Annual Report • Feb 13, 2019
Annual Report
Open in ViewerOpens in native device viewer
F-SECURE 2018
| Key figures 01 | |
|---|---|
| Why invest in F-Secure? 02 | |
| Products and services 03 | |
| CEO letter 04 | |
| Board of Directors' Report 06 | |
|---|---|
| Key figures 13 | |
| Calculation of key ratios 14 |
| F-SECURE CONSOLIDATED 16 |
|---|
| Statement of comprehensive income 16 |
| Statement of financial position 17 |
| Statement of cash flows 18 |
| Statement of changes in equity 19 |
| Notes to the Financial Statements 20 |
| F-SECURE CORPORATION 41 |
| Income statement 41 |
| Balance sheet 42 |
| Cash flow statement 43 |
| Notes to the |
| parent company Financial Statements 44 |
| Auditor's Report 55 |
| Statement of non-financial information 59 | |
|---|---|
| ------------------------------------------- | -- |
| F-Secure's Corporate Governance Statement 67 | |
|---|---|
| Board of directors 71 | |
| Leadership team 73 | |
| Remuneration statement 76 |
| Information for shareholders 79 | |
|---|---|
| --------------------------------- | -- |
Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending over 100,000 companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections.
F-Secure's sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs. F-Secure's security experts perform incident response and forensic investigations on four continents, and its products are sold all over the world by around 200 broadband and mobile operators and thousands of resellers.
Founded in 1988, F-Secure is listed on the Nasdaq Helsinki.
Revenue 190.7 MEUR Adjusted EBITDA 17.4 MEUR In 2018 our corporate security revenue grew by 33%*
* Including acquisition of MWR InfoSecurity
100,000+ Corporate customers
Tens of millions of consumer customers
The demand for cyber security products and services is in rapid growth, driven by the growing number of cyber attacks, the growing number of connected devices, increasing complexity of IT systems, tightening regulations, and increasing significance of geopolitics. In total, the information security sector is a USD 100+ billion industry, growing by around 10% annually with many segments in strong double-digit growth.
F-Secure provides a broad range of cyber security products, managed detection and response services and cyber security consultancy. Our focus in on the fastest growing segments in the industry, such as Endpoint Detection & Response (EDR) and Managed Detection & Response (MDR). Our expanding portfolio continues to offer us opportunities to expand our sales to both new and existing customers.
highly-scalable cyber security software business. In addition to award-winning products, we also have a comprehensive offering of managed detection and response services as well as cyber security consulting."
F-Secure's sophisticated technology combines the power of machine learning with the human expertise of our world-renowned security labs into award-winning solutions. We are also one of the world's leading cyber security consulting providers with feet on the ground on four continents, offering us unique visibility into real-life cyber attacks.
F-Secure's DNA is in highly-scalable cyber security software business. By leveraging our extensive network of partners we can compete in both corporate and consumer markets all over the world. We work with 6000+ IT resellers, and have built the industry's largest network of around 200 telecommunications operator partners.
F-Secure has been a front-runner in cyber security for 30 years. We have always put an emphasis on strong core values, and we are committed to helping people and businesses fight cyber threats. Improving our customers' security and resilience, as well as the sustainability of their digital lives or businesses, is what drives our work.
In corporate security F-Secure provides a broad range of cyber security products, managed detection and response services and cyber security consultancy to companies globally with a focus on the mid-market and local enterprises. The majority of revenue comes from product sales through a large network of solution and service provider partners.
F-Secure Radar – Vulnerability scanning and management platform
phishd – Anti-phishing behavior management platform
F-Secure Rapid Detection & Response – Customer- or partner-managed EDR solution for detecting and responding to targeted attacks
F-Secure Rapid Detection & Response Service – Managed detection and response service (MDR) providing 24/7 monitoring, alerts within minutes, and gives clear guidance on how to respond
Countercept – Advanced threat hunting and continuous response capabilities against targeted attacks delivered as a managed service (MDR)
F-Secure Protection Service for Business – Cloud-hosted endpoint security F-Secure Business Suite – On-site deployed endpoint security F-Secure Cloud Protection for Salesforce – Content level
security for Salesforce's customers
F-Secure provides premium consultancy services for all areas of cyber security on four continents, including services such as:
In consumer security the company provides a comprehensive range of endpoint protection, privacy and password management solutions, and security for all the connected devices at home, both separately and as a bundled premium offering (F-Secure TOTAL). The majority of consumer sales comes from the sale of endpoint protection products through the operator channel, but the company also sells consumer products through various online and retail partners, as well as the company's own web shop.
F-Secure SAFE – Easy to use antivirus and internet security, including Family rules to let you set healthy boundaries for your children's device use.
F-Secure FREEDOME – VPN that hides your online activity to ensure anonymous and secure internet browsing.
F-Secure KEY – A light and easy password manager, allowing you to store your passwords securely and access them from any device.
F-Secure SENSE – Protects every device in your connected home while serving as a fast, technologically advanced wireless router. The required router is sold separately or provided by the operator.
04 CEO letter
In 2018, we made the largest acquisition in F-Secure's history. It was a very significant step for our company. MWR InfoSecurity was a perfect match for us in terms of strategy, capabilities and culture. Combining both companies' industry-leading technologies and world-renowned expertise has made F-Secure stronger than ever. This is especially true in the important and rapidly growing detection and response market, but also applies to cyber security consulting as companies are facing a global and widening expertise gap. As a result, the majority of our corporate security footprint is now in growth markets.
The acquisition of MWR InfoSecurity, announced in June, was a logical step in the implementation of our corporate security growth strategy. In a number of ways F-Secure and MWR are perfect partners for each other. We have matching strategies, complementary technologies, a shared deep passion for safeguarding our customers and a culture of trust. Our experts have already cooperated for years before the acquisition, and hence knew each other's strengths. F-Secure has developed world-class AI powered detection technologies, and MWR has innovated industry-leading threat hunting and remote incident response platforms. MWR was also one of the leading providers of cyber security consulting in the world, with hundreds of enterprise customers. By bringing these capabilities together, we have created an extremely competitive detection and response offering as we aim for leadership in this market.
The fastest growth is now seen in detection and response solutions, and we strengthened our offering with two new solutions during the year: The acquired Countercept for managed detection and response (MDR) – which we plan to integrate with our own MDR solution (RDS), as well as our new endpoint detection and response (EDR) solution. The last six months of the year saw us sign a record number of MDR deals in several countries, and in many industry verticals such as finance, media, energy, defense and critical infrastructure. Our sales pipeline has continued to develop well. I was particularly pleased with the very high customer satisfaction and renewal rates. These serve as strong proof that we are on the right track.
We also significantly expanded our cyber security consultancy capabilities, both in terms of expertise and geographical reach. We are now one of the leading providers of cyber security advisory in the world, with a presence on four continents. We work with hundreds of large enterprises in the most demanding sectors. We have a particularly strong footing in the finance industry, serving most of the top banks in key markets around the globe. The continued trust our customers place in our products and services, is a strong sign of our competitiveness.
05 CEO letter
Working with the most demanding customers is important because it supports product development, but especially because it gives us unique visibility into real-life attacks worldwide. We can see attacks that no one else does.
Overall, detection and response solutions are a key driver of F-Secure's growth, and complement our preventative endpoint protection (EPP) solutions. Going forward, these two equally important aspects of security will continue to merge, as companies strive to simplify their IT systems and integrate their solutions. A good example of this trend is our new EDR solution, which can be integrated with the customers' existing EPP solution. Furthermore, through the solution our partners also have access to our world-leading response teams with a click of a button ("Elevate to F-Secure"). Alongside the expanding endpoint security solution market, we can also see a continued demand for managed detection and response services with more emphasis on the human expertise.
I am convinced that F-Secure's man and machine approach – a combination of technology and human expertise at the frontlines – gives us significant competitive advantage in this market. Advanced attacks are not relying purely on technology, they are orchestrated. A similar approach is crucial to successful defense. The war cannot be won without technology, but machines cannot yet fully replace humans. With a comprehensive offering of cyber security products and services, F-Secure can offer its customers the best of both worlds.
While threats continue to mount within corporate security, the consumer security market is also evolving quickly. People are becoming increasingly aware that cyber security is not just about having an anti-virus solution installed or using a VPN. It is something much more holistic. We are talking about digital lives and how to protect them. How to prevent the misuse of personal data, and stolen passwords. How to protect the user's privacy at a time when companies and various apps collect more data on consumers than ever before.
F-Secure is the chosen cyber security partner for almost 200 telecommunications operators globally – far more than any other cyber security company. In 2018, we expanded this ecosystem further including several new partners like SoNet, Japan's third largest Internet Service Provider. Today, operators are committed to protecting their customers' whole digital home, not just their PCs and smart phones. Installing security on many of the modern IoT devices is difficult or impossible, so home routers are becoming a crucial element for security. And most existing routers are far from secure.
Our F-Secure TOTAL offering provides consumer customers with comprehensive security and privacy for all their connected devices, both at home and on the move. This continues to provide us with short-term opportunities to increase cross-selling and upselling. With the launch of F-Secure SENSE as-software, we also enable operators and global router manufacturers to install security features directly into their routers.
F-Secure has been a front runner in cyber security for 30 years, and we continue to break new ground with our innovations. With corporate security now delivering over half of our revenue, our growth is increasingly driven by this rapidly growing market. Following the acquisition of MWR InfoSecurity, our company is now stronger than ever. I'm looking forward to another exciting year in 2019!
Samu Konttinen
In 2018, F-Secure strengthened its position in the corporate security market. The company accelerated its growth strategy significantly with the acquisition of MWR InfoSecurity, increasing its competitiveness in the rapidly growing detection and response market. F-Secure is now also one of the world's leading providers of cyber security consulting, with a unique visibility into a real-life attacks and an ability to support enterprises around the globe.
F-Secure's DNA is in highly-scalable cyber security software business. During the year, the company particularly focused on expanding the sales of detection and response solutions. Addressing a rapidly increasing demand from companies around the globe, these solutions are regarded as a key driver for F-Secure's revenue growth going forward.
During the second half of the year, in corporate security order intake from new products and services exceeded that of endpoint protection solutions for the first time in the company's history, highlighting the rapid change F-Secure has experienced over the past few years. The company's expanding portfolio continues to offer significant sales expansion opportunities to both new and existing customers together with its global network of partners.
In consumer security, business developed as expected. Direct sales to consumers were in slight growth driven by high renewal rates and increased cross-selling. Revenue through operators remained almost at the previous year's level, confirming the company's view of the overall stability of the consumer business.
F-Secure used its strong balance sheet to finance the acquisition of MWR InfoSecurity. The financial position of the company remains solid, and we are in a good position to continue the execution of our strategy.
07 Board of Directors' Report
In January–December, total revenue grew by 12% year-on-year to EUR 190.7 million (169.8m), driven by corporate security.
Revenue from corporate security increased by 33% year-onyear to EUR 95.9 million (72.2m), and represented 50% (43%) of F-Secure's total revenue. The growth was driven by the increased contribution from the acquired MWR InfoSecurity, as well as continued organic growth. The revenue contribution from MWR InfoSecurity was EUR 16.8 million during the second half of 2018.
During the year, F-Secure significantly strengthened the company's offering of detection and response solutions. In July, the acquired Countercept was added to the Managed Detection and Response (MDR) offering, and in November F-Secure's first Endpoint Detection and Response (EDR) solution was successfully launched. During the year, order intake 1) for MDR solutions (RDS, Countercept) was in strong growth compared to the previous year. Order intake increased significantly especially towards the end of the year, and a large number of deals for MDR solutions were signed in July-December in several countries, and in demanding industry verticals. Customer satisfaction and renewal rates with existing MDR installations remained very high. EDR sales begun in November, and the solution was well-received by resellers and customers, with first deals signed in eight countries. Overall, the sales pipeline with both MDR and EDR solutions continued to develop positively supported by strong demand in the detection and response market. That said, the quarterly order intake continued to reflect significant seasonality typical to
new solutions, and sales cycles especially for MDR solutions remained long.
Order intake from endpoint protection (EPP) solutions was at previous year's level. Renewal rates with existing EPP installations were at a high level. New customer acquisition improved towards the end of the year, but was below previous year's level, as the EPP market continued to be in transition. Customers are increasingly seeking to supplement their existing EPP solutions with new EDR capabilities.
Order intake from other corporate solutions, (F-Secure Radar, phishd, F-Secure Cloud Protection for Salesforce) continued to show good growth.
During the year, F-Secure significantly increased its cyber security service capacity, expertise and go-to-market capabilities with the acquisition of MWR InfoSecurity. F-Secure now has hundreds of cyber security consultants operating on four continents making the company one of the leading consultancy providers in the world. Overall, F-Secure continued to see strong demand in the cyber security services market, and successfully recruited new consultants to meet the demand.
Order intake from cyber security consulting increased significantly from the previous year driven by the increased contribution from the acquired MWR InfoSecurity. Consultancy order intake increased in the UK, the US, South Africa and Singapore, and was at the previous year's level in the Nordics against a tough comparison period. During the third quarter, F-Secure signed a large project deal in the Nordics, which was a continuation of a similarly significant deal signed in 2017.
Revenue from consumer security decreased by –3% year-onyear to 94.9 million (97.5m), and represented 50% (57%) of F-Secure's total revenue.
Operator revenue decreased slightly compared to the previous year, because the comparison period's figures included revenue related to an operator customer in Latin America lost in Q3/2017. Overall, business developed as expected, and F-Secure continued to work closely with its broad global network of partners to increase product activation rates. During the year, F-Secure signed several new or extended operator contracts in Europe, the United States and Latin America. In October, the company signed its first F-Secure SENSE-as-software (an innovative security solution for connected home devices) deals with Elisa (Finland), as well as with Zyxel and Actiontec, leading global router manufacturers. At the end of the year, negotiations with several operators and router manufacturers to include F-Secure SENSE's capabilities into their router offering were on-going.
Order intake in direct sales to consumers increased slightly compared to the previous year, and renewals remained at a good level. In September, F-Secure expanded the company's flagship consumer offering, F-Secure TOTAL, to include F-Secure KEY (password manager) and F-Secure SENSE as well – for which the hardware is sold separately – in addition to the existing bundle of F-Secure SAFE (endpoint protection) and F-Secure FREEDOME (VPN and privacy). Overall, consumers are increasingly seeking to buy bundled solutions in order to secure their digital lives. Similarly, F-Secure continued to focus on pushing the sales of the company's broad consumer portfolio to increase average revenue per customer.
Deferred revenue increased by 11% (year-on-year) to EUR 72.9 million (65.7m), driven by the inclusion of MWR InfoSecurity and increasing order intake from corporate security products and services with long-term contracts.
1) Order intake is recognized as revenue according to IFRS 15. See Accounting principles to consolidated financial statements, section, Revenue recognition
Gross margin increased by EUR 6.6 million to EUR 151.4 million (144.8m), and was 79% of revenue (85%). Relative gross margin decreased as the share of cyber security consultancy business increased due to the acquisition of MWR InfoSecurity.
Operating expenses increased by EUR 14.0 million (year-onyear) to 149.1 million (135.1m) due to the inclusion of MWR InfoSecurity in the company's financials. Operating expenses include EUR 3.6 million of acquisition and integration related costs and EUR 2.5 million of amortization of intangible assets from business combinations (PPA, purchase price allocation, related amortizations).
Adjusted EBITDA was EUR 17.4 million and 9.1% of revenue (18.2m, 10.7%), excluding EUR 3.6 million of acquisition and integration related costs. Adjusted EBIT was EUR 10.6 million and 5.6% of revenue (12.3m, 7.3%), excluding acquisition and integration related costs, and PPA related amortizations.
EBIT was EUR 4.5 million and 2.4% of revenue (11.5m, 6.8%).
Cash flow from operating activities before financial items and taxes was EUR 13.8 million (29.5m). Cash flow decrease from previous year was due to decline in EBIT and change in net working capital, especially in non-interest bearing liabilities. Acquisition and integration related costs also impacted cash flow negatively.
Cash flow from operations was EUR 6.8 million (26.0m). Acquisition increased the amount of financial expenses, and income taxes had negative impact on cash flow in the first half with advances being paid whereas refunds were received during comparison period. Also, a long-term incentive plan related cash-settlement (–2.3m) during the first quarter impacted cash flow negatively.
On July 2, F-Secure acquired 100% of the share capital of MWR InfoSecurity Ltd, a privately held cyber security company operating globally from its main offices in the UK, the US, South Africa and Singapore. The acquisition is a significant milestone in the execution of F-Secure's growth strategy, and makes it the largest European single source of cyber security services and detection and response solutions. With close to 400 employees, MWR InfoSecurity is among the largest cyber security service providers serving enterprises globally, and their threat hunting platform (Countercept) is one of the most advanced in the market and an excellent complement to F-Secure's existing technologies.
To finance the acquisition F-Secure sold its financial assets at fair value through profit and loss (available-for-sale assets) and entered into a bilateral EUR 60.0 million five-year financing agreement with Nordea Bank. In July the company withdrew a term loan of EUR 37.0 million, for which repayments will start in June 2019. A revolving credit limit of EUR 23.0 million has not been used during the reporting period.
The financing agreement includes conventional loan covenants related to ratio of net debt to EBITDA and equity ratio. F-Secure complied with the covenant throughout the reporting period.
F-Secure's financial position remained solid although there was a significant transition due to the acquisition of MWR InfoSecurity. As the acquisition was partially financed by external term loan, equity ratio on 31 December 2018 was 42.7% (61.9%) and gearing ratio was 13.9% (127.8% negative).
Capital expenditure including acquisitions totaled EUR 99.8 million (9.3m). The impact of the acquisition of MWR InfoSecurity net of acquired cash was EUR 91.3 million. Capitalized development expenses were EUR 4.7 million (3.9m).
F-Secure's sophisticated technology combines the power of machine learning with the human expertise of our worldrenowned F-Secure Labs. In 2018, the company's research and development activities focused on the development of new products and product enhancements to improve protection capabilities, and boost usability both for corporate and consumer customers.
F-Secure's research and development expenditure amounted to EUR 35.7 million in 2018, representing 19% of revenue (EUR 34.1m, 20%). The capitalized development expenses amounted to EUR 4.7 million (EUR 3.9 million).
In corporate security, F-Secure launched the new endpoint detection and response (EDR) solution (F-Secure Rapid Detection & Response) to protect customers' business and data against advanced cyber security attacks. As part of the MWR InfoSecurity acquisition, F-Secure also extended and strengthened the company's Managed Detection and Response (MDR) offering for enterprises with Countercept – an industry leading managed threat hunting platform, with unique capabilities to remotely respond to on-going targeted cyber attacks in real-time. F-Secure also added a new antiphishing behavioral management solution called Phishd to the company's portfolio due to the acquisition. During the second half of the year, a process was started to integrate the best capabilities of Countercept and F-Secure's own MDR solution (RDS, Rapid Detection & Response Service). Finally, F-Secure introduced single sign-on for corporate customers (F-Secure Business Account) to enable them to access and manage different F-Secure solutions with a single user account, and increase cross-selling potential.
In consumer security, the most significant development was the launch of the new F-Secure SENSE-as-software solution to router manufacturers and service providers as a Software Development Kit (SDK). The solution allows them to embed F-Secure SENSE's cloud and AI protection capabilities in any router. After the launch, F-Secure also further expanded the SDK's protection capabilities, and integrated the SDK with
09 Board of Directors' Report
several router manufacturer platforms. Moreover, F-Secure continued work on the technological integration of consumer security (F-Secure SAFE) and privacy application (Freedome) in order to simplify the user experience and create a more competitive offering with higher average revenue per user (ARPU) potential for the company, as well as service providers. Furthermore, business support systems for operator partners were expanded with AI-based churn prediction capabilities.
On a more general level, F-Secure continued to further simplify and streamline its product and service architecture, and the internal operational transition from on-premise to cloud continued. The company also increased the use of common services across products and common core components for product clients. All previously described activities were aimed to improve product scalability, stability, and speed of development, while reducing time spent on maintenance. F-Secure strives to become a truly data-driven company by investing more in processing data than before.
At the end of the quarter, F-Secure had 1,666 employees, which shows a net increase of 562 employees (51%) since the beginning of the year (1,104 on 31 December 2018), and an increase of 30 employees (2%) compared with end of September in 2018 (1,636). The acquisition of MWR InfoSecurity (July 2018) was the main reason behind the significant growth in personnel from the previous year, but F-Secure also continued recruitment in corporate security.
At the end of the year, the composition of the Leadership Team was the following:
Samu Konttinen (CEO), Kristian Järnefelt (Consumer Cyber Security), Juha Kivikoski (Enterprise & Channel Sales), Jyrki Rosenberg (Marketing & Communications), Ian Shaw (Cyber security), Jari Still (Information & Business Services),
Mika Ståhlberg (Security Research & Technologies), Eriikka Söderström (CFO, and acting HR & Offices services as of 1 October) and Jyrki Tulokas (Cyber Security Products & Services).
In March 2019, Eva Tuominen will start as Executive Vice President for People Operations and Culture, and Antti Hovila as the Executive Vice President for Strategy and Corporate Development.
The total number of company shares is currently 158,798,739. The company's registered shareholders' equity is EUR 1,551,311.18. The company currently holds 1,308,444 of its own shares.
The company holds its own shares to be used in the incentive compensation plans, for making acquisitions or implementing other arrangements related to the company's business, to improve the company's financial structure, or to be otherwise assigned or cancelled.
The company currently has performance-based longterm share-based incentive programs for key employees. Additionally, F-Secure has established a matching share plan available for all employees (Stock exchange release 15 December 2017). The matching share plan was extended in November 2018 to cover people whose employment has started after the first retention period had ended (7 November 2018).
In accordance with the decision by the Annual General Meeting, 40% of the fees paid to the Members of the Board of Directors in 2018 were paid in F-Secure shares. In total, 26 941 of F-Secure shares were assigned to the Members of the Board. The shares were purchased on the Board members' behalf from the market.
Risks are defined as uncertainties which can impact the achievement of the Company's short and long term objectives. Risks are assessed as a combination of probability and impact. The most significant risks are:
Endpoint security market is highly competitive. Operating system manufacturers have increased their focus to built-in security features and at the same time new vendors and technologies have emerged. F-Secure has to succeed in maintaining in-depth understanding of cyber security threat landscape, hacker techniques and technologies used as well as continue to innovate in defense technologies.
The cyber security market is consolidating due to economies of scale. F-Secure has to succeed in choosing the right acquisition targets, as well as successfully integrate target companies. F-Secure is now focused on the integration of MWR InfoSecurity, acquired in July 2018.
In a rapidly evolving industry it is vital to keep the products and services relevant to the customers while introducing new technologies to the market on-time. F-Secure is driving technology simplification and R&D effectivization initiatives as well as investments to artificial intelligence to ensure a competitive product portfolio.
Competition for capable personnel is increasing and there is structural undersupply of talent in the security industry. F-Secure is continuously developing and adopting new ways of recruitment, building its own talent and knowledge pools and investing to training and development of personnel.
Other risks that affect the F-Secure business include but are not limited to:
– Increased exposure outside the Eurozone has increased risk related to currency fluctuations
regulation
F-Secure's corporate governance practices comply with Finnish laws and regulations, F-Secure's Articles of Association, the rules of Nasdaq Helsinki Oy and the Finnish Corporate Governance Code 2015 issued by the Securities Market Association of Finland. The code is publicly available at http:// cgfinland.fi/en/. F-Secure's Corporate Governance Statement for 2018 is part of this Annual Report and up-to-date information about the Company's governance are available on the Company website.
The Annual General Meeting of F-Secure Corporation was held on 4 April 2018. The Meeting confirmed the financial statements for the financial year 2017. The members of the Board and the President and CEO were discharged from liability. In addition, the Annual General Meeting made the following decisions:
The Annual General Meeting decided to distribute a dividend of EUR 0.04 per share, which was paid to those shareholders that on the record date of 6 April 2018 were registered in the Register of Shareholders held by Euroclear Finland Ltd. The dividend was paid on 18 April 2018.
