AI Terminal
SSH Communications Security
Governance Information • Mar 5, 2020
3344_cgr_2020-03-05_46672344-769f-4e60-ad0e-7aaa4aa26fb5.pdf
Governance Information
Open in ViewerOpens in native device viewer
SSH COMMUNICATIONS SECURITY CORPORATION
CORPORATE GOVERNANCE STATEMENT
MARCH 6, 2020
CORPORATE GOVERNANCE STATEMENT 2018 OF SSH COMMUNICATION SECURITY
SSH Communications Security Group comprises of SSH Communications Security Corporation ("SSH") and its subsidiaries. SSH is registered in Helsinki, Finland and is a publicly listed company in Nasdaq Helsinki (SSH1V). Its subsidiaries are SSH Communications Security, Inc. (USA), SSH Government Solutions, Inc. (USA), SSH Communications Security Limited (HK), SSH Communications Security UK Limited (UK), SSH Technology Ltd. (FIN), Kyberleijona Ltd. (FIN, 65% ownership) and SSH Operations Ltd. (FIN) which had a branch in Germany that was closed in 2019.
SSH abides by its Articles of Association as well as principles of transparent and responsible corporate governance, and high ethical standards in its governance and decision-making. The company complies with the Finnish Limited Liability Companies Act, securities market legislation, including the market abuse regulation, rules of Nasdaq Helsinki and Finnish Corporate Governance Code 2020 adopted by the Securities Market Association. This Code is available at www.cgfinland.fi.
This Corporate Governance Statement is published as a separate report from the Report of the Board of Directors at SSH's website www.ssh.com.
SSH COMMUNICATIONS SECURITY'S ADMINISTRATIVE BODIES
SSH implements a one-tier governance model, where the management of the SSH Group is a responsibility of the General Meeting of shareholders, the Board of Directors, and the CEO. Duties are defined by the Finnish Limited Liability Companies Act and the company´s Articles of Association.
The General Meeting is where shareholders exercise their voting rights and is SSH's highest decisionmaking body, taking decisions on matters falling within its competence by virtue of the Limited Liability Companies Act and the Articles of Association.
The Annual General Meeting (AGM) elects the Board of Directors, which in turn appoints the Chief Executive Officer (CEO). The Board of Directors and CEO are responsible for the management of the Group. The Executive Management Team and other management personnel assist the CEO in his or her duties. The Board of Directors decides on the Group's administrative systems and ensures compliance with good governance principles.
ANNUAL GENERAL MEETING
The Annual General Meeting is held within six months of the completion of the company's fiscal year, at a time decided by the Board. The AGM decides on matters as required in the provisions of the Limited Liability Companies Act and Articles of Association, such as adoption of the year-end financial statements, profit distribution, and the granting of discharge from liability to the members of the Board of Directors and to the CEO. The AGM also elects the members of the Board of Directors and the auditors and decides their remuneration. Extraordinary general meeting can be called as defined
in Limited Liability Companies Act. Each SSH share conveys one vote at the shareholder's meeting. Shareholders have the right to have a matter falling within the competence of the general meeting under the Limited Liability Companies' Act to be addressed at the general meeting.
BOARD OF DIRECTORS
In accordance with the company's Articles of Association, the Annual General Meeting appoints three to eight members to the Board of Directors. Their term of office ends with the closing of the next Annual General Meeting following their appointment. The Board has a quorum when more than half of its members are present. The company's Articles of Association do not restrict the members' terms in office or present any specific selection criteria for the members. The Board elects a chairperson from among its members.
SSH has established principles on diversity in accordance with the Corporate Governance Code's recommendation number 9. SSH has, and aims to continue to have in the future, members of the Board of Directors representing both genders as well as different professional and educational backgrounds. SSH's principles on diversity are taken into account when considering nominations to the Board of Directors. Decisions on the election of directors shall always be made at the general meeting.
The Board of Directors handles the company's administration and the appropriate arrangement of its operations. The Board also ensures that the supervision of the bookkeeping and asset management is appropriate. The Board makes wide-ranging and strategically important decisions concerning the company. The Board's task is to steer the company's operations in a manner that will add the greatest possible value to the company's invested capital over the long term.
The Board of Directors has confirmed a written charter for its duties, the matters it deals with, meeting practice and the decision-making procedure. In accordance with the charter, the Board deals with and makes decisions on all matters that are financially, operationally or fundamentally significant to the Group.
