Nurminen Logistics Oyj

Governance Information • Mar 14, 2024

Corporate Governance Statement

(Corporate Governance Statement)

Table of Contents

GOVERNING BODIES	3
Annual General Meeting	3
Annual General Meeting 2023	3
Shareholder rights	3
Board of Directors	4
Principles concerning diversity of Board of Directors	4
Independence of the Members of the Board	4
Members of the Board of Directors in 2023	4
Meeting attendance of the Members of the Board in 2023	6
Committees of the Board of Directors	7
Audit Committee	7
Boards of Directors of Subsidiaries	7
President and CEO and management of the company	7
Bonus System	8
Insider Management	8
KEY FEATURES OF FINANCIAL REPORTING, INTERNAL MONITORING, INTERNAL AUDITING AND RISK MANAGEMENT	9
Financial reporting	9
Internal monitoring	9
Internal auditing	10
Risk Management	10
Strategic Risks	10
Financial Risks	10
Currency Risks	10
Interest Risks	10
Liquidity Risk	10
Credit Risks	10
Operational Risks	10
Data Security Risks	11
Accident Risks	11
Use of Derivatives	11
GROUP STRATEGY WORK	11
AUDITING	11
COMMUNICATIONS	11

In decision-making and administration at Nurminen Logistics Plc, the company's Articles of Association and the rules and regulations of the Finnish Limited Liability Companies Act and Nasdaq Helsinki applicable to listed companies are followed. Furthermore, the company follows the Corporate Governance Code 2020 applicable to Finnish listed companies as approved by the Securities Market Association, which entered into force on 1 January 2020.

The Code is available at www.cgfinland.fi.

The company's Corporate Governance system is based on the framework consisting of the instructions given by the general meeting, the Board of Directors and its committees, the President and CEO and the group's Management Team, the applicable legislation and regulations as well as corporate policies, instructions and practices.

This Corporate Governance Statement has been published as a separate statement, discussed at the Board of Directors' Audit Committee and accepted by the company's Board of Directors. Furthermore, the company's auditors have audited it.

The company will publish a separate report on operations on 14 March 2024.

Governing Bodies

The General Meeting, the Board of Directors and the President and CEO are in charge of Nurminen Logistics Plc's governance. Their duties are mainly determined by the Finnish Limited Liability Companies Act.

General Meeting

The General Meeting holds the highest decision-making powers in the company. Its duties and practices are laid out in the Limited Liability Companies Act and the Articles of Association. The Annual General Meeting must be held annually by the end of June. The notice of General Meeting of shareholders shall be delivered to shareholders no sooner than three (3) months prior to the record date of the General Meeting referred to in the Limited Liability Companies Act and no later than three (3) weeks prior to the date of the General Meeting but at least nine (9) days prior to the record date of the General Meeting referred to in the Limited Liability Companies Act by publishing it in a national newspaper chosen by the Board of Directors or on the company´s website. Nurminen Logistics Plc also publishes the notice of the General Meeting as a Stock Exchange Release. The Annual General Meeting decides on, for example, the adoption of the financial statements and the adoption of the consolidated financial statements, the use of the profit and the discharge from liability of the members of the Board and the President and the CEO. The meeting also appoints the Members of the Board of Directors and the Auditor, decides on their remuneration and the basis on which the costs are compensated.

Annual General Meeting 2023

The Annual General Meeting 2023 was held on 12 April 2023. The General Meeting adopted the financial statements and discharged the Members of the Board and the President and CEO from liability for the financial year 2022.

Shareholder rights

According to the Limited Liability Companies Act, a shareholder has the right to have a matter falling within the competence of the General Meeting dealt with by the General Meeting, if the shareholder so demands in writing from the Board of Directors well in advance of the meeting, so that the matter can be mentioned in the notice. The demand shall always be deemed to be on time, if the Board of Directors has been notified of the demand no later than four weeks before the delivery of the notice.

A shareholder has the right to participate in a General Meeting if the shareholder has been entered in the shareholder register eight working days before a General Meeting (General Meeting Record Date). The holder of a nominee-registered share may be notified for a temporary entry in the shareholder register so that the shareholder can attend that meeting, if the shareholder has the right, on the basis of the shares, to be entered in the shareholder register on the General Meeting Record Date. The notification for a temporary entry shall be filed no later than on the date mentioned in the notice of the General Meeting, said date to be subsequent to the General Meeting Record Date. Changes in shareholdings occurring after the General Meeting Record Date shall not affect the right to attend the General Meeting or the voting rights of the shareholder.

