Governance Information • Mar 21, 2016
Governance Information
Open in ViewerOpens in native device viewer
CORPORATE GOVERNANCE STATEMENT
FEBRUARY 21st, 2016
SSH Communications Security Group comprises of SSH Communications Security Corporation ("SSH") and its subsidiaries. SSH is registered in Helsinki, Finland and is a publicly listed company in NASDAQ OMX (SSHV01). Its subsidiaries are SSH Communications Security, Inc. (USA), SSH Government Solutions, Inc. (USA), SSH Communications Security Limited (HK), Kyberleijona Ltd. (former SSH Solutions, FIN) and SSH Operations Ltd. (FIN) which has a branch in Germany. In addition, SSH Communications Security K.K (Japan) and SSH Technology Ltd. (FIN) were established in 2015. SSH also owns 50% of the shares in SSH ROkITT Services and Solutions Ltd.
SSH abides by its Articles of Association as well as principles of transparent and responsible corporate governance, and high ethical standards in its governance and decision-making. The company complies with the Finnish Limited Liability Companies Act and securities market legislation and Finnish Corporate Governance Code 2015 adopted by the Securities Market Association. The Code is available at www.cgfinland.fi.
The Corporate Governance Statement of SSH is published as a separate report from the Report of the Board of Directors at SSH's website www.ssh.com.
SSH implements a one-tier governance model, where the management of the SSH Group is a responsibility of the General Meeting of shareholders, the Board of Directors, and the CEO. Duties are defined by the Finnish Limited Liability Companies Act and company´s Articles of Association.
The General Meeting is where shareholders exercise their voting rights and is SSH Communications Security's highest decision-making body taking decisions on matters falling within its competence by virtue of the Limited Liability Companies Act and the Articles of Association.
The Annual General Meeting (AGM) elects the Board of Directors, which in turn appoints the CEO. The Board of Directors and CEO are responsible for the management of the Group. The Executive Management Team and other management personnel assist the CEO in his duties. The Board of Directors decides on the Group's administrative systems and ensures compliance with good governance principles.
The Annual General Meeting is held within six months of the completion of the company's fiscal year, at a time decided by the Board. The AGM decides on matters as required in the provisions of the Limited Liability Companies Act and Articles of Association, such as adoption of the year-end financial statements, profit distribution, and the granting of discharge from liability to the members of the Board of Directors and to the CEO. The AGM also elects the members of the Board of Directors and the auditors and decides their remuneration. Extraordinary general meeting can be called
as defined in Limited Liability Companies Act. Each SSH share conveys one vote at the shareholder's meeting.
In accordance with the company's Articles of Association, the Annual General Meeting appoints three to eight members to the Board of Directors. Their term of office ends with the closing of the next Annual General Meeting following their appointment. The Board has a quorum when more than half of its members are present. The company's Articles of Association do not restrict the members' terms in office or present any specific selection criteria for the members. The Board elects a chairperson from among its members.
The Board of Directors handles the company's administration and the appropriate arrangement of its operations. The Board also ensures that the supervision of the bookkeeping and asset management is appropriate. The Board's task is to steer the company's operations in a manner that will add the greatest possible value to the company's invested capital over the long term.
The Board of Directors has confirmed a written charter for its duties, the matters it deals with, meeting practice and the decision-making procedure. In accordance with the charter, the Board deals with and makes decisions on all matters that are financially, operationally or fundamentally significant to the Group. Charter of the Board can be found at: http://www.ssh.com/about/board-ofdirectors
The Board appoints and dismisses CEO, supervises his or her actions, and decides on his or her remuneration and other terms and conditions of service. The Board also approves the Group's strategy, operating principles and guiding values, and ensures that they are up to-date and correctly implemented. The Board also ensures that the Group has a functional system of internal controls and that the Group's risk management principles have been defined. It also ensures that key business risks have been identified and are being systematically monitored. The Board approves the operational guidelines and annual plan for the internal audit, and also assesses its effectiveness.
SSH Board of Directors convened 18 times in 2015. The attendance rate of Board members was: Syrjälä 100%, Hautamäki 94%, Manner 100% and Ylönen 100%.
The Board evaluates its operations and processes to increase efficiency and quality. An internal selfevaluation is conducted once a year.
Due to the relatively small size of the company and number of Board Members currently, SSH Communications Security has no separate Committees of the Board.
