Organisational culture, integrity and compliance

Corporate culture

NS aspires to be an organisation characterised by an open and safe corporate culture where professional integrity is a matter of course. We attach great importance to results-oriented working practices that are consistent with the norms and values to which we have committed ourselves. To this end, we approach the risks and issues surrounding integrity and compliance in a controlled and balanced manner.
The conduct of NS’s employees and the choices they make in their work are crucial to the integrity of the company. We promote a culture of openness and accountability. Our Code of Conduct forms the basis for the professional conduct of all NS employees, helping them to make the right decisions and deliberate choices in a variety of sometimes difficult situations. The Code of Conduct is available to all employees via the intranet. Since September 2023, we have been offering an online training module on the NS Code of Conduct, which employees take once every three years.
The Code of Conduct also forms the basis for handling integrity reports and investigations. The code is consistent with the relevant OECD guidelines and with the Dutch Corporate Governance Code. This means that there are also safeguards within NS for the protection of human rights. Based on the code, we have formulated policies on specific themes such as conflicts of interests, competition, information protection, the fight against corruption and fraud. Furthermore, we operate a national programme to improve workplace behaviours and combat harassment and racism, among other things. The NS Code of Conduct serves as the guiding document for this programme. In addition, NS has a planning and control system in place that helps to ensure integrity and compliance risks and issues within the organisation remain visible and manageable.

Governance and integrity

The operational departments within NS are responsible for ensuring ethical business practices. Our Integrity department supports efforts to encourage desired behaviour, regulatory compliance and observance of the NS Code of Conduct. It develops policies, provides information on those policies, handles integrity violation reports, analyses trends, offers solicited and unsolicited advice and promotes integrity awareness within NS. Issues are submitted to confidential advisers within NS, if and to the extent permitted by confidentiality rules. To escalate integrity issues, the Integrity department also has a direct line of communication with the chair of the Executive Board and the Supervisory Board.
NS has an Integrity Committee, whose members include the Directors of HR, Legal, Security and Risk. This committee assesses new integrity policies and provides advice on integrity issues.

Advice and information for employees

On the Integrity Portal on the intranet, employees can find information about integrity and NS’s policy in this regard. In addition, employees are welcome to submit concrete issues and dilemmas to the Integrity department. They can ask questions by email or by telephone. The department advises employees about possible solutions and actions. In 2023, the NS Integrity Department answered 218 questions (2022: 297).

Integrity Desk and Regulations for Reporting Integrity Issues

The Regulations for Reporting Integrity Issues (including whistleblower reporting) guarantee that employees can report actual or suspected irregularities, that NS will deal with these reports carefully and confidentially and that employees will not experience any adverse consequences as a result of having reported an incident. Employees have several options for reporting integrity issues or abuses (anonymously or otherwise): via the Integrity Desk on the internal network, via a special app, by email, by telephone or in a one-on-one conversation. An integrity violation report may result in a recommendation to the person who reported the issue, and to the managers involved, on any subsequent steps or measures. It may also be decided to ask NS Security to conduct an independent fact-finding investigation, with NS taking measures based on the outcomes. A total of 99 integrity violation reports were received in 2023 (2022: 82). Of all finalised reports in 2023, 24% were wholly or partially upheld.
Employees may seek support from one of NS’s confidential advisers if they want to report an integrity violation (or another issue). This option was used 151 times in 2023 (2022: 163). External stakeholders can report issues to NS via a special desk. This option was used twice in 2023.
In autumn 2023, NS revamped its reporting scheme to be compliant with Whistleblowers Protection Act. The new NS scheme is called the Integrity Issues Reporting Scheme.

Compliance

As a state-owned company, NS must set a good example. We must be transparent about our regulatory compliance and we must act with integrity at all times. We are therefore keen to ensure that we adhere to all the applicable laws and regulations and abide by the standards and values in force. In other words, that we are ‘compliant’. The body of rules and obligations, both internal and external, is extensive and complex: for example, we have to comply with external laws and regulations, such as the Railways Act, the Competition Act, the Working Hours Act and the Working Conditions Act. In addition, we apply internal policy frameworks such as the NS Code of Conduct, the procurement regulations and the train drivers’ manual.

Compliance management structure

NS has set up a compliance management structure to ensure that we keep abreast of this multitude of rules, standards and norms and are able to bring our social responsibility into practice. Primary responsibility for compliant working practices rests with the NS business units. They can seek advice from various compliance knowledge centres, such as NS Legal and Quality, Health, Safety & Environment (QHSE). The Risk & Compliance department oversees this structure and reports on its findings to the Executive Board and Supervisory Board.

Compliance vision

NS has formulated a comprehensive compliance vision, which sets out the key challenges and priorities for operational compliance up to 2025. Legal requirements have been translated into performance indicators and norms regarding aspects such as competition, tendering procedures, privacy and safety. There is also NS-wide reporting on the key risks and issues regarding compliance and an overview of the relevant KPIs. In addition, we provide training courses in all parts of the company to keep our employees’ knowledge of laws and regulations up to date.

Privacy

For NS, the need to handle our passengers’ and employees’ personal data carefully is self-evident. To remain compliant with privacy legislation, NS has set up a privacy structure and governance arrangement. We also ensure a permanent focus on education and awareness around privacy, including through e-learning modules, training courses and newsletters. Last year we once again appointed ‘privacy champions’: employees who, in addition to their regular work, answer questions and serve as the eyes and ears of the Privacy Office within their respective business units. Together with the Data Protection Officer and Privacy Officers, these privacy champions make up the privacy function within NS. In late 2023, there were 96 active privacy champions within NS (2022: 92).

Processor data breaches

Despite our careful handling of customer and employee data, two major data breaches occurred in 2023. In March 2023, the software system of market research firm Blauw, an NS partner, was hacked. A data breach at another NS processor took place in late April 2023. NS became aware of this data breach in late August 2023. In both cases, NS reported the data breaches to the Dutch Data Protection Authority and the data subjects.

Privacy by design

Effective and careful data processing starts with privacy by design. This means that we recognise the need to protect the privacy of data subjects right from the initial design phase of a product or service. We also carry out numerous assessments in which we check the impact of data protection. This allows us to identify risks to data subjects and take measures to manage those risks at an early stage.

Follow-up research on the Second World War

In late 2022, NS asked the NIOD Institute for War, Holocaust and Genocide Studies to follow up on the preliminary research by the institute on NS’s role during the Second World War. NS made this request with a view to gaining further historical insight and encouraging reflection on its actions during the war years.