A shareholder may exercise the rights of a shareholder at a General Meeting in person or by way of proxy representation. A shareholder and a proxy representative may have an assistant at the General Meeting. A shareholder may have several proxies who represent the shareholder on the basis of shares held in different book-entry account.

To take part in a General Meeting, a shareholder shall register with the company by the date indicated in the notice at the latest, which may be no earlier than ten (10) days before the meeting. If the shares in the company have been incorporated in the book-entry system in accordance with the Limited Liability Companies Act, the holder of a nominee-registered share is deemed to have given advance notice of participation if the shareholder has been notified for a temporary entry in the shareholder register. If a shareholder participates in a General Meeting by means of several proxies, the advance notice of participation shall indicate the shares on the basis of which each of the proxies represents the shareholder.

Board of Directors

The Board of Directors is responsible for the company's management and the appropriate organisation of the company's operations. The Board of Directors has general authority over matters that concern the company, which are not designated to any other governing body of the company under the legislation or the Articles of Association.

The Board of Directors comprises four to eight full members and no more than three deputy members as decided and elected by the Annual General Meeting. The Board of Directors selects a Chairman from among its membership.

The Board of Directors has written Rules of Procedure. Duties of the Board of Directors include the following, among others:

• to decide on the group strategy
• to decide on the group structure and organisation
• to discuss and approve the half-year reports, the financial statements including the consolidated financial statements, the report on operations and the Stock Exchange Releases concerning the financial outlook
• to accept the group's plan of operations, budget and investment plan
• to decide on individual investments, acquisitions, divestments or company reorganisations as well as contingent liabilities of strategic or financial significance
• to decide on the remuneration and incentive scheme for the group executives
• to accept the group's risk management and reporting practices
• to prepare the dividend policy and assume the responsibility for the development of shareholder value
• to take care of other duties assigned to the Board of Directors in the Limited Liability Companies Act or elsewhere.

The Board of Directors elects the company's President and CEO and conducts an annual review of the activities of the President and CEO and other executives. The Board of Directors also conducts an annual self-assessment of its own activities. The Board of Directors convenes according to the agreed schedule 8–10 times a year and at the Chairman of the Board's invitation when taking care of the company's business it requires or when proposed by the President and CEO. The company's President and CEO and Chief Financial Officer participate in the meetings of the Board of Directors. The Chief Financial Officer is the secretary of the Board of Directors.

In recent years, the company practice has been that the shareholders who represent 50% of the company's shares and votes prepare the proposals regarding the composition of the Board of Directors for the Annual General Meeting. The planning of the proposal is based on operational needs. Therein, special attention has been paid to the principles related to diversity as defined by the Board of Directors."

Principles concerning diversity of Board of Directors

Diverse and complementary distribution of ages, professional and international background as well as education amongst the members of the Board of Directors promote efficient working of the Board. The Board of Directors prepared principles concerning diversity of Board of Directors in 2016, and the body preparing a proposal of the Board of Directors always seeks to follow these principles.

The company's aim is that the Board has representatives of both genders. Other objectives include international experience, a wide range of ages and different educational and professional backgrounds. In addition, the Board members are required to have sector expertise and the possibility to devote sufficient time to Board work. This last requirement is particularly important for the Chairman of the Board, as the Chairman in particular must have the possibility to address the company's issues in a comprehensive manner and the Chairman's input is often needed outside of the meetings.

In the term of office that began in 2023, the age range of the members of the Board is 51–77 years. The Board members' professional and international background is varied and their industry knowledge is extensive.

Independence of the Members of the Board

The majority of Board members must be independent of the company, and at least two (2) members representing the majority must also be independent of significant shareholders.

Members of the Board of Directors in 2023

1 January 2023–31 December 2023: Irmeli Rytkönen, Olli Pohjanvirta, Juha Nurminen, Erja Sankari and Karri Koskela. Victor Hartwall was a Member of the Board 1 January 2023–12 April 2023.

