emerging development and includes a heatmap of the environment (in terms of probability and impact), concludes which risks are part of the risk universe and as such under active management, and defines the taxonomy.
- Key Risk Indicator (KRI’s): LeasePlan uses KRI’s enabling senior management at Group level to monitor and manage early warning signals preventing key risks to materialise. KRI’s track changes in important risk exposures, signalling changes in the risk profile of which the boundaries are set in the Risk Appetite Statement., The KRI’s help to ensure that exposure levels stay within the Risk Appetite.