Lehto Group Oyj

Governance Information • Mar 20, 2017

Lehto Group Plc | Corporate Governance Statement 2016

Contents

1. INTRODUCTION

2. DESCRIPTIONS CONCERNING CORPORATE GOVERNANCE

General Meeting of Shareholders	3
Board of Directors	3
Board committees	6
CEO	7
Other executives of the Company	7

3. MAIN FEATURES OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEMS RELATED TO THE FINANCIAL REPORTING PROCESS

Risk management	9
Internal control	9
Internal controls over financial reporting	10
Risk management and internal control roles and
responsibilities	11

4. OTHER INFORMATION TO BE PROVIDED

Insider Administration	12
Related party administration	13
Internal auditing	13
Auditing	13

1. Introduction

Corporate governance at Lehto Group Plc (hereinafter "Lehto Group" or "Company") is based on the laws in force and the Company's Articles of Association. Lehto Group observes the rules and regulations of Nasdaq Helsinki Ltd (hereinafter "Nasdaq Helsinki" or the "Helsinki Stock Exchange") and the Finnish Corporate Governance Code 2015 (hereinafter "Corporate Governance Code") issued by the Securities Market Association. The Corporate Governance Code is available in its entirety on the website of the Securities Market Association at www.cgfinland.fi. The Company has drafted the Rules of Procedure for its Audit Committee pursuant to the recommendation of the Finnish Corporate Governance Code and follows the Corporate Governance Code without exceptions.

On 12 February 2017, the Company's Board of Directors approved this Corporate Governance Statement (hereinafter "CG Statement"), which was drawn up separately from the report by the Board of Directors. This CG statement will be published on Lehto Group's website at www.lehto.fi/en.

2. Descriptions concerning corporate governance

The responsibility for Lehto Group's corporate governance has been divided in accordance with the Limited Liability Companies Act between its General Meeting of Shareholders, the Board of Directors and the CEO. Shareholders exercise their rights mainly in the General Meeting of Shareholders, which is normally convened by the Company's Board of Directors. Furthermore, a General Meeting of Shareholders must be held if so required in writing by the Company's auditor or shareholders representing at least one tenth of all shares issued by the Company.

GENERAL MEETING OF SHAREHOLDERS

The General Meeting of Shareholders is Lehto Group's highest decision-making body. According to the Limited Liability Companies Act, the shareholders exercise their power of decision in matters related to the Company at the General Meeting of Shareholders.

The General Meeting of Shareholders decides on matters required by the Limited Liability Companies Act and the Company's Articles of Association. The shareholders participate in the General Meeting of Shareholders either personally or through a representative. Each share entitles its holder to one vote.

The Annual General Meeting is held each year on the date determined by the Board of Directors, by the end of June. In accordance with the Limited Liability Companies Act and the Articles of Association, the Annual General Meeting decides on matters that fall within its competence, such as adoption of the financial statements, the use of the profit shown on the balance sheet, and the appointment of the members of the Board of Directors and the auditor and their remuneration. The Annual General Meeting also decides on the discharge of the Members of the Board of Directors and the Chief Executive Officer from liability. An Extraordinary General Meeting shall be held if the Board of Directors considers it necessary or if the Company's auditor or shareholders whose shares represent at least one tenth of all shares issued by the Company so demand in writing in order for a given matter to be dealt with.

In accordance with the Company's Articles of Association, a written notice of a General Meeting of Shareholders shall be given to shareholders no earlier than three (3) months and no later than three (3) weeks prior to the shareholders' meeting, however, no later than nine (9) days prior to the record date of the General Meeting of Shareholders. A notice of a General Meeting of Shareholders shall be given by publishing it on the company's website or in some other verifiable written form.

BOARD OF DIRECTORS

The Company's Board of Directors shall see to the administration of the Company and the appropriate organisation of its operations. The Board of Directors shall be responsible for the appropriate arrangement of the control of the Company's accounts and finances. The Board of Directors or a member of the Board of Directors shall not comply with a decision of the General Meeting of Shareholders or the Board of Directors where it is invalid owing to being contrary to the Limited Liability Companies Act or the Company's Articles of Association. The General Meeting of Shareholders elects the members of the Board of Directors.

The Board of Directors is elected annually at the Annual General Meeting. By virtue of the Company's Articles of Association, the Company has a Board of Directors which consists of 3–8 ordinary members. The Board members' term of office shall expire at the end of the next Annual General Meeting following their election.