Irmeli Rytkönen, b. 1959, Master of Laws

• Member of the Board since 2018, Chairman of the Board of Directors since 2021
• Independent of the company and significant shareholders
• Owned 223,175 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• Board Professional 1 January 2020–
• Elkjöp Nordic As, Director, Special services 2018–2020
• Gigantti Oy Ab, President and CEO 1999–2018
• Elkjøp Nordic As, Member of the Executive Team 1999–2018

Relevant positions of trust held at the moment

• Chairman of the Board of Directors, Yliopiston Apteekki 2019–
• Member of the Board, The Moominworld Ltd 2019–

Relevant earlier positions of trust

• Member of the Board: Telko Ltd 2017
• Member of the Board: XXL Sports & Outdoors 2013–2018
• Member of the Board: Gigantti Oy 1999–2018
• Chairman of the Board of Directors: Gigantti Oy and Markantalo Oy 2006–2009

Olli Pohjanvirta, b. 1967, Master of Laws

• The company's President and CEO from 13 November 2020 onwards, the company's interim President and CEO 25 May 2020–12 November 2020, the company's President and CEO 2013–2015, Chairman of the Board of Directors 2010–2013 and 2015–2021, Member of the Board of Directors 2005*–2010
• Not independent of the company and significant shareholders
• Along with his controlling interest corporations, owned 4,983,530 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• RailCap Oy, President and CEO 2010–
• Hannes Snellman Attorneys Ltd, Partner, Director of Russian operations 2006–2010
• Partner, ETL Law Offices Oy, 1993–2006

Relevant positions of trust held at the moment

• Chairman of the Board of Directors: Oplax Ltd. 2011– , PulseOn Ltd 2014–
• Member of the Board: Propria Oy 2012– , Norte Capital Oy 2019–, Seinäjoen Jalkapallokerho Oy 2019–

Relevant earlier positions of trust

• Member of the Board: Avelon Group Oy 2007–2010, PKC Group Ltd 2007–2012 and Tulikivi Corporation 2010–2014, International Banking Institute 2009–2022

Juha Nurminen, b. 1946, M.Sc.(Econ.)

• Member of the Board since 1971**,
• Chairman of the Board of Directors 1997–2010
• Independent of the company, not independent of significant shareholders
• Along with his controlling interest corporations, owned 8,929,302 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• President and CEO, John Nurminen Oy, 1979–1990, 1993–1997 and 2007
• Member of the Board of Directors in various John Nurminen group companies 1974–

Relevant positions of trust held at the moment

• Chairman of the Board of Directors: John Nurminen Foundation sr 1992–
• Member of the Board: John Nurminen Oy 2013–
• Member: Board, Meripuolustussäätiö sr 1996– and Board, Suomen Meripelastusseura ry 1998–

Relevant earlier positions of trust

• Chairman of the Board of Directors: John Nurminen Oy 1997–2007 and 2010–2012

Erja Sankari, b. 1973, M.S. Business Development

• Member of the Board since 2021
• Independent of the company and significant shareholders
• Owned 47,471 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• iLOQ Oy, EVP and Chief Operating Officer 2022–
• Nokia Corporation, Vice President of Global Supply Chain 2020–2022
• Nokia Corporation, Vice President, Global Supply Chain (SCE) and technical management 2018–2020
• Nokia Corporation, Head of factory in Oulu, 2013–2018

^* Nurminen Logistics Plc entered business on 1 January 2008 after the splitting of John Nurminen Oy. The year with an asterisk indicates when the person in question started on the Board of Directors at John Nurminen Oy and, subsequently, Nurminen Logistics plc.

^** Nurminen Logistics Plc entered business on 1 January 2008 after the splitting of John Nurminen Oy. The year with an asterisk indicates when the person in question started on the Board of Directors at John Nurminen Oy and, subsequently, Nurminen Logistics plc.

Relevant positions of trust held at the moment

• University of Oulu, Strategic Board, Vice-Chair, 2019–
• Partnera Corporation, Member of the Board of Directors 2022–
• Eltel AB, Member of the Board 2022–

Relevant earlier positions of trust

• Oulu Chamber of Commerce, Chairman of the Board 2020–2023

Karri Koskela, b. 1973, B.Sc. Environmental Engineering

• Member of the Board since 2021
• Independent of the company and significant shareholders
• Owned 47,471 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• Wihuri Packaging, President and CEO 2020–
• Wihuri Packaging, Director 2018–2019
• DS Smith Finland, President and CEO 2015–2018
• Componenta Corporation, Director 2011–2015
• Suominen Corporation, Sales Director, Suominen Flexibles 2010–2011
• Suominen Flexibles Sweden, President and CEO 2010–2011

Relevant positions of trust held at the moment

• Tapio, Chairman of the Board of Directors 2019–

Relevant earlier positions of trust

• Finnish Forest Industries Federation, Member of the Board of Directors 2015–2018
• The Finnish Packaging Association, Member of the Board of Directors 2015–2018
• Finnish Plastics Industries Federation, packaging committee member 2008–2010