It was decided that the annual compensation for the Board members is as follows: for the Chairman EUR 80,000, for the Chairmen of the Personnel and Audit Committees EUR 48,000, members EUR 38,000 and for the member employed by
F-Secure Corporation EUR 12,667. Approximately 40% of the annual remuneration will be paid as company shares.
It was decided that the number of Board members is six (6). The following current members were re-elected: Pertti Ervi, Matti Heikkonen, Bruce Oreck, Päivi Rekonen and Risto Siilasmaa. Christine Bejerasco was elected as a new member of the Board. The Board elected in its organizational meeting Siilasmaa as the Chairman of the Board. The Board nominated Siilasmaa as the Chairman of the Personnel Committee and Bruce Oreck and Päivi Rekonen as members of the Personnel Committee. Pertti Ervi was nominated as the Chairman of the Audit Committee and Päivi Rekonen, Matti Heikkonen and Christine Bejerasco were nominated as members of the Audit Committee. It was decided that the Auditor's fee will be paid against approved invoice. PricewaterhouseCoopers Oy was elected the Group's auditor. APA, Mr. Janne Rajalahti acts as the responsible partner.
It was decided that the Board of Directors may pass a resolution to repurchase a maximum of 10,000,000 own shares of the company in one or multiple tranches with the company's unrestricted equity. The authorization entitles the Board of Directors to decide on the repurchase also in deviation from the proportional holdings of the shareholders (directed repurchase). The authorization covers the repurchase of shares either in trading at the regulated market organized by Nasdaq Helsinki Ltd in accordance with its rules and guidelines, in which case the shares must be purchased at the prevailing market price at the time of repurchase, or through a public tender offer to the shareholders, in which case the price offered must be the same for all shareholders. The repurchased shares will be used for making acquisitions or implementing other arrangements related to the company's business, for improving the company's financial structure, for use as part of the company's incentive scheme or otherwise for further assigning or cancelling the shares. The authorization includes the right for the Board of Directors to decide upon all other terms and conditions related to the repurchase of the company's own shares. The authorization is valid until the next
Annual General Meeting however not longer than until June 30, 2019 and the previous authorization granted to the Board of Directors by the 2017 Annual General Meeting regarding the repurchase of the company's own shares expired upon the new authorization.
The Annual General Meeting authorized the Board of Directors to decide on the issuance of a maximum of 31,000,000 shares, representing 19.5 per cent of the company's shares entered in the Trade Register, or the issuance of special rights entitling to shares referred to in Chapter 10, Section 1 of the Finnish Limited Liability Companies Act in one or multiple tranches. The authorization concerns both the issuance of new shares as well as the transfer of treasury shares. The authorization includes the right for the Board of Directors to decide upon all terms and conditions related to the issuance of shares and special rights. The issuance of shares may be carried out in deviation from the shareholders' pre-emptive rights (directed issue). The authorization can be used for implementing potential acquisitions, other arrangements or equity-based incentive plans or for other purposes decided by the Board of Directors. The Board of Directors also has the right to decide on the sale of company shares at the regulated market in accordance with Nasdaq Helsinki Ltd's rules and regulations. The authorization is valid until the next Annual General Meeting however no later than until June 30, 2019, and the previous authorization granted to the Board of Directors by the 2017 Annual General Meeting regarding the issuance of shares and transfer of own shares expired upon the new authorization.
The growing number and variety of connected devices as well as digital services continues to create security challenges for both businesses and individuals. Combined with the increasing complexity of IT systems, tightening regulation and increasing significance of geopolitics, these trends are driving demand for security products and services. While advanced cyber-attacks are becoming more common and persistent, criminals are targeting companies of all sizes along with consumers by
taking advantage of vulnerabilities in popular software, traditional and new connected devices as well as online services. Apart from pure criminal activity, governments and hacktivists use vulnerabilities and malware e.g. for espionage and surveillance.
Attacks against corporations often go undetected for months. As most companies lack relevant capabilities, it is estimated that the demand for both Endpoint Detection and Response (EDR) solutions as well as Managed Detection and Response (MDR) will continue to rapidly increase. The new detection and response features are also being integrated into existing endpoint protection (EPP) solutions, causing the EPP market to be in transition. Overall, organizations are increasingly adopting cloud services, and seek managed security services and cloud-based delivery to help them maintain control of their security.
The consumer security software market continues to be impacted by the changing device landscape, app stores and online sales overall. Overall, the number of connected smart home devices is growing very rapidly, and as a result telecommunications operators are investing heavily in upgrading connectivity and introducing new security related services into their offerings. As consumers are increasingly aware of privacy and security threats, they seek to buy comprehensive solutions in order to secure their digital lives. This creates opportunities for innovative new security products.
The world is becoming digitalized and connected. Due to this, cyber-attacks and cyber-crime continue to be among the most critical challenges the world is facing. While the complexity and magnitude of problems increases, expertise is concentrating into a limited number of specialized security companies.
For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. We have transformed from an endpoint
protection company to a cyber security leader with a broader set of products and services.
F-Secure's competitiveness is based on extensive experience in cyber security, and a unique combination of man and machine. Our extensive experience, knowledge and insight in cyber security, combined with our global intelligence network, smart software and cutting edge artificial intelligence makes us the perfect trusted cyber security partner for companies of all sizes as well as individuals. We are the proud security advisor to many of the world's largest and demanding organizations e.g. in the banking, automotive and airline industries as well as the military and law enforcement sector. Our expertise is continuously developed, as we take on the toughest of assignments.
As F-Secure seeks to accelerate growth, we continue to focus growth investments in corporate security. We provide best-in-class services and solutions to the mid-market, especially for customers seeking to buy prevention, detection and response. We foresee the market moving towards managed endpoint security, and see especially strong growth in detection and response solutions. As we expand our product and service offering, we are also making it more integrated in order to offer efficient and comprehensive turn-key solutions to our customers and partners.
F-Secure's corporate security products and services are sold through the channel. Our growing network of thousands of partners are key to our strategic expansion. F-Secure's products are designed to be delivered from the cloud, and to support partners as they develop managed service provider business models. Ease of use both for end-customers as well as partners is critical aspect of all product design.
F-Secure also provides a comprehensive set of security and privacy solutions to consumers, protecting their information, identities, devices, smart homes and families. F-Secure is the world's leading provider of consumer security solutions through telecommunications operators. Together, we protect tens of millions of consumers and their digital lives. In consumer security, F-Secure continues with its existing sales channels aiming at profitable growth.
The demand for cyber security products and services is expected to continue in strong growth and F-Secure aims to grow faster than the market. Revenue from corporate security is expected to grow above 15% annually during our strategy period 2018–2021.
Driven by the anticipated revenue growth and scalable business model, profitability is expected to improve significantly in the long-term. The management continuously seeks to balance the growth investments and profitability to optimize long-term growth and value creation for the shareholders.
The company's dividend policy is to pay approximately half of its profits as dividends. Subject to circumstances, the company may deviate from this policy.
During the year 2018, the company completed the acquisition of MWR InfoSecurity, which was financed partially with an external loan. In addition to the costs related to the acquisition and integration, the company's profitability was impacted by the continued growth investments in corporate security. Considering these aspects, the Board of Directors has exceptionally decided to propose no dividend to be paid for year 2018.
12 Board of Directors' Report
In February 2019, F-Secure received a French appeal court decision related to the claim which was related to a contract regarding the purchasing of services, and which was originally disclosed in the Annual Report for 2017. F-Secure is assessing whether grounds for an appeal to supreme court exist. However, the decision will be implemented and F-Secure's subsidiary is required to pay approximately EUR 1.3 million, for which a similar provision has been booked earlier.
No other material changes regarding the Company's business or financial position have occurred after the end of the year.
Helsinki, 13 February 2019
F-Secure Corporation Board of Directors
Risto Siilasmaa Christine Bejerasco Pertti Ervi Matti Heikkonen Bruce Oreck Päivi Rekonen
President and CEO Samu Konttinen
13
* Board proposal
F-Secure has applied new IFRS 15 and IFRS 9 standards from January 1, 2018 onwards and 2017 financials are restated retrospectively. Figures for 2014–2016 are not restated and thus not fully comparable.
| Economic indicators | IFRS 2018 |
IFRS 2017 |
IFRS 2016 |
IFRS 2015 |
IFRS 2014 |
|---|---|---|---|---|---|
| Revenue (MEUR) * | 190.7 | 169.8 | 158.3 | 147.6 | 137.4 |
| Revenue growth % | 12% | 7% | 7% | 7% | –11% |
| EBIT (MEUR) * | 4.5 | 11.5 | 19.2 | 20.0 | 22.3 |
| % of revenue | 2.4% | 6.8% | 12.1% | 13.6% | 16.2% |
| Result before taxes * | 1.7 | 12.4 | 20.8 | 20.7 | 23.4 |
| % of revenue | 0.9% | 7.3% | 13.1% | 14.0% | 17.0% |
| ROE (%) | 1.2% | 15.0% | 19.9% | 28.1% | 20.7% |
| ROI (%) | 7.9% | 20.0% | 28.6% | 52.1% | 26.7% |
| Equity ratio (%) | 42.7% | 61.9% | 66.7% | 64.1% | 74.9% |
| Investments (MEUR) | 99.8 | 9.3 | 6.9 | 14.6 | 5.8 |
| % of revenue | 52.3% | 5.5% | 4.4% | 9.9% | 4.2% |
| R&D costs (MEUR) * | 35.7 | 34.1 | 28.4 | 26.9 | 30.1 |
| % of revenue | 18.7% | 20.1% | 17.9% | 18.2% | 21.9% |
| Capitalized development (MEUR) | 4.7 | 3.9 | 3.2 | 2.3 | 2.3 |
| Gearing % | 13.9% | –127.8% | –122.1% | –122.4% | –76.6% |
| Wages and salaries (MEUR) | 84.9 | 70.1 | 61.8 | 56.8 | 57.4 |
| Personnel on average | 1,364 | 1,067 | 981 | 894 | 937 |
| Personnel on Dec 31 | 1,666 | 1,104 | 1,026 | 926 | 921 |
| Key ratios | IFRS 2018 |
IFRS 2017 |
IFRS 2016 |
IFRS 2015 |
IFRS 2014 |
|---|---|---|---|---|---|
| Earnings / share (EUR) | 0.01 | 0.07 | 0.10 | 0.14 | 0.10 |
| Earnings / share (EUR) continuing operations |
0.01 | 0.07 | 0.10 | 0.08 | 0.12 |
| Earnings / share diluted | 0.01 | 0.07 | 0.10 | 0.14 | 0.10 |
| Earnings / share diluted continuing operations |
0.01 | 0.07 | 0.10 | 0.08 | 0.12 |
| Shareholders' equity per share | 0.42 | 0.45 | 0.49 | 0.49 | 0.50 |
| Dividend per share * | 0.00 | 0.04 | 0.12 | 0.12 | 0.16 |
| Dividend per earnings (%) | 0.0% | 57.1% | 122.8% | 85.7% | 160.0% |
| Effective dividends (%) | 0.0% | 1.0% | 3.4% | 4.7% | 7.1% |
| P/E ratio | 431.4 | 55.2 | 35.6 | 18.2 | 22.2 |
| Share price, lowest (EUR) | 2.18 | 3.17 | 2.19 | 2.08 | 1.78 |
| Share price, highest (EUR) | 4.24 | 4.84 | 3.60 | 3.84 | 2.90 |
| Share price, average (EUR) | 3.03 | 3.94 | 2.87 | 2.71 | 2.03 |
| Share price Dec 31 | 2.32 | 3.89 | 3.48 | 2.58 | 2.25 |
| Market capitalization (MEUR) | 367.6 | 617.7 | 552.6 | 409.7 | 357.3 |
| Trading volume (millions) | 33.7 | 27.8 | 35.9 | 61.2 | 44.3 |
| Trading volume (%) | 21.2% | 17.5% | 22.6% | 39.3% | 28.4% |
* For 2016, 2015, and 2014, only continuing operations.
| Adjusted number of shares | IFRS 2018 | IFRS 2017 | IFRS 2016 | IFRS 2015 | IFRS 2014 |
|---|---|---|---|---|---|
| average during the period | 157,224,137 | 156,502,983 | 156,022,774 | 155,801,466 | 155,756,751 |
| average during the period, diluted | 157,224,137 | 156,502,983 | 156,022,774 | 155,801,466 | 155,756,751 |
| Dec 31 | 158,798,739 | 158,798,739 | 158,798,739 | 158,798,739 | 158,798,739 |
| Dec 31, diluted | 158,798,739 | 158,798,739 | 158,798,739 | 158,798,739 | 158,798,739 |
l Average price
14
| Equity ratio, % | Total equity | ||||
|---|---|---|---|---|---|
| Total assets – advance payments received | � 100 | ||||
| ROI, % | Result before taxes + financial expenses | � 100 | |||
| Total assets – non-interest bearing liabilities (average) | |||||
| ROE, % | Result for the period | � 100 | |||
| Total equity (average) | |||||
| Gearing, % | Interest bearing liabilities – cash and bank and financial assets at FVTPL | � 100 | |||
| Total equity | |||||
| Earnings per share, EUR | Profit attributable to equity holders of the company | ||||
| Weighted average number of outstanding shares | |||||
| Shareholders' equity | Equity attributable to equity holders of the company | ||||
| per share, EUR | Number of outstanding shares at the end of period | ||||
| P/E ratio | Closing price of the share, end of period | ||||
| Earnings per share | |||||
| Dividend per earnings, % | Dividend per share | � 100 | |||
| Earnings per share | |||||
| Effective dividends, % | Dividend per share | � 100 | |||
| Closing price of the share, end of period | |||||
| Operating expenses | Sales and marketing, research and development and administration costs | ||||
| EBITDA | EBIT + depreciation, amortization and impairment |
15
Reconciliation between adjusted EBITDA, EBITDA, adjusted EBIT and EBIT
| EUR 1,000 | Consolidated, 2018 |
Consolidated, 2017 |
|---|---|---|
| Adjusted EBITDA | 17.4 | 18.2 |
| Adjustments to EBITDA | ||
| Costs related to business acquisitions | –2.6 | –0.4 |
| Costs related to integration | –1.0 | |
| EBITDA | 13.8 | 17.8 |
| Depreciation, amortization and impairment losses | –9.3 | –6.3 |
| EBIT | 4.5 | 11.5 |
| Adjusted EBIT | 10.6 | 12.3 |
| Adjustments to EBIT | ||
| Costs related to business acquisitions | –2.6 | –0.4 |
| Costs related to integration | –1.0 | |
| PPA amortization | –2.5 | –0.4 |
| EBIT | 4.5 | 11.5 |
| EUR 1,000 | Operating Expenses 2018 |
M&A expenses | Expenses for adjusted EBIT |
Depreciation | PPA amortization | Operating Expenses for Adjusted EBITDA 2018 |
|---|---|---|---|---|---|---|
| Sales and marketing | –95.0 | 0.5 | –94.5 | 3.9 | –90.7 | |
| Research and development | –35.7 | 0.0 | –35.7 | 2.1 | –33.6 | |
| Administration | –18.3 | 3.1 | –15.2 | 0.8 | 2.5 | –11.9 |
| Operating expenses | –149.1 | 3.6 | –145.5 | 6.8 | 2.5 | –136.2 |
| EUR 1,000 | Operating Expenses 2017 |
M&A expenses | Expenses for adjusted EBIT |
Depreciation | PPA amortization | Operating Expenses for Adjusted EBITDA 2017 |
|---|---|---|---|---|---|---|
| Sales and marketing | –86.7 | –86.7 | 4.0 | –82.7 | ||
| Research and development | –34.1 | –34.1 | 1.6 | –32.5 | ||
| Administration | –14.3 | 0.4 | –13.9 | 0.3 | 0.4 | –13.2 |
| Operating expenses | –135.1 | 0.4 | –134.7 | 5.9 | 0.4 | –128.4 |
| EUR 1,000 Note |
Consolidated, IFRS 2018 |
RESTATED Consolidated, IFRS 2017 |
|---|---|---|
| REVENUE (2) |
190,731 | 169,754 |
| Cost of revenue (5) |
–39,351 | –24,991 |
| GROSS MARGIN | 151,379 | 144,763 |
| Other operating income (3) |
2,258 | 1,895 |
| Sales and marketing (4, 5) |
–95,037 | –86,697 |
| Research and development (4, 5) |
–35,741 | –34,091 |
| Administration (4, 5) |
–18,320 | –14,321 |
| EBIT | 4,539 | 11,549 |
| Financial income (7) |
2,311 | 3,213 |
| Financial expenses (7) |
–5,123 | –2,383 |
| PROFIT (LOSS) BEFORE TAXES | 1,727 | 12,379 |
| Income tax (9) |
–883 | –1,316 |
| RESULT FOR THE FINANCIAL YEAR | 844 | 11,063 |
| Other comprehensive income | ||
| Other comprehensive income to be reclassified to profit or loss in subsequent periods | ||
| Exchange difference on translation of foreign operations | –1,288 | –839 |
| Available-for-sale financial assets (8) |
–117 | |
| Taxes related to components of other comprehensive income (9) |
23 | |
| COMPREHENSIVE INCOME FOR THE YEAR | –444 | 10,131 |
| Result of the financial year is attributable to: Equity holders of the parent |
844 | 11,063 |
| Comprehensive income for the year is attributable to: Equity holders of the parent |
–444 | 10,131 |
| Earnings per share – basic and diluted (10) |
0.01 | 0.07 |
| Consolidated, | RESTATED Consolidated, |
||
|---|---|---|---|
| EUR 1,000 | Note | IFRS 2018 | IFRS 2017 |
| ASSETS | |||
| NON-CURRENT ASSETS | |||
| Tangible assets | (13) | 5,175 | 3,214 |
| Intangible assets | (13) | 38,381 | 14,733 |
| Goodwill | (11, 12, 13) | 90,677 | 10,070 |
| Deferred tax assets | (21) | 3,961 | 4,177 |
| Other receivables | (16) | 485 | 666 |
| Total non-current assets | 138,679 | 32,860 | |
| CURRENT ASSETS | |||
| Inventories | (14) | 607 | 588 |
| Trade and other receivables | (15,16) | 56,662 | 50,061 |
| Income tax receivables | (16) | 4,228 | 1,435 |
| Available-for-sale financial assets | (15, 20) | 53,924 | |
| Financial asset at FVTPL | (15) | 58 | |
| Cash and bank accounts | (15, 20) | 27,806 | 36,300 |
| Total current assets | 89,361 | 142,309 | |
| TOTAL ASSETS | 228,040 | 175,169 |
| EUR 1,000 | Note | Consolidated, IFRS 2018 |
RESTATED Consolidated, IFRS 2017 |
|---|---|---|---|
| SHAREHOLDERS' EQUITY AND LIABILITIES | |||
| SHAREHOLDERS' EQUITY | (17) | ||
| Share capital | 1,551 | 1,551 | |
| Share premium | 165 | 165 | |
| Treasury shares | –2,772 | –4,575 | |
| Fair value reserve | 983 | ||
| Translation differences | –1,838 | –550 | |
| Reserve for invested unrestricted equity | 6,082 | 5,378 | |
| Retained earnings | 63,092 | 67,630 | |
| Equity attributable to equity holders of the parent | 66,279 | 70,582 | |
| NON-CURRENT LIABILITIES | |||
| Interest bearing liabilities, non current |
(19, 20) | 31,000 | |
| Deferred tax liabilities | (21) | 4,094 | 1,386 |
| Other non-current liabilities | (22) | 33,746 | 19,893 |
| Provisions | (22) | 1,173 | 1,173 |
| Total non-current liabilities | 70,013 | 22,452 | |
| CURRENT LIABILITIES | |||
| Interest bearing liabilities, current | (19, 20) | 6,058 | |
| Trade and other payables | (20, 22) | 29,544 | 31,853 |
| Income tax liabilities | (22) | 821 | 1,945 |
| Other current liabilities | (22) | 55,325 | 48,338 |
| Total current liabilities | 91,748 | 82,135 | |
| TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES |
228,040 | 175,169 |
18 FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
| EUR 1,000 | Note | Consolidated, IFRS 2018 |
RESTATED Consolidated, IFRS 2017 |
EUR 1,000 | Note | Consolidated, IFRS 2018 |
RESTATED Consolidated, IFRS 2017 |
|---|---|---|---|---|---|---|---|
| Cash flow from operations | Cash flow from investments | ||||||
| Result for the financial year | 844 | 11,063 | Investments in intangible and tangible assets | –7,454 | –7,106 | ||
| Adjustments | Proceeds from sale of intangible and | ||||||
| Depreciation and amortization | 9,270 | 6,296 | tangible assets | 329 | 46 | ||
| Profit / loss on sale of fixed assets | –41 | 45 | Other investments | (15) | 0 | –7,742 | |
| Other adjustments | 2,187 | 1,938 | Proceeds from sale of other investments | (15) | 53,470 | 18,410 | |
| Financial income and expenses | 2,812 | –830 | Acquisition of subsidiaries, net of cash acquired |
(11) | –91,948 | –2,205 | |
| Income taxes | 883 | 1,181 | |||||
| Cash flow from operations before change in working capital |
15,954 | 19,693 | Cash flow from investments | –45,602 | 1,402 | ||
| Change in net working capital | Cash flow from financing activities | ||||||
| Current receivables, increase (–), | Repayments of interest-bearing liabilities | –511 | |||||
| decrease (+) | 692 | –3,153 | Increase in interest-bearing liabilities | 37,000 | |||
| Inventories, increase (–), decrease (+) | –19 | –457 | Own shares | –99 | |||
| Non-interest bearing debt, increase (+), decrease (–) |
–2,827 | 13,576 | Dividends paid | –6,281 | –18,751 | ||
| Provisions, increase (+), decrease (–) | –158 | Cash flow from financing activities | 30,108 | –18,751 | |||
| Change in cash | –8,720 | 8,687 | |||||
| Cash flow from operations before financial items and taxes |
13,800 | 29,501 | |||||
| Cash and bank at the beginning of the period | 36,300 | 29,050 | |||||
| Interest expenses paid | –353 | –74 | |||||
| Interest income received | 56 | 1,032 | Effects of exchange rate changes | 226 | –1,437 | ||
| Other financial income and expenses | –580 | –376 | |||||
| Income taxes paid | –6,149 | –4,046 | Cash and bank at period end | 27,806 | 36,300 | ||
| Cash flow from operations | 6,774 | 26,036 |
Attributable to the equity holders of the parent
| EUR 1,000 | Share capital | Share premium fund |
Treasury shares |
Available-for sale |
Transl. diff. | Unrestricted equity reserve |
Retained earnings |
Total equity |
|---|---|---|---|---|---|---|---|---|
| Equity December 31, 2016 | 1,551 | 165 | –5,741 | 1,077 | 284 | 5,211 | 73,365 | 75,912 |
| Impact of IFRS 15 restatement | 5 | 806 | 810 | |||||
| Equity (restated) January 1, 2017 | 1,551 | 165 | –5,741 | 1,077 | 289 | 5,211 | 74,171 | 76,722 |
| Available-for-sale financial assets, net | –93 | –93 | ||||||
| Translation difference | –839 | –839 | ||||||
| Result of the financial year (restated) | 11,063 | 11,063 | ||||||
| Total comprehensive income for the year | –93 | –839 | 11,063 | 10,131 | ||||
| Dividends | –18,751 | –18,751 | ||||||
| Cost of share based payments | 1,166 | 167 | 1,147 | 2,480 | ||||
| Equity (restated) December 31, 2017 | 1,551 | 165 | –4,575 | 984 | –550 | 5,378 | 67,630 | 70,582 |
| Impact of IFRS 9 restatement | –984 | 1,144 | 160 | |||||
| Equity (restated) January 1, 2018 | 1,551 | 165 | –4,575 | 0 | –550 | 5,378 | 68,773 | 70,742 |
| Translation difference | –1,288 | –1,288 | ||||||
| Result of the financial year | 844 | 844 | ||||||
| Total comprehensive income for the year | –1,288 | 844 | –444 | |||||
| Dividends | –6,281 | –6,281 | ||||||
| Cost of share based payments | 1,803 | 704 | –243 | 2,263 | ||||
| Equity December 31, 2018 | 1,551 | 165 | –2,772 | 0 | –1,838 | 6,082 | 63,092 | 66,279 |
More information in note 17. Shareholders' equity
F-Secure provides cyber security products and services globally for consumers and businesses.