The Board appoints and dismisses the CEO, supervises his or her actions, and decides on his or her remuneration and other terms and conditions of service. The Board also approves the Group's strategy, operating principles and guiding values, and ensures that they are up to-date and correctly implemented. The Board also ensures that the Group has a functional system of internal controls and that the Group's risk management principles have been defined. It also ensures that key business risks have been identified and are being systematically monitored. The Board approves the operational guidelines and annual plan for the internal audit and assesses its effectiveness. Board´s duties and responsibilities are described in more detail in Charter of the Board.
SSH Board of Directors convened 22 times in 2019. The attendance rate of Board members was: Ylönen 100%, Syrjälä 100%, Kuivala 100%, Kiuru 95%, Curry 86% and Zettlemoyer 91%.
The Board evaluates its operations and processes to increase efficiency and quality. An internal selfevaluation is conducted once a year.
Due to the relatively small size of the company and number of Board Members currently, SSH has no separate Committees of the Board.
COMPOSITION OF THE BOARD
At the Annual General Meeting held on 26 March 2019, Tatu Ylönen, Timo Syrjälä, Petri Kuivala, Anne Marie Zettlemoyer, Sam Curry and Sauli Kiuru (new member) were elected as directors of the company's Board of Directors. At the organizing meeting of the Board of Directors, Petri Kuivala was elected as the Chairman of the Board of Directors. Syrjälä, Kuivala, Zettlemoyer, Kiuru and Curry are deemed to be independent board members. The company's CFO acts as secretary to the Board.
Due to the election of the Board of Directors as described in above, both genders are represented, and majority of the Board members are considered independent of the company.
Board Members (31.12.2019):
Petri Kuivala, born 1970, LL.M. Chairman of the Board
Petri Kuivala is an experienced international leader who currently works as the Chief Information Security Officer of NXP Semiconductors, which is a world leading provider of security and automotive semiconductor solutions. Prior to NXP he was member of the Microsoft Global Security management team and prior to that worked almost 14-years in different Security leadership positions at Nokia Corporation, including as CISO and CSO. Prior to joining Nokia, Petri worked for the Helsinki Police Department, and was a founding member of the Helsinki Criminal Police IT investigations department.
Petri owns 30.000 SSH shares and no stock options.
Timo Syrjälä, born 1958, M.Sc. (Economics) Board Member
Timo Syrjälä has more than 30 years of experience in capital markets and has spent the last 10 years as a private investor and a non-executive director in several firms. Prior to joining the Board of SSH Communications Security, he served on the Boards of several leading technology firms including Stonesoft and Efore.
Earlier in his career, Timo held executive and managerial positions in management consulting, asset management, and investment banking.
Timo holds a Master of Science degree from the Helsinki University of Technology (now Aalto University) in Finland.
Timo owns 3.559.131 shares or nominee registered shares (holdings of interest parties included).
Tatu Ylönen, born 1968, Lic.Sc (Tech) Board Member, Founder and Major shareholder
When Tatu Ylönen was a researcher at Helsinki University of Technology, the University's data network was compromised by a password attack. Tatu started to develop a solution to prevent similar attacks, and as a result of the work, Secure Shell (SSH) technology was invented. Tatu has been an important factor in the rise of the cyber security technologies such as SSH and SFTP. He is also a co-author of the IETF-standard and NIST IR 7966, guidelines for managing SSH keys.
Tatu founded SSH Communications Security in 1995, grew the company to \$20 million in sales and 190 employees in five years, and led the company to a public listing on NASDAQ OMX Nordic in 2000. Tatu has held various roles in the company, including CEO, CTO and Board Member. He is also the largest shareholder of the company.
Tatu holds a degree of Licentiate of Technology from the Helsinki University of Technology (now Aalto University) in Finland.
Tatu owns 18.317.123 SSH shares.
Anne Marie Zettlemoyer, born 1980, MBA, BBA, CISSP
Board Member
Anne Marie is a security thought leader with a business background, analytics expertise, and 19 years of experience across several industries. She is a highly skilled cyber strategist with expertise in cybersecurity risk and operations, decision science, metrics, and performance measurement. Her work experience includes senior management positions at large financial institutions such as Freddie Mac and Capital One, cybersecurity companies like FireEye, and service at the United States Secret Service. Anne Marie serves currently as Vice President, Security Engineering at Mastercard.