Composition and operations of the Board of Directors

The Board of Directors has drawn up a charter of the Board of Directors, which defines the Board's key duties and operating principles.

The Board of Directors shall see to the administration of the Company and the appropriate organisation of its operations. The Board of Directors, among its other duties, controls and supervises the Company's operative management, appoints and discharges the CEO, determines the duties and conditions of employment of the CEO, approves the strategic objectives and the principles of risk management for the Company and its businesses and ensures the proper operation of the management system. The Board of Directors also ensures that the Company has defined the operating principles for internal control and that the Company monitors the functioning of the internal control. The Board of Directors approves the policies and guidelines for internal control, risk management and corporate governance, as well as the Company's information dissemination policy. Based on the Company's strategy, the Board of Directors approves the action plan and budget and supervises their implementation. Furthermore, the Board of Directors annually approves the total amount and priorities of investments in the Company's business operations and decides on major and strategically important investments, acquisitions and divestments. The Board of Directors confirms the Company's ethical values and working methods and monitors their implementation. The Board of Directors also defines the Company's dividend policy on the basis of which it submits a dividend proposal to the Annual General Meeting for consideration.

The Company aims to ensure that its Board of Directors has, as a whole and taking into account its duties, sufficient and versatile expertise and experience. In the preparation of the proposal for the composition of the Board of Directors, particular attention shall be paid to the requirements set by the company's operations and development stage. A person elected as a Board member must have the competence required by the position and the possibility to devote a sufficient amount of time to attending to the duties. The

number of Board members and the composition of the board of directors shall be such that they enable the Board of Directors to see to its duties efficiently.

In order to ensure versatile support and development of the Company's business operations, the composition of its Board of Directors must be sufficiently diverse. Both genders shall be represented in the Board of Directors. On the whole, the aim of the composition of the Board of Directors is to achieve sufficiently broad competence, expertise and experience. A sufficient versatility of the Board of Directors in terms of age, gender, education and professional background is taken into account in the preparation of the proposal for the composition of the Board of Directors. For the assessment of the versatility and composition of the Board of Directors in connection with the preparation of the proposal for the Board's composition, each candidate to the Board shall, in confidence and as instructed by the Company, provide the information required to assess their competence and the amount of time they can devote to the task. The Board of Directors has in 2017 confirmed the Diversity Policy of the Board of Directors to be followed in choosing the new members of the board. The Diversity Policy will be monitored annually in a report given within the Corporate Government statement.

The Board of Directors shall also evaluate the independence of its members. The majority of the Board members shall be independent of the Company. Furthermore, at least two members who are independent of the Company shall also be independent of the significant shareholders of the Company. Board members' independence shall be evaluated on an annual basis.

The Board of Directors elected by the Annual General Meeting of 30 March 2016 consisted of Pertti Huuskonen, Martti Karppinen, Mikko Räsänen, Päivi Timonen and Sakari Ahdekivi. Pertti Huuskonen has acted as Chairman of the Board of Directors. During the financial year 2016, the Board of Directors had a total of 15 meetings, three of which were conducted by email or as teleconference. The average attendance rate of Board members was 95 per cent.

Basic information on Board members, their independence, remuneration, holdings and attendance in Board meetings is provided in the following tables.

MEMBERS OF THE BOARD OF DIRECTORS

Name	Position	Year of birth	Education	Indepen dence of the Company	Indepen dence of significant share holders
Pertti Huuskonen	Chairman of the Board of Directors	1956	M.Sc. (Tech.), eMBA, Marketing Degree (MKT)	Yes	Yes
Sakari Ahdekivi	Member of the Board of Directors (since 30 March 2016)	1963	M.Sc. (Econ.)	Yes	Yes
Martti Karppinen	Member of the Board of Directors	1947	M.Sc. (Tech.)	Yes	Yes
Mikko Räsänen	Member of the Board of Directors	1978	M.Sc. (Econ.)	Yes	Yes
Päivi Timonen	Member of the Board of Directors	1970	LL.M . Train ed on the Bench	Yes	Yes
Tomi Koivukoski	Member of the Board of Directors (until 30 March 2016)	1976	Builder	No	Yes

