Aspo Oyj — Governance Information 2010

Mar 29, 2010

Corporate Governance Statement 2009

Aspo's decision-making and administration comply with the Finnish Companies Act, securities market legislation, other regulations concerning public limited companies, Aspo Plc's Articles of Association, and the rules and regulations of NASDAQ OMX Helsinki Ltd. As of January 1, 2009, Aspo follows the Finnish Corporate Governance Code for listed companies that was issued by the Securities Market Association on October 20, 2008. The document is available on the Securities Market Association's website www.cgfinland.fi.

In addition to this statement, the Aspo Plc Board of Directors has given a separate Report of the Board of Directors regarding the 2009 operations.

Board of Directors

Aspo Plc's Board of Directors had six members in 2009. According to the Articles of Association, the Board of Directors comprises no fewer than five and no more than eight members. The number of members of the Board is determined at the shareholders' meeting, where its members are also elected. The members of the Board of Directors elect a chairman and a vice chairman from amongst themselves.

The Board has not set up committees in view of the scope of the company's business operations. Aspo Plc's Board deems it most effective to work as an entity; consequently the entire Board of Directors handles the tasks assigned to the committees. Thus, the Board of Directors also handles the tasks assigned to the auditing committee. The Board of Directors evaluates the validity of this procedure on regular basis.

The duties and responsibilities of the Board of Directors are set out in the Articles of Association, the Finnish Companies Act and other applicable legislation. Aspo Plc's Board of Directors has confirmed written standing orders, which state that the matters to be handled by the Board include, but are not limited to:

• Group strategic policies and divisional strategies
• Group structure
• matters to be presented to Shareholders' Meetings
• interim reports and consolidated financial statements
• Group business plans, budgets and investments
• expanding and scaling back operations, acquisitions/divestitures of companies or operations
• Group risk management, insurance and financial policies
• Group environmental policy
• management remuneration and incentive systems
• appointment of the CEO

As the company does not have an Audit Committee, the tasks of the Board also include:

• monitoring the economic and financial situation of the Aspo Group
• monitoring the financial statement reporting process
• supervising the financial reporting process

• monitoring the effectiveness of internal control and risk management systems

• monitoring the statutory audit of the financial statements and consolidated financial statements

• assessing the independence of the audit firm
• preparing the decision on the election of the auditor

In 2009, the Board of Directors held 13 meetings, four of which were teleconferences. Average attendance was 99%.

Board Members

Gustav Nyberg

born 1956, Chairman; not independent of the company, independent of its major shareholders B.Sc. (Econ.), eMBA Full-time chairman of the Board since 2009, member of the Board since 2008

Matti Arteva

born 1945, Vice Chairman; independent of the company and its major shareholders Engineer Vice Chairman of the Board since 2000, member of the Board since 1999

Esa Karppinen

born 1952, independent of the company and its major shareholders LL.M. President and CEO, Berling Capital Oy, 1986– Member of the Board since 2005

Roberto Lencioni

born 1961, independent of the company and its major shareholders LL.B. Managing Director, Oy Gard (Baltic) Ab, 2003– Member of the Board since 1999

Kristina Pentti-von Walzel

born 1978, independent of the company and its major shareholders M.Sc. (Econ.), B.Sc. (Pol. Sc.) Campaign Director/Fundraising, HANKEN School of Economics, 2008– Member of the Board since 2009

Chief Executive Officer

Aki Ojanen, born 1961, eMBA, has been the Chief Executive Officer as from January 1, 2009. The The Board of Directors appoints the CEO of Aspo Plc. The CEO is responsible for the management and development of the Group's business in accordance with the instructions of the Board of Directors. The CEO is responsible for the Group administration in accordance with the instructions of the Board of Directors. The CEO is also responsible for the company accounting to comply with the applicable legislation and the reliable arrangement of the company finances. He

also serves as the chairman of the Boards of Group companies and acts as the operational supervisor of the presidents of Group companies.

The CEO is assisted by the Group Executive Committee and the Group's extended executive committee comprising the members of the Group Executive Committee as well as the presidents of the businesses and persons in charge of IT administration and communications.

Internal control, financial reporting, internal auditing, risk management

Internal control

Internal control in Aspo contains inbuilt controls in business processes, the management system in the Group and extensive economic reporting that covers the whole Group. Internal control is an essential part of risk, operational and company management.