She holds an MBA degree from the University of Michigan, and she has CISSP (Certified Information Systems Security Professional) and CEH (Certified Ethical Hacker) certifications.
Anne Marie does not own any SSH shares or stock options.
Sam Curry, born 1972, B.A., B.S. Board Member
Sam Curry is a cybersecurity visionary with over 20 years of IT security industry experience. He is the inventor of 24 identity/crypto patents, and a co-inventor of personal firewall. Sam's experience includes product strategy, product management, innovation management, and operational excellence. Sam is currently the Chief Security Officer of Cybereason. His previous experience includes senior management positions at RSA, Microstrategy, Computer Associates, and McAfee. He has also been an entrepreneur in two start-ups.
Sam holds a B.A. degree in English Language and a B.S. Degree in Physics.
Sam does not own any SSH shares or stock options.
Sauli Kiuru, born 1972, M.Sc. (Economics)
Sauli Kiuru is a proven growth-driven change leader that believes strongly in teamwork and team spirit. In the early stages of his career, Mr. Kiuru worked as an accountant for KPMG. Since then he's been a member of numerous executive boards and boards of directors in growth companies. Mr. Kiuru was CFO of the Barona Group from 2000 to 2010, during which time the company grew to a 100M EUR business. In addition, Mr. Kiuru served as the president of the serviced apartment provider, Forenom (subsidiary of Barona) since the foundation of the company until 2012.
Mr. Kiuru owns the Gaselli Capital investment company that focuses on up-and-coming growth companies that aim to be digital forerunners in their industry. Gaselli Capital is the biggest owner of the BiiSafe and Optima Group businesses. Mr. Kiuru has worked in leadership positions for a number of growth and start-up companies while being one of the primary owners and investors of those companies. Mr. Kiuru has been a member of the board of directors in Cencorp (presently Valoe) on two different occasions. Currently, Mr. Kiuru is the CEO of Optima Group and BiiSafe, as well as the president of the board of directors.
Sauli owns 1.157.282 SSH shares.
CEO AND EXECUTIVE MANAGEMENT TEAM
The SSH Board of Directors appoints the CEO and decides the terms of his or her service contract. The CEO oversees the company's operative management in accordance with the Finnish Companies Act and the instructions and authority provided by the Board of Directors. The CEO is responsible for the day-to-day management of the company and business planning. The Company's CEO during 2019 was Kaisa Olkkonen.
The Executive Management Team supports the CEO in managing and developing SSH Communications Security Group, and the members of the Executive Management Team report to the CEO. The Executive Management Team meets regularly, and the CEO chairs the meetings. All issues addressed in the meetings and related decisions are recorded in the meeting minutes.
Executive Management Team Members (composition and holdings per 31 December 2019):
Kaisa Olkkonen, born 1964, LL.M. Chief Executive Officer
Kaisa Olkkonen is an experienced leader and expert in international business, legal matters, intellectual property, and digitalization. She has previously been e.g. VP, Legal and VP, Government Relations at Nokia Corporation.
Kaisa has led international and diverse expert teams through changes and transitions. Her international career has taken her on expatriate assignments in Sweden, Singapore, and Belgium.
She also holds Board of Directors positions in Cargotec Oyj, Enfo Oyj, and John Nurminen Foundation, and acts as an investor and advisor in several startup companies.
Kaisa has a Master of Laws degree from the University of Helsinki
Kaisa owns 30.000 SSH shares and has 400.000 option rights.
Niklas Nordström, born 1979, LL.M., BEc Chief Financial Officer
Niklas brings with him over 10 years of cross-industry financial management experience gained from working in demanding senior financial roles in various NASDAQ companies. He is responsible for financial management, treasury, human resources, legal, corporate development, and corporate governance.
Prior to joining the company, he worked as CFO for Biohit Oyj, a Helsinki based public biotechnology company.
He holds a Master of Laws degree from the University of Kent in Canterbury, UK and a Bachelor of Economics, Accounting and Finance degree from the Inholland University of Applied Sciences in the Netherlands.
Niklas does not own any SSH shares but has 95.000 option rights.
Jussi Mononen, born 1964, M.Sc. (Engineering) Vice President, Strategy and Business Development
Jussi is a seasoned growth company executive who has been CEO and founder of several venturebacked companies. He has nearly 30 years of management and consulting experience from international technology-intensive businesses with a sound understanding of strategy, communications, marketing, operations, processes, and critical success factors. He also has a strong track record in fundraising and M&A transactions.