BOARD MEMBERS DIRECT AND INDIRECT HOLDINGS OF SHARES, 31 DEC 2016

Name	No. of shares held	Shareholding ratio
Pertti Huuskonen	808,570	1.39%
Sakari Ahdekivi (since 30 March 2016)	0	0.0%
Martti Karppinen	0	0.0%
Mikko Räsänen	0	0.0%
Päivi Timonen	0	0.0%
Tomi Koivukoski (until 30 March 2016)	1,748,061	3.00%
Board of Directors in total	2,556,631	4.39%

REMUNERATION OF THE MEMBERS OF THE BOARD (INCLUDING REMUNERATION OF AUDIT COMMITTEE), SERVICES SOLD TO THE COMPANY AND ATTENDANCE IN MEETINGS

Name	Remuneration for 2016, EUR	Sale of services to the Company in 2016, EUR	Attendance in Board meetings
Pertti Huuskonen	51,080	55,086.42	15/15
Sakari Ahdekivi (since 30 March 2016)	21,650	0.00	9/11
Martti Karppinen	27,850	14,531.57	15/15
Mikko Räsänen	28,900	0.00	14/15
Päivi Timonen	28,300	0.00	14/15
Tomi Koivukoski (until 30 March 2016)	0	0.00	4/4
Board of Directors in total	157,780	69 617,99	95 %

Presentation of Board members

Pertti Huuskonen has been Chairman of the Board of Directors since 2014. Prior to that, he served as member of the Board in 2013-2014. Huuskonen has over 25 years of experience in executive positions and the management of strong growth in Technopolis Oyj, a company listed on the Helsinki Stock Exchange, as President and CEO in 1985– 2008 and Chairman of the Board of Directors in 2008–2012. Since 2012, Huuskonen has also been a member of the Board of Directors of AS Pro Kapital Grupp, a real estate development company listed on the Tallinn Stock Exchange. Furthermore, Huuskonen is the Chairman of the Board of Suomen Hoivatilat Oyj and Kaleva Oy. Since 2012, Huuskonen has functioned as an academic advisor and lecturer at Oulu Business School (part of the University of Oulu). In 1997–2013, he was the honorary consul of Sweden in the Province of Oulu. Huuskonen holds a Finnish honorary title of Industrial Counselor and the degrees of Master of Science in Technology, eMBA and MKT (Marketing Degree).

Martti Karppinen has been member of the Board of Directors since 2014. Prior to that, he served as an advisor to the Board of Directors in 2012–2014. His previous positions include a member of the Board of Directors and Chairman of the Board of Directors of iLOQ Oyj. Since 2007, Karppinen has been CEO and Chairman of the Board of Directors of MKA Consulting Oy. Karppinen holds the degree of Master of Science in Technology.

Mikko Räsänen has been a member of the Board of Directors since 2013. He has experience in Nordic property markets, property development, property investment and the financing of property transactions. Räsänen is a co-owner and Chairman of the Board of the property investment company NREP Oy as well as the Chairman or a member of the Board in several companies that form part of NREP's investment portfolio. Räsänen joined NREP Oy in 2006. He previously worked as a management consultant in the Boston Consulting Group in 2004–2006. Räsänen holds the degree of Master of Science in Economics.

Päivi Timonen has been a member of the Board of Directors since 2014. She currently works as General Counsel at Fiskars Corporation and previously worked as General Counsel at Elektrobit Oyj (currently Bittium Oyj), and she has previously been a member of the Board of Directors in several of the Group companies of Fiskars and Elektrobit. Timonen holds the degree of Master of Laws and is Trained on the Bench.

Sakari Ahdekivi has been a member of the Board of Directors since 2016. He is the interim President and CEO of Ahlstrom since November 2016 and Chief Financial Officer of Ahlstrom since 2014. Mr. Ahdekivi currently acts as a member of the Supervisory Board of the Helsinki Deaconess Institute. Previously, Mr. Ahdekivi was the Managing Director of Tamro Corporation between 2012 and 2013. He was also member of the Board of Directors of Tamro Corporation in 2013 and CFO of Tamro Corporation between 2009 and 2011, YIT Corporation between 2007 and 2009 and Huhtamäki Oyj between 2005 and 2007. He has also held various financial controlling positions at ABB in the United States, Switzerland, the United Kingdom and Finland between 1994 and 2005. Mr. Ahdekivi holds a Master of Science degree in Economics from the Helsinki School of Economics.