The Annual General Meeting held on 25 March 2015 elected Päivi Hautamäki, Timo Syrjälä, Tatu Ylönen and Jukka Manner (new member) as members of the company's Board of Directors. In the
organizing meeting of the Board of Directors, Timo Syrjälä was elected as the Chairman of the Board of Directors.
Currently, a majority of the Board members are considered independent of the company. Päivi Hautamäki, Jukka Manner and Timo Syrjälä are deemed to be an independent Board member. Nonindependent Board member is Tatu Ylönen. Tatu Ylönen is CEO of Company starting 18.2.2016 and the largest shareholder who owns directly and through his holdings about 55.5 percent of SSH Communications Security shares. The company's CFO acts as secretary to the Board.
Timo Syrjälä, born 1958, M.Sc. (Economics) Chairman of the Board
Timo Syrjälä has more than 30 years of experience in capital markets and has spent the last 10 years as a private investor and a non-executive director in several firms. Prior to joining the Board of SSH Communications Security, he served on the Boards of several leading technology firms including Stonesoft and Efore. Earlier in his career, Timo held executive and managerial positions in management consulting, asset management and investment banking in Finland.
Timo has a Master of Science degree from Aalto University.
Timo Syrjälä owns 835.011 shares and 1.261.720 nominee reg. shares (holdings of interest parties included).
Tatu Ylönen, born 1968, Lic.Sc (Tech) Board member Major shareholder, CEO from 18.2.2016
While working as a researcher at Helsinki University of Technology, Tatu Ylönen began working on a solution to combat a password-sniffing attack that targeted the university's networks. What resulted was the development of the Secure Shell (SSH), a security technology that would quickly replace vulnerable rlogin, TELNET and rsh protocols as the gold-standard for data-in-transit security.
Tatu has authored several IETF standards and NIST IR 7966, and is the inventor in 30+ US and international patents, including several essential patents on major telecommunications standards. During 2015, Tatu has held various executive roles and is also a Board Member at the company. Tatu returned to CEO position on 18.2.2016.
Tatu holds a Licentiate of Science degree from Aalto University.
Tatu Ylönen owns 17.411.637 SSH shares (holdings of interest parties included).
Päivi Hautamäki, born 1964, Master of Law, LLM Board member General Counsel at Eltel Group
Päivi Hautamäki has extensive experience of more than 15 years in energy, IT and industry field. She is the General Counsel at Eltel Group. Prior to joining the company in 2012, she was the General Counsel at F-Secure Corporation, an anti-virus and computer security and computer software company, the Legal Counsel at Fortum Oyj, a Finnish energy company, and the General Counsel at Winwind Ltd, a wind turbine manufacturer. She is also a member of the IPR committee of the Board of Central Chamber of Commerce in Finland and a Member of the Board of Finnish Industrial Lawyers.
Päivi has a Master of Law degree from Helsinki University.
Päivi Hautamäki does not own any SSH shares.
Jukka Manner, born , Ph.D. (Computer Science) Boar Member Professor of Networking Technology, Aalto University
Jukka Manner has more than 15 years of experience in networking, software engineering and distributed systems. He has contributed to standardization of Internet technologies in the Internet Engineering Task Force (IETF) since 1999. He has been principal investigator and project manager for over 25 national and international research projects and has authored over 100 publications, including eleven IETF standards. Prior to joining the Board of SSH Communications Security, he served on the Board of Stonesoft. He has been nominated by Tietoviikko magazine among the 100 most influential people in ICT in Finland yearly since 2010.
Jukka Manner own 12.000 SSH shares.
The SSH Communications Security Board of Directors appoints the CEO and decides the terms of his or her service contract. The CEO is in charge of the company's operative management in accordance with the Finnish Companies Act and the instructions and authority provided by the Board of Directors. The Company's CEO until 18.2.2016 was Harri Koponen and currently Tatu Ylönen. The CEO's retirement age and determination of pension comply with standard rules under the Employees' Pension Act. The period of notice for the CEO is three months. There is no separate severance payment agreed. CEO and Board of Directors may agree on CEO´s annual bonus scheme. Currently no bonus scheme is agreed.
The Executive Management Team supports the CEO in managing and developing SSH Communications Security Group, and the members of the Executive Management Team report to the CEO. The Executive Management Team meets regularly and the CEO chairs the meetings. All issues addressed in the meetings and related decisions are recorded in the meeting minutes.