Jussi holds a Master of Science degree in Industrial Engineering and Management from the Helsinki University of Technology (Aalto University) in Finland.
Jussi does not own SSH shares but has 130.000 option rights.
Sami Ahvenniemi, born 1972, M.Sc. (Industrial Engineering) Chief Customer Officer
Sami is a software industry veteran with over 20 years of experience from global software sales. Sami knows SSH well, having worked at SSH in executive positions in 1998-2002 and 2012-2015 both in Finland and the US. Sami has also served as an executive, chairman, or board member in several successful technology companies such as Behaviosec, Bluegiga Technologies, Neo4j, Sensinode, and most recently as co-founder at Kontena. Sami has also been a partner and board member in one of the most successful Finnish venture capital firms, Conor Venture Partners.
Sami holds a Master of Science (MSc) degree in Industrial Engineering from the Helsinki University of Technology (Aalto University).
Sami does not own any SSH shares but has 1050.000 option rights.
Markku Rossi, born 1970, M.Sc. (Computer Science) Chief Technology Officer
Throughout his close to 25 years of software engineering and software architecture career, Markku has led development teams and architecture design work in several companies. Along with prior SSH experience (1998-2005), he brings his vast background in software, security protocol and database technologies to the company's service. Prior to re-joining the company in 2015, Markku founded several companies such as Codento and ShopAdvisor, and served as CTO at Navicore and as Chief Architect at Nokia.
Markku holds a Master of Science degree in Computer Science from the Helsinki University of Technology (currently Aalto University) in Finland.
Markku owns 650 SSH shares and has 195.000 option rights.
Joe Scaff, born 1981, B.Sc. (Computer Science) Chief Sales Officer
Joe has over 15 years of experience in information security technology and network communications industry. Joe has held various management roles at SSH Communication Security including Technical Sales, Technical Support, and Professional Services.
He has a strong technical and managerial background that allows him to deliver strategic solutions to Fortune 500 customers. He is responsible for all US business operations including America's sales and global customer services.
Joe holds a Bachelor of Computer Science degree from Wentworth Institute of Technology. Joe owns 46.600 SSH shares and has 95.000 option rights.
Simo Karkkulainen, born 1981, QBA (Marketing Management), employment ended Feb 14, 2020. Chief Marketing Officer
Simo Karkkulainen brings SSH marketing function over 20 years of experience and a strong international point of view. He is responsible for Global marketing, go-to-market strategies and online demand generation.
Prior to joining the company in December 2017, Simo held several senior marketing positions at Stonesoft, McAfee, Comptel and several other companies.
Simo does not own any SSH shares but has 95.000 option rights.
Timo Lilja, born 1978, Lic.Sc (Tech) Vice President, Engineering
Timo is an experienced technologist and leader with an extensive background in software development, IT management, test automation, and software-related academic research. He has served in various development and leadership functions at SSH and as a researcher and teacher at Aalto University, with an emphasis on cloud and mobile computing issues.
Timo holds a Licentiate of Technology degree from the Aalto University.
Timo does not own SSH shares but has 70.000 option rights.
REMUNERATION STATEMENT AND INCENTIVE PLANS
SSH Communication Security establisehes a remuneration policy, which complies with legislation and the Finnish Corporate Governance Code 2020. This policy sets out the principles for remuneration of the Board of Directors and the Chief Executive Officer.
According to the applicable regulations, this Remuneration Policy is presented for the first time in AGM 2020 and Is intended to be valid until the AGM 2024. Remuneration Report will be presented to the Annual General Meeting annually starting from AGM 2021.
The Annual General Meeting confirms the remuneration payable to the members of the Board of Directors. The Board of Directors decides the salary and other benefits of the CEO and determines the salaries and benefits payable to senior management.
Forms of remuneration for SSH Communications Security's senior management involve a performance-related bonus. The company has no other remuneration practices, nor does it have any differing pension arrangements for the CEO or other senior management. The targets for the company's senior management are fixed for the target period at a time.
Further information on remuneration can be found from company´s website, remuneration policy and annually published remuneration reports (from 2021 onwards).
No new Stock Option Plans were stablished in 2019.
In Annual General Meeting 2019 approved following annual compensation for the Board of Directors: 35.000 euros for Chairman and 30.000 euros for other members of the Board. In addition, reasonable travel expenses shall be paid to Board Members in accordance with an invoice.