BOARD COMMITTEES

The preparation of matters within the competence of the Board of Directors may be made more efficient by the establishment of Board committees allowing more extensive concentration on matters. The committees have no independent decision-making power, but prepare issues which will be resolved by the Board. The Board of Directors remains responsible for the duties assigned to the Committee. The Committee shall regularly report on its work to the Board of Directors. The reports shall include at least a summary of the matters addressed and measures proposed by the Committee. The Annual General Meeting decides on the remuneration of the members of the Board committees.

Audit Committee

The Audit Committee is tasked with preparing matters relating to the Company's financial reporting and control. The key duties and operating principles of the Committee are described below.

The main duties of the Audit Committee are:

• • to monitor the financial statements reporting process
• • to supervise the financial reporting process
• • to monitor the efficiency of the company's internal control, internal audit, if applicable, and risk management systems

• • to review the description of the main features of the Company's internal control and risk management systems related to the financial reporting process

• • to monitor the statutory audit of the financial statements and consolidated financial statements

• • to evaluate the independence of the statutory auditor or auditing firm, particularly the provision of related services to the Company
• • to prepare a proposal for the election of an auditor.

The Company's Board of Directors shall nominate the Chairman and members of the Audit Committee. The Audit Committee consists of at least three members of the Board of Directors. At least one of them must have special expertise in accounting, bookkeeping or auditing. Board members to be elected as members of the Audit Committee must have extensive knowledge of Lehto Group's business operations and business segments and sufficient knowledge of accounting and accounting policies. In its organisational meeting of 30 March 2016, the Board of Directors elected Mikko Räsänen (Chairman), Sakari Ahdekivi and Päivi Timonen as members of the Audit Committee. The members of the Committee are independent of the Company and its significant shareholders.

The Audit Committee convenes at least twice a year. In addition to the Committee members, the meetings shall be attended by the Company's CEO and Chief Financial Officer and, optionally, the Company's auditors. Further, the Committee members may meet the external auditors without the operative management being present in such meetings. During the financial year 2016, the Audit Committee had three meetings.

CEO

The CEO is in charge of the day-to-day management of the company in accordance with the instructions and orders issued by the Board of Directors. The CEO is responsible for ensuring that the Company's accounting practices are in compliance with the law and that the financial matters are organised in a reliable manner. The CEO has a duty to provide the Board of Directors and its member(s) with any information that the Board of Directors may need in order to see to its duties.

The CEO may undertake measures that are unusual or extensive, considering the scope and nature of the Company's operations, only with the authorisation of the Board of Directors or if it is not possible to wait for a decision of the Board of Directors without causing essential harm to the Company's operations. In the latter case, the Board of Directors shall be notified of the measures as soon as possible.

Hannu Lehto, born 1963, has been Lehto Group's CEO since 2014. In 2008–2013, he was the CEO of the Company's predecessor, the Päätoimija Group. Lehto is the Company's founding shareholder, and he has also functioned as the Chairman of the Board of Directors in 2008–2014. In 2014–2016, he was a member of the Board of Directors. Lehto became the Company's shareholder through an arrangement in which the Company, in connection with its establishment, bought the entire share capital of the construction company Rakennusliike Lehto Oy. Hannu Lehto has worked in Rakennusliike Lehto Oy since its foundation in 1985, when he and Tapio Mustonen established a limited partnership by the name Rakennusliike Mustonen & Lehto Ky. Hannu Lehto is a Construction Engineer by education.

At the end of the financial period 2016 Hannu Lehto owns directly or indirectly 21 735 216 shares of the Company which are 37,31 per cent of the Company's shares

OTHER EXECUTIVES OF THE COMPANY

Group management

The CEO is supported by the Group Management which comprises Chief Operating Officer Asko Myllymäki and Chief Financial Officer Veli-Pekka Paloranta. The Group management supports the CEO in duties falling within the CEO's competence, as well as their implementation and monitoring, particularly as regards business development, financing, asset management, internal control and risk management.

Asko Myllymäki, born 1968, has been the Company's Chief Operating Officer since 2014. He has also served as the Company's Chief Development Officer in 2008–2013 and as CEO in 2013–2014. He previously worked as Chief Development Officer of Myllymäki Trading Oy in 2005–2007 and as CEO of Myllymäen Rauta Oy in 1994–2005. Myllymäki holds a Vocational Qualification in Business and Administration and an eMBA degree.