Harri Koponen, born 1962, Ph.D. h.c. (Economics), eMBA Chief Executive Officer until 18.2.2016
Harri brings extensive experience from the technology sector to SSH Communications Security together with strong skills in operations, sales, and in leading companies and organizations.
Prior to joining the company, Harri was the CEO of NPTV, a cloud-based interactive TV software company, board member at Stonesoft (a security software company that was acquired by McAfee), and prior to that the COO of Rovio Entertainment, creating the global merchandising and licensing business of their Angry Birds brand.
Harri has a vast global network in industry and government having been President and CEO of three major telecommunications companies, Sonera (Finland), Wataniya (Kuwait), and Tele2 (Sweden). He has also lived in the United States for several years serving as Managing Director of Sony Ericsson (North and Central America) and Head of Ericsson Consumer Products Division for North America. Prior to that, he worked as the global account executive for AirTouch, Vodafone, and Sonera at Ericsson, and in the early 1990s ran HP's telecom global sales for Sonera.
Harri holds an eMBA from the University of Helsinki and has Ph.D. h.c. (Economics) from the University of Jyväskylä.
Harri owns 300.000 stock options.
Tatu Ylönen, born 1968, Lic.Sc (Tech) Chief Operating Officer, CEO from 18.2.2016
For more info on Tatu, please see above under "BOARD OF DIRECTORS – MEMBERS"
Jyrki Lalla, born 1964, M.Sc (Economics) Chief Financial Officer
Jyrki is responsible for financial management, treasury, human resources, corporate development and corporate governance. He also acts as secretary to the board of directors.
Prior to joining the company in February 2012, Jyrki held several senior financial management positions at Nokia Corporation and Nokia Siemens Networks in Finland, Italy, Great Britain and Germany.
Jyrki has headed finance and control for global software and service businesses in Europe, Middle-East and Africa. He has gained extensive experience in ramping up international operations in high growth organizations with specific responsibilities for functional areas such as acquisitions, divestments, outsourcing and mergers.
Jyrki has a Master of Science degree from Turku School of Economics and Business Administration, Finland and further studies in finance from Hanken School of Economics and IMD.
Owns 149.500 SSH shares (no holdings of interest parties) and 100.500 stock options.
Matthew McKenna, born 1973, MBA Chief Commercial Officer
Matthew brings over 10 years of high technology sales, marketing and management experience to SSH Communications Security and is responsible for all revenue-generating operations. His expertise in strategically delivering technology solutions that anticipate the marketplace has helped the company become a market leader.
Prior to joining the company, Matthew served as a member of the executive management team of Automaster Oyj which was successfully acquired by ADP Dealer Services Nordic. Before this, Matthew played professional soccer in Germany and Finland.
Matthew holds a BA in German from the University of South Carolina and an MBA from the Helsinki School of Economics and Business Administration.
Matthew McKenna owns 7.000 SSH shares (holdings of interest parties included) and 351.000 stock options.
Markku Rossi, born 1970, M.Sc (Computer Science) Chief Technology Officer
Throughout his close to 25 years of software engineering and software architecture career, Markku has led development teams and architecture design work in several companies. Along with prior SSH experience, he brings his vast background in software, security protocol and database technologies to the company's service. Markku has a Master of Science in Computer Science from the Helsinki University of Technology.
Markku owns 50.000 stock options.
Kalle Jääskeläinen, Born 1977, Bachelor of Science, in management team from 25.2.2016 VP, Enterprise Key Management
Kalle has over fifteen years of experience in information security services, R&D, and product management. As the VP, Enterprise Key Management, Kalle is responsible for delivering customer-driven and high performance security solutions and services that protect our customers' critical data and infrastructures. Kalle's combination of extensive customer-facing experience and technical background is ideal for understanding the market and customers' challenges, and how those can be resolved in enterprise environments.
Kalle received his Bachelor of Science from the Vantaa Institute of Technology, Finland where he specialized in Telecommunication and Computer networks. Kalle carries a CISSP certification.