The parent company of the Group is F-Secure Corporation incorporated in Finland and domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy of consolidated financial statements can be downloaded on www.f-secure.com or can be received from the parent company's registered address.
These financial statements were authorized for issue by the Board of Directors on 13 February 2019. According to the Finnish Companies Act, the Annual General Meeting can confirm or reject the consolidated financial statements after publication. The Annual General Meeting can also decide to change the financial statements.
The consolidated financial statements of F-Secure Corporation of 2018 have been prepared in accordance with International Financial Reporting Standards (IFRS), applying the IAS and IFRS standards as well as SIC and IFRIC interpretations that were in force and had been approved by the EU by 31 December 2018.
The consolidated financial statements incorporate the financial statements of F-Secure Corporation and entities controlled by F-Secure Corporation. Consolidation is done using the acquisition method and begins when control over the subsidiary is obtained. The consolidation stops when the control ceases. The Group does not have any associated companies nor is there any non-controlling interest in the Group.
All intra-group transactions and balances, including unrealized profits arising from intra-group transactions, have been eliminated on consolidation. Where necessary, accounting policies of the subsidiaries have been adjusted to ensure consistency with the policies adopted by the Group.
The consolidated financial statements are presented in euros, which is F-Secure Corporation's functional currency. At each reporting date for the purpose of presenting consolidated financial statements the income statements of foreign Group companies are translated at the average exchange rates for the reporting period and the balance sheets are translated using the European Central Bank's exchange rates prevailing on the reporting date. Translation differences are recognized in shareholders' equity and the change in other comprehensive income.
Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank's exchange rates prevailing at that date. Exchange rate gains and losses from sales transactions are recognized in revenue and other exchange rate gains and losses are recognized in financial items in the income statement.
In the current year, the Group has applied IFRS 15 Revenue from Contracts with Customers which is effective for an annual period that begins on or after 1 January 2018. F-Secure has applied full retrospective method in transition to IFRS 15 which means that the cumulative effect of all the modifications that occurred before 1 January 2017 have been recognized in opening balance of retained earnings as of 1 January 2017.
The new standard introduces a 5-step approach to revenue recognition and has an impact on how revenue from customer contracts is recognized. For F-Secure mainly customer
contracts with upfront revenue recognition were impacted. The impact is considered immaterial for one reporting period due to the fact that for majority of the customer contracts revenue recognition has already been deferred over time prior to application of IFRS 15 and due to the offsetting effect of the historical recognized revenue and deferral of the new sales.
Also deferred revenue and growth rate of deferred revenue were impacted by the adoption of IFRS 15.
The recognition of incremental costs of obtaining contracts with customers (sales commissions) has also been deferred under IFRS 15. The impact on sales commissions is immaterial for one reporting period due to the offsetting effect of historical costs and deferral of the new costs.
Impact of the new standard to retained earnings in opening balance as at 1 January 2017 is EUR 0.8 million. Deferring revenue and sales commissions in 2017 financials increased net result by EUR 0.3 million divided between increase in result before taxes of EUR 0.4 million and increase in income taxes of EUR 0.1 million.
Impact to retained earnings in opening balance as at 1 January 2018 is EUR 1.1 million. Impact on deferred income in opening balance as at January 1 2017 is EUR 4.7 million and in opening balance as at 1 January 2018 EUR 4.6 million.
Impacts of IFRS 15 adoption to 2017 financials have been presented in detail in a separate document "Restated Information on 2017 Financials as a Result of Adoption of New IFRS 15 Accounting Standard and Revision of Cost of Revenue" published on 3 May 2018. All comparative information in this annual report has been adjusted according to the restatement.
The Group's accounting policies for its revenue streams are disclosed in section Revenue recognition. Apart from providing more extensive disclosures for the Group's revenue transactions, the application of IFRS 15 has not had a significant impact on the financial position and financial performance of the Group. The amount of adjustment for each financial statement line item affected by the application of IFRS 15 is illustrated after section Revision of Cost of Revenue.
F-Secure has revised the allocation of costs between Cost of Revenue (CoR) and Operating Expenses (OPEX). Prior year financials have been restated according to the new accounting principle to maintain comparability.
In previous reporting, F-Secure's Cost of Revenue included mainly Royalties, Freights and Material. The revised Gross Margin captures in addition costs of providing cloud-based services to customers, customer support and cyber security services related direct expenses. The impact for comparative 2017 financial statements is a decrease of Gross Margin from 96% to 85%. Net result was not impacted. The revision aimed at identifying costs directly linked to the delivery of F-Secure's software products and services and reporting a Gross Margin that is more comparable in content with other similar companies in the industry and worldwide.
Impacts of the revision to 2017 financials have been presented in detail together with IFRS 15 impacts in a separate document "Restated Information on 2017 Financials as a Result of Adoption of New IFRS 15 Accounting Standard and Revision of Cost of Revenue" published on 3 May 2018. All comparative information in this annual report has been adjusted according to the restatement.
Profit for the year 2017
| Revenue | |
|---|---|
| Increase of revenue due to IFRS 15 | 59 |
| Cost of Revenue | |
| Increase of Cost of Revenue due to revision | –18,391 |
| OPEX | |
| Decrease in Sales and Marketing costs due to deferral of commissions under IFRS 15 | 339 |
| Decrease in Sales and Marketing costs due to revision of Cost of Revenue | 17,978 |
| Decrease in Research and Development costs due to revision of Cost of Revenue | 409 |
| Income taxes | |
| Increase of income taxes due to IFRS 15 | –130 |
| Profit for the financial year | 264 |
| Assets, equity and liabilities in 2017 | Reported 1 Jan 2017 |
Change due to IFRS 15 |
Restated 1 Jan 2017 |
|---|---|---|---|
| Assets | |||
| Deferred tax assets | 2,734 | 583 | 3,317 |
| Equity | 75,912 | 851 | 76,763 |
| Liabilities | |||
| Deferred tax liabilities | 361 | 826 | 1,187 |
| Deferred revenue, non-current | 13,737 | 1,207 | 14,944 |
| Trade and other payables, current | 32,088 | –5,820 | 26,268 |
| Deferred revenue, current | 40,514 | 3,537 | 44,051 |
| Reported 31 Dec 2017 |
Change due to IFRS 15 |
Restated 31 Dec 2017 |
|
|---|---|---|---|
| Assets | |||
| Deferred tax assets | 3,528 | 649 | 4,177 |
| Equity | 69,468 | 1,114 | 70,582 |
| Liabilities | |||
| Deferred tax liabilities | 357 | 1,029 | 1,386 |
| Deferred revenue, non-current | 15,006 | 2,392 | 17,398 |
| Trade and other payables, current | 37,950 | –6,097 | 31,853 |
| Deferred revenue, current | 46,126 | 2,212 | 48,338 |
F-Secure has adopted the new standard IFRS 9 on the required effective date 1 January 2018. The comparatives were not restated. The cumulative effect EUR 0.2 million from the transition has been recognized in opening balance as at 1 January 2018.
The new standard has impact on classification and valuation of financial assets and financial liabilities, and includes a new model for estimating impairment of financial assets, which is based on expected credit losses.
F-Secure had significant investment in fixed income funds which were classified as available-for-sale under IAS 39. Under IFRS 9 these investments were classified as fair value through profit and loss. Due to the nature of these investments the impact on Group's income statement remained immaterial and the assets were sold during second quarter of the financial year to finance the acquisition of MWR InfoSecurity. In opening balance 1 January 2018 fair value fund of EUR 1.0 million was reclassified to retained earnings.
In July 2018 F-Secure entered into a financing agreement with Nordea Bank to finance the acquisition of MWR InfoSecurity. The loan facilities are valued at amortized cost under IFRS 9.
IFRS 9 requires an expected credit loss model (ECL) to be used for impairment of financial assets. The expected credit loss model requires the Group to account for expected credit losses and changes in those expected credit losses at each reporting date to reflect changes in credit risk since initial recognition of the financial assets. It is no longer necessary for a credit event to have occurred before credit losses are recognized.
For F-Secure IFRS 9 has an impact on measuring impairment of trade receivables and thus the model for recognizing
impairment provisions has been renewed based on expected credit losses. A simplified approach allowed in the new standard is applied. Transition to new standard had EUR 0.2 million impact on trade receivables and retained earnings in opening balance 1 January 2018.
The changes in IFRS 9 do not influence Group's consolidated cash flow.
The amendments to IFRS 2 are intended to eliminate diversity in the measurement and classification of cash settled share-based payment transactions and accounting when share-based payment transaction changes its classification from cash-settled to equity-settled. The amendments have had no effect on the Group's incentive plans launced prior to 1 Jan. The amendment to the standard has been applied to the new matching share plans launched during 2018.
The preparation of consolidated financial statements requires the use of estimates and assumptions as well as the use of judgment when applying accounting principles. These affect the contents of the financial statements and it is possible that actual results may differ from estimates.
Estimates made in connection with the preparation of financial statements are based on management's best knowledge at the reporting date. Estimates build upon past experience as well as assumptions of the future development of the economic environment of the Group. Revisions in estimates and assumptions are recognized in the period they occur and in future periods if the revision affects both current and future periods.
– Deferred consideration from acquisition of MWR InfoSecurity: The booked deferred consideration
of EUR 14.8 million is an estimate and is based on historical economic performance for period 2 July, 2018 – 31 December, 2018 and forecast for 1 January – 31 December 2019. The final amount of deferred consideration to be paid depends on achievement of the forecast and thus includes management judgment and estimation uncertainty. The final deferred consideration can vary from EUR 0.0 to EUR 27.9 million. The net present value of the deferred consideration is assessed at each reporting date based on updated forecasts.
23 FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
Revenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (Protection Service for Business, PSB; Business Suite, Cloud Protection for Salesforce), as well as solutions targeted at detecting and responding to advanced attacks (Rapid Detection Service, RDS; Rapid Detection and Response, RDR and Countercept) and vulnerability management (F-Secure Radar and phishd). Consumer security business revenue comes through operator and direct consumer channels, and the main products include F-Secure SAFE, F-Secure FREEDOME, F-Secure SENSE and F-Secure KEY.
Endpoint protection security solutions (such as PSB, Business Suite for corporate and RDR) are sold to corporate customers by granting the customer access to use the intellectual property during the license period or as Security-as-a-Service. F-Secure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period. Prior to IFRS 15 adoption the license fee revenue was recognized at point in time of the initial delivery and the maintenance and support were recognized as revenue over the contract period.
F-Secure SAFE and F-Secure FREEDOME for consumer customers and vulnerability management products for corporate customers (Radar and phishd) are treated as Security-as-a-Service as they do not include a license of intellectual property. Revenue is accounted for as a single performance obligation and recognized over time on a straight-line basis for the contract period.
When there is a hardware component to the solution (SENSE) the hardware is considered as a distinct performance obligation and revenue for hardware is recognized separately at point in time of delivery.
Cyber security consulting services are recognized as revenue based on the delivery of the work. For F-Secure managed detection and response solutions (RDS, Countercept) the software and the service are considered as single performance obligation. The customer is granted access to use the intellectual property and the service is provided by F-Secure continuously throughout the contract period. Revenue for managed services is recognized on a straight-line basis for the contract period.
All of F-Secure Group's pension arrangements are in accordance with local statutory requirements, and they are defined contribution plans. Contributions to defined contribution plans are recognized in the income statement in the period to which the contributions relate.
Leases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term.
Income taxes The income tax expense in income statement represents the sum of current taxes and deferred taxes. Current taxes are calculated on the taxable income for all Group companies in accordance with the local tax rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in
which the differences are expected to reverse. Deferred tax assets are recognized to the extent that it is probable that future taxable profit will be available. Deferred tax liabilities are recognized for all temporary differences.
Deferred tax assets and liabilities are offset when there is a legally enforceable right to set off current tax assets against current tax liabilities and when they relate to the same taxation authority and the Group intends to settle the assets and liabilities on a net basis.
Acquisition method is used for accounting the acquisitions of businesses. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group and liabilities incurred by the Group to the former owners of the acquiree. Contingent considerations related to business combinations are measured at fair value at acquisition date and included as part of the consideration transferred. Costs related to the acquisition are recognized in profit and loss statement.
The identifiable assets acquired and the liabilities assumed are recognized at fair value at the acquisition date except for deferred tax assets or liabilities which are measured in accordance with IAS 12 Income taxes. Goodwill is measured as the excess of the transferred consideration over the net amount of the acquired identifiable assets and assumed liabilities.
Changes in fair value of the contingent consideration that do not arise within one year from the acquisition from facts and circumstances that existed at the acquisition date are recognized in profit or loss.
Goodwill is initially recognized and measured in business combinations as set out above. Goodwill is not amortized but is instead tested for impairment at least annually and whenever there is an indication that it may be impaired. For 24 FINANCIAL STATEMENTS F-SECURE CONSOLIDATED
the purpose of impairment testing goodwill has been allocated to cash-generating units expected to benefit from the synergies of the combination. If the recoverable amount of the cashgenerating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit. If an impairment loss for goodwill is recognized it will not be reversed in the subsequent periods. Goodwill is recorded at historical cost less accumulated impairment losses.
Research expenditure is recognized as an expense at the time it is incurred. Development expenditure on new products or product versions with significant new features are recognized as intangible assets when they fulfill the requirements set out in IAS 38. Amortization is recorded on a straight-line basis over the estimated useful life, which is 3–8 years for these assets.
Intangible assets acquired in business combinations and recognized separately from goodwill are initially recognized at fair value on the acquisition date. Subsequent to initial recognition these assets are reported at initial value less accumulated amortization and accumulated impairment losses.
Intangible assets acquired in business combinations include technology, trademarks and customer relationships, which all have a finite useful life. Initial valuation for technology and trademarks is done based on Relief from royalty method and for customer relationships based on Excess earnings method. The estimated useful lives for intangible assets acquired in business combinations are:
| Technology | 10 years |
|---|---|
| Trademark | 2 years |
| Customer relationships | 6–10 years |
Other intangible assets include intangible rights and software licenses, all with a finite useful life. Other intangible assets are recorded at historical cost less accumulated amortization and possible impairment. Amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of other intangible assets are as follows:
| Intangible rights | 3–8 years |
|---|---|
| Other intangible assets | 5–10 years |
Tangible assets are recorded at historical cost less accumulated depreciation and possible impairment. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible assets are as follows:
| Machinery and equipment | 3–8 years |
|---|---|
| Other tangible assets | 5–10 years |
Other tangible assets include renovation costs of rented office space.
Gains or losses on disposal of tangible assets are shown in other operating income or expense.
At each reporting date, the Group assesses whether there is any indication that an asset may be impaired. Where an indicator of impairment exists, the Group makes a formal estimate of recoverable amount. The recoverable amount of goodwill and intangible assets that are not ready for use are estimated annually for regardless of whether any indication of impairment exists.
Where the carrying amount of an asset exceeds its recoverable amount the asset is considered impaired and the carrying amount is reduced to its recoverable amount. The recoverable amount is the fair value of an asset less costs of disposal or value in use, whichever is higher. An impairment loss is recorded in the income statement.
A previously recognized impairment loss is reversed only if there has been a change in the estimates used to determine the asset's recoverable amount since the last impairment loss was recognized. The maximum reversal of an impairment loss amounts to no more than the carrying amount of the asset if no impairment loss had been recognized, net of depreciation. Impairment losses relating to goodwill cannot be reversed in future periods.
Inventories are valued at the lower of cost and net realizable value. Cost is determined by first-in first-out method. Net realizable value is the estimated selling price that is obtainable, less estimated costs of completion and the estimated costs necessary to make the sale.
All Group's financial assets are currently measured at fair value through profit or loss (FVTPL). An expected credit loss is recognized for trade receivables according to IFRS 9. The amount of expected credit loss is updated at each reporting date to reflect changes in credit risk since initial recognition of the respective financial instrument. The expected credit loss is estimated using a provision matrix where trade receivables are grouped based on historical credit loss experience and characteristics that depict the credit risk of receivables (e.g. geographical area and days past due).
F-Secure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Transaction costs, such as arrangement fees, are deferred over the maturity of the liability. Contingent considerations arising from acquisitions are classified as financial liabilities measured at fair value and changes in fair value are accounted through profit and loss. Contingent considerations are measured at fair value at the end of each reporting period. Financial liabilities are classified
as current unless F-Secure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.
The Group uses derivative financial instruments such as forward currency contracts to hedge its risks associated with foreign currency fluctuations. Derivatives are valued at fair value. The fair value of forward currency contracts is calculated based on current forward exchange rates at the reporting date for contracts with similar maturity profiles. The gains and losses arising from the change of fair value are booked through the income statement as the Group does apply hedge accounting.
Provisions are recognized when the Group has a present obligation (legal or constructive) as a result of a past event, the outflow of resources is probable, and a reliable estimate of the amount of the obligation can be made. The amount recognized is a best estimate of the consideration required to settle the obligation at each reporting date. Risks and uncertainties are taken into account when making the estimate.
Parent company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.
F-Secure provides incentives to employees in the form of equity-settled share-based instruments. The Company has two kinds of incentive programs; a synthetic warrant-based program and share-based programs.
F-Secure's synthetic option-based program ended on 31 December 2018 and resulted in no payment. The program covered Group's key personnel and the liability has been presented at fair value at each reporting date. In the end of the financial year 2018 the remaining liability was written off to zero through income statement.
F-Secure's share-based incentive programs are targeted to the Group's key personnel. The programs are divided into equity-settled and cash-settled part. The equity-settled part is valued at fair value at grant date, and the expense is recognized evenly in the income statement over the vesting period with the counter-entry in retained earnings. Fair value is determined using the market value of the share of F-Secure Corporation. The cash-settled part is initially valued at fair value at grant date. At each reporting date the cash-settled part is revalued to fair value and the expense is recognized in the income statement over the vesting period with the counter-entry in liabilities. The cumulative expense recognized at grant date is based on the Group's estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. The Group updates its estimate of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement.
During 2018 Group received further information related to recoverability of tax losses in the US and a deferred tax asset of EUR 0.8 million was recognized. Remaining deferred tax asset at period end is EUR 0.6 million.
Due to suspected fraud in India a correction of EUR –0.2 million was booked to revenue in 2018 related to financial years 2016 and 2017. Bad debt provision of EUR 0.2 million related to this revenue was reversed. Net impact on income statement is immaterial. A write-off from accounts receivables totaled EUR 1.0 million and from deferred revenue EUR 0.8 million.
These corrections are booked through income statement in 2018 as the management assesses that corrections together or separately are not material to the financial statements.
Classification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.
IAS 1 Presentation of Financial Statements standard does not define the concept of Earnings before interest and taxes (EBIT). The Group has defined it as follows: EBIT is the net amount, which consists of revenue and other operating income less cost of revenue which is adjusted for changes in inventories, employee benefit costs, depreciation and amortization, possible impairment losses, and other operating expenses.
The Group has not yet adopted the following new and amended standards and interpretations already issued by the IASB:
– IFRS 16 – Leases (effective for financial year beginning on or after 1 January 2019). IFRS 16 will result in almost all leases being recognized on the balance sheet, as the distinction between operating and finance leases is removed. Under the new standard, an asset (the right-to-use the leased item) and a financial liability to pay rentals are recognized. The only exceptions are short-term and low-value leases. Initial application for the new standard for the Group is 1 January 2019. F-Secure has chosen the modified approach to IFRS 16 and comparatives will not be restated.
Under IAS 17 F-Secure has had only operating leases, which consist mainly of rented office premises and leased cars. IFRS 16 will change the definition of a lease to mainly relate to the concept of control. Leases and service contracts are distinguished on the basis of whether the use of an identified asset is controlled by the customer. Control is considered to exist if the customer has:
As part of the implementation project F-Secure has materially carried out the analysis of recognizing right-touse assets. Lease definition under IFRS 16 is met by most of the rented office premises and leased cars. A contract will be excluded from leases if the contract period is less than 12 months or the value of an asset is low. For these assets (such as some short-term office premise and car lease contracts and coffee machines), the Group will opt to recognize a lease expense on a straightline basis as permitted by IFRS 16.
On initial application of IFRS 16, for all leases (except as noted above), the Group will:
a) Recognize right-of-use assets and lease liabilities in the consolidated statement of financial position, initially measured at the present value of the future lease payments;
b) Recognize depreciation of right-of-use assets and interest on lease liabilities in the consolidated statement of profit or loss;
c) Separate the total amount of cash paid into a principal portion (presented within operating activities) and interest (presented within financing activities) in the consolidated cash flow statement.
Under IFRS 16, right-of-use assets will be tested for impairment in accordance with IAS 36 Impairment of Assets.
As at the reporting date, the group has non-cancellable operating lease commitments of EUR 14.1 million, see note 23 Operating lease commitments. A preliminary assessment indicates that EUR 13.5 million of these arrangements relate to leases other than short-term leases and leases of low-value assets, of which the Group will recognize a right-of-use asset and a corresponding lease liability. The preliminary assessment indicates that EUR 0.6 million of these arrangements relate to short-term leases and leases of low-value assets.
In addition to having an impact on the Group's balance sheet the new standard will slightly improve Group's operating profit as part of the lease-related expense will be reported as financial costs.
Other new or amended standards or interpretations are not expected to have an impact on the consolidated financial statements.
The Group has one segment, data security. Segment reporting is consistent with the internal reporting submitted to the chief operating decision-maker. The Leadership Team has been appointed the chief operating decision-maker, responsible for allocating resources and assessing performance as well as making strategic decisions. For the geographical information revenue is presented based on the location of the customer and the long-term assets based on the location of the assets.
Geographical information about revenue is presented in note 2.
| EUR 1,000 | Consolidated 2018 |
Consolidated 2017 |
|---|---|---|
| Long-term assets | ||
| Nordic countries | 25,857 | 24,170 |
| Rest of Europe | 73,105 | 3,321 |
| North America | 1,296 | 114 |
| Rest of world | 38,422 | 413 |
| Total | 138,680 | 28,017 |
Principles of revenue recognition are stated in accounting principles to consolidated financial statements, section Revenue recognition.
| EUR 1,000 | Consolidated 2018 |
Consolidated 2017 |
|---|---|---|
| Sales channels | ||
| Revenue from external customers | ||
| Consumer security | 94,870 | 97,531 |
| Corporate security | 95,861 | 72,223 |
| Total | 190,731 | 169,754 |
| Nordic countries | 67,049 | 62,938 |
|---|---|---|
| Rest of Europe | 84,610 | 69,429 |
| North America | 17,197 | 16,431 |
| Rest of world | 21,875 | 20,956 |
| Total | 190,731 | 169,754 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Government grants | 1,606 | 1,423 |
| Rental revenue | 169 | 390 |
| Other | 483 | 81 |
| Total | 2,258 | 1,895 |
Government grants are recognized as income over those periods in which the corresponding expenses arise.