The target of internal control is achieving sufficient reliability with regard to the following issues:

• profitability and efficiency of operations
• reliability and integrity of economic and operative information
• compliance with legislation, regulations and contracts
• securing assets

The Board of Directors and the CEO are responsible for arranging the control both in the Group and the business units. The CEO is responsible to the Board of Directors, and the Board to the shareholders. The chain of responsibility goes through the whole organization and every member of the personnel is liable for the control of his/her area of responsibility to the superior. The controller of each Group company is responsible for ensuring the compliance with legislation and the Group's policies and procedures. The controllers report to the business unit management and to the Group CFO. The CFO reports the findings to the CEO and the Board of Directors. The internal control function assists the Aspo Group executives in monitoring. The target is to give the Board of Directors sufficient confidence concerning the validity of the internal control.

Financial reporting

The control of the financial reporting is based on monitoring the business processes. The information for financial reporting is created as business processes progress. The responsibility for correct information is shared by all participants in the process. The financial reporting process is decentralized.

The financial statements of the Group are compiled according to the IFRS standards, those of the parent company and Finnish subsidiaries according to the FAS standards. Each separate company complies with the legislature of the country where it is located, but reports based on the internal accounting regulations by Aspo. Separate companies may have their own accounting framework, but all information is consolidated on basis of common framework to the business area level, where their reliability is assessed. The information is then forwarded to the Group level where the financial reports are consolidated, verified, and assessed on monthly basis. At each phase the unit responsible for the quality and generation of information will assess its reliability. The Group level inspection and balancing mechanisms are used on both monthly and quarterly basis.

The systems required for financial reporting are decentralized and used according to the principles of internal control of the Aspo Group. Achieving the set targets is followed on monthly basis with the reporting system. In addition to actual and comparison figures, it provides up-to-date forecasts. The reports are provided to the Aspo Board of Directors monthly. The Board of Directors assess

the Group's position and future based on the provided information. The Board of Directors is responsible for the contents and publication of the financial statement.

In 2009, the reporting systems have been updated and partly integrated in order to improve the level of internal control.

Besides the internal control, the reliability of reporting and processes are assessed by an independent, external audit corporation.

Internal Auditing

The purpose of internal auditing is to support evaluation and confirmation of the Group to verify efficiency of risk management, control, leadership and administration. Internal auditing assists the Board of Directors and organization in achieving the Group targets and in ensuring and developing the control system.

The Board of Directors approves the principles of internal auditing as part of internal control. The Group CFO is responsible for the internal auditing, and reports the findings to the CEO and the Board of Directors. Internal audit is organized corresponding to the size of the Group. Externally purchased services with special skills will be used for demanding assessments. The target is to accomplish two or three risk-based audits annually. The audits are based on risk assessment as defined in the risk analyses of individual business units. The objects of the assessment and auditing process are profitability and efficiency of activities, reliability of financial and activity reporting, compliance issues and securing the assets.

Risk Management

The target of risk management is to ensure the fulfilment of Group strategy, development of financial result, shareholder value, dividend payment capability and business continuity. The business unit management has the responsibility for risk management. The business unit management defines the necessary actions, ensures their realization and evaluates the actions as a part of their normal operations guidance. The Group CFO coordinates the risk management and reports to the Group CEO.

Each business area has a separate risk management program and a corresponding business continuity plan. Business risks and their management are dealt with in the executive teams of the business units. The functions common to the whole Group will attend that sufficient risk assessment and reporting procedures are incorporated into the processes they are responsible for. For certain risks, the risk management principles and key contents are defined in Group level policies and instructions. The Group management is responsible for the Group level insurance policies.

The risk management is essentially based on the aforementioned procedures of internal controls, where the chain of responsibility is extended throughout the Group. The most important factors in business risk management are a profound understanding of the business and command of the tools, which are used for daily business operations and their controlling. Characteristic risks to each business area are identified in the business units, assessed in the business unit management teams, and reported to the executive teams and, if need be, also to the Aspo Board of Directors, responsible for the tasks of the inspection board. The Group CEO acts as the chairman of the Boards of Group companies. Risks are continuously assessed and their managing is discussed in the business unit executive teams. Risk assessments are updated according to the Aspo management policy and the most noteworthy findings are presented in the quarterly issued interim

reports. Larger projects always include a separate risk analysis. The most significant risks for the Group are assessed once a year and the results are presented in the annual report.

ASPO PLC

Board of Directors

(Translation)