Veli-Pekka Paloranta, born 1972, has been the Company's Chief Financial Officer since November 2015. In 2010– 2015, he was the CFO of Bittium Oyj (former Elektrobit Oyj), in addition to which he has served as Chairman of the Board of several subsidiaries of the Elektrobit Group. Paloranta holds the degree of Master of Science in Economics.

DIRECT AND INDIRECT SHAREHOLDINGS OF OTHER EXECUTIVES, 31 DEC 2016

Name	No. of shares held	Shareholding ratio
Asko Myllymäki	6,408,112	11.00%
Veli-Pekka Paloranta	377,303	0.65%
Other executives in total	6,785,415	11.65%

Business operations management

The Group's operational business is handled by its subsidiaries, each led by a CEO. Each subsidiary mainly focuses on a specific area of construction, such as blocks of flats, terraced houses, balcony access blocks, business premises or social care and educational premises, but part of the subsidiaries cover several of these areas. As a general rule, the subsidiaries do not compete with each other.

The Group's parent company is not engaged in actual business operations but serves as a hub for a number of shared Group functions which are relevant for the manageability and cost efficiency of the Group's operations. These include human resources management, bookkeeping, coordination of financial affairs, legal, business development, sourcing and purchasing, marketing and information management.

As of the beginning of 2016, the Group's business operations were grouped into four service areas: Business Premises, Social Care and Educational Premises, Housing, and Building Renovation. These service areas are led by separate persons in charge and executive groups who are in charge of the service area's operability. The task of a person in charge of the service area is to ensure that the service area produces high quality services by taking into account the strengths of each subsidiary but also enabling flexible use of resources between the subsidiaries. The service area model directs the units towards efficient production methods by emphasising the strengths of the subsidiaries. The Group seeks to ensure the most efficient synergy benefits within the subsidiaries of the same service area.

The following graph illustrates the functioning of the Group's operational organization.

3. Main features of the internal control and risk management systems related to the financial reporting process

RISK MANAGEMENT

The purpose of risk management is to secure positive development of earnings of the Company and the continuation of the business by implementing risk management costeffectively and systematically throughout the different businesses. Risk management is part of the Company's strategic and operative planning, daily decision-making process and internal control system. Business objectives, risks and risk management operations are combined through risk management as one chain of events.

The Company adheres to the risk management policy approved by the Board of Directors. Risk management contains all actions, which are connected to setting up targets, identification of risks, measurement, review, handling, reporting, follow-up, monitoring and reacting to risks.

In connection with the strategy process and annual planning, the CEOs of the Company and the subsidiaries review business risks which could prevent or endanger the achievement of the Group's strategic or profit targets. The subsidiaries produce risk assessment reports for each business to support the strategy process. Strategic and operative risks are monitored through reporting by the businesses and considered by service area-specific steering groups that convene 4–6 times per year. The subsidiaries must produce assessments of risks in their own units and provide action plans to manage risks as well as to report on measures taken including the stage and effectiveness of such measures.

The Company's CEO reports the identified risks concerning the Group as well as all planned and effected measures to control such risks to the Company's Board of Directors.

The aim of risk management is to:

• • systematically and thoroughly identify and assess all major risks, which threaten the achievement of objectives, including risks related to business operations, property, agreements, competence, currencies, financing and strategy;
• • optimise business opportunities and secure continuation of business;
• • recognise and identify uncertainties and subsequently develop the prediction of risks and measures needed to manage risks;
• • take only calculated and carefully assessed risks with respect to e.g. expanding the business, increasing market share and creating new businesses;
• • avoid or minimise liability risks;
• • ensure the safety of products, solutions and services;
• • establish a safe working environment for the employees;
• • minimise possibilities for unhealthy occurrences, crimes or misconduct by operating procedures, control and supervision;
• • inform interest groups of risks and risk management; and
• • be cost-effective in risk management.

The aim of risk management is not to:

• • exclude the risks in their entirety;
• • adopt unnecessary controlling or managing measures; or
• • create excessive administrational burden.

INTERNAL CONTROL

Internal control is a process applied by the Board of Directors, management and all Group personnel to ensure that management has reasonable assurance that

• 1. operations are effective, efficient and aligned with strategy;
• 2. financial reporting and management information is reliable, complete and timely made; and
• 3. the Company is in compliance with applicable laws and regulations as well as the Company's internal policies and ethical values.