Other operating income includes e.g. gain on sale of fixed assets.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Depreciation and amortization of non-current assets |
||
| Other intangible assets | –2,374 | –1,575 |
| Capitalized development | –4,918 | –3,234 |
| Intangible assets | –7,293 | –4,809 |
| Machinery and equipment | –1,488 | –1,371 |
| Other tangible assets | –353 | –116 |
| Tangible assets | –1,842 | –1,487 |
| Impairment | ||
| Capitalized development | –135 | |
| Total impairment | –135 | |
| Total depreciation, amortization, and impairment | –9,270 | –6,296 |
| Depreciation, amortization, and impairment by function |
||
| Sales and marketing | –3,857 | –3,978 |
| Research and development | –2,125 | –1,616 |
| Administration | –3,288 | –701 |
| Total depreciation, amortization, and impairment | –9,270 | –6,296 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Personnel expenses | ||
| Wages and salaries | –84,948 | –70,141 |
| Pension expenses – defined contribution plan | –10,358 | –9,236 |
| Share-based payments | 256 | –3,717 |
| Other social expenses | –7,186 | –5,574 |
| Total | –102,237 | –88,669 |
Employee benefits of the management are stated in disclosure 25. Related party transactions. Share-based payments are stated in disclosure 18. Share-based payment transactions.
| Average number of personnel | 1,364 | 1,067 |
|---|---|---|
| Personnel by function December 31 | ||
| Sales and marketing | 1,045 | 636 |
| Research and development | 437 | 360 |
| Administration | 184 | 108 |
| Total | 1,666 | 1,104 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Group auditor | ||
| Audit fees, PricewaterhouseCoopers | –170 | –178 |
| Audit related fees, PricewaterhouseCoopers | –22 | –9 |
| Other consulting, PricewaterhouseCoopers | –26 | –97 |
| Total | –218 | –284 |
PricewaterhouseCoopers Oy has provided non-audit services to entities of F-Secure Group in total 48 thousand euros during the financial year 2018, of which 7 thousand are related to auditor's statements and 39 thousand to other services.
| Other auditors | ||
|---|---|---|
| Audit fees | –76 | –79 |
| Total | –76 | –79 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Financial income | ||
| Dividends from financial assets at FVTPL (available-for-sale) |
0 | 7 |
| Other financial income from financial assets at FVTPL (available-for-sale) |
872 | |
| Interest income from loans and receivables | 56 | 997 |
| Exchange gains | 2,241 | 1,171 |
| Other financial income | 14 | 165 |
| Total | 2,311 | 3,213 |
| Financial expenses | ||
| Interest expense from loans and liabilities | –353 | –72 |
| Exchange losses | –3,445 | –2,332 |
| Other financial expenses | –1,325 | 21 |
| Total | –5,123 | –2,383 |
Other financial expenses in 2018 include EUR 0.7 million from discounting MWR InfoSecurity deferred consideration to present value and EUR 0.4 million sales loss from financial assets presented ar fair value through profit and loss.
Interest income in 2017 includes EUR 0.9 million refund of late payment interest related to withholding taxes from 2009–2011.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Components of other comprehensive income | ||
| Available-for-sale financial assets | ||
| Gains/(losses) arising during the year | 677 | |
| Reclassification to profit or loss | –793 | |
| Total | –117 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Current income tax for the year | –2,444 | –2,159 |
| Adjustments for current tax of prior periods | 126 | 54 |
| Change in deferred tax | 1,435 | 789 |
| Total | –883 | –1,316 |
| Components of other comprehensive income | ||
| Available-for-sale financial assests | 23 |
A reconciliation of income tax expense in the income statement and income tax calculated at the parent company's country of residence income tax rate (20%):
| Result before taxes | 1,727 | 12,379 |
|---|---|---|
| Income tax at Finnish tax rate of 20% | –345 | –2,476 |
| Effect of overseas tax rates | 112 | –270 |
| Effect of changes in tax rates | –173 | 41 |
| Non-deductible expenses/tax-exempt revenue | –710 | –225 |
| Recognised tax losses | 650 | 253 |
| Unrecognised tax losses | 110 | |
| Adjustments for prior period tax | 126 | 54 |
| Other | –652 | 1,306 |
| Total | –883 | –1,316 |
During 2018 Group received further information related to recoverability of tax losses in the US and a deferred tax asset of EUR 0.8 million was recognized.
Other taxes in 2017 mainly consist returned withholding taxes EUR 2.1 million by offsetting EUR 0.5 million non-creditable withholding taxes.
Basic earnings per share amounts are calculated by dividing net profit for the year attributable to ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding during the year. Diluted earnings per share amounts are calculated by dividing the net profit attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding during the year adjusted for the effects of dilutive options.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Net profit attributable to equity holders from continuing operations |
844 | 11,063 |
| Weighted average number of ordinary shares (1,000) |
157,224 | 156,503 |
| Adjusted weighted average number of ordinary shares for diluted earning per share |
157,224 | 156,503 |
| Basic and diluted earnings per share (EUR/share), continuing operations |
0.01 | 0.07 |
The weighted average number of shares take into account the effect of change in treasury shares.
On 2 July 2018 F-Secure acquired 100% of the share capital of MWR InfoSecurity Ltd, a privately held cyber security company operating globally from its main offices in the UK, the US, South Africa and Singapore. The acquisition is a significant milestone in the execution of F-Secure's growth strategy, and makes it the largest European single source of cyber security services and detection and response solutions. With close to 400 employees, MWR InfoSecurity is among the largest cyber security service providers serving enterprises globally, and their threat hunting platform (Countercept) is one of the most advanced in the market and an excellent complement to F-Secure's existing technologies.
The purchase consideration comprises of cash payment of EUR 93,817 thousand and a contingent consideration subject to the achievement of agreed business targets for the period from 2 July 2018 until 31 December 2019. The maximum level of contingent consideration is EUR 27,948 thousand. At acquisition the management estimated that the fair value of contingent consideration is EUR14,231 thousand.
| Paid in cash | 93,817 |
|---|---|
| Fair value of contingent consideration | 14,231 |
| Provisional estimate of the fair value of the purchase consideration | 108,048 |
| Preliminary cash flow from the acquisition | |
| Consideration paid in cash | –93,817 |
| Cash and cash equivalents of the acquired company | 2,362 |
| Total cash flow from the acquisition | –91,455 |
| Total assets | 38,912 |
|---|---|
| Cash and cash equivalents | 2,362 |
| Trade and other receivables | 8,281 |
| Deferred tax assets | 465 |
| Intangible assets | 25,912 |
| Tangible assets | 1,892 |
| Preliminary goodwill | 81,928 |
|---|---|
| Total net assets | 26,120 |
| Total liabilities | 12,792 |
| Deferred tax liabilities | 5,171 |
| Trade and other payables | 7,007 |
| Interest bearing liabilities, current | 570 |
| Other non-current liabilities | 45 |
The preliminary goodwill of EUR 81,928 thousand reflects the value of expertise in cyber security and strong R&D know-how obtained in the acquisition as well as synergies available for combining operations in providing corporate cyber security services.
| Technology and trademarks | 20,248 |
|---|---|
| Customer relations | 5,664 |
Amortization of the intangible assets during the period are EUR 2,048 thousand.
| Other expenses | 2,573 |
|---|---|
The acquired business contributed revenues of EUR 16,815 thousand and EBIT of EUR –2,499 thousand to F-Secure for the period from 2 July to 31 December 2018.
Had the acquisition occurred on 1 January 2018, management estimates that consolidated revenue would have been EUR 206,000 thousand and consolidated EBIT would have been EUR 650 thousand including amortization of acquired intangible assets (EUR –4,120 thousand). Fair values of acquired net assets are assumed to have been the same on 1 January 2018 as at acquisition on 2 July 2018 when determining these amounts.
For impairment testing goodwill is allocated to cash-generating units (CGUs). CGU is typically a group of legal units expected to benefit from the synergies of the business combination. The carrying amount of goodwill EUR 90,677 thousand is allocated to two CGUs:
| Consolidated 2018 | Consolidated 2017 | |
|---|---|---|
| Cyber Security Service | 8,321 | 10,070 |
| MWR InfoSecurity | 82,356 | |
| 90,677 | 10,070 |
Goodwill from the acquisition of Digital Assurance has been reallocated to MWR InfoSecurity CGU during reporting period due to combining advisory consulting services in the UK.
Goodwill is tested for impairment annually, or more frequently if there are indications that goodwill might be impaired. The recoverable amount for each CGU is determined based on a value in use calculation which uses cash flows for four years based on financial budgets and forecasts approved by the Board of Directors. Discount rate for Cyber Security Service is 12.4% before taxes (2017: 8.5%) and for MWR InfoSecurity 12.0% before taxes.
Cash flows beyond four-year forecast period have been extrapolated using steady 2% per annum growth rate for both CGUs. Markets where CGUs operate are expected to grow significantly faster than the terminal growth rate used in impairment testing. Managed detection and response (MDR) market is expected to grow at 31.6% annually and Cyber Security consulting at 9.9% annually by 2022.
The Group has prepared a sensitivity analysis of the impairment tests to changes in the key assumptions which are profitability, growth rate and discount rate. Any reasonably possible changes in the key assumptions in Cyber Security Service impairment test would not cause the aggregate carrying amount exceeding the recoverable amount.
In MWR InfoSecurity impairment test a 1.3 percentage point increase in WACC or a 16% underperformance against budgeted revenue or 2 percentage point lower relative profitability throughout forecast period would reduce the headroom to zero but would not result in impairment.
| INTANGIBLE ASSETS | TANGIBLE ASSETS | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Other Intangible |
Capitalized development |
Goodwill | Advance payments & incomplete development |
Total | Machinery & equipment |
Other tangible |
Advance payments |
Total | |
| Acquisition cost Jan 1, 2017 | 18,064 | 14,654 | 7,632 | 4,104 | 44,454 | 27,800 | 3,165 | 30,965 | |
| Translation difference | –6 | –14 | –20 | –376 | –41 | –418 | |||
| Acquisitions and divestments | 467 | 2,453 | 2,920 | 25 | 11 | 36 | |||
| Additions | 499 | 68 | 5,011 | 5,578 | 1,068 | 470 | 2 | 1,540 | |
| Transfers | 3,555 | 3,458 | –7,013 | –74 | 74 | 0 | |||
| Disposals | –8,930 | –1,453 | –10,383 | –15,590 | –2,048 | –17,638 | |||
| Acquisition cost Dec 31, 2017 | 13,650 | 16,727 | 10,070 | 2,102 | 42,549 | 12,853 | 1,631 | 2 | 14,486 |
| Translation difference | –8 | –4 | –37 | –48 | 76 | 23 | 99 | ||
| Acquisitions and divestments | 6,562 | 19,249 | 80,644 | 106,455 | 1,053 | 798 | 1,852 | ||
| Additions | 555 | 416 | 4,301 | 5,272 | 1,618 | 575 | 14 | 2,207 | |
| Transfers | –3 | 4,125 | –4,122 | 11 | 5 | –16 | |||
| Disposals | –118 | –135 | –254 | –2,402 | –841 | –3,243 | |||
| Acquisition cost Dec 31, 2018 | 20,638 | 40,514 | 90,677 | 2,145 | 153,973 | 13,209 | 2,192 | 0 | 15,401 |
| Acc. depreciation Jan 1, 2017 | –15,694 | –7,728 | –23,423 | –24,703 | –2,930 | –27,633 | |||
| Translation difference | 5 | 5 | 311 | 34 | 345 | ||||
| Transfers | 153 | –153 | –136 | 136 | |||||
| Depreciation for the period | –1,478 | –3,233 | –4,711 | –1,357 | –133 | –1,491 | |||
| Depreciation of disposals | 8,929 | 1,453 | 10,382 | 15,485 | 2,021 | 17,506 | |||
| Acc. depreciation Dec 31, 2017 | –8,085 | –9,661 | –17,747 | –10,400 | –873 | –11,272 | |||
| Translation difference | –1 | –1 | –62 | –16 | –78 | ||||
| Depreciation for the period | –2,375 | –4,913 | –7,288 | –1,476 | –354 | –1,830 | |||
| Depreciation of disposals | 118 | 118 | 2,304 | 652 | 2,955 | ||||
| Acc. depreciation Dec 31, 2018 | –10,342 | –14,573 | –24,915 | –9,635 | –591 | –10,226 | |||
| Book value as at Dec 31, 2017 | 5,565 | 7,066 | 10,070 | 2,102 | 24,803 | 2,453 | 759 | 2 | 3,214 |
| Book value as at Dec 31, 2018 | 10,296 | 25,941 | 90,677 | 2,145 | 129,058 | 3,574 | 1,601 | 0 | 5,175 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Inventories | 607 | 588 |
No impairment was recognized for inventories in years 2018 and 2017.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Cash at bank and in hand | 27,806 | 36,300 |
| Trade receivables | 44,268 | 41,365 |
| Loan receivables | 34 | 10 |
| Financial assets at FVTPL | 58 | 53,924 |
| Total | 72,166 | 131,599 |
| Not fallen due | 31,694 | 27,329 |
|---|---|---|
| 1–90 days past due | 10,578 | 10,840 |
| Over 90 days past due | 4,600 | 5,014 |
| Less provision for bad debt | –2,603 | –1,818 |
| Total | 44,268 | 41,365 |
| Book value as at Jan 1 | 1,818 | 1,090 |
|---|---|---|
| IFRS 9 impact | –108 | |
| Restated book value as at Jan 1 | 1,710 | 1,090 |
| Change for the year | 1,320 | 983 |
| Receivables written off during the year | –426 | –256 |
| Book value as at Dec 31 | 2,603 | 1,818 |
On 1 January 2018 the Group has reclassified financial assets into appropriate IFRS 9 categories. Reclassification was made according to managements' assessment about which IFRS 9 business models apply to the financial assets held by the Group.
As a result the Group reclassified its available-for-sale investments to be presented at fair value through profit and loss. The impacts of this reclassification remained immaterial as the Group sold the assets during June 2018 to finance the acquisition of MWR InfoSecurity.
| Consolidated 2018 | Consolidated 2017 |
|---|---|
| 53,924 | 63,671 |
| 32 | 7,742 |
| –53,523 | –18,403 |
| –375 | 1,030 |
| –117 | |
| 58 | 53,924 |
| 26 | 26 |
| 32 | 53,898 |
| 58 | 53,924 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 | |
|---|---|---|---|
| Non-current receivables | |||
| Other receivables | 485 | 666 | |
| Current receivables | |||
| Other receivables | 1,271 | 829 | |
| Prepaid expenses and accrued income | 10,475 | 7,531 | |
| Accrued income tax | 5,346 | 1,761 | |
| Total | 17,092 | 10,121 | |
| Material items included in prepaid expenses and accrued income |
|||
| Prepaid royalty | 2,799 | 2,507 | |
| Grant receivables | 987 | 1,637 | |
| Other prepaid expenses | 6,688 | 3,388 | |
| Total | 10,475 | 7,532 |
Issued and fully paid
| EUR 1,000 | Number of shares |
Share capital |
Share premium fund |
Unrestricted equity reserve |
Treasury shares |
|---|---|---|---|---|---|
| Dec 31, 2016 | 156,258,200 | 1,551 | 165 | 5,211 | –5,741 |
| Deferred payment |
455,510 | 167 | 1,166 | ||
| Dec 31, 2017 | 156,713,710 | 1,551 | 165 | 5,378 | –4,575 |
| Deferred payment |
776,585 | 704 | 1,803 | ||
| Dec 31, 2018 | 157,490,295 | 1,551 | 165 | 6,082 | –2,772 |
The share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 (including own shares 1,308,444) at the end of 2018. A share has no nominal value. Accountable par value is EUR 0.01.
Proceeds from exercised warrants were recognized under the share capital and share premium fund until March 26, 2008.
On March 20, 2007, the shareholders' meeting decided to decrease the share premium fund. The decreased amount of 33,582 thousand euro was transferred to unrestricted equity reserve. On March 26, 2008, the shareholders' meeting decided that the total amount of the subscription prices paid for new shares issued after the date of the meeting, based on stock options under the F-Secure Stock Option Plan 2005, be recorded in Companys' unrestricted equity reserve. Any excess after settling treasury shares as share based incentive and as board compensation is recorded in unrestricted equity reserve.
The translation difference is used to record exchange difference arising from the translation of the financial statements of foreign subsidiaries.
Proposed for approval at AGM for financial year 2018 is that no dividend will be paid. Final dividend for financial year 2017 was 0.04 euro per share, paid during 2018 (6,268,548.40 euro in total). Final dividend for financial year 2016 was 0.12 euro per share, paid during 2017 (18,750,984.00 euro in total).
Treasury shares contains the purchase value of own shares owned by the Group. The cost of acquisition is reported as a deduction in shareholders' equity. The shares were acquired through public trading on NASDAQ OMX Helsinki. The parent company has not acquired treasury shares during the period.
The parent companys' treasury shares were used in a deferred payment of the 2015 and 2017 acquisition.
The total number of acquired treasury shares was 1,308,444 at the end of 2018. This represents 0.8% of the Company's voting power on December 31, 2018.
The reserve is used to record increments and decrements in the fair value of available-for-sale financial assets.
| Before tax | Tax | After tax | Total | |
|---|---|---|---|---|
| Fair value reserve Dec 31, 2016 | 1,346 | –269 | 1,077 | 1,077 |
| Available-for-sale, net | 677 | –135 | 541 | 541 |
| Fair value gains/losses to PL | –793 | 159 | –634 | –634 |
| Fair value reserve Dec 31, 2017 | 1,229 | –246 | 983 | 983 |
| Available-for-sale, net | –1,229 | 246 | –983 | –983 |
| Fair value gains/losses to PL | ||||
| Fair value reserve Dec 31, 2018 | 0 | 0 | 0 | 0 |
During the period Group has had four different incentive plans covering the key personnel of the Group and matching share plan available for all employees.
The synthetic option-based incentive program was established on and April 2015 as part of the key employee incentive and retention system within F-Secure Group. As no options were granted during 2017 the program ended on December 31, 2018 and resulted in no payment. During 2018 the liability was written off to zero through income statement.
| EUR 1,000 | 2018 | 2017 | |
|---|---|---|---|
| Outstanding Jan 1 | 670,000 | Outstanding Jan 1 | 1,480,000 |
| Granted | 0 | Granted | 0 |
| Forfeited | –25,000 | Forfeited | –210,000 |
| Exercised | 0 | Exercised | –600,000 |
| Expired | –645,000 | Expired | 0 |
| Outstanding Dec 31 | 0 | Outstanding Dec 31 | 670,000 |
Deduction in expenses arising from share-based payment transactions during the period was 462 thousand euro (1,001 thousand euro in 2017). The carrying amount of liability at December 31, 2018 was zero.
During the period the Group had three share-based incentive programs. The share-based incentive programs has been established as part of the key employee incentive and retention system within F-Secure Group. The program will offer for the participants a possibility to receive shares of F-Secure Corporation as an incentive reward if the Company's financial targets set for the earning period have been achieved. No reward can be given to any participating employee, whose employment has terminated before the end of the lock-up period.
The share-based incentive program 2014–2016 has been established in March 2014. The program will last five years. It comprises three earning periods. Each earning period lasts three years. The program ended on December 31, 2018. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 10,000,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board approves the metrics, targets and participants on annual basis for each earning period.
The share-based incentive program 2017–2019 has been established in October 2017. The program will last five years. It comprises three earning periods. Each earning period lasts three years. The program ends on December 31, 2021. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 10,000,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board approves the metrics, targets and participants on annual basis for each earning period.
The restricted share-based incentive program 2017–2019 has been established in April 2017. The program is divided into individual restricted share plans. The program includes individual earning periods for each plan. Earning periods will commence based on the decision of the Board of Directors. The program ends on December 31, 2019. The rewards will be settled in two phases so that one part is settled as equity-settled payment and one part as cash-settled payment. On the basis of the program maximum total of 600,000 shares and a cash payment corresponding to the registration date value of the shares shall be given as reward. The Board of Directors shall determine the amount of the maximum reward for each individual plan and participant.
The participating employee shall be entitled to the shareholder rights of the reward shares (e.g. dividend) from the moment the shares have been entered into the participating employee's book-entry account.
Expense arising from the share-based payment transactions during the period was –70 thousand euro (2,793 thousand euro in year 2017). The costs of equity-settled transactions are measured by reference to the fair value of the F-Secure Corporation share at the date on which they are granted. The costs of cash-settled transactions are measured by reference to the fair value of the F-Secure Corporation share on date of balance sheet.The Group updates the estimate of the number of equity instruments that will ultimately vest at each reporting date.
During the period Group launched a matching share plan which is available to all employees. The first retention period began in February 2018 and the matching share plan was extended in November 2018 with a new retention period. Every participant was eligible to acquire shares worth maximum of 10,000 euros and after first quarter of 2020 F-Secure will give each participant one extra share for each two shares acquired through the plan. Dividends paid to the shares during the retention period will be invested in new shares.
Expense arising from matching share plan during the period was 276 thousand euros. The cost is measured by the fair value of F-Secure Corporation share at the date on which they are granted net of employee's tax obligation.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 | |
|---|---|---|---|
| Unsecured liabilities at amortized cost | |||
| Bank loans | 37,000 | ||
| Total | 37,000 | ||
| Secured liabilities at amortized cost | |||
| Factoring | 58 | ||
| Total | 58 | ||
| Total interest-bearing liabilities | 37,058 | ||
| Amount due for settlement within 12 months | 6,058 | ||
| Amount due for settlement after 12 months | 31,000 | ||
| Borrowings by currency | EUR | GBP | Total |
| Bank loans | 37,000 | 37,000 | |
| Factoring | 58 | 58 |
Bank loan of EUR 37,000 thousand was withdrawn on July 2, 2018. Repayments will commence on June 30, 2019 and continue until June 30, 2023. The bank loan carries variable interest rate.
37,000 58 37,058
The weighted average interest rates paid during the year were as follows:
| Bank loans | 1.6% |
|---|---|
The financing agreement is subject to conventional loan covenants related to ratio of net debt to EBITDA and equity ratio. Group complied with the covenants throughout the reporting period.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Contingent consideration, non-current | 14,813 | 286 |
| Contingent consideration, current | 430 | |
| Total | 14,813 | 716 |
| Contractual maturities of financial liabilities | Fair value hierarchy level |
Less than 1 year |
1 to 2 years | 2 to 3 years | 3 to 4 years | Over 5 years | Total contractual cash flows |
Carrying amount |
|---|---|---|---|---|---|---|---|---|
| Interest bearing financial liabilities | 2 | 6,058 | 6,000 | 6,000 | 6,000 | 13,000 | 37,058 | 37,058 |
| Contingent considerations | 3 | 16,769 | 16,769 | 14,813 | ||||
| Total financial liabilities | 6,058 | 22,769 | 6,000 | 6,000 | 13,000 | 53,827 | 51,871 |
Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be determined based on quoted market prices and deduced valuation.
Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other
circumstances affecting the value of the instruments is not available or verifiable.
Fair value hierarchy levels 1 to 3 are based on the degree to which the fair value is observable:
Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities
Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be
determined based on quoted market prices and deduced valuation.
Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other
circumstances affecting the value of the instruments is not available or verifiable.
| Carrying value | Fair value | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Financial assets | Financial liabilities | Hierarchy level | ||||||||
| Note | FVTPL | Amortized cost |
FVTPL | Amortized cost |
Total | 1 | 2 | 3 | Total | |
| Cash and bank | 15 | 27,806 | 27,806 | 27,806 | 27,806 | |||||
| Trade and other receivables | 15 | 46,058 | 46,058 | 46,058 | 46,058 | |||||
| Financial assets at FVTPL | 15 | 58 | 58 | 58 | 58 | |||||
| Interest bearing financial liabilities | 19 | 37,058 | 37,058 | 37,058 | 37,058 | |||||
| Trade and other payables | 22 | 6,480 | 6,480 | 6,480 | 6,480 | |||||
| Contingent considerations | 19 | 14,813 | 14,813 | 16,769 | 16,769 |
F-Secure 2018 Board of Directors' Report Financial statements Sustainability Corporate Governance
The goal of risk management is to identify risks that may hinder the Group from achieving its business objectives. The responsibility for the Company's risk management lies with the CEO, the management and ultimately with the Board of Directors. The risks related to the Group's financial instruments are mainly related to credit risks, currency risk and interest rate risk.
The Group trades only with recognized, creditworthy third parties. Receivable balances are monitored and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the carrying value of financial assets. There are no significant concentrations of credit risk within the Group. See note 15. Financial assets.
Group's liquidity was changed significantly due to acquisition of MWR InfoSecurity as financial assets at fair value through profit and loss (EUR 53.9 million in 2017) were sold to finance the acquisition. Additionally a term loan of EUR 37.0 million was withdrawn. Cash and bank balance remained at solid level and at the end of reporting period the Group held EUR 27.8 million in it's bank accounts (EUR 36.3 million euro in 2017). Repayment of the term loan starts in June 2019 and a contingent consideration (estimated at 16.8 million euro at fair value) is to be paid in the beginning of 2020. Financial management prepares cash flow forecasts regularly to ensure the financial needs of the business operations are met. The management has not identified any significant concentrations of liquidity risks in sources of finance.