Remunerations paid to the Board of Directors during 2019:
| • | Petri Kuivala | 35.000 EUR (chairman) |
|---|---|---|
| • | Timo Syrjälä | 30.000 EUR |
| • | Tatu Ylönen | 30.000 EUR |
| • | Anne Marie Zettlemoyer | 32.500 EUR |
| • | Sam Curry | 32.500 EUR |
| • | Sauli Kiuru | 22.500 EUR (from 26.3.2019) |
The CEO's (Kaisa Olkkonen) annual salary and other benefits in 2019 were in total EUR 221.762. CEO´s variable component in 2019 was 30% of the fixed salary, but now payments were made based on this.
Board of Directors can grant stock options to CEO according to the same principles and terms as to other SSH employees, including same share subscription periods. Stock options are intended to form part of the incentive and commitment program of the key personnel of SSH Communications Group and to motivate the key personnel to work on a long-term basis to increase shareholder value of the company.
The CEO's retirement age and determination of pension comply with standard rules under the Employees' Pension Act. The period of notice for the CEO is three months, with 3 months' severance payment. CEO and Board of Directors may also agree on CEO´s annual bonus scheme / incentives.
The number of shares and stock options held by the members of the Board of Directors, CEO and members of the Executive Management Team are included in their personal profiles above.
The remuneration of the executive team members consists of fixed monthly salary, personal incentives and company-wide incentives. The executive management team members' salary and other benefits in 2019 were in total EUR 1.446.330.
INSIDER MANAGEMENT
SSH strictly follows the legislation applying to the management of insiders, including, but not limited to the Market Abuse Regulation (EU), Securities Markets Act as well as the Guidelines for Insiders approved by Nasdaq Helsinki Ltd., and the stipulations and guidelines of the FSA.
SSH keeps a non-public register of the managers and persons closely associated with them that are subject to the obligation to notify transactions (Market Abuse Regulation, MAR, Article 19).
When significant projects are at the preparation stage, the company also draws up insider registers for the projects concerned (event-based) fulfilling the requirements of MAR and of secondary regulation adopted pursuant to it. Insiders are given written notification of their status as insiders and instructions on the obligations that apply to insiders. All insiders must acknowledge in writing the duties entailed and be aware of the sanctions related to insider regulation.
SSH has ensured the reliable management of an insider list. Insider list are drawn up in electronic format and kept updated at all times. Information included in the insider lists follows the template of Commission Implementing Regulation (Annex I). The insider list is stored for at least five (5) years.
SILENT PERIOD
SSH Communications Security follows a silent period starting 30 days before the publication of its financial reports, during which company refrains from contact with representatives of the capital markets and financial media. A closed period before the announcement of the company's annual financial statements starts from the year end.
In addition to other trading restrictions, during the silent period, the individuals belonging to SSH management are prohibited from dealing in SSH Communications Security's financial instruments. SSH has imposed similar closed periods preceding the financial performance disclosures also on persons involved in the preparation of SSH Communications Security's interim reports and financial statements.
Silent periods during the financial year 2020:
- 15.1. 14.02.2020
- 24.3. 23.04.2020
- 21.6. 21.07.2020
- 22.9. 22.10.2020
INTERNAL CONTROL
Internal control seeks to ensure that the Group's operations are efficient and profitable, that reporting is reliable, and that the Group's operating principles and applicable legislation and regulations are observed.
The Board of Directors is responsible for ensuring that the Group's internal controls and risk management are adequate and appropriately organized for the company's business operations. The Board supervises the CEO to ensure that he or she handles the company's business operations and administration in accordance with the guidelines and instructions issued by the Board of Directors. To ensure adequate risk management, the Board of Directors discusses the Group's business and financial reports, as well as any substantial changes that have occurred in the company's business. The Board also assesses the adequacy and appropriateness of internal controls and risk management.
The CEO is responsible for the practical organization of internal controls. Among other duties, he or she ensures that the company's accounting practices comply with the law and is handled in a reliable manner. The Group's directors and managers are responsible for internal controls within their own areas of responsibility.
The Board is responsible for ensuring that the Group has defined guidelines and practices on internal control and that the internal controlling is effective and monitored. The Board also confirms the risk
management and reporting procedures, and supervises the adequacy, appropriateness and efficiency of the company's management processes.