Kalle Jääskeläinen owns 10.000 stocks and 267.000 stock options
Petri Helenius, born 1970, from 25.2.2016 VP, Network Protection
Petri has over 20 years of software engineering experience in networking technologies. At SSH Communications Security, he is responsible for the development of our next generation critical infrastructure protection firewall. While engineer by heart, Petri has also successfully managed businesses – for example, at ROMmon, he guided the company from founding to acquisition. He has worked closely with companies such as Cisco Systems and Juniper Networks, and enjoys pushing emerging technologies into the mainstream.
Petri has held various positions at EUnet, Santa Monica Software, KPNQwest and F-Secure. He is a member of the board and investor in sustainable urban planning startup Skenariolabs.
Petri Helenius owns 90.000 stock options.
Ed Jackowiak, born 1963, from 25.2.2016 VP, North America Operations and Sales
Ed is responsible for sales and operations for the Americas. He has a long and distinguished career in information security with a successful track record of revenue growth and executive leadership. Most recently, Ed was the Executive Vice President of Sales at Aurionpro Solutions, a 130M USD company. Prior to Aurionpro, Ed was the key driver in the successful sales of Vordel to Axway and Bridgestream to Oracle. Ed has also held various executive roles at Kavado, Netegrity, and Segue Software.
Ed has built out an extensive partnership network with major consulting and implementation firms (such as Deloitte and Accenture) and worked closely with many IAM technology vendors (such as ForgeRock, Ping, and Sailpoint).
Ed holds a Bachelor of Science degree (Finance, Management, Administration) from Indiana University, Bloomington, IN and he owns 125.000 stock options.
The shareholders' meeting confirms annually in advance the emoluments payable to the members of the Board of Directors. The Board of Directors confirms the salary and other benefits of the CEO, and also determines the salaries and benefits payable to senior management.
Forms of remuneration for SSH Communications Security's senior management and CEO involve a performance-related bonus. The company has no other remuneration practices, nor does it have any differing pension arrangements for the CEO or other senior management. The targets for the company's senior management are fixed for the target period at a time.
New stock option plan has been issued in 2015. In accordance with the authorization from the Annual General Meeting, the Board of Directors decided on February 5, 2015 on an option plan I/2015 of maximum 2.000.000 options, each of which entitles to subscribe one share at a price of EUR 3,45. Stock option plans are explained in more detail in the consolidated financial statement.
Remunerations to the Board of Directors during 2015:
The CEO's salary and other benefits in 2015 were EUR 276.032.
The number of shares and stock options held by the members of the Board of Directors, CEO and members of the Executive Management Team are included in their personal profiles above.
SSH Communications Security observes NASDAQ OMX Helsinki Ltd's insider guidelines. The company maintains its insider register using Euroclear Finland Oy's Sire system.
Insiders subject to disclosure requirements are the members of SSH Communications Security's Board of Directors, the CEO, and the chief auditor of the accounting firm. The company also defines the members of SSH Communications Security's Executive Management Team as insiders subject to disclosure requirements. The share ownership of all insiders subject to disclosure requirements has been made public.
SSH Communications Security also maintains permanent company-specific registers of people who regularly receive inside information due to their position or duties. Their share ownership has not been made public. When necessary, registers of project-specific insiders are also kept.
SSH Communications Security follows a silent period starting 30 days before the publication of its financial reports, during which company refrains from contact with representatives of the capital markets and financial media.
Silent periods during the financial year 2016:
• 20 September - 20 October
Insiders belonging to the public or company specific insider register are not allowed to trade in securities issued by the company during silent period prior to the announcement of an interim report and the financial statement bulletin (closed window) and 6 hours after the announcement of the results.
Internal control seeks to ensure that the Group's operations are efficient and profitable, that reporting is reliable, and that the Group's operating principles and applicable legislation and regulations are observed.
The Board of Directors is responsible for ensuring that the Group's internal controls and risk management are adequate and appropriately organized for the company's business operations. The Board supervises the CEO to ensure that he or she handles the company's business operations and administration in accordance with the guidelines and instructions issued by the Board of Directors. In order to ensure adequate risk management, the Board of Directors discusses the Group's business and financial reports, as well as any substantial changes that have occurred in the company's business. The Board also assesses the adequacy and appropriateness of internal controls and risk management.
The CEO is responsible for the practical organization of internal controls. Among other duties, he or she ensures that the company's accounting practices comply with the law and is handled in a reliable manner. The Group's directors and managers are responsible for internal controls within their own areas of responsibility.