The Group's exposure to foreign currency risk has increased after the acquisition of MWR InfoSecurity. While majority of sales invoicing is still in Euros, higher amount of invoicing is done in other currencies. Respectively purchasing in other currencies has increased. Other main measurement currencies are USD, GBP, JPY and SEK. In order to minimize the impact of the fluctuation of the exchange rates, the goal is to use forward currency contracts to eliminate the currency exposure of the estimated cash flow of these currencies for a period of three months.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Nominal value | 452 | 448 |
| Fair value | 5 | 5 |
F-Secure Corporation has hedged receivables denominated in GBP with forward rate contracts. The forward rate contracts expire on January 23, 2019. The company does not have other derivatives.
According to current policy F-Secure Corporation does not hedge investments made in its subsidiaries.
| Consolidated 2018 | Consolidated 2017 | |
|---|---|---|
| Sales in different currencies | % | % |
| EUR | 67 | 69 |
| USD | 10 | 10 |
| GBP | 8 | 2 |
| JPY | 6 | 6 |
| SEK | 4 | 5 |
| Other currencies | 5 | 7 |
| 100 | 100 |
The risk involved in the sales in foreign currency is notably diminished by the operational expenses in subsidiaries that use the same currency.
The carrying Euro amounts of the Group's financial assets and liabilities at the reporting date are as follows:
| Financial assets | % | % | ||
|---|---|---|---|---|
| EUR | 40,628 | 55 | 96,065 | 71 |
| USD | 11,670 | 16 | 10,360 | 8 |
| GBP | 7,295 | 10 | 2,142 | 2 |
| JPY | 4,736 | 6 | 7,609 | 6 |
| Other currencies | 9,592 | 13 | 16,918 | 13 |
| 73,921 | 100 | 133,094 | 100 | |
| Financial liabilities | % | % | ||
| EUR | 42,417 | 73 | 6,560 | 94 |
| GBP | 15,259 | 26 | 77 | 1 |
| Other currencies | 675 | 1 | 299 | 5 |
| 58,351 | 100 | 6,936 | 100 |
The table below demonstrates how sensitive the Group's profit before taxes and equity is to foreign exchange rate fluctuations when all other variables are held constant. The open exposure against USD, GBP, JPY and SEK arises from Group treasury, trade receivables and trade payables. In addition, the contingent consideration from the acquisition of MWR InfoSecurity is measured in GBP. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the functional currencies the Group operates in.
| USD | +/–1,221 | +/–482 |
|---|---|---|
| GBP | +/–2,359 | +/–140 |
| JPY | +/–440 | +/–190 |
F-Secure 2018 Board of Directors' Report Financial statements Sustainability Corporate Governance
The Group is exposed to interest rate risk due to the term loan withdrawn in July 2018 to finance the acquisition of MWR InfoSecurity. The loan carries a variable interest rate. To manage the risk of interest rate changes the Group is regularly evaluating the need for hedging. The table below demonstrates the sensitivity of Group's profit before taxes and equity to 1% change in interest rate when all other variables are held constant.
| Interest bearing liabilities | +/– 185 |
|---|---|
The Group's shareholders' equity is managed as capital. Also, Group's financing agreement has a covenant term related to equity ratio of the Group. The objective of the Group's capital management is to maintain an efficient capital structure that ensures the functioning of business operations and promotes shareholder value and meets with the requirements set in financing agreement. The Group's capital structure is reviewed regularly as a part of financial performance monitoring.
The capital structure can be adjusted among other things by distribution of dividends, share repurchase or capital repayment. The dividend policy of F-secure Corporation is to pay approximately half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy.
| Consolidated 2017 | |
|---|---|
| 613 | 735 |
| 3,322 | 3,724 |
| 2,335 | 67 |
| 6,270 | 4,525 |
| –2,309 | –349 |
| 3,961 | 4,177 |
| –1,745 | –1,307 |
| 5,068 | 460 |
| 1,336 | 1,029 |
| 246 | |
| 6,403 | 1,735 |
| –2,309 | –349 |
| 4,094 | 1,386 |
| –4,669 | –890 |
| 23 | |
| Consolidated 2018 |
At December 31, 2018 the Group had 10.7 million euro losses carried forward that are available.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Non-current liabilities | ||
| Deferred tax liability | 4,094 | 1,386 |
| Deferred revenue | 17,565 | 17,398 |
| Contingent consideration | 14,813 | 286 |
| Other non-current liability | 1,368 | 2,209 |
| Provisions | 1,173 | 1,173 |
| Total | 39,013 | 22,452 |
| Current liabilities | ||
| Deferred revenue | 55,325 | 48,338 |
| Trade payables | 6,480 | 6,220 |
| Contingent consideration | 430 | |
| Other liabilities | 5,473 | 4,867 |
| Accrued expenses | 17,591 | 20,336 |
| Income tax liabilities | 821 | 1,945 |
| Total | 85,690 | 82,135 |
| Material amounts shown under accrued expenses |
||
| Accrued personnel expenses | 11,544 | 11,175 |
| Deferred royalty | 1,119 | 1,695 |
| Other accrued expenses | 4,928 | 7,467 |
| Total | 17,591 | 20,336 |
| Provisions | ||
| Book value as at 1 Jan | 1,173 | 158 |
| Arising during the year | ||
| Used during the year | –158 | |
| Transfer from discontinued operations | 1,173 | |
| Book value as at 31 Dec | 1,173 | 1,173 |
In February 2019, F-Secure received a court ruling related to the claim in France which has been disclosed in prior financial reporting. The ruling will be implemented and F-Secure 's subsidiary is required to pay approximately total of EUR 1.3 million. A provision in the financial statements is EUR 1.2 million. F-Secure is assessing whether grounds for an appeal to supreme court exists.
The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and six years with renewal terms included in the contracts.
Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Within one year | 6,956 | 5,924 |
| After one year but not more than five years | 7,164 | 7,777 |
| Total | 14,120 | 13,702 |
| Rents during the period | 5,666 | 5,180 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Other liabilities | ||
| Others | 301 | 173 |
26. SUBSIDIARIES
The Group's related parties include Parent Company and subsidiaries, as well as members of the Board, CEO and members of the Leadership Team.
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| Wages and other short-term employee benefits | 2,710 | 2,319 |
| Share-based payments | 116 | 883 |
| Total | 2,826 | 3,202 |
| EUR 1,000 | Consolidated 2018 | Consolidated 2017 |
|---|---|---|
| CEO | 490 | 407 |
| Leadership Team | 1,965 | 1,687 |
| Members of the Boards of Directors | 255 | 225 |
| 2,710 | 2,319 |
| EUR 1,000 | Wages | Fees | Share-based payment |
|---|---|---|---|
| Samu Konttinen, CEO | 490 | 143 | |
| Risto Siilasmaa, Chairman of the Board | 80 | ||
| Pertti Ervi | 48 | ||
| Matti Heikkonen | 38 | ||
| Päivi Rekonen | 38 | ||
| Bruce Oreck | 38 | ||
| Christine Bejerasco | 13 | ||
| Total | 490 | 255 | 143 |
Share-based payments granted to the CEO are presented at the IFRS 2 expense of the share plans. The equity-settled part is measured at the fair value of the F-Secure Corporation share on the date it was granted and cash-settled part at the fair value of the share on the reporting date. The cost is recognized over the period in which the performance conditions are fullfilled (earning period).
The CEO's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the CEO during the period was 87 thousand euro (73 thousand euro in year 2017). The period of notice for the CEO is six (6) months both ways and CEO is entitled to severance payment equivalent of six (6) months' salary.
| Company | Country of incorporation |
Group (%) |
|---|---|---|
| Parent F-Secure Corporation, Helsinki | Finland | |
| DF-Data Oy, Helsinki | Finland | 100 |
| F-Secure Inc., Palo Alto | United States | 100 |
| F-Secure (UK) Ltd, London | United Kingdom | 100 |
| F-Secure KK, Tokyo | Japan | 100 |
| F-Secure GmbH, Munich | Germany | 100 |
| F-Secure eStore GmbH, Munich | Germany | 100 |
| F-Secure SARL, Maisons-Laffitte | France | 100 |
| F-Secure SDC SAS, Bordeaux | France | 100 |
| F-Secure BVBA, Heverlee-Leuven | Belgium | 100 |
| F-Secure AB, Stockholm | Sweden | 100 |
| F-Secure Srl, Milano | Italy | 100 |
| F-Secure SP z.o.o.,Warsaw | Poland | 100 |
| F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur | Malaysia | 100 |
| F-Secure Pvt Ltd, Mumbai | India | 100 |
| F-Secure Pte. Ltd., Singapore | Singapore | 100 |
| F-Secure B.V., Utrecht | The Netherlands | 100 |
| F-Secure Limited, Hong Kong | Hong Kong | 100 |
| F-Secure Pty Limited, Sydney | Australia | 100 |
| F-Secure Iberia SL, Barcelona | Spain | 100 |
| F-Secure do Brasil Tecnol. da Informãcao Ltda, Saõ Paulo | Brazil | 100 |
| F-Secure Informatica S de RL de CV, Mexico City | Mexico | 100 |
| F-Secure Software (Shanghai) Co Ltd, Shanghai | China | 100 |
| F-Secure Danmark A/S, Copenhagen | Denmark | 100 |
| F-Secure Cyber Security Services Oy, Helsinki | Finland | 100 |
| nSense Polska Sa, Poznan | Poland | 100 |
| nSense Estonia OÛ, Tartu | Estonia | 100 |
| F-Secure Norge AS, Baerum | Norway | 100 |
| F-Secure Argentina S.R.L., Buenos Aires | Argentina | 100 |
| F-Secure Digital Assurance Consulting Ltd, London | United Kingdom | 100 |
| MWR InfoSecurity Limited, Basingstoke | United Kingdom | 100 |
| MWR InfoSecurity Pte. Ltd., Singapore | Singapore | 100 |
| MWR InfoSecurity (Pty) Ltd, Johannesburg | South Africa | 100 |
| MWR InfoSecurity Inc, Newark | United States | 100 |
| MWR InfoSecurity SP z.o.o., Warsaw | Poland | 100 |
| Bytegeist GmbH, Oldenburg | Germany | 100 |
| Shares | Number of shareholders |
% of share- holders |
Total shares | % of shares |
|---|---|---|---|---|
| 1–100 | 5,088 | 20.43% | 283,041 | 0.18% |
| 101–1,000 | 15,036 | 60.39% | 5,690,978 | 3.58% |
| 1,001–50,000 | 4,700 | 18.88% | 18,478,676 | 11.64% |
| 50,001–100,000 | 35 | 0.14% | 2,379,672 | 1.50% |
| 100,001– | 40 | 0.16% | 131,966,372 | 83.10% |
| Total | 24,899 | 100.00% | 158,798,739 | 100.00% |
| Shareholders by category, December 31, 2018 | Total shares | % of shares | |
|---|---|---|---|
| Corporations | 5,508,753 | 3.47% | |
| Financial and insurance institutions | 49,395,519 | 31.11% | |
| General government | 17,317,624 | 10.91% | |
| Non-profit organizations | 401,311 | 0.25% | |
| Households | 84,813,406 | 53.41% | |
| Other countries and international organizations | 1,362,126 | 0.86% | |
| Total | 158,798,739 | 100.00% |
| Owner | Shares | % of shares | % of votes |
|---|---|---|---|
| Risto Siilasmaa | 59,978,359 | 37.77% | 38.08% |
| Nordea Bank Abp | 11,966,792 | 7.54% | 7.60% |
| Nordea Nordic Small Cap Fund | 9,110,856 | 5.74% | 5.79% |
| Skandinaviska Enskilda Banken | 8,582,089 | 5.40% | 5.45% |
| Mandatum Life Insurance Company | 6,791,936 | 4.28% | 4.31% |
| Elo Mutual Pension Insurance Company | 6,000,000 | 3.78% | 3.81% |
| Ilmarinen Mutual Pension Insurance Company | 4,300,769 | 2.71% | 2.73% |
| The State Pension Fund | 3,500,000 | 2.20% | 2.22% |
| Varma Mutual Pension Insurance Company | 3,470,660 | 2.19% | 2.20% |
| OP-Suomi Investment Fund | 2,590,163 | 1.63% | 1.64% |
| Administrative register | Shares | % of shares | % of votes |
|---|---|---|---|
| Nordea Bank Abp | 11,966,792 | 7.54% | 7.60% |
| Skandinaviska Enskilda Banken | 8,582,089 | 5.40% | 5.45% |
| Other registers | 3,287,012 | 2.07% | 2.09% |
| Other shareholders | 17,362,778 | 10.93% | 11.02% |
| Total | 157,490,295 | 99.18% | 100.00% |
| Own shares F-Secure Corporation | 1,308,444 | 0.82% | |
| Total | 158,798,739 | 100.00% |
| Board of Directors | Shares | % of shares |
|---|---|---|
| Risto Siilasmaa | 59,978,359 | 37.77% |
| Pertti Ervi | 56,114 | 0.04% |
| Matti Heikkonen | 27,585 | 0.02% |
| Bruce Oreck | 12,143 | 0.01% |
| Päivi Rekonen | 6,850 | 0.00% |
| Christine Bejerasco | 2,732 | 0.00% |
| Total | 60,083,783 | 37.84% |
| Executive team | Shares | % of shares |
|---|---|---|
| Jari Still | 120,341 | 0.08% |
| Samu Konttinen | 101,787 | 0.06% |
| Ian Shaw | 62,500 | 0.04% |
| Eriikka Söderström | 52,639 | 0.03% |
| Mika Ståhlberg | 29,263 | 0.02% |
| Kristian Järnefelt | 19,684 | 0.01% |
| Jyrki Tulokas | 15,490 | 0.01% |
| Juha Kivikoski | 2,639 | 0.00% |
| Jyrki Rosenberg | 2,639 | 0.00% |
| Total | 406,982 | 0.26% |
The Board of Directors owned a total of 60,083,783 shares on December 31, 2018. This represents 37.8 percent of the Company's shares and 38.2 percent of votes.
| EUR 1,000 | FAS 2018 | RESTATED FAS 2017 |
|
|---|---|---|---|
| REVENUE | (1) | 142,425 | 135,924 |
| Cost of revenue | (4) | –17,629 | –13,641 |
| GROSS MARGIN | 124,797 | 122,283 | |
| Other operating income | (2) | 4,360 | 3,907 |
| Sales and marketing | (3, 4) | –77,067 | –73,605 |
| Research and development | (3, 4) | –32,006 | –30,890 |
| Administration | (3, 4) | –11,521 | –12,330 |
| EBIT | 8,563 | 9,365 | |
| Financial income and expenses | (6) | 1,924 | 1,039 |
| PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES |
10,487 | 10,404 | |
| Appropriations | (7) | 4,005 | 542 |
| Income taxes | (8) | –1,783 | –596 |
| RESULT FOR THE FINANCIAL YEAR | 12,709 | 10,349 |
42 FINANCIAL STATEMENTS F-SECURE CORPORATION
| EUR 1,000 | FAS 2018 | RESTATED FAS 2017 |
|
|---|---|---|---|
| ASSETS | |||
| NON-CURRENT ASSETS | |||
| Intangible assets | (9) | 14,892 | 14,735 |
| Tangible assets | (9) | 1,494 | 1,610 |
| Investments in group companies | (10) | 136,668 | 23,353 |
| Total non-current assets | 153,054 | 39,698 | |
| CURRENT ASSETS | |||
| Inventories | (12) | 607 | 588 |
| Long-term receivables | (13) | 69 | |
| Short-term receivables | (13) | 58,939 | 52,901 |
| Deferred tax assets | (11) | 170 | 698 |
| Short-term investments | (14) | 26 | 53,924 |
| Cash and bank accounts | (15) | 16,689 | 16,071 |
| Total current assets | 76,432 | 124,252 | |
| TOTAL ASSETS | 229,485 | 163,949 |
| EUR 1,000 | FAS 2018 | RESTATED FAS 2017 |
|---|---|---|
| SHAREHOLDERS' EQUITY AND LIABILITIES | ||
| SHAREHOLDERS' EQUITY (16, 17) |
||
| Share capital | 1,551 | 1,551 |
| Share premium | 165 | 165 |
| Treasury shares | –2,772 | –4,575 |
| Fair value reserve | 983 | |
| Reserve for invested unrestricted equity | 6,082 | 5,378 |
| Retained earnings | 47,696 | 42,428 |
| Profit for the financial year | 12,709 | 10,349 |
| Total shareholders' equity | 65,430 | 56,279 |
| APPROPRIATIONS | ||
| Depreciation reserve | 510 | 514 |
| LIABILITIES | ||
| Deferred tax liabilities (11) |
246 | |
| Long-term liabilities (19) |
69,482 | 15,292 |
| Short-term liabilities (19) |
94,063 | 91,618 |
| Total liabilities | 163,546 | 107,156 |
| TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES |
229,485 | 163,949 |
| EUR 1,000 | FAS 2018 | RESTATED FAS 2017 |
EUR 1,000 | FAS 2018 | RESTATED FAS 2017 |
|---|---|---|---|---|---|
| Cash flow from operations | Cash flow from investments | ||||
| Result for the financial year | 12,709 | 10,349 | Investments in intangible and tangible assets | –6,338 | –6,536 |
| Adjustments | Investments in subsidiary shares | –96,386 | –4,939 | ||
| Depreciation and amortization | 6,030 | 5,597 | Other investments | –7,742 | |
| Profit / loss on sale of fixed assets | –26 | –49 | Proceeds from sale of intangible and tangible | ||
| Other adjustments | –3,491 | –260 | assets | 294 | 46 |
| Financial income and expenses | –1,924 | –1,039 | Proceeds from sale of other investments | 53,502 | 18,397 |
| Income taxes | 1,783 | 568 | Intercompany loans granted | –2,705 | –80 |
| Adjustments | 2,373 | 4,817 | Dividends received | 4,090 | 7 |
| Cash flow from operations before change in working capital |
15,081 | 15,166 | Cash flow from investments | –47,545 | –847 |
| Change in net working capital | Cash flow from financing activities | ||||
| Current receivables, increase (–), decrease (+) | 2,654 | –5,580 | Increase in interest-bearing liabilities | 37,000 | |
| Inventories, increase (–), decrease (+) | –19 | –479 | Own shares | –99 | |
| Non-interest bearing debt, increase (+), decrease (–) |
5,892 | 13,138 | Dividends paid | –6,281 | –18,751 |
| Cash flow from operations before financial items and taxes |
23,608 | 22,245 | Cash flow from financing activities | 30,620 | –18,751 |
| Change in cash | 375 | 1,155 | |||
| Interest expenses paid | –296 | –13 | |||
| Interest income received | 44 | 996 | Effect of exchange rate changes on cash | 243 | –226 |
| Other financial income and expenses | –547 | 167 | |||
| Income taxes paid | –5,510 | –2,642 | Cash and bank at the beginning of the period | 16,071 | 15,141 |
| Cash flow from operations | 17,300 | 20,753 | Cash and bank at period end | 16,689 | 16,071 |
F-Secure provides cyber security products and services globally for consumers and businesses.
F-Secure Corporation is the parent company of F-Secure Group, incorporated in Finland and domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy of consolidated financial statements can be downloaded from www.f-secure.com or can be received from the Company's registered address.
The financial statement of F-Secure Corporation has been prepared in accordance with Finnish Accounting Standards (FAS).
Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank's exchange rates prevailing at that date. Exchange rate gains and losses from sales transactions are recognized in revenue and other exchange rate gains and losses are recognized in financial items in the income statement.
Revenue recognition has been standardized with the Group's accounting principles and the comparative figures has been restated. Allocation of costs between Cost of Revenue and Operating expenses (OPEX) has also been standardized with the Group's accounting principles and has been described in Accounting principles for the consolidated financial statements, Revision of Cost of revenue (CoR).
| Revenue | |
|---|---|
| Increase of revenue | 192 |
| Cost of Revenue | |
| Increase of Cost of Revenue | –6,965 |
| OPEX | |
| Decrease in Sales and Marketing costs | 6,338 |
| Decrease in Research and Development costs | 627 |
| Income taxes | |
| Increase of income taxes | –38 |
| Profit for the financial year | 153 |
| Reported 1 Jan 2017 |
Change of accounting principle |
Restated 1 Jan 2017 |
|---|---|---|
| 737 | 737 | |
| 66,390 | –2949 | 63,442 |
| 10,224 | 872 | 11,096 |
| 30,647 | 2,814 | 33,461 |
| Reported 31 Dec 2017 |
Change of accounting principle |
Restated 31 Dec 2017 |
|
|---|---|---|---|
| Assets | |||
| Deferred tax assets | 698 | 698 | |
| Equity | 59,075 | –2,796 | 56,280 |
| Liabilities | |||
| Deferred revenue, non-current | 9,567 | 1,768 | 11,335 |
| Deferred revenue, current | 36,427 | 1,726 | 38,153 |
Revenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Cyber security products comprise endpoint protection solutions (Protection Service for Business, PSB; Business Suite, Cloud Protection for Salesforce), as well as solutions targeted at detecting and responding to advanced attacks (Rapid Detection Service, RDS; Rapid Detection and Response, RDR and Countercept) and vulnerability management (F-Secure Radar and phishd). Consumer security business revenue comes through operator and direct consumer channels, and the main products include F-Secure SAFE, F-Secure FREEDOME, F-Secure SENSE and F-Secure KEY.
Endpoint protection security solutions (PSB, Business Suite for corporate and RDR) are sold to corporate customers by granting the customer access to use the intellectual property during the license period or as Security-as-a-Service. F-Secure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period. Previously the license fee revenue was recognized at point in time of the initial delivery and the maintenance and support were recognized as revenue over the contract period.
F-Secure SAFE and F-Secure FREEDOME for consumer customers and vulnerability management products for corporate customers (Radar and phishd) are treated as Security-as-a-Service as they do not include a license of intellectual property. Revenue is accounted for as a single performance obligation and recognized over time on a straight-line basis for the contract period.
When there is a hardware component to the solution (SENSE) the hardware is considered as a distinct performance obligation and revenue for hardware is recognized separately at point in time of delivery.
Cyber security consulting services are recognized as revenue based on the delivery of the work. For F-Secure managed detection and response solutions (RDS, Countercept) the software and the service are considered as single performance obligation. The customer is granted access to use the intellectual property and the service is provided by F-Secure continuously throughout the contract period. Revenue for managed services is recognized on a straight-line basis for the contract period.
Pension arrangement is a local statutory arrangement, which is a defined contribution plan. Contributions to defined contribution plans are recognized in income statement in the period to which the contributions relate. The Company recognizes the disability commitment of TyEL pension plan when disability appears.
Leases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Company has only operating leases.
Current income taxes are calculated in accordance with the local tax and accounting rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in which the differences are expected to reverse.
Intangible assets include intangible rights and software licenses. Intangible assets recognized on merger consist of technologybased intangible assets. Tangible and intangible assets are recorded at historical cost less accumulated depreciation, amortization, and possible impairment. Depreciation and amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible and intangible assets are as follows:
| Machinery and equipment | 3–8 years |
|---|---|
| Capitalized development costs | 3–8 years |
| Intangible rights | 3–8 years |
| Intangible assets | 5–10 years |
Ordinary repairs and maintenance costs are charged to the income statement during the financial period in which they are incurred. The cost of major renovations is included in the assets' carrying amount when it is probable that the Company will derive future economic benefits in excess of the originally assessed standard or performance of the existing asset. Any gain or loss arising on derecognition of the asset (calculated as the difference between the net disposal proceeds and the carrying amount of the asset) is included in the income statement in the year the asset is derecognized.
Research expenditure is recognized as an expense at the time it is incurred. Development expenditures incurred on individual projects of totally new products or product versions with significant new features are capitalized.
Inventories are valued at the lower of cost and net realizable value. Cost is determined by first-in first-out method. Net realizable value is the estimated selling price that is obtainable, less estimated costs of completion and the estimated costs necessary to make the sale.
All financial assets are currently measured at fair value through profit or loss (FVTPL). Cash and cash equivalents in the balance sheet comprise cash at bank and in hand and other highly liquid short-term investments.
F-Secure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Financial liabilities are classified as current unless F-Secure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.
The company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.
F-Secure provides incentives to employees in the form of equity-settled share-based instruments. The Company has two kinds of incentive programs; a synthetic warrant-based program and share-based programs.