Victor Hartwall, b. 1966, M.Sc. (Econ)

• Member of the Board 2021–12 April 2023
• Independent of the company, not independent of significant shareholders
• Along with his controlling interest corporations, owned 6,494,812 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience:

• K. Hartwall Invest Oy Ab, President and CEO 2000–2015
• Lankapaja Oy, Deputy Managing Director 2001–2006
• K. Hartwall Oy AB, Controller 1999–2001
• K. Hartwall Oy AB, Product Manager 1995–1999

Relevant positions of trust held at the moment

• K. Hartwall Invest Oy Ab, Chairman of the Board of Directors 2015–
• K. Hartwall Oy Ab, Vice-Chair of the Board of Directors 1998–
• Hartwall Capital Ltd, Member of the Board 2010–
• Teaterns stiftelse, Delegate 2010–

Of the Members of the Board of Directors, the President and CEO is employed by the company.

The company's Board of Directors convened 22 times in 2023. The average attendance of the Members of the Board of Directors was 100%.

Meeting attendance of the Members of the Board in 2023

Attendance (%)

Attended number of meetings Irmeli Rytkönen (Chair) (100%) 22/22, Olli Pohjanvirta (100%) 22/22, Juha Nurminen (100%) 22/22, Erja Sankari (100%) 22/22, Karri Koskela (100%) 22/22 and Victor Hartwall (100%) 8/8.

The general meeting decides on the remuneration of the Members of the Board of Directors. The Annual General Meeting resolved on 12 April 2023 that for the members of the Board elected at the General Meeting for the term expiring at the close of the Annual General Meeting in 2023, the remuneration is paid as follows: annual remuneration of EUR 60,000 for the Chairman and EUR 30,000 for the other members of the Board.

In addition, a meeting fee of EUR 1,500 per meeting for the Board and Board Committee meetings is paid to the Chairman of the Board of Directors, and EUR 1,000 to the other members of the Board per meeting of the Board and Board Committee. Of the annual remuneration, 50 per cent will be paid in Nurminen Logistics Plc's shares and the rest in cash. A member of the Board of Directors may not dispose of shares received as annual remuneration before a period of three years has elapsed from receiving shares.

Apart from the President and CEO, the Members of the Board of Directors do not receive any compensation unrelated to their work at the Board of Directors. According to company practice, the meeting fee is not paid for participating in teleconferences.

Committees of the Board of Directors

The Board of Directors appoints an Audit Committee at its organising meeting and, as necessary, other committees, as well as naming the members and chairperson of the committee. The purpose of committees is to prepare matters for the Board of Directors. The committees do not have independent decision-making authority.

Audit Committee

Duties of the Audit Committee include, amongst others:

• to discuss and approve the interim report releases, halfyear reports and the Stock Exchange Releases concerning the financial outlook
• to monitor the process of reporting the financial statements, the efficiency of internal monitoring, internal auditing and risk management as well as the legally required auditing of the financial statements and the consolidated financial statements
• to monitor the financial reporting process
• to discuss the statement issued by the company regarding its governance and control system, to assess the independence of the legally required auditor or audit firm and specifically the additional services provided by it to the company
• to prepare the proposal for the election of the auditor.

The Audit Committee meets at regular intervals at the Chairman's request. The Committee regularly reports to the Board of Directors.

Members of the Audit Committee 1 January–31 December 2023

• Karri Koskela, Chairman from 12 April 2023 onwards
• Irmeli Rytkönen
• Erja Sankari
• Victor Hartwall, Chairman until 12 April 2023

In 2023, the Audit Committee convened seven times. The average attendance by members was 100%.

Attendance (%): Attended number of meetings Victor Hartwall (100%) 3/3, Karri Koskela, (100%) 4/4, Irmeli Rytkönen (100%) 7/7 and Erja Sankari (100%) 7/7.

Boards of Directors of Subsidiaries

The majority of the Chairmen and the members of the Boards of Directors of Nurminen Logistics Plc's subsidiaries belong to the group's operational management.

President and CEO and management of the company

The company's Board of Directors elects the President and CEO who is in charge of the company's daily management in accordance with the Limited Liability Companies Act and the instructions and orders of the Board of Directors. The President and CEO is the Chairman of the group's Management Team. Olli Pohjanvirta has been the company's President and CEO since 13 November 2020.