Company evaluates and monitors transactions concluded between the company and its related parties to ensure that any conflicts of interest are taken into account appropriately in the decisionmaking process. Company keeps a list of parties that are related to the company.
All material decisions related to any agreements with related parties or any other related party transactions are made by the Board of Directors. Decision-making procedure for related party transactions is based on careful preparatory work and appropriate reports, opinions and assessments taking into account all relevant disqualification provisions under the applicable laws and corporate governance rules. Related party transactions are identified, reported, and controlled by the impartial board members and CFO, who monitors and reports the company's related party transactions in accordance with the company's reporting practices.
Related party will not participate in making decisions related to any agreement between him/her and the company, or related to any matter that concerns an agreement between the company and a third party, where the related party is likely to have an essential interest in the matter.
Risk management aims to ensure that company´s strategic and operational targets are reached and operations safeguarded.
Our risk management is based on the risk management policy approved by the Board of Directors. We define a risk as an external or internal uncertainty factor that, if realised, would either positively or negatively affect our potential to achieve our strategic and financial targets.
We seek to forecast, identify, evaluate and control significant strategic, operative, financial and accident risks. The Board of Directors defines the Group's risk appetite and risk tolerance through its decisions and monitors the sufficiency and effectiveness of the Group's risk management.
The CEO is responsible for the implementation of risk management. The CFO holds primarily responsibility for managing financial risks and coordinates the implementation of risk management processes, and reports risks to the CEO, the Executive Management Team and the Board of Directors. The Executive Management Team members are responsible for executing the risk management policy in their own areas. General Counsel is responsible for contractual and legal risk management and reports risks to the CEO and CFO. Every employee is responsible for identifying any risks relating to their own work and bringing them to the attention of their supervisor.
Largest risks that might impact the profitability of the company have remained by and large the same than in previous reporting period and are listed below. Other risks, which are currently either unknown or considered immaterial to SSH Communications Security may, however, become material in the future.
ability of the organization to scale up operations with the growth
large portion of the company revenue is invoiced in USD currency so possible large fluctuation in USD currency rates during 2016 could have unpredictable effects for profitability that are at the time difficult to estimate. Currently USD currency position is not hedged, and company decides hedging of USD based contracts case by case.
Utilization of the company´s patent portfolio may have significant positive and/or negative impacts.
Principles and organization of risk management of SSH Communications Security can be read from company´s webpage: www.ssh.com.
Because of the relatively small size of the company, SSH Communications Security has no separate internal audit organization. The continuous monitoring by the auditors in conjunction with the interim reports also aims to assess and develop the effectiveness of risk management, monitoring and administration processes, and to support the Board with its monitoring responsibility.
SSH Communications Security has one auditor, which must be a firm of authorized public accountants approved by Finland's Central Chamber of Commerce. The Annual General Meeting elects the auditor for a term of office that runs until the end of the following Annual General Meeting.
The scope of the audit encompasses the Group's accounting, administration, Financial Statements and Board of Directors' Report for each accounting period. The Auditor makes regular reports to the Board of Directors and submits an Auditors' Report to the Annual General Meeting. The Auditors' Report contains a statement as to whether the Financial Statements and the Board of Directors' Report give a true and fair view, as defined in the rules governing financial reporting, of the Group's operative result and financial position, and as to whether the information contained in the Board of Directors' Report is consistent with the Financial Statements. The auditor's fee is paid annually on the basis of an invoice, in accordance with the Annual General Meeting's decision.
SSH Communications Security's auditor is KPMG with Kirsi Jantunen as principal auditor.
In 2015, the auditor's fees were: Auditing EUR 24.450 (KPMG), other EUR 11.093 (KPMG). Tax consultancy EUR 3.275 (KPMG). Other services EUR 8.226
SSH Communications Security Group's parent company, SSH Communications Security Corporation, is domiciled in Helsinki, Finland, and its share is listed on NASDAQ OMX Helsinki. In its communications SSH Communications Security observes Finnish and EU legislation, the rules of NASDAQ OMX Helsinki Ltd, the regulations of the Finnish Financial Supervisory Authority, as well as the principles set out in the Company's Corporate Governance Statement. SSH Communications Security's communications are based on facts and objectivity, and guided by the general principles of trustworthiness, openness and timeliness.
Building tools?
Free accounts include 100 API calls/year for testing.
Have a question? We'll get back to you promptly.