F-Secure's synthetic option-based program ended on 31 December 2018 and resulted in no payment. The program covered Group's key personnel and the liability has been presented at fair value at each reporting date. In the end of the financial year 2018 the remaining liability was written off to zero through income statement.
F-Secure's share-based incentive programs are targeted to the Group's key personnel. The programs are divided into equity-settled and cash-settled part. The cash-settled part is initially valued at fair value at grant date. At each reporting date the cash-settled part is revalued to fair value and the expense is recognized in the income statement over the vesting period with the counter-entry in liabilities. The cumulative expense recognized at grant date is based on the company's estimate of the number of shares that will ultimately vest at the end of the vesting period. If a person leaves the company before vesting, the reward is forfeited. F-Secure updates its estimate
of the ultimate number of shares at each reporting date. These changes in the estimate are recorded in the income statement.
Classification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Geographical information | ||
| Nordic countries | 46,789 | 44,160 |
| Rest of Europe | 74,422 | 68,497 |
| North America | 9,472 | 9,371 |
| Rest of the world | 11,742 | 13,896 |
| Total | 142,425 | 135,924 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Depreciation and amortization of non-current assets |
||
| Other intangible assets | –1,302 | –1,582 |
| Capitalized development | –3,789 | –3,021 |
| Intangible assets | –5,091 | –4,603 |
| Machinery and equipment | –803 | –994 |
| Tangible assets | –803 | –994 |
| Total depreciation | –5,894 | –5,597 |
| Impairment | ||
| Capitalized development | –135 | |
| Total impairment | –135 | |
| Total depreciation, amortization, and impairment | –6,030 | –5,597 |
| Depreciation, amortization, and impairment by function |
||
| Sales and marketing | –2,712 | –3,437 |
| Research and development | –2,388 | –1,502 |
| Administration | –930 | –658 |
| Total depreciation, amortization and impairment | –6,030 | –5,597 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Rental revenue | 239 | 65 |
| Government grants | 1,587 | 1,423 |
| Other | 2,534 | 2,419 |
| Total | 4,360 | 3,907 |
Government grants are recognized as income over those periods in which the corresponding expenses arise.
Other operating income includes e.g. gain on sale of fixed assets and Group management fees.
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Personnel expenses | ||
| Wages and salaries | –38,540 | –37,873 |
| Pension expenses | –6,786 | –6,272 |
| Other social expenses | –1,519 | –1,558 |
| Total | –46,845 | –45,703 |
| Compensation of key management personnel | ||
| Wages and other short-term employee benefits | –2,446 | –2,129 |
| Wages and other short-term employee benefits | ||
| Managing Directors | –490 | –407 |
| Members of the Board of Directors | –255 | –225 |
Wages and other short-term employee benefits of the Board of Directors and Managing Director: see group disclosure 25. Related party disclosures.
The Managing Director's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 87 thousand euro (73 thousand euro in year 2017). The period of notice for the Managing Director is six (6) months both ways and Managing Director is entitled to severance payment equivalent of six (6) months' salary.
| FAS 2018 | FAS 2017 | |
|---|---|---|
| Average number of personnel | 591 | 541 |
| Personnel by function Dec 31 | ||
| Sales and marketing | 259 | 244 |
| Research and development | 271 | 258 |
| Administration | 79 | 50 |
| Total | 609 | 552 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Audit fees, PricewaterhouseCoopers | –164 | –173 |
| Audit related fees, PricewatehouseCoopers | –22 | –9 |
| Other consulting, PricewaterhouseCoopers | –26 | –97 |
| Total | –212 | –279 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Interest income | 44 | 996 |
| Interest expense | –296 | –13 |
| Other financial income | 3 | 1,025 |
| Dividends | 4,090 | 7 |
| Exchange gains and losses | –1,223 | –1,050 |
| Other financial expenses | –694 | 74 |
| Total | 1,924 | 1,039 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Change in depreciation difference | 5 | 542 |
| Group contribution | 4,000 | |
| Total | 4,005 | 542 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Income tax for the year | –1,811 | –525 |
| Adjustments for income tax of prior periods | 28 | –71 |
| Total | –1,783 | –596 |
| Result before appropriations and tax | 10,487 | 10,404 |
| TANGIBLE ASSETS | ||||||
|---|---|---|---|---|---|---|
| Other intangible | Capitalized development |
Advance payments & incomplete development |
Total | Machinery & equipment |
Other tangible | Total |
| 19,723 | 12,639 | 4,104 | 36,466 | 22,051 | 5 | 22,056 |
| 800 | 68 | 5,011 | 5,879 | 657 | 657 | |
| 2,966 | 4,047 | –7,013 | ||||
| –10,045 | –1,453 | –11,498 | –13,339 | –13,339 | ||
| 13,444 | 15,301 | 2,102 | 30,847 | 9,368 | 5 | 9,374 |
| 667 | 416 | 4,301 | 5,384 | 688 | 688 | |
| 4,122 | –4,122 | |||||
| –135 | –135 | –268 | –268 | |||
| 14,111 | 19,840 | 2,145 | 36,095 | 9,788 | 5 | 9,794 |
| –16,010 | –7,001 | –23,010 | –20,108 | –20,108 | ||
| –1,582 | –3,021 | –4,603 | –994 | –994 | ||
| 10,048 | 1,453 | 11,501 | 13,339 | 13,339 | ||
| –7,544 | –8,569 | –16,112 | –7,763 | –7,763 | ||
| –1,302 | –3,789 | –5,091 | –803 | –803 | ||
| 267 | 267 | |||||
| –8,847 | –12,358 | –21,203 | –8,299 | –8,299 | ||
| 5,900 | 6,734 | 2,102 | 14,735 | 1,605 | 5 | 1,610 |
| 5,264 | 7,483 | 2,145 | 14,892 | 1,489 | 5 | 1,494 |
| INTANGIBLE ASSETS |
11. DEFERRED TAX
50 FINANCIAL STATEMENTS F-SECURE CORPORATION
| EUR 1,000 | Shares in group companies |
Total |
|---|---|---|
| Book value as at Jan 1 | 23,353 | 23,353 |
| Additions | 113,326 | 113,326 |
| Decreases | –11 | –11 |
| Book value as at Dec 31 | 136,668 | 136,668 |
| Name | Country of incorporation |
Share of ownership (%) |
|---|---|---|
| Parent F-Secure Corporation, Helsinki | Finland | |
| DF-Data Oy, Helsinki | Finland | 100 |
| F-Secure Inc., Palo Alto | United States | 100 |
| F-Secure (UK) Ltd, London | United Kingdom | 100 |
| F-Secure KK, Tokyo | Japan | 100 |
| F-Secure GmbH, Munich | Germany | 100 |
| F-Secure eStore GmbH, Munich | Germany | 100 |
| F-Secure SARL, Maisons-Laffitte | France | 98 |
| F-Secure SDC SAS, Bordeaux | France | 100 |
| F-Secure BVBA, Heverlee-Leuven | Belgium | 100 |
| F-Secure AB, Stockholm | Sweden | 100 |
| F-Secure Srl, Milano | Italy | 100 |
| F-Secure SP z.o.o.,Warsaw | Poland | 100 |
| F-Secure Corporation (M) Sdn Bhd, Kuala Lumpur | Malaysia | 100 |
| F-Secure Pvt Ltd, Mumbai | India | 100 |
| F-Secure Pte. Ltd., Singapore | Singapore | 100 |
| F-Secure B.V., Utrecht | The Netherlands | 100 |
| F-Secure Limited, Hong Kong | Hong Kong | 100 |
| F-Secure Pty Limited, Sydney | Australia | 100 |
| F-Secure Iberia SL, Barcelona | Spain | 100 |
| F-Secure Informática S. de R.L. de C.V, Mexico City | Mexico | 99 |
| F-Secure Danmark A/S, Copenhagen | Denmark | 100 |
| F-Secure Argentina SRL, Buenos Aires | Argentina | 100 |
| F-Secure Digital Assurance Consulting Ltd, London | United Kingdom | 100 |
| MWR InfoSecurity Limited, Basingstoke | United Kingdom | 100 |
| EUR 1,000 | FAS 2018 | FAS 2017 | |
|---|---|---|---|
| Other inventories | 607 | 588 |
| EUR 1,000 | FAS 2018 | FAS 2017 | |
|---|---|---|---|
| Non-current | |||
| Other receivables | 69 | ||
| Total | 69 | ||
| Non-current receivables total | 69 | ||
| Current receivables | |||
| Trade receivables | 28,020 | 27,678 | |
| Loan receivables | 14 | 6 | |
| Other receivables | 142 | 89 | |
| Prepaid expenses and accrued income | 10,869 | 7,742 | |
| Total | 39,045 | 35,515 | |
| Receivables from group companies | |||
| Trade receivables | 12,801 | 16,851 | |
| Loan receivables | 2,705 | 79 | |
| Other receivables | 4,388 | 456 | |
| Total | 19,894 | 17,386 | |
| Current receivables total | 58,939 | 52,901 | |
| Material items included in prepaid expenses and accrued income |
|||
| Prepaid royalty | 2,799 | 2,507 | |
| Grant receivables | 987 | 1,637 | |
| Other prepaid expenses | 7,083 | 3,598 | |
| Total | 10,869 | 7,742 |
Short-term investments consist of interest-bearing debt securities and shares in funds invested in similar instruments. For assets that are actively traded in organized financial markets, fair value is determined by reference to Stock Exchange quoted market bid prices at the close of business on the balance sheet date. Net asset value (NAV) is used as a practical expedient to measure fair value for the investments in non-listed funds. Assets, for which fair value cannot be measured reliably, are recognized at cost less impairment. The fair value changes of short-term investments are recognized in shareholders' equity under fair value reserve.
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Fair value as at Jan 1 | 53,924 | 63,670 |
| Additions | 12,051 | 7,742 |
| Decreases | –64,720 | –17,372 |
| Change in fair value | –1,229 | –117 |
| Fair value as at Dec 31 | 26 | 53,924 |
| Shares – unlisted | 26 | 26 |
| Funds | 53,898 | |
| Fair value as at Dec 31 | 26 | 53,924 |
| Original purchase price as at Dec 31 | 26 | 52,695 |
| EUR 1,000 | FAS 2018 | FAS 2017 | |
|---|---|---|---|
| Cash at bank and in hand | 16,689 | 16,071 |
52 FINANCIAL STATEMENTS F-SECURE CORPORATION
| Parent Company FAS | Unrestricted | ||||||
|---|---|---|---|---|---|---|---|
| EUR 1,000 | Share capital | Share premium fund |
Treasury shares |
Fair value reserve |
equity reserve |
Retained earnings |
Total equity |
| Equity 31 Dec, 2016 | 1,551 | 165 | –5,741 | 1,077 | 5,211 | 64,128 | 66,390 |
| Impact of change in accounting principles | –2,949 | –2,949 | |||||
| Equity (restated) 1 Jan, 2017 | 1,551 | 165 | –5,741 | 1,077 | 5,211 | 61,180 | 63,442 |
| Available-for-sale financial assets, net | –93 | –93 | |||||
| Result of the financial year | 10,349 | 10,349 | |||||
| Dividend | –18,751 | –18,751 | |||||
| Other change | 1,166 | 167 | 1,333 | ||||
| Equity (restated) 31 Dec, 2017 | 1,551 | 165 | –4,575 | 985 | 5,379 | 52,778 | 56,280 |
| Impact of change in accounting principles | –985 | 1,200 | 215 | ||||
| Equity (restated) 1 Jan, 2018 | 1,551 | 165 | –4,575 | 5,379 | 53,977 | 56,496 | |
| Result of the financial year | 12,709 | 12,709 | |||||
| Dividend | –6,281 | –6,281 | |||||
| Other change | 1,803 | 704 | 2,507 | ||||
| Equity 31 Dec, 2018 | 1,551 | 165 | –2,772 | 6,082 | 60,404 | 65,430 |
See group disclosure 18. Share-based payment transactions.
The Company's share capital amounted to 1,551,311 euro and the number of shares was 158,798,739 at the end of the year 2018. See group disclosure 17. Shareholders' Equity.
See group disclosure 17. Shareholders' Equity.
EUR 1,000
| Unrestricted equity reserve | 6,082 |
|---|---|
| Retained earnings | 47,696 |
| Treasury shares | –2,772 |
| Result of the financial year | 12,709 |
| Less capitalized development expense | –7,483 |
| Distributable shareholders' equity on December 31, 2018 | 56,232 |
| Non-current liabilities Deferred revenues 12,175 10,392 Interest bearing liabilities 31,000 Other liabilities 18,602 3,217 Total 61,777 13,609 Liabilities to the group companies Cashpool 6,090 Other liabilities 1,615 1,683 Total 7,705 1,683 Total non-current liabilities 69,482 15,292 Current liabilities Deferred revenues 39,531 39,096 Trade payables 5,369 5,236 Interest bearing liabilities 6,000 Other liabilities 1,710 3,548 Accrued expenses 16,324 19,418 Total 68,934 67,297 Liabilities to the group companies Advance payments 8,662 7,984 Trade payables 16,399 16,236 Other liabilities 68 101 Total 25,129 24,320 Total current liabilities 94,063 91,618 Material amounts shown under accruals and deferred income Accrued personnel expenses 10,197 11,845 Deferred royalty 1,119 1,695 Accrued expenses 4,513 4,923 Accrued tax 495 956 Total 16,324 19,418 |
EUR 1,000 | FAS 2018 | FAS 2017 | |
|---|---|---|---|---|
See Group disclosure 20. Financial assets and liabilities.
The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office space between two and five years with renewal terms included in the contracts.
Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows:
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Within one year | 2,982 | 3,106 |
| After one year but not more than five years | 2,979 | 5,406 |
| Total | 5,961 | 8,512 |
| EUR 1,000 | FAS 2018 | FAS 2017 |
|---|---|---|
| Guarantees for other group companies | 130 | 149 |
| Other liabilities | ||
| Others | 171 | 24 |
Derivatives see Group disclosure 20. Financial assets and liabilities
See Group disclosure 27. Shares and shareholders
54 FINANCIAL STATEMENTS F-SECURE CORPORATION
Helsinki, February 13, 2019
Risto Siilasmaa Pertti Ervi Bruce Oreck Chairman of the Board of Directors Päivi Rekonen Matti Heikkonen Christine Bejerasco
CEO
Samu Konttinen
Our auditors' report has been issued today.
Helsinki, February 13, 2019
PricewaterhouseCoopers Oy Authorized Public Accountants
Janne Rajalahti Authorized Public Accountant
To the Annual General Meeting of F-Secure Oyj
In our opinion
Our opinion is consistent with the additional report to the Audit Committee.
We have audited the financial statements of F-Secure Oyj (business identity code 0705579-2) for the year ended 31 December 2018. The financial statements comprise:
We conducted our audit in accordance with good auditing practice in Finland. Our responsibilities under good auditing practice are further described in the Auditor's Responsibilities for the Audit of the Financial Statements section of our report.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.
We are independent of the parent company and of the group companies in accordance with the ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled our other ethical responsibilities in accordance with these requirements.
To the best of our knowledge and belief, the non-audit services that we have provided to the parent company and to the group companies are in accordance with the applicable law and regulations in Finland and we have not provided non-audit services that are prohibited under Article 5(1) of Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 6 to the Financial Statements.
As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the financial statements. In particular, we considered where management made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain.
The scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the financial statements are free from material misstatement. Misstatements may arise due to fraud or error. They are considered material if individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.
Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall group materiality for the consolidated financial statements as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements on the financial statements as a whole.
F-Secure 2018 Board of Directors' Report Financial statements Sustainability Corporate Governance
56 AUDITOR'S REPORT
| Overall group materiality | €1,100,000 (previous year €1,000,000) |
|---|---|
| How we determined it | 0.6% of consolidated revenue |
| Rationale for the materiality benchmark applied |
The groups profitability has been volatile during the last years due to business combinations related integration costs and amortization, significant investments in both product development and go-to-market strategy. Therefore, we chose revenue as the benchmark because, in our view, it is the benchmark against which the performance of the Group is commonly measured by users, and is a generally accepted benchmark. We chose 0.6% which is within the range of acceptable quantitative materiality thresholds in auditing standards. |
How we tailored our group audit scope
We tailored the scope of our audit, taking into account the structure of the Group, the accounting processes and controls, and the industry in which the Group operates.
Group operates globally through several legal entities. Group's sales are mainly generated by the parent company and we have audited the parent company as part of our audit of the consolidated financial statements. In addition, we have performed audit procedures related to the most significant subsidiary. We have considered that the remaining subsidiaries don't present a reasonable risk of material misstatement for consolidated financial statements and thus our procedures have been limited to targeted audit procedures over significant balances and to analytical procedures performed at Group level.
By performing the procedures above at legal entities, combined with additional procedures at the Group level, we have obtained sufficient and appropriate evidence regarding the financial information of the Group as a whole to provide a basis for our opinion on the consolidated financial statements.
Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.
As in all of our audits, we also addressed the risk of management override of internal controls, including among other matters consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.
Refer to note 2 to the consolidated financial statements for the related disclosures.
Revenue is derived from corporate and consumer businesses. Corporate security business revenue includes cyber security products, managed services, and cyber security consulting. Consumer security business revenue comes through operator and direct consumer channels.
In the corporate and direct consumer businesses, license agreements consist of initial license agreements and periodic maintenance agreements. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period. In the operator business, most of the license sales are usage-based and booked based on usage reports, but there are also fixed price operator agreements. The terms of these agreements vary significantly and their revenue recognition is therefore defined case-by-case.
Service revenue, including cyber security consulting and managed services, is recognized at the time of delivery of the service.
Due to materiality and judgment associated with the timing of revenue recognition we have considered timing of revenue recognition as key audit matter in the audit of the Group.
This matter is a significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014.
We evaluated the design and tested the operating effectiveness of certain controls over revenue recognition.
We tested sample of revenue recognized during the year.
We assessed appropriateness of the company's revenue recognition policy and tested sample of revenue agreements to ensure those have been recognized based on contractual terms and based on the company's revenue recognition policy. We have also tested deferred revenue on a sample basis to assess appropriateness of revenue recognition.
In addition, we tested sample of fixed priced agreements.
Refer to note 13 to the consolidated financial statements for the related disclosures.
Company's research and development activities have increased due to focus on the
development of new products and product amendments both for corporate and consumer customers.
Capitalization of R&D costs requires use of judgment as capitalization requires estimating technical and economical feasibility of the product developed. In addition, there is judgement involved in assessing recoverability of capitalized R&D costs as future cash flows generated by these intangible assets needs to be estimated.
Due to materiality and judgment associated with capitalization of R&D costs, we have considered capitalization of R&D as key audit matter in the audit of the Group.
We assessed appropriateness of the company's R&D capitalization policy.
We evaluated the design and operating effectiveness of controls over R&D capitalization. We assessed whether capitalization criteria for R&D projects are met.
We tested a sample of invoices and personnel related costs capitalized during the year.
We evaluated the relevant assumptions used in the impairment testing of intangible assets, focusing on the reasonableness of the forecasted economic information.
We tested the accuracy of the management's earlier estimates by performing subsequent review.
Refer to note 11 to the consolidated financial statements for the related disclosures.
During 2018 F-Secure acquired MWR Infosecurity Ltd in the United Kingdom for a total consideration of €108.0 million. The acquisition is accounted for as a business combination and includes a number of significant and complex judgments in the determination of the fair value of the assets and liabilities acquired.
The primary element of the valuation and purchase price allocation process was to assess the fair value of intangible assets (€25.9 million) in the form of technology, customer relationships and trademarks. In addition, measurement of deferred contingent consideration (€14.2 million) required use of management judgment. Resulting goodwill amounted to €81.9 million.
The purchase price allocation is reported as preliminary in the consolidated financial statements.
Business combinations is a key audit matter in the audit due to the high level of management judgement used in determining the fair value of the net assets acquired and deferred contingent consideration.
For the intangible assets, we assessed the methodology adopted by management for calculating the fair value of technology, customer relationships and trademark related assets. We also tested the key assumptions in the valuation model, particularly in respect of the:
Related to measurement of the deferred contingent consideration we have assessed the appropriateness of the methodology and key assumptions used by the management.
We have no key audit matters to report with respect to our audit of the parent company financial statements.
There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014 with respect to the parent company financial statements.
The Board of Directors and the Managing Director are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with International Financial Reporting Standards (IFRS) as adopted by the EU, and of financial statements that give a true and fair view in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements. The Board of Directors and the Managing Director are also responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, the Board of Directors and the Managing Director are responsible for assessing the parent company's and the group's ability to continue as a going concern, disclosing, as applicable, matters relating to going concern and using the going concern basis of accounting. The financial statements are prepared using the going concern basis of accounting unless there is an intention to liquidate the parent company or the group or to cease operations, or there is no realistic alternative but to do so.
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with good auditing practice will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.
As part of an audit in accordance with good auditing practice, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:
We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.
We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.
From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because
the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.
We were first appointed as auditors by the annual general meeting on April 7th 2016. Our appointment represents a total period of uninterrupted engagement of three years.
The Board of Directors and the Managing Director are responsible for the other information. The other information comprises the report of the Board of Directors and the information included in the Annual Report, but does not include the financial statements and our auditor's report thereon. We have obtained the report of the Board of Directors prior to the date of this auditor's report and the Annual Report is expected to be made available to us after that date.
Our opinion on the financial statements does not cover the other information.
In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. With respect to the report of the Board of Directors, our responsibility also includes considering whether the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.
In our opinion
If, based on the work we have performed on the other information that we obtained prior to the date of this auditor's report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.
Helsinki 13 February 2019
Janne Rajalahti Authorised Public Accountant (KHT)
In the digital and connected world we currently live in, cyber attacks and malware have the ability to seriously damage global businesses, result in losses of hundreds of millions of euros, and even cause human suffering. For 30 years, F-Secure has been committed to helping people and businesses fight these cyber threats. Improving our customers' security, resilience, and the sustainability of their digital lives or businesses, is why we exist. We believe that through our core business and everyday actions we play a vital role in ensuring the functioning of modern society, and help to maintain trust between people and organizations. Internally, we emphasize the importance of a sense of fellowship among our employees, and we have always put a strong emphasis on shared core values.
There were several positive developments during the year. The number of employees increased significantly as a result of a major acquisition and continued active organic recruiting. The share of female managers increased, whereas the number of sick leaves decreased. From an environmental perspective, electricity consumption in both offices and IT servers decreased, as the Kuala Lumpur office was relocated to a more energy efficient building, and the on-going transition from co-location servers to the cloud continued. Emissions from air travel increased significantly, mostly as a result of the reporting scope being expanded to cover the acquired offices.
F-Secure is committed to sustainable practices in carrying out our business. Corporate responsibility is led by the CEO with the support of the Leadership Team, and with the Board of Directors approving the annual non-financial information review. To ensure that corporate responsibility is integrated into all business operations, governance and compliance processes have been established.
This statement lists key areas of responsibility that are considered most material in accordance with the Finnish Accounting Act. Corresponding aspects have been listed in the company's Code of Conduct, the summary of which is available on the company's website. Each employee of F-Secure is expected to know and comply with this code and report any suspected violations that they become aware of according to the applicable whistleblowing processes. F-Secure's subcontractors are also requested to act in compliance with this code or a corresponding code of their own.
Every day, experts at F-Secure Labs analyze around 350,000 unique potential malware samples, equaling hundreds of potential new threats every minute. Our cyber security consultants help many of the world's leading companies to predict, prevent, detect and recover from the most advanced cyber attacks.
By combining sophisticated technology with machine learning and human expertise, F-Secure provides a comprehensive offering of security products and cyber security services for both corporate customers and consumers.
For businesses, we offer vulnerability scanning and management solutions, endpoint protection products, detection and response solutions, as well as comprehensive security and risk assessment services for top management, along with technical consulting. For consumers, we offer security and privacy solutions for all connected devices. Our products and services offer our customers best-in-class security as has been proven by several independent research institutions. For example, AV-TEST has given F-Secure the Best Protection
award for superior technology five times during the past seven years – no other company has achieved this.
We offer our products and services to defend thousands of companies and millions of people around the world through our network of around 200 telecommunications operators and thousands of IT service and retail partners. With our partnerled business model, trust has always been a cornerstone of all our operations.