The President and CEO's pension and the retirement age are based on the legislation and, in addition, they have a voluntary individual pension insurance. The group's Management Team comprises the group's executives. Its duties are to prepare the group strategy and to monitor the operations and results as well as to discuss the matters with significant financial or other impacts. The members of the Management Team report to the President and CEO.

On 31 December 2023, the members of the Management Team were:

Olli Pohjanvirta, Master of Laws, b. 1967

• President and CEO
• Has been with the company since 2020
• Along with his controlling interest corporations, owned 4,983,530 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• RailCap Oy, President and CEO 2010–
• Hannes Snellman Attorneys Ltd, Partner, Director of Russian operations 2006–2010
• Partner, ETL Law Offices Oy, 1993–2006

Kai Simberg, M.Sc.(Econ.), b. 1960

• CFO
• Responsibilities: finance, funding, mergers and acquisitions
• Has been with the company since 2022

Relevant work experience

• 9Lives Group, Interim CFO, 2021–2022
• Nurminen Logistics Plc, Interim CFO, 2020–2021
• Axopar Boats Group, CFO, 2018–2020
• Evondos Group, Interim CFO, 2018
• Financial management roles in Finnish and international companies in 1993–2017

Marjut Linnajärvi, Vocational Qualification in Business, b. 1978

• VP Sales and Railway Operations
• Has been with the company since 2014
• Owned 4,820 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• Nurminen Logistics Services Oy, VP Sales 2021–2022
• Nurminen Logistics Services Oy, Sales and Operations Director, Rail 2019–2021
• Nurminen Logistics Services Oy, Business Manager, Forwarding 2015–2018
• Nurminen Logistics Services Oy, Sales Manager 2014–2015
• Agility Logistics Oy, Product Manager Ocean Freight 2011–2014
• SA-TU Logistics Oy, Director Customs Clearance and Haulage Services 2008–2011

Joonas Louho, B.Sc.(UAS), b. 1991

• VP, Cargo & Development and ICT
• Has been with the company since 2019

Relevant work experience

• Nurminen Logistics Services Oy, Business Manager 2020–2021
• Nurminen Logistics Services Oy, Terminal Manager 2019–2020
• Nurminen Logistics Services Oy, System Specialist 2019
• Oy Sinebrychoff Ab, Distribution Supervisor 2017–2019
• Barona Logistics Solutions Ltd, Operative and supervisor duties 2015–2017
• Inex Partners Oy, Operational duties 2011–2015

Toni Mäkelä, b. 1982

• CEO, North Rail Oy
• Has been with the company since 2023
• Owned 8,400 Nurminen Logistics Plc shares at the end of 2023.

Relevant work experience

• North Rail Oy, Executive Vice President 2023
• Barona Group, Avain Logistiikka Oy, Managing Director 2017–2020
• Avain Logistiikka Oy, Managing Director Co Founder 2013–2017
• Itella Logistics/Posti Group, Area Director 2011–2013
• VR Transpoint, Director of Logistics Logistics Manager 2003–2011

Suvi Kulmala, M.Sc.(Econ.), b. 1989

• VP, Human Resources
• Has been with the company since 2022

Relevant work experience

• Dachser Finland Oy and Dachser Finland Air & Sea Logistics Oy, HR Manager Finland, 2020–2021
• Dachser Finland Oy, HR and administrative duties 2014–2020
• KPMG Finland, Leadership development project, 2013–2014
• Schneider Electric, HR Trainee, 2013
• Elisa Corporation and Anttila Oy, customer service by phone, 2011–2012

The other members of the Management Team do not own shares of the company.

Bonus System

The Board of Directors decides on the remuneration and grounds for the compensation paid to the President and CEO and members of the Management Team. Members of the Management Team are included in the result-based annual bonus system.

Insider Management

Nurminen Logistics complies with the requirements of the Market Abuse Regulation (EU No 596/2014, "MAR") and the Nasdaq Helsinki Oy Guidelines for Insiders of Listed Companies. The company also has its own insider directives.

Nurminen Logistics keeps project-specific lists of insiders of persons who work for the Company and receive inside information concerning a specific project.

Nurminen Logistics discloses the transactions in Nurminen Logistics' financial instruments by the company's persons discharging managerial responsibilities and their closely related parties as separate stock exchange releases. Nurminen Logistics has specified the members of the Board of Directors, the President and CEO and the Management Team as persons discharging managerial responsibilities referred to in MAR (including their MAR-compliant closely related parties). All notices of transactions by executives are available on the company's website at https://nurminenlogistics.com/investor-news/.