The CEO, assisted by other executive management, is responsible for the organization of accounting, administration and control mechanisms, and ensures that laws and regulations, company policies and board decisions are followed. Internal rules and guidelines have been published to support the company's operations. It is also ensured that there is a process description of all key processes and that the different process interfaces are clearly defined and described. The purpose of defining the processes is to ensure that everyone in the organization knows how the company operates and how each employee´s work links into the company's overall activities. Supervision and monitoring measures ensure compliance with rules, instructions and processes.
The company sets financial targets annually for budgeting, and continuously monitors their implementation and fulfilment of these targets. The company's organizational structure supports effective business planning, implementation and control.
RELATED PARTY TRANSACTIONS
Company evaluates and monitors transactions concluded between the company and its related parties to ensure that any conflicts of interest are taken into account appropriately in the decision-making process. The company keeps a list of parties that are related to the company. Regarding the related party transactions, the company also takes into account the general principles of the Limited Liability Companies Act, such as the purpose of generating profit for shareholders, the principle of equity of shareholders and the diligence obligation of the management.
All material decisions related to any agreements with related parties or any other related party transactions are made by the Board of Directors. Decision-making procedure for related party transactions is based on careful preparatory work and appropriate reports, opinions and assessments taking into account all relevant disqualification provisions under the applicable laws and corporate governance rules. Related party transactions are identified, reported, and controlled by the impartial board members and CFO, who monitors and reports the company's related party transactions in accordance with the company's reporting practices.
Related party will not participate in making decisions related to any agreement between him/her and the company, or related to any matter that concerns an agreement between the company and a third party, where the related party is likely to have an essential interest in the matter.
RISK MANAGEMENT
Risk management aims to ensure that company´s strategic and operational targets are reached and operations safeguarded.
Risk management principles:
Risk management is based on the risk management policy approved by the Board of Directors. We define a risk as an external or internal uncertainty factor that, if realised, would either positively or negatively affect our potential to achieve our strategic and financial targets. We seek to forecast, identify, evaluate and control significant strategic, operative, financial and accident risks. The Board of Directors defines the Group's risk appetite and risk tolerance through its decisions and monitors the sufficiency and effectiveness of the Group's risk management.
Responsibilities:
The CEO is responsible for the implementation of risk management. The CFO holds primarily responsibility for managing financial risks and coordinates the implementation of risk management processes, and reports risks to the CEO, the Executive Management Team and the Board of Directors. The Executive Management Team members are responsible for executing the risk management policy in their own areas. General Counsel is responsible for contractual and legal risk management and reports risks to the CEO and CFO. Every employee is responsible for identifying any risks relating to their own work and bringing them to the attention of their supervisor.
SSH Communications Security´s largest risks and uncertainties:
The largest risks that might impact the profitability of the company are listed below. Other risks, which are currently either unknown or considered immaterial to the company may, however, become material in the future.
Largest risks:
- uncertainty of the macroeconomic environment
- cybercrime, including e.g. ransomware
- delays in product development and closing new business as well as phasing of new business cases
- ability to execute our strategy
- ability to retain and recruit key personnel
- maintaining our ability to innovate and develop our product portfolio including intellectual property rights (IPR)
- IPR litigation and the utilization of our patent portfolio
- The Coronavirus disease (COVID-19) outbreak may have direct or indirect impact on the global trade as well as on the demand of SSH products and services. Large project executions face risks related to schedule and cost.
- as a large portion of the company revenue is invoiced in USD currency, possible large fluctuation in USD currency rates could have unpredictable effects for profitability that are at the time difficult to estimate. The company decides on hedging of USD based contracts case by case.
Principles and organization of risk management of SSH Communications Security can be read from company´s webpage: www.ssh.com.
INTERNAL AUDITING
Because of the relatively small size of the company, SSH Communications Security has no separate internal audit organization. The continuous monitoring by the auditors in conjunction with the interim reports also aims to assess and develop the effectiveness of risk management, monitoring and administration processes, and to support the Board with its monitoring responsibility. AUDITORS
SSH Communications Security has one auditor, which must be a firm of authorized public accountants approved by Finland's Central Chamber of Commerce. The Annual General Meeting elects the auditor for a term of office that runs until the end of the following Annual General Meeting.
The scope of the audit encompasses the Group's accounting, administration, Financial Statements and Board of Directors' Report for each accounting period. The Auditor makes regular reports to the Board of Directors and submits an Auditors' Report to the Annual General Meeting. The Auditors' Report contains a statement as to whether the Financial Statements and the Board of Directors' Report give a true and fair view, as defined in the rules governing financial reporting, of the Group's operative result and financial position, and as to whether the information contained in the Board of Directors' Report is consistent with the Financial Statements. The auditor's fee is paid annually on the basis of an invoice, in accordance with the Annual General Meeting's decision.