F-Secure strives to cooperate with authorities and law enforcement to investigate online crime, and to bring criminals to justice. In fact, our security experts have participated in more European cybercrime investigations than any other company in the industry. That said, our products are always developed independent of governmental direction.
In our industry, it is critical that appropriate care is taken when handling customer information. Respecting customer privacy is an integral part of our company culture, and F-Secure has published its privacy principles on the company website. When protecting our customers against cyber threats, we strive to do so with minimum risks to their privacy. All F-Secure
employees commit to protecting the confidentiality of customer data.
F-Secure implemented processes to ensure compliance with General Data Protection Regulation (GDPR) when processing personal data.
While we view improved security of our customers as our key contribution to and impact upon society, this report concentrates on information regarding environmental matters, social and employee-related matters, respect for human rights as well as anti-corruption and anti-bribery matters. Risks, risk management, applicable policies and due diligence processes, outcomes of policies, and key performance indicators have been listed for each of these aspects.
Within each aspect, we have tried to identify topics most relevant for F-Secure. Unless otherwise stated, focus areas are material for the whole company.
| Focus area | Key aspects | Policies | Key performance indicator | ||
|---|---|---|---|---|---|
| m O and the Leadership Tea CE |
SOCIAL AND EMPLOYEES: We value our employees |
– Securing the right competencies – Ensuring equality, equal opportunity and diversity – Ensuring the wellbeing of employees |
– Recruitment Policy – Development and training guidelines – Co-operation review policy – Harassment prevention policy – Equality plan |
Employee NPS score | |
| ANTI-CORRUPTION AND HUMAN RIGHTS: We operate responsibly |
– Fighting corruption and bribery – Being responsible in procurement |
Code of Conduct | – Supplier Code of Conduct – Purchase order process – Anti-corruption policy |
Number of reported violations | |
| ENVIRONMENT: We respect the planet |
– Reducing energy consumption and waste in our offices – Reducing energy consumption from IT operations – Travelling sensibly |
– Office Environmental policy – Travel policy |
Total electricity consumption (kWh) in offices Electricity consumption (kWh), co-location servers |
F-Secure employs over 1,600 security experts, product developers, sales people and other employees globally. F-Secure's HR practices emphasize the importance of fellowship, and the company has always put an emphasis on shared values.
As a whole, the cyber security industry is facing increasing competition and there is structural undersupply of suitable experts. Due to this, the most significant risk related to employee and social matters is the company's ability to identify, attract, retain and develop talent to support the company's growth. Additionally, in a rapidly evolving industry, the company must also be able to ensure employees constantly update their competences according to market needs. Other important employee-related issues include employee well-being, a healthy work-life balance, and ensuring equality and equal opportunities.
F-Secure strives to:
To measure success, the company conducts an Employee Net Promoter Score (eNPS) survey among staff to measure employee loyalty biannually.
Human Resources is responsible for developing people management processes, tools, and ways of working. The company's Leadership Team is responsible for following up on the results of the eNPS survey and ensuring corrective action plans are developed.
Successful recruitment is crucial for F-Secure's business success. Our aim is to ensure that we hire professionals with competencies that are in line with F-Secure's business objectives, culture and values. An internal global recruiting policy gives guidance to managers to ensure consistency and equal treatment of candidates, as well as to provide candidates a positive experience with the company.
After recruitment, the responsibility for competence development lies both with the individual employee and his or her manager, as well as with the company. An internal development and training guideline addresses the roles and responsibilities as well as practices related to learning and personal development.
F-Secure has a number of development programs and training available for both managers and employees including:
62 Statement of non-financial information
The number of employees continued to increase especially due to the acquisition of MWR Infosecurity, which grew the number of employees by about 400. Besides this, F-Secure continued to recruit sales persons, product developers, cyber security consultants and other experts to support the company's growth. In total, the company saw a net addition of 562 employees throughout 2018.
The company decided to implement a rolling objective setting where individual goals are set on a quarterly basis from 2019 onwards. Furthermore individual competence development will be discussed at least twice a year in Growth Discussions. The aim of the renewal is to concentrate on constant development, growth and feedback. An internal cooperation review policy addresses the responsibilities and practicalities of this process.
F-Secure is a very diverse workplace. In 2018, we employed 65 different nationalities by the end of 2018, a large part of which are also represented at the company headquarters. Our commitment to equality of opportunity is clearly explained in our Code of Conduct.
Employment is based solely upon individual merit and qualifications related to professional competence. We treat all of our employees, candidates, customers and business partners fairly and equally, without regard to sexual orientation, gender, race, religion and age, according to applicable laws and practices. We prohibit discrimination or harassment of any kind. An internal Harassment Prevention Policy gives instructions on how to manage potential violations.
Violations of any of the aforementioned policies are closely monitored. Violations may be reported either to the HR team, Compliance Team or to the Board of Directors according to instructions given. The Compliance Team reviews all reported cases and decides on further actions. Third-party experts are
consulted if necessary. Decisions by the Compliance Team are presented to the Leadership Team or the Board of Directors for review. Violations are reported as part of non-financial reporting where such third-party expert needs to be consulted.
The share of female managers increased, and the share of female employees was almost at the previous year's level.
No violations passing the reporting threshold were reported to the Compliance Team or Board of Directors during 2018.
In ensuring the wellbeing of employees, F-Secure emphasizes the importance of good leadership in addition to a preventative approach to health care.
Every employee globally is entitled to basic health care services, but practices vary locally. In certain regions, employees are provided with additional sports benefits, and extended health care services according to local practices. Also, in some locations there are additional benefits such as the possibility to arrange a caretaker for a sick child. The company allows for flexible working hours and the possibility of working remotely. F-Secure offers voluntary wellbeing lectures and training for both employees and managers.
F-Secure closely monitors employee sick leaves. In case of longer sick leaves, the company supports employees, and assists them in returning back to work.
The number of sick leaves continued to decrease.
63 Statement of non-financial information
F-Secure transacts with approximately 4,000 suppliers every year. While the majority of F-Secure's business is considered to be in low-risk regions in terms of human rights violations, we acknowledge the need to stay alert for possible violations, and evaluate all new partnerships critically. Bribery and corruption are risks for all companies, and have a detrimental impact on business by undermining good governance and distorting free markets.
We are committed to applying the highest standards of ethical conduct and integrity in our business activities. Similarly, we strive to minimize risks associated with our suppliers.
F-Secure respects human dignity and promotes human rights, and requires respect for the same principles from every F-Secure employee, including freedom of association, freedom of thought, conscience and religion and freedom of opinion and expression. Also, we do not tolerate working conditions that are in conflict with international conventions or practices, and support Conventions of the International Labor Organization (ILO). This is clearly explained in our Code of Conduct.
Every employee and individual acting on F-Secure's behalf is responsible for conducting company business honestly and professionally. We do not tolerate any form of bribery by, or of, our employees or any persons or companies acting for it or on our behalf.
The Code of Conduct explains F-Secure's general commitment to ethical conduct. We have also issued a specific Anti-Bribery Policy that applies to all employees. It defines the rules to be applied related to gifts, hospitality, travelling and accommodation, specific terms concerning governmental officials, as well as the process for escalation as needed. The company expects suppliers, subcontractors and partners to comply with the policy or a policy of their own – of a similar or higher standard. Ethical practices are emphasized in contracts and the company engages in continuing dialogue with relevant stakeholders.
To evaluate success, F-Secure closely follows all reports of potential violations. Any suspected breaches must be reported, and each alleged violation is investigated in an appropriate and fair manner. Any breach will be dealt with according to relevant policies and laws.
Anti-corruption processes are managed by F-Secure's legal team.
No violations of Anti-Bribery Policy were reported in 2018.
The majority of F-Secure's suppliers are considered to be low-risk. In terms of spending, the majority of suppliers provide operating services and marketing services, which represent over 50% of the total supplier spend. Operating services include outsourced sales and product development services, as well as royalties for third-party technology providers. Marketing services include local advertising, as well as search engine and social media advertising. Other significant suppliers include providers of production services, office space rental costs, management consulting, auditing, HR services, and IT equipment and licenses.
F-Secure has a Supplier Code of Conduct, which is a part of the F-Secure agreement template and sets the standard compliance requirements for new agreements. The Supplier Code of Conduct covers both anti-corruption and bribery as well as human rights issues.
When considering new suppliers, each function evaluates the need for supplier auditing together with F-Secure's procurement function. F-Secure offers training to employees who select suppliers and are involved with preparing requests for proposals (RFP) or drafting agreements to enable them to assess the possible risks and take appropriate precautions.
If deemed necessary, the supplier will be issued with a detailed survey focusing on key issues, including responsible business procedures. The supplier must have a process in place to verify compliance with the Supplier Code of Conduct and must participate in a self-assessment process organized by F-Secure if requested. F-Secure has the right to audit how suppliers and sub-contractors fulfill the Supplier Code of Conduct or corresponding requirements. For any identified non-compliances with the Code of Conduct, the supplier must provide a corrective action plan to be approved by F-Secure.
No violations of the Supplier Code of Conduct were reported in 2018.
During 2018 F-Secure initiated a process to ensure that the newly acquired MWR Infosecurity follows F-Secure processes and guidelines in future agreements. Significant existing agreements will also be reviewed for possible actions.
64 Statement of non-financial information
The majority of F-Secure's business activities involve the development, production and delivery of software and professional services. Due to this, the company's direct environmental impact is limited, and associated risks to the environment are not considered significant. The company's environmental footprint derives primarily from the use of electricity for office activities – including heating and cooling – as well as the use of electricity from IT operations. Additionally CO2-emissions are created by business travel, and a limited amount of waste is generated by office activities.
F-Secure acknowledges climate change and other environmental impacts are both global as well as local concerns, and the company strives to minimize its impact. F-Secure has a precautionary approach to environmental challenges, as stated in our Code of Conduct. We seek to ensure compliance with local legislation, and aim to continuously increase the energy efficiency of our operations and reduce the amount of waste. Where possible and practical, we give preference to ecologically sound suppliers' products and services Only a very limited amount F-Secure's sales involve physical products, and when they do, packages are made from recycled materials.
To evaluate our success in limiting our environmental impact, F-Secure conducts an annual energy review to estimate our total direct consumption of electricity at company level.
F-Secure has offices in 29 locations globally. The majority of operations are concentrated in Helsinki and Oulu in Finland, London in the UK, Kuala Lumpur in Malaysia, Johannesburg in South Africa, Poznan in Poland as well as a number of smaller offices throughout Europe, Asia and the Americas.
The company rents office facilities from local real estate providers. Typically a lease agreement includes service charges for electricity and heating, as well as handling of a limited amount of waste generated by office activities. Paper, bio and energy waste are primarily recycled according to local practices. Hazardous waste consists solely of batteries, which are disposed of at suitable recycling points. Electronic
waste is recycled carefully and, as appropriate, with careful attention to ensuring that confidential waste is specifically managed. Confidential paper waste is also managed with special care.
The company has an Office Environmental Policy, which sets out the principles of the company's approach to protecting the environment. The policy also sets out the steps the company and all employees should take to comply with the rule in detail, and improve the environmental efficiency of our operations.
Office processes are managed by F-Secure's HR & Office Services team.
F-Secure expanded the scope of the energy review to cover the acquired offices.
The company implemented a new Office Environmental Policy , created during the previous year.
Office services initiated a discussion at each company office about environmental best practices, with the aim of developing improvement plans. We continued to challenge our premises' owners to provide electricity from renewable sources. For example, in Malaysia, the company moved to a more energy efficient office, resulting in a significant decrease in electricity consumption.
During 2019, F-Secure will continue to roll out an environmental impact improvement program at each location to monitor and measure concrete steps taken.
F-Secure uses both private servers and third-party cloud platforms to develop and run its services.
Currently, approximately 40% of the computing capacity is in co-location facilities (2017: 70%), where F-Secure also operates the infrastructure. With third-party cloud platforms, F-Secure mainly partners with Amazon Web Services (AWS) as well as Microsoft Azure.
In co-location facilities, F-Secure is able to directly measure electricity consumption on a monthly basis. F-Secure utilizes server hardware with good energy efficiency (Energy Star), and in Finland the company's main data center vendor is 100% powered by wind energy.
For third-party providers, electricity consumption data is not available, as electricity costs are part of the overall service contract. That said, AWS, the main service partner, has publicly announced a goal of being 100% powered by renewable energy, and in January 2018 they reached 50%. Microsoft has also committed to reducing their carbon footprint by 75% by 2030 against a 2013 baseline.
Going forward, F-Secure plans to increase the use of third-party providers and decrease the amount of privately operated co-location servers. The transition is expected to increase the company's overall energy efficiency and lower total consumption, as third-party providers are running the more energy-efficient servers.
All computing capacity is centrally-managed by the Production & IT unit.
F-Secure continued to increasingly outsource the company's server activity. The transition is expected to increase the company's overall energy efficiency.
As F-Secure's business grows and expands geographically, more travelling to customer premises is often required.
F-Secure has a Travel policy, which aims to reduce the environmental impact of travelling, minimizing energy consumption and emissions by choosing environmentally friendly means of travelling. The policy requires a pre-approval of employee travels, and the policy also encourages employees to use online conferencing tools when collaborating with our internal and external stakeholders. When travelling, the
company recommends using public transport when feasible and train instead of flights.
In order to have better management of the overall travel and travel management, F-Secure is consolidating the company's travel agency agreements from country-specific solutions to a centralized solution.
The company's travelling emissions increased significantly in 2018 due to the inclusion of the acquired MWR InfoSecurity (as of the second half of 2018). Emissions figures also increased because the scope of reported travelling-related emissions was expanded to cover more F-Secure offices. Currently European offices are included, covering a clear majority of the company's employees. The company aims to include data from more offices, as data become available.
Table section
| Key perforce indicator |
2018 | Change | 2017 | Decription |
|---|---|---|---|---|
| Employee Net | H1: 23 | +256% | H1: 9 | Key performance indicator of overall |
| Promoter Score 1) | H2: 212) | +161% | H2: 13 | employee wellbeing. |
1) The Net Promoter Score measures employee satisfaction by asking people how likely it is that they would recommend F-Secure as an employer. The score is derived by deducting the share of employees giving low scores (0 to 6, "detractors") from the share of employees giving high scores (9 to 10, "promoters"). Scores from 7 to 8 are considered neutral.
2) H2 also includes the employees of the acquired company.
During the year, F-Secure's overall Employee Net Promoter Score developed positively compared to the previous year.
| Other metrics | 2018 | Change | 2017 |
|---|---|---|---|
| Number of employees | 1,666 | +51% | 1,104 |
| Share of women, of total employees | 22.5% | –1% | 22.7% |
| Share of women, of managers 2) | 19.5% | +22% | 15.9% |
| Sick leaves, % 3) | 1.9% | –39% | 3.11% |
4) Sick leave percentage is the average amount of sick days per employee. The figure includes personnel in Finland only, which represents 37% of total employees.
The number of employees increased significantly especially due to the acquisition in July, but also organically. During the year, F-Secure continued efforts to recruit more female managers in particular. The share of female managers increased significantly, and the share of female employees was almost at the previous year's level. That said, the industry continues to face a common challenge in the low availability of female experts in cyber security which originates from the skewed gender distribution among students in technology . The number of sick leaves continued to decline during 2018.
| Key performance indicator |
2018 | Change | 2017 | Decription |
|---|---|---|---|---|
| Electricity consumption, co-location servers, MWh 1) |
1,081MWh | –31% | 1,564 MWh | Key performance indicator for the transition to more efficient computing. |
| Electricity consumption, offices, MWh 2) |
1,236 MWh | –7% | 1,322MWh | Key performance indicator for increasing energy efficiency in offices. |
| Other metrics | 2018 | Change | 2017 | |
| Travelling emission, CO2, 1,000 kg 3) |
897.5 | +60% | 559.5 |
The emissions from travelling increased mainly due to the inclusion of the acquired MWR InfoSecurity's operations in the reporting, but also because the scope of reported emissions was expanded to cover more offices. Currently European offices are included, covering a clear majority of the company's employees. The company aims to include data from more offices, as the data become available.
The decreasing electricity consumption by offices was a result of the Kuala Lumpur office relocating itself into KL Eco City, resulting in significant electricity usage savings.
The decreasing electricity consumption by co-location servers was the results of closing down one of the data centers, as its operations were moved to a third-party cloud platform. The increasing cloudification is expected to increase the energy efficiency of IT operations.
1) For 2017, the electricity consumption of co-location servers includes two server facilities at undisclosed locations. In September 2018, one of the server facilities was discontinued.
2) The electricity consumption of offices includes approximately 90% of F-Secure's offices, as a percentage of total employees. Excluded offices are Oulu (Finland), Paris (France), St. Petersburg (Russia), Stockholm (Sweden), New Jersey (US), San Jose (US), Trieste (Italy), Berlin (Germany) and Utrecht (Netherlands).
3) The CO2 emissions from travelling include air travel only and are based on calculations provided by the company's travel agency. Reported emissions include flights of European based staff, which represents a clear majority of the company's staff.
F-Secure's corporate governance practices comply with applicable Finnish laws as well as the rules, regulations and guidelines of Nasdaq Helsinki Oy and the Finnish Financial Supervisory Authority as well as with the company's Articles of Association. This statement has been prepared in accordance with the Finnish Corporate Governance Code (publicly available at http://cgfinland.fi/en/) issued by the Securities Market Association of Finland in 2015.
Up-to-date information about F-Secure's governance is available on the company's website at www.f-secure.com/ investors.
F-Secure's highest decision-making body is the General Meeting of Shareholders which elects the members of the Board of Directors. The Board of Directors is responsible for the administration of F-Secure Corporation and appropriate organization of its operations. The Board of Directors appoints the CEO. The CEO, assisted by the Leadership Team, is responsible for managing the company's business and implementing its strategic and operational targets.
Under the Limited Liability Companies Act, shareholders exercise their decision-making power at the General Meeting.
The General Meeting is normally held once a year as an Annual General Meeting (AGM). The AGM decides on matters stipulated by the Articles of Association and the Limited Liability Companies Act, including:
Each share carries one vote in the General Meeting.
A shareholder may propose items to be included on the agenda provided they are within the authority of the meeting, and the Board of Directors has received the request in advance within the set schedule. The invitation to the AGM is published as a stock exchange release and is made available on the company's website.
The AGM was held on 4 April 2018 at F-Secure premises in Helsinki.
The resolutions and the meeting minutes of the AGM are available on F-Secure website.
The Board of Directors is responsible for the administration of F-Secure Corporation and appropriate organization of its operations. The Board's operations, responsibilities and duties are based on the Finnish Companies Act and other applicable legislation and are supplemented by the Board Charter. These cover the following main areas:
The Board of Directors meets as frequently as necessary and according to the Board Charter at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations. The Board of Directors primarily strives at unanimous decisions. If a decision cannot be made unanimously, the decision will be made by voting and with single majority. If the votes are even, the Chairman's vote is decisive.
In accordance with F-Secure's Articles of Association, the Board of Directors comprises three to seven members, who are
| Members of the Board of Directors | |||||
|---|---|---|---|---|---|
| Members | Independence of the Company |
Independence of major shareholders |
Board (Meeting attendance) |
Audit Committee (Meeting attendance) |
Personnel Committee (Meeting attendance) |
| Risto Siilasmaa | Yes | No 1) | Chairman (16/16) | Chairman (5/5) | |
| Pertti Ervi | Yes | Yes | Vice Chairman (16/16) | Chairman (4/4) | |
| Matti Heikkonen | Yes | Yes | Member (13/16) | Member (3/4) | Member until 4 April 2018 (1/2) |
| Bruce Oreck | Yes | Yes | Member (15/16) | Member (5/5) | |
| Päivi Rekonen | Yes | Yes | Member (16/16) | Member (4/4) | Member (5/5) |
| Christine Bejerasco | No 3) | Yes | Member (11/11) | Member as of 4 April 2018 (1/1) | |
| Sofie Nystrøm (until of 4 Apr 2018) |
Yes | Yes | Member (3/7) | Member until April 2018 (1/1) | |
| Ari Inki (until of 4 Apr 2018) | No 2) | Yes | Member (7/7) |
1) Risto Siilasmaa is the founder of F-Secure and on 31 December 2018 owned 37.77% of F-Secure shares.
2) Ari Inki was elected from among F-Secure Corporation's personnel, according to the process described above in 2017. Christine Bejerasco was elected according to the same process in 2018. 3) Christine Bejerasco was elected from among F-Secure Corporation's personnel according to the same process in 2018
elected at the Annual General Meeting for a period of office that extends to the subsequent AGM. The Board of Directors represents all shareholders.
Diversity is an essential part of F-Secure's success. According to Diversity Principles established by the Board of Directors, an optimal mix of diverse backgrounds, expertise and experience strengthens the Board's performance and promotes creation of long-term shareholder value. The Board of Directors' Diversity Principles strive towards appropriately balanced gender distribution. Both genders are represented in the Board of Directors.
To create openness, one member of the Board of Directors is elected from among F-Secure's personnel. An election is arranged annually for F-Secure personnel and each permanent F-Secure employee based in Finland is eligible to stand as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for election as a member of the Board by the Annual General Meeting. Christine Bejerasco was appointed to the Board of Directors through this process in 2018.
The majority of Board members are independent from the company and from its major shareholders. For a detailed description of the members of the Board of Directors and their shareholdings see the end of this statement.
In 2018 the Board of Directors convened 16 times, the Audit Committee 4 times and the Personnel Committee 6 times.
In 2018, the Board established committees: the Audit Committee and the Personnel Committee (nomination and remuneration matters). The Board of Directors shall appoint from among itself the members and the Chairman of the committee. Each committee must have at least three members. The Board of Directors shall confirm the main duties and operating principles of each committee. The duties of the Committees are defined in their charters.
The Audit Committee reviews, instructs and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also prepares a proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as an adequate knowledge of and experience in financial and supervisory matters. The majority of members of the Audit Committee shall be independent from F-Secure Corporation and from major shareholders in the company. Minutes and
materials of the Audit Committee meetings are distributed to all members of the Board of Directors.
The Audit Committee convenes at least four (4) times a year as notified by the Chairman of the Committee. Members of the Audit Committee are listed in the table.
The Personnel Committee prepares material and instructs with issues related to the composition and compensation of the Board of Directors and the remuneration and incentives of key managerial personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders. Minutes and materials of the Personnel Committee meetings are distributed to all members of the Board of Directors
The Personnel Committee convenes at least two (2) times a year as notified by the Chairman of the Committee. Members of the Personnel Committee are listed in the table.
The Board of Directors appoints and may dismiss the CEO and decides upon the CEO's remuneration and other benefits. The CEO is responsible for the day-to-day management of the company. The CEO's duties include:
– managing the business according to the instructions issued by the Board of Directors
Samu Konttinen has been F-Secure's President and CEO since 2016.
The biographical details of the CEO including the shareholdings are specified at the end of this statement. The remuneration of the CEO is specified in the F-Secure Remuneration Statement 2018.
The Leadership Team supports the CEO in the daily operative management and development of the company.
Members of the company's Leadership Team on 31 December 2018 were:
Current information on the F-Secure Leadership Team can be found on our website: www.f-secure.com/investors.
For descriptions of all members of the Leadership Team during 2018 their roles, respective membership periods and shareholdings see the end of this statement.
Risk management and internal control processes at F-Secure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.
F-Secure's Board of Directors defines the principles of risk management and internal controls which are followed within the company. The Audit Committee assists the Board in the supervision of F-Secure's risk management function.
The CEO is accountable to the Board for ensuring that the risk management principles are implemented and applied constantly and consistently across the organization. The Risk Management Steering Committee has been appointed by the CEO to ensure the effective implementation of risk management at F-Secure.
The primary goal of F-Secure's risk management principles is to empower the organization to identify and manage risks more effectively through the adoption of risk modelling and quantification methods. The potential negative impact and probability of different situations arising from our business operations on the company, its customers, or its partners are constantly monitored.