Persons discharging managerial responsibilities may not trade in the Company's securities during the 30 days preceding the publication of interim reports and financial statements bulletins ("closed window"). The closed window ends at the publication of the interim report or financial statements bulletin. The Company has also set a closed window of 30 days prior to the publication of annual and interim reports for persons taking part in the preparation and publication of Nurminen Logistics' interim reports and financial statements. Project-specific insiders are not allowed to trade in the Company's securities until the expiry or publication of the project.

The CFO monitors compliance with the insider directive, the duty to report and the updating of the project-specific insider lists. The company's insider lists are kept in Euroclear Finland Oy's SIRE system.

Key features of financial reporting, internal monitoring, internal auditing and risk management

The group's management and internal auditing are based on the values defined in co-operation with the personnel:

• Develop and improve for the benefit of the customer
• Trust and be trustworthy
• Operate profitably
• Entrepreneurship means responsibility

The group's values are the common rules applicable to all and an important precondition for the implementation of the group strategy. They are reflected in our daily work, they steer us towards acting in line with our objectives and help us achieve the goals of internal monitoring. The jointly defined values support the success of the entire organisation and clarify and facilitate both internal and external communications.

The Board of Directors is responsible for arranging the group's internal monitoring and for its functionality. The Audit Committee nominated by the Board of Directors monitors internal monitoring, risk management and financial reporting. The group's financial reporting is done in accordance with the applicable guidelines maintained by the group's financial administration, which also monitors that the guidelines are observed and takes care of internal communications related to the guidelines.

Financial reporting

The company's Board of Directors has prepared the financial reporting principles applicable to the preparation of the consolidated financial statements. The process applied in the preparation of the consolidated financial statements, the monitoring activities and the roles and responsibilities related to the preparation have been specified. Before the income statements and balance sheets of the individual group companies are brought into the consolidated reporting system, adjustments are made by group control to align the information with the principles applicable to the preparation of the consolidated financial statements (IFRS). The accuracy of the consolidation is ensured by means of reconciliation. The net sales and profit of the group and each business unit are analysed and compared against the management's opinion about the development of operations and information obtained from the operative systems in the company's company function.

In terms of the preparation of the financial statements, the most significant other processes are the capital assets process and the sales process. The group's sales are entered based on the information produced by the operational systems and controlled by the group's financial administration. The information provided by the most significant sales systems are reconciled on a monthly basis with the corresponding accounting data. The group has specified limits for the acceptance of capital asset acquisitions, and the group's financial administration monitors the items to be capitalised. The group has approved a depreciation policy, which specifies the financial useful lives of assets and their components. The group's financial administration checks that the useful lives used by the business units are in line with the group policy. The group monitors the remaining useful lives and conducts regular inventories of its capital assets. The depreciation periods are specified based on the legislation and the actual financial useful life according to the precautionary principle.

An efficient internal monitoring system requires adequate, timely and reliable data to allow the management to follow up on how the objectives are achieved and on the functionality of the monitoring. This covers both financial and other information, information obtained from information systems and other information communicated internally and externally. The management at different level continuously monitors and assesses the information generated by the financial and operational systems as well as other internal and external sources and the significance of the entirety of information formed for the group. The guidelines provided by the financial administration and other instructions are provided on the intranet to those who need them, and if necessary, financial administration arranges training regarding the guidelines. There is a continuous dialogue with the operational units. The group's results are monitored internally by means of monthly reporting, supplemented with rolling forecasts. The personnel is informed of the result immediately after the publication of the official Stock Exchange Releases.

The company's insider guidelines are available to persons who need them. The President and CEO is in charge of the company's communications to investors.

The purpose of auditing is to ensure the accuracy of the group's accounting and financial statements and the appropriate organisation of the group's administration. Any deficiencies observed in the audit and the related recommendations are reported to the management and to the Audit Committee.

Internal monitoring

In the group, internal monitoring refers to all the operations and processes, operating principles, guidelines and organisational structures aimed at increasing the likelihood that the objectives set are achieved. The objective of internal monitoring is to ensure that the operations are profitable, that the legislation, regulations and agreements are followed, that assets are being managed responsibly and that the financial reporting is accurate. The group uses the international COSO model in its internal monitoring.

The Nurminen Logistics group comprises the parent company, Nurminen Logistics Plc, and the subsidiaries and associated companies. Apart from the parent company and the Finnish subsidiaries, the Baltic operations conducted in separate companies are the most significant ones in terms of the operations.