SSH Communications Security's auditor is Ernst & Young Oy with Erkka Talvinko as principal auditor.
In 2019, the auditor's fees were:
Principal Auditor (Ernst & Young)
- Statutory auditing EUR 44.000
- Other auditing EUR 19.100
- Other services EUR 1.812
Other auditors:
- Statutory auditing EUR 8.091
- Tax consultancy EUR 14.881
- Other services EUR 0
DISCLOSURE POLICY
SSH Communications Security Group's parent company, SSH Communications Security Corporation, is domiciled in Helsinki, Finland, and its share is listed on NASDAQ Helsinki. In its communications SSH Communications Security observes Finnish and EU legislation, the rules of Nasdaq Helsinki, the regulations of the Finnish Financial Supervisory Authority, as well as the principles set out in the Company's Corporate Governance Statement. SSH Communications Security's communications are based on facts and objectivity, and guided by the general principles of trustworthiness, openness and timeliness. SSH
aims to provide the market with a clear and comprehensive picture of the company's operations and financial condition in accordance with the notification obligation of a listed company. The company favors communications in electronic form. All company stock exchange releases, other investor information on the company, and other latest information are available on the company's website. SSH Board of Directors approves the Disclosure Policy, which is revised when necessary.
BUSINESS ETHICS AND RESPONSIBILITY
SSH operates in a socially and ethically responsible manner, respects the environment and society, promotes the internationally proclaimed human rights and ensures ethical business practices at all times.
SSH has set out a clear Anti-Bribery & Anti-Corruption Policy which prohibits all forms of bribery and corruption. The policy is communicated to all employees in a new employee training. Any allegations of bribery or corruption will be investigated thoroughly. The Anti-Bribery & Anti-Corruption Policy is available at www.ssh.com. SSH has also established a whistle-blower process which is initiated when someone reports suspected internal or external misconduct or violation of law, regulations, human rights, labor practices or similar within the operations of SSH Group or by its personnel.
In 2019, SSH also introduced Code of Conduct as a generally applied guideline describing the expected conduct at SSH Communications Security. It is created for the benefit of all employees, partners, and stakeholders to promote a high standard of professional conduct and uniformity within the company. SSH expects professional, honest, and respectful conduct in all business dealings and relationships with colleagues, customers, and any other people.
SSH respects the surrounding environment and aims to make sure that all of its offices are green and energy-efficient, and that environmental impacts are maintained as low as possible. Most of the environmental impact comes from energy consumption of the offices, which is minimized by reusing supplies and recycling. Travel emissions from employee commuting and business travelling are minimized by supporting remote working and online conferencing options.
SSH is a responsible employer and ensures that all employees of SSH have right to safe and healthy working environment. SSH has a zero-tolerance for any form of discrimination or harassment. SSH has internal policies for non-discrimination and harassment and it provides training on these issues to all employees worldwide. Every employee is treated with equal consideration and fairness. All decisions concerning employment are determined by the employee's performance, not on any discriminatory grounds, such as gender, age, nationality, ethnicity, religion, political affiliation, disability or sexual orientation. All full-time employees had individual development discussions and were part of the performance management program.
Company emphazises that working environments are safe and comfortable, where personal well-being is promoted. SSH headquarters in Finland moves to a new modern and energy efficient office space during the spring of 2020.
SSH considers diversity as a strength and actively encourages diversity throughout the organization, including top management and the Board of Directors. The principles on diversity are always taken into account when considering nominations to the Board of Directors. SSH aims to have board members representing both genders, as well as different professional and educational backgrounds.
At the end of 2019, SSH Communications Security Group had 90 employees, increased by 5 employees from the end of 2018. Approximately 16.7% (2018: 17.6%) of the personnel were female and 83.3% (2018: 82.4%) were male. Average age of all employees was 42.2 years (2018: 41.0 years). 35.6% of employees worked in sales, marketing and customer services, 51.1% in R&D and 13.3% in administration. Approximately 37.7% (2018: 40%) of the employees had been working for SSH less than 2 years, 40.0% (2018: 30.6%) for 2-5 years, 13.3% (2018: 14.1%) for 5-10 years, and 8.89% (2018: 14.1%) for over 10 years.