F-Secure promotes continuous risk evaluation by the company's personnel appointed as risk owners. The relevant operational risks identified through the risk management process are regularly reviewed by the CEO and Leadership Team, the Risk Management Steering Committee and the company's statutory auditor. Risk Management is an integrated part of F-Secure's governance and management and the risk management process is aligned with the ISO-31000 standard.
The Audit Committee regularly conducts a review of top operational risk and evaluates the effectiveness of the risk management system.
The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.
Internal control consists of all the guidelines, policies, processes, practices and relevant information about organizational structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual performance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.
The company constantly monitors its key financial processes linked to sales, revenue, costs and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The Company's finance department is responsible for the consistency and reliability of internal control methods. The finance team works in close cooperation with the CFO and businesses, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition.
F-Secure's Audit Committee considers the need for and appropriateness of a separate Internal Audit function on a regular basis. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the company, a separate Internal Audit function is not necessary.
In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the company's finance department with active involvement by the legal department.
The absence of a separate Internal Audit function is considered when defining the scope of the company's external audit. Where necessary, the Board may also purchase Internal Audit services from an external service provider.
To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors and the head of the company's legal team to discuss related matters regarding their areas of responsibility.
The company has taken into use two direct lines for all employees to notify the Board and Leadership Team of any unethical activity or abuse.
In insider matters, F-Secure complies with the applicable legislation (including Market Abuse Regulation "MAR"), the standards of the Finnish Financial Supervisory Authority as well as Nasdaq Helsinki's Guidelines for Insiders. Inside information means information of a precise nature, which has not been made public, relating, directly or indirectly, to F-Secure's financial instruments, and which, if it were made public, would be likely to have a significant effect on the prices of such financial instruments.
According to MAR, an issuer must draw up a list of all persons who have access to inside information. MAR separates between: 1 ) project insiders (who have access to inside information from time to time during a specific project); 2 ) permanent insiders (who have access to inside information at all times).
F-Secure has decided not to include any persons as permanent insiders. All persons with inside information regarding a project will be included in the project specific insider list.
Persons discharging managerial responsibilities ("Managers") comprise the Board of Directors, the CEO, the CFO and other members of the Leadership Team. These persons have a duty to notify F-Secure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of F-Secure within three business days.
The company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers' transactions are available on the company's website.
Due to the sensitive nature of financial information, persons having access to financial information before publication of an interim financial report or a year-end report shall be subject to a thirty (30) day trading restriction prior to publication of such a report. F-Secure keeps a list of such persons and notifies them in writing about the trading restriction.
The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.
F-Secure has been audited by PricewaterhouseCoopers with Janne Rajalahti, Authorized Public Accountant, as the responsible auditor.
F-Secure paid the auditor EUR 164 000 in audit fees (2017: EUR 173,000), and EUR 48 000 (2017: EUR 106,000 for non-audit services.
DETAILED DESCRIPTIONS
In this section are the biographies of the Members of the Board of Directors during 2018. Shareholdings are listed as of 31 December 2018 unless otherwise stated.
Chairman of the Board of Directors since 2006, Born 1966, M.Sc. (Engineering) Main employment history:
Currently Chairman of the Board, F-Secure Corporation, 2006–
Founder, President and CEO, Member of the Board, F-Secure Corporation, 1988–2006 Interim CEO, Nokia Corporation, 2013–2014 Chairman of the Board, Elisa Corporation, 2008–2012
Vice-Chairman of the Board 2017–2018, Member of the Board 2013–2016, Confederation of Finnish Industries (EK)
duties: Chairman of the Board 2012–, Member of the Board 2008–2012, Nokia Corporation Member of the Board 2007–, Chaiman of the Board 2016–2018, Vice-Chairman of the Board 2013–2015, The Federation of Finnish Technology Industries
Member of the Board, Futurice Corporation, 2018–,
Member of ERT European Round Table of Industrialists, 2013–,
Member, Global Tech Panel, an initiative of EU High Representative Federica Mogherini, 2018 Holdings: number of shares 59,978,359, holding 37.77%
Board member since 2003, Chairman of the Audit Committee Born 1957, B.Sc. (Electronics)
Currently an independent management consultant and professional board member Co-CEO, Member of the Executive Board, Computer 2000 AG, 1995–2000 Co-founder, Managing Director, Computer 2000 Finland Oy, 1983–1995 Has worked at international management levels with major IT vendors such as Cisco, IBM, Intel, HP, and Microsoft.
Chairman of the Board 2011–, Member of the Board 2008–, Efecte Corporation, Chairman of the Board 2017–, Member of the Board 2009–, Teleste Corporation Chairman of the Board, Mintly, 2017– Holdings: number of shares 56,114
Board member since 2013 Born 1976, M.Sc. (Eng.)
CEO, Benemen Oy 2019– Senior Executive Vice President, Global Operations and Partner, QuestBack AS, 2010–2018 Entrepreneur and CEO, Digium Ltd, 2007–2010 Head of Nokia-Cisco Systems Global Alliance, Nokia Corporation, 2004–2007 Entrepreneur and CEO, Triple Check Ltd, 2002–2004 Researcher, Aalto University, Finland, 2002–2004 Group Marketing Director, Business Unit Manager and Partner, Done Solutions Corp, 2000–2002 Entrepreneur and CEO, Identia Ltd, 1998–2000 Board memberships and public duties: Chairman of the Board, Benemen Oy, 2018
Board member of Mobile Wellness MWS Oy, 2017–2018
Holdings: number of shares 27,585
Board member since 2016 Born 1953, LL.M. (Taxation)
CEO, The Train Factory Oy, 2018– Executive in Residence, Aalto University, 2016– Ambassador to Finland, United States,
Founding and managing partner, Oreck, Bradley, Crighton, Adams & Chase, 2005–2009 Executive Vice-President and General Counsel, Oreck Corporation, 1993–2003
Member of the Board, U.S. Green Building Council (USGBC), 2016– Holdings: number of shares 12,143
Member of the Board since 2017 Born 1969, M. Sc. (Economics), M.Sc. (Social Sciences)
Currently an independent strategy advisor and professional board member, 2018– Managing Director, Group Technology, UBS, 2014–2018
Senior Vice President, Global Head of Digital Strategy, Adecco Group, 2011–2012 Head of IT, Credit Suisse, 2007–2009 Various leadership roles, Cisco Systems, 1998–2007
Various leadership roles, Nokia, 1990–1998 Current board memberships and public
Member of the Board, Alma Media Oyj, 2018– Member of the Board, Arantio Oy, 2018– Member of the Board, Efecte Oyj, 2018– Member of the Board, Konecranes Oyj, 2018– Member of the Strategy Advisory Board, UNOPS, 2018–
Holdings: number of shares 6,850
Member of the Board since 2018 Born 1982, B.Sc. (Computer Science) Main employment history: Director, Consumer BU Desktop R&D, F-Secure Oy, 2018– Senior Manager, Consumer BU R&D, F-Secure Oy, 2017–2018 Senior Manager & Service Lead, Labs, F-Secure Oy, 2015–2017 Manager & Service Owner, Labs, F-Secure Oy, 2010–2015 Malware Analyst & Shift Manager, Labs, F-Secure Oy, 2008–2010 Independent Contractor, PC Tools Pty. Ltd., 2006–2008 Threat Analyst, Trend Micro, Inc., 2003–2006
Chairman of the Board, Titas of Espoo Oy, 2018–
Holdings: number of shares 2,732
Board member since April 2017 until April 2018 Born 1974, B. Sc. (Computer Engineering), MBA
Chief Architect and Vice President of Architecture & Platforms, F-Secure, 2017– Chief Architect and Head of Technology Office, F-Secure, 2011–2017 Various research and development roles, F-Secure, 2008–2017 Information Security Specialist, TietoEnator, 2007–2008 Architect, Technical Product Manager and Software Developer, F-Secure, 1999–2007 Holdings: number of shares, 6,856
Board member since April 2017 until April 2018 Born 1978, Ms. Sc. (Computer Science)
Director, NTNU Center for Cyber and Information Security, 2015– Vice President, Head of Group Security, Telenor Group, 2014–2015 Executive Vice President, Chief Information Security Officer, DNB Bank, 2008–2013 Director, Symantec Norway, Consulting services, 2006–2008 Manager, National Security Authority, Norway, 2004–2006
Holdings: number of shares 2,830
Board Memberships:
Security Cluster (FISC), 2017–
Industries of Finland, 2016–
Member of the Board, Viria 2018– Holdings: number of shares 101,787
Chairman of the Board, Finnish Information
Member of the Board, Digitalist Plc, 2011–2018
Member of the Board, European Cyber Security Organization (ECSO), 2018– Member of the Board, Information Technology branch group, Technology
In this section are the biographies of all the members of the Leadership Team during 2018. Shareholdings are listed as of 31 December 2018 unless otherwise stated.
President and CEO Born 1973, MBA Member of the Leadership Team since 2009 Main employment history: President and CEO, F-Secure, 2016– Executive Vice President, Corporate Security, F-Secure, 2016 Executive Vice President, Consumer Security, F-Secure 2014–2016 Executive Vice President, Customer and Market Operations, F-Secure, 2012–2014 Vice President, Sales and Marketing, F-Secure, 2011–2012 Vice President, Sales and Geographical Operations, F-Secure, 2009–2011 Vice President, Mobile Business Unit, F-Secure, 2007–2009 Various leadership roles in sales and channel management, F-Secure, 2005–2007 Vice President, Sales, Valimo Wireless,
EVP, Enterprise & Channel Sales – as of 1 March 2018 Born 1970, M.Sc. (Econ.) Member of the Leadership Team since 2018 Main employment history: Executive Vice President, Enterprise & Channel Sales, F-Secure, 2018– Managing Director, Dustin Finland, 2015–2017 Vice President, Sales, McAfee/Intel Security, 2013–2015 Chief Operating Officer, Stonesoft, 2009–2013 Several senior leadership positions at large
technology companies including Siemens and Cisco systems.
Holdings: number of shares 2,639
2001–2005.
Executive Vice President, Consumer security Born 1965, M.Sc (Economics) Member of the Leadership Team since 2016 Main employment history:
Executive Vice President, Consumer security, F-Secure, 2016–
Director, Sales, Fujitsu Finland Oy , 2014–2015 CEO and partner, Miradore Oy, 2010–2014 CEO and partner, Concilio Networks Oy, 2006–2009
Various senior leadership roles, Hewlett-Packard, 1994–2006
Holdings: number of shares 19,684
Chief Marketing Officer Born 1971, M.Sc. (Communication), MBA Member of the Leadership Team since 2016 Main employment history: Chief Marketing Officer, F-Secure, 2018–
Executive Vice President, Corporate Security, F-Secure, 2016–2018 CEO and a member of the Board, MixRadio Ltd 2015–2016 Vice President, Entertainment Businesses, Microsoft Devices Group , Nokia Corporation,
2012–2015 Various of senior roles in marketing, sales, product development and general management, Nokia, 1996–2012 Holdings: number of shares 2,639
EVP Cyber Security Born 1971 Member of the Leadership Team since 2018 Main employment history: CEO, MWR InfoSecurity, 2003–2018 Holdings: number of shares 62,500
JARI STILL
Chief Information Officer Born 1965, B.Sc Member of the Leadership Team since 2012 Main employment history: Chief Information Officer, F-Secure, 2016–
Vice President, R&D Operations, F-Secure, 2012–2016
Head of Research and Development, Mobile Business Unit, F-Secure, 2000–2012 Co-founder and CEO, Modera Point Oy, 1991–2000
Various product development and management roles in Finnish telecommunication and software companies, 1987–1991
Member, Innovation Working Group, Technology Industries of Finland, 2018– Holdings: number of shares 120,341
Chief Technology Officer Born 1973, M.Sc. (Engineering), Officer's degree Member of the Leadership Team since 2016 Main employment history: Chief Technology Officer, F-Secure, 2016– Director, Strategic Threat Research, F-Secure, 2014–2016 CTO, Security, F-Secure, 2012–2014 Vice President, Labs, F-Secure, 2009–2012 Director of Security Research, F-Secure, 2008–2009 Various position, F-Secure, 2004–2008 Various positions, Finnish Defense Forces, 1998–2004 Holdings: number of shares 29,263
Chief Financial Officer Born 1968, M.Sc. (Econ.) Member of the Leadership Team since 2017 Main employment history:
CFO, KONE Corporation, 2013–2016 CFO, Vacon Corporation, 2009–2012 CFO, Oy Nautor Ab, 2008 Various senior finance leader roles, Nokia Networks and Nokia Siemens Networks, 1994–2007
Board memberships: Member of the Board, Valmet, 2017– Holdings: number of shares 52,639
Executive Vice President, Strategy and Corporate Development Born 1975, M.Sc. (Economics) Member of the Leadership Team since 2016
Executive Vice President, Cyber Security Products & Services, F-Secure, 2018– Executive Vice President, Strategy and Corporate Development, F-Secure, 2016–2018 Various leadership roles in product management, marketing, strategy and business development operations, F-Secure, 2007–2016 Head of Business Development, Suunto, 2005–2007 Holdings: number of shares 15,490
Executive Vice President, Human Resources and Office services – until September 2018
Executive Vice President, Cyber Security Services– until March 2018
F-Secure's general meeting of shareholders decides on the remuneration of the Board of Directors and members of board committees. Board of Directors' personnel committee prepares proposals on the Board of Directors remuneration. Based on the personnel committees proposal the Board of Directors proposes remuneration for the general meeting of shareholders.
F-Secure's general meeting of shareholders also decides on authorizations for the Board of Directors to issue shares or special rights entitling to shares or to repurchase F-Secure shares for remuneration and incentive purposes.
The annual general meeting of F-Secure on 4 April 2018 resolved on the Board of Directors' authorization to decide on repurchase of a maximum of 10,000,000 own shares of the company. The board is authorized to deviate from the proportional holdings of the shareholders (directed repurchase). The repurchased shares may be used on the Board of Directors' decision as part of the company's incentive scheme or otherwise further assigned. The authorization is proposed to be valid until next Annual General meeting however not longer than until June 30, 2019.
The annual general meeting of F-Secure on 4 April 2018 resolved on the Board of Directors' authorization to decide on the issuance of a maximum of 31,000,000 shares or special rights entitling to shares under Finnish Companies Act. The Board of Directors is authorized to deviate from the pre-emptive rights of shareholders (directed issue). The issuance of shares or special rights may be used on the Board of Directors' decision as part of the company's incentive scheme or for other purposes decided by the Board of Directors. The authorization is proposed to be valid until next Annual General meeting however not longer than until June 30, 2019.
Remuneration of the Board of Directors proposal to the company's annual general meeting is based on among other things benchmarking data reviewed on board compensation reviewed by the Personnel Committee. When reviewing benchmarking data and other market trends the Personnel Committee considers among other things the company's ability to attract and retain highly skilful members to the Board of Directors. For the purposes of further aligning the interests of members of the Board of Directors and the shareholders of the company a significant part of each board members' remuneration is paid in shares of the company.
Approximately 40% of the annual remuneration will be paid in F-Secure's shares. The company will purchase such shares under the name of each member of the Board of Directors directly from the Nasdaq Helsinki stock market where F-Secure shares are publicly traded. No additional meeting fees are paid to members of the Board of Directors. The company will pay any applicable asset transfer tax arising from remuneration paid in shares on board members' behalf.
For Members of the Board of Directors, changes in the holdings of the company shares and rewards paid in shares are reported according to the Market Abuse Regulation. Related stock exchange releases are available on the company web pages. Full ownership details are reported in connection with the biographical details of the members.
The Board of Directors nominates the Chief Executive Officer and decides on his/her remuneration and benefits. Mr. Samu Konttinen has acted as the Chief Executive Officer since 1 August 2016.
Compensation of the CEO and other members of the Leadership Team are decided by the Board of Directors. Personnel committee prepares materials and otherwise advises the Board of Directors on remuneration related matters. Changes to Leadership Team members' salaries are proposed by the CEO and changes to CEO's salary are proposed by the Personnel Committee. The compensation of the CEO and other members of the Leadership Team consists of base salary, benefits, short-term incentives and long-term incentives.
The CEO and other members of the Leadership Team are entitled to receive performance based rewards which are paid based on achievements in specific financial and operative criteria set by the Board of Directors . About half of the total compensation of the CEO and other members of the Leadership Team is paid as fixed monthly salary and the rest consists of short and long term incentives and fringe benefits.
F-Secure's compensation systems in general are based on rewarding for performance and competencies. Compensation is designed to be competitive compared to relevant reference markets, increase commitment and work engagement and
| Position | Remuneration Paid in Cash |
Remuneration Paid in Shares |
Total |
|---|---|---|---|
| Chairman of the Board | 48,000 EUR | 32,000 EUR | 80,000 EUR |
| Committee Chairmen | 28,800 EUR | 19,200 EUR | 48,000 EUR |
| Members of the Board | 22,800 EUR | 15,200 EUR | 38,000 EUR |
| Member belonging to the personnel of the Company |
7,600 EUR | 5,067 EUR | 12,667 EUR |
be consistent across the organization. F-Secure aims to pay at least market level base salaries to attract and retain talent.
F-Secure's Short-term incentives are intended to share company's success with employees and increase commitment to company performance. Long-term incentives are a part of F-Secure's key employee incentive and retention program to is to support company´s strategy by aligning the interests of the shareholders and the key employees and to recognize and reward selected employees for strong performance and of future potential for F-Secure. Employee benefit plans are at least on market practice levels to attract talent and increase employee wellbeing.
The fixed remuneration on the CEO and other members of the Leadership Team consists of base salary and fringe benefits. The CEO and other members of the Leadership Team do not receive any additional compensation for their work in the Leadership Team or for acting in other decision making bodies of the Corporation.
Base salary is the core part of the fixed remuneration for the CEO and other members of the Leadership Team. The payments to CEO and other members of the Leadership team are done with the same monthly schedule as for other employees.
CEO and other members of the Leadership team have same taxable (car, mobile phone and lunch benefit) and non-taxable fringe benefits which the company offers to its employees.
Pension accumulation and retirement age of the CEO and other members of the Leadership Team are determined by the terms of the applicable law in each country. Pension payment for the
CEO and the Leadership Team members in Finland is based on the Finnish Pension Act (TEL).
The period of termination notice for the CEO is six (6) months on CEO's and on the Company's side. Possible termination of CEO's contract does not include any other compensation.
The variable compensation of the CEO and other members of the Leadership Team consists of short term incentives and long term incentive programs. The Board of Directors decides on the terms and conditions, the earning criteria and the payment of the rewards from the plans.
The target reward for the CEO is 50% of his annual base salary and 30% for the other members of the Leadership Team. The maximum reward from the short term incentive program for the CEO is 100% of his annual base salary. The maximum reward for other Leadership Team members is 60% of their annual base salary.
F-Secure has currently a Share based Incentive Program 2017–2019 with two active earning periods 2017–2019 and 2018–2020.
The target reward from the current active LTI programs for the CEO is 100% of his annual base salary and 75% for the other members of the Leadership Team. The CEO is a participant in the 2017–2019 and 2018–2020 earning periods.
F-Secure Corporation has a share based incentive program for 2017–2019 in force for its key employees. Participants in the program may earn shares of F-Secure Corporation based on Corporation level business targets set by the Board of Directors separately for each three year earning period.
The share based incentive program 2017–2019 was established in February 2017. The total duration of the program is five years and it comprises of three annually (1st Jan 2017, 1st Jan 2018 and 1st Jan 2019) commencing earning periods each lasting three years. Program ends 31st December 2021.
The possible gross rewards from the programs are paid as 50% in shares and 50% in cash to cover taxes. The rewards are paid using company's own shares. The maximum total reward of the entire program is 10,000,000 shares. Possible payments based on the program are done separately for each earning period after each earning period ends. Payments are based on performance against a revenue target set by the Board of Directors.
There are no restrictions set for the shares received from the share based incentive programs. The participants in sharebased incentive programs are recommended hold at least 50% of the received shares and to cumulate the shares from the incentive programs until the value of the shares received from
the share programs equals the annual gross base salary of the employee.
The Board of Directors has decided to introduce a matching share plan for F-Secure personnel. Purpose of the program is to incentivize personnel to become shareholders in the company and increase their commitment as well as reward them through the potential increase of share value.
Participation was offered for all employees to take part in the retention period 2018–2020. Participation was voluntary, and every participant was eligible to acquire shares worth a maximum of 10 000 euros.
F-Secure will give participants one extra share (gross) for each two shares acquired through the plan in spring 2020. Dividends paid to the invested shares during the retention period will be reinvested in shares, thus, entitling the participants to additional matching shares.
Some members of the Leadership Team (and Christine Bejerasco as the member of the Board of Directors and the CEO) have chosen to participate this incentive program.
| Position | Number of Shares |
|---|---|
| CEO and President | 2,639 |
| Other Leadership Team members in total | 15,834 |
| Christine Bejerasco (Board Member belonging to the |
|
| personnel of the Company) | 792 |
| Position | Fixed payments | Benefits | Short term incen- tives and bonuses |
Long-Term incen- tives |
Total |
|---|---|---|---|---|---|
| CEO and President Konttinen Samu | 294,000 EUR | 240 EUR | 196,431 EUR | 125,690 EUR | 616,361 EUR |
| Other Leadership Team members in total* | 1,388,111 EUR | 97,112 EUR | 479,573 EUR | 529,083 EUR | 2,493,879 EUR |
| Total | 1,682,111 EUR | 97,352 EUR | 676,004 EUR | 654,773 EUR | 3,110,240 EUR |
| Position | Reward paid in Cash | Reward paid as shares |
Total |
|---|---|---|---|
| Siilasmaa Risto | 48,003 EUR | 31,997 EUR | 80,000 EUR |
| Ervi Pertti | 28,801 EUR | 19,199 EUR | 48,000 EUR |
| Heikkonen Matti | 22,801 EUR | 15,199 EUR | 38,000 EUR |
| Oreck Bruce | 22,801 EUR | 15,199 EUR | 38,000 EUR |
| Rekonen Päivi | 22,801 EUR | 15,199 EUR | 38,000 EUR |
| Bejerasco Christine | 7,601 EUR | 5,066 EUR | 12,667 EUR |
| Total | 170,808 EUR | 101,859 EUR | 254,667 EUR |
According to the Market Abuse Regulation (MAR) stock exchange releases are published of all share transactions of the CEO and other members of the Leadership Team, including all
rewards paid to them as F-Secure financial instruments. Stock exchange releases are available on the Company web-pages. The total amounts of company shares held by the Board of
Directors and the Leadership Team members is published in the Corporate Governance Statement.
The main goal of F-Secure's investor communications is to make available correct, up-to-date information about F-Secure and its operations – impartially and simultaneously to all interest groups.
All published investor information including annual reports, interim reports, as well as stock exchange and press releases are available on the Group's website www.f-secure.com/ investors.
Subscriptions for the emailing list for stock exchange releases can be made by sending your contact details to [email protected].
F-Secure publishes a financial statement release, a half year report and two interim reports during 2019 and arranges news conferences for media and analysts at the time of publishing of the quarterly reports. F-Secure observes a three-week silent period before the publishing of each quarterly report. During this time, F-Secure neither arranges meetings nor phone conferences with investors or analysts.
The Annual General Meeting of F-Secure Corporation is scheduled to be held on Tuesday, 19 March 2019. More information on how to attend as well as the documents for the meeting are available on the Group's webpage www.f-secure.com/agm.
Q1 Interim Report 8 May Q2 Half year report 19 July Q3 Interim Report 30 October
Listing since (1999) NASDAQ OMX Helsinki Ltd. Trading symbol FSC1V Number of shares 158,798,739
For any inquiries on F-Secure as an investment target, please contact:
Tapio Pesola, Investor Relations Manager [email protected] +358 44 3734693
F-Secure Corporation Corporate Headquarters Tammasaarenkatu 7 P.O. Box 24 00181 Helsinki, Finland Tel. +358 9 2520 0700 www.f-secure.com
F-Secure 2018 Board of Directors' Report Financial statements Sustainability Corporate Governance
F-Secure Corporation Tammasaarenkatu 7 P.O. Box 24, 00181 Helsinki Tel. +358 9 2520 0700 [email protected] www.f-secure.com
Building tools?
Free accounts include 100 API calls/year for testing.
Have a question? We'll get back to you promptly.