The Board of Directors is responsible for arranging the group's internal monitoring and for its functionality. Monitoring is controlled by the management and implemented by the entire organisation. Internal monitoring is not a separate function. Instead, it is an integral part of all operations on all the levels of the group. Operational management with line responsibility carries the main responsibility for monitoring. Each supervisor is required to arrange the adequate monitoring of operations under their responsibility and to continuously monitor its functionality. Support functions, such as financial administration and the IT department, primarily support the management responsible for monitoring. In addition, they are responsible for arranging the internal monitoring of their own operations. The Chief Financial Officer is responsible for the financial administration and reporting processes and for arranging the internal monitoring of these.

Internal auditing

The President and CEO and the Audit Committee are responsible for internal auditing. They jointly decide on the annual focus areas, resources and methods of operation for internal auditing. The purpose of internal auditing is to assess the efficiency of the company's risk management and monitoring processes and the management and administrative processes and to develop these. Internal auditing is implemented as an expanded and focused third-party audit.

The company does not have a separate internal audit function. Instead, the internal audit is part of the group's financial administration. If necessary, outside specialist services are acquired. Contract risks are also managed locally at the business units with the assistance of the lawyers. Representatives of the financial administration perform certain controls when they visit subsidiaries. The financial management reports on the findings to the President and CEO and the Audit Committee, which in turn report to the Board of Directors. The main focus areas of risk management have been credit and liquidity risk as well as risks associated with railway logistics business operations.

Risk Management

The group engages in the continuous risk evaluation of its operative business, and aims to protect itself from known risk factors. The goal of the group's risk management is to secure the performance of the group, and to ensure the undisturbed continuation of business. The Audit Committee nominated by the Board of Directors assesses the adequacy and pertinence of risk management and the related process. The Audit Committee reports to the Board of Directors. Risk management is an integral part of operations and internal monitoring, and the operative management with line responsibility, supported by the group's support functions, carries the main responsibility for its implementation.

The risks of the business operations are divided into strategic risks, financial risks, operational risks, data security risks and accident risks. The group has established a general risk management policy, the principles of which are:

Strategic risks

The group systematically maps significant risks to the group's strategic objectives. The mapping of strategic risks and the actions resulting from it are discussed by the Board of Directors at least once a year.

Financial risks

The goal of the group's risk management is to minimise the harmful effects by the changes in the financial markets on the group's result and equity. The policy for managing financial risks is based on the main principles of finance approved by the Board of Directors. Financial administration is responsible for daily risk management within the limits set by the Board.

Currency Risks

Currency risks are caused by currency import and export, by the financing of foreign subsidiaries and by currency equities.

The group manages the currency risk inherent in cash flows by keeping currency income and expense cash flows in the same currency, and by matching them simultaneously as far as possible. If this is not possible, a portion of the open position may be protected.

A transaction position with a currency value may be protected if its conversion value is over EUR 500,000. Positions of over EUR 2 million are protected by 50–110%. Foreign currency risk of the net translation exposure can be hedged 25–75%. Instruments used in hedging include forward contracts and plain vanilla options. Exotic options are forbidden. The hedge ratio is considered based on the current economic trends and the predicted currency prospects as well as the functionality of each currency's hedge market. In extraordinary hedging market circumstances, the company may deviate from the guidelines above.

Currency amounts in bank accounts should be kept as small as possible without disturbing payment transactions. The amount of currency assets may not exceed three (3) percent of the total of the profit and loss statement.

Interest Risks

Interest risks to the group are mainly caused by interest-bearing debts. The purpose of interest risk management is to diminish the effect of market interest rate changes on finance cash flows. Usable protection instruments include forward rate agreements and interest rate futures, interest rate swaps and interest collar agreements.

Liquidity Risk

The purpose of liquidity risk management is to ensure sufficient financing in all situations. Assets required for two weeks' payment transactions will be reserved as a buffer for liquidity of payment transactions. To ensure the availability and flexibility, several financial institutions and forms of financing are used to procure financing.

Credit Risks

The goal of managing credit risk is to minimise losses which are caused by the other party neglecting their obligations. The group manages the counterparty risk based on the customer credit rating and engages in active debt collection, when necessary.

Operational Risks

Operational risks include the risks related to, for example, sales, business, personnel, IT, security and contacts, internal processes and systems as well as legal risks.

The group strives to minimise the operational risks of its activities by seeking as balanced a business revenue and expenditure structure as possible and by continually developing its own operations and systems.

In terms of revenue structure, the group pursues a balanced customer portfolio such that the proportion of the group's business activities deriving from individual customers and industries does not become too large.

In terms of expenditure structure, the group strives for a flexible expenditure structure such that outlays conform to seasonal variations in business activities.

Harmonisation of contracts and the contract processes is used to minimise contract risks. If necessary, outside specialist services are acquired.

The group continually develops its core processes and information systems in order to be able to serve customers in a competitive manner now and in the future. It is the goal of the group to continuously develop the possibilities for the group and the personnel to improve their own operating environment and predict changes related thereto by developing procedures, systems, tools and personnel through many different means. Regular personnel satisfaction surveys, supervisor evaluations and evaluations of key personnel allow the prediction and minimisation of possible human risks.

Data Security Risks

Data security is an integral part of the securing and development of all the group activities. The President and CEO and the Management Team carry the final responsibility for data security and the data security policy. They also decide on the group's general data security policy. The IT Department is in charge of the development of data security, monitoring the implementation and maintaining awareness of data security. Finally, every administrator and user of the information systems or information network is responsible for implementing data security. The IT Department is responsible for protecting the group's information systems and the information stored in them.

The implementation of data security is based on the group's data security policy. Every employee and user of information systems is informed of the policy. The data security policy specifies the objectives, responsibilities and means of implementation for data security at the company and its subsidiaries.

The purpose of data security work is to ensure the continuity of the group's operations and the uninterrupted functionality of the manual and automatic information systems and information networks crucial for the operations, to prevent the unauthorised use of information and the information systems and the unintentional or intentional loss or corruption of data and to minimise any damage caused.

In addition to the normal operations, the group prepares for threats that interrupt its operations as well as recovery from such threats. The group's data and the data processing systems and services are kept adequately protected during normal operations and under exceptional circumstances by means of administrative, technical and other activities. Everyone processing the company's data is required to ensure data security on their part. Achieving the data security objectives is a continuous process requiring administrative, physical and technical solutions. The data security risks are mapped at regular intervals with the purpose of identifying the threats endangering the operations, charting the vulnerabilities of data processing as well as assessing the losses if a threat is realised and the costs of developing data security to reduce the risks.

Accident Risks

Risks related to personnel, property, interruption of operations and liabilities are important accident risks for the group. The group continuously pays attention to the safety of its operations and providing good working conditions. The company has a quality certificate (ISO 9001:2008) and an environmental certificate (ISO 14001:2004). Its occupational health and safety system are also certified (ISO 45001:2018).

Everyone working in the warehouses has taken the occupational safety permit training. The group utilises the reporting of incidents. In addition to the legally required insurances, the group has a comprehensive property, interruption and liability insurance coverage to cover risks related to accidents. In order to ensure that insurance policies offer comprehensive coverage and are priced competitively, the group maps its insurance coverage yearly using external experts as necessary.

Use of Derivatives

The group's management may use derivative agreements to protect the company against currency, interest and commodity risks in accordance with the restrictions described under "Financial Risks". Other derivative agreements may only be made by a decision of the Board of Directors.

Group Strategy Work

The group's Management Team and the company's Board of Directors conduct continuous strategy work in order to specify and clarify the group's strategic objectives. The Board of Directors and the Management Team have joint strategy meetings annually. The group's risk mapping is also discussed annually, and the management quantifies the risks crucial for the group's strategic objectives. The mapping is used as the basis for minimising the likelihood of the realisation of risks and the negative impacts of realised risks.

Auditing

The company has one auditor, an auditing firm approved by the Central Chamber of Commerce. The term of office for the auditor consists of the current financial period and ends when the Annual General Meeting following the election ends. The company's auditing firm is Ernst & Young Oy, with Juha Hilmola, Authorised Public Accountant, as the principal auditor. The auditor was paid a fee of EUR 241,000 in 2023 for auditing. A total of EUR 56,000 was paid in consulting fees unrelated to auditing.

Communications

The company publishes interim reports, a half-year report, a result report, a financial statement and an annual report in accordance with the published reporting schedule. The financial reporting schedule for 2024 was published on 18 December 2023. All of these and the company's other releases, as well as key information regarding the company are available on the company's website at www.nurminenlogistics.com.

Head office Satamakaari 24 00980 Helsinki, Finland Tel. +358 10 545 00 info@nurminenlogistics.com www.nurminenlogistics.com