The first category addresses the basic business objectives, including performance and profitability goals, strategy, implementation of objectives and actions and safeguarding resources.

The second category relates to the preparation of reliable published financial statements, including interim reports and condensed financial statements and selected financial data derived from such statements, such as earnings releases, reported publicly.

The third deals with complying with those laws and regulations to which the Company is subject to.

Lehto Group's internal control framework consists of:

• • the internal control, risk management and corporate governance policies and principles set by the Company's Board of Directors;
• • management overseeing the implementation and application of the policies and principles;
• • the Finance department monitoring the efficiency and effectiveness of the operations and reliability of the financial and management reporting;
• • the Company's risk management process identifying, assessing and mitigating risks threatening the realisation of the Company's objectives;
• • compliance procedures making sure that all applicable laws, regulations, internal policies and ethical values are adhered to;
• • effective control environment at all organisational levels including control activities tailored for defined processes and creating minimum requirements for the Group's business segments and geographical areas;
• • shared ethical values and strong internal control culture among all employees; and
• • internal audit assignments reviewing the effectiveness of the internal controls as needed.

Risk management procedures are in place for business processes in the form of defined control points:

• • relevant process risks are identified;

• • common control points/Group's minimum requirement control points are identified;

• • common control points are implemented in business processes;

• • additional control points can be determined as needed at business or functional levels.

Control activities are the policies and procedures that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks in order to achieve the Company's objectives. Control activities are set throughout the organisation, at all levels and in all functions. They include a wide range of activities, such as approvals, authorisations, verifications, reviews of operating performance, security of assets and segregation of duties.

INTERNAL CONTROLS OVER FINANCIAL REPORTING

The purpose of internal controls over financial reporting is to ensure the accuracy, reliability, timeliness and appropriateness of financial information.

Financial reporting organisation and duties

The Group's financial administration is handled centrally by the parent company, whose organisation provides financial administration services to all Group companies. Although the subsidiaries have no actual financial administration organisation, their personnel produce certain financial data which is used as part of the Group's financial reporting. The main duties of financial administration include:

• • Group accounting
• • subsidiaries' accounting
• • sales invoicing and accounts receivable management
• • accounts payable management
• • remittance of payments
• • compilation of monthly financial reports supporting the business operations
• • cash management and the coordination of financing
• • control of the forecast and budgeting process
• • taxation and transfer pricing
• • company law-related duties.

The financial administration organisation implements operative supervision under the CFO who reports any supervisory findings to the Audit Committee.

The tasks of the financial administration organisation have been divided between individuals and documented in the job descriptions of the teams and employees.

Financial reporting systems

The Group's main financial information system is a modular V10 enterprise resource planning system which has been tailored to the needs of Lehto Group. Since the Group's business operations are mainly project-based, financial and other basic data of the project is entered in the V10 system at the beginning of the project. All income and expenses as well as payments made and received are entered in the system and are further processed for the needs of internal and external accounting.

The general ledger accounting of the Group's special purpose vehicles is handled in the V10 system, and Group consolidation is handled in the Cognos Controller system. Invoicing is handled through a system provided by Basware.

Project and initiative management monitors project progress directly through the V10 system, but the profit reports of internal accounting are drawn up in Excel format. In the compilation of profit reports, data from Group and subsidiary accounting as well as project data obtained from the V10 system is used.

Supervision of financial reporting

The correctness of financial reporting is ensured through internal instructions, job and process descriptions, authorisation matrices, segregation of obligations and duties related to general ledger accounting, and financial reporting review meetings.

Service area-specific performance data is reviewed in the regular meetings of the service areas' steering groups, where the subsidiaries' management provides background and rationale for the results achieved.

The competences of financial administration personnel are maintained through regular training. Auditors assess the correctness of reporting in connection with, for example,

the compilation of interim reports and through their other auditing work performed during the financial year.

RISK MANAGEMENT AND INTERNAL CONTROL ROLES AND RESPONSIBILITIES

The key roles and responsibilities regarding the Company's internal control and risk management are defined as follows:

Board of Directors

The Board of Directors is ultimately responsible for the administration of the Company and for the proper organisation of its operations. According to good corporate governance, the Board also ensures that the company has duly endorsed the corporate values applied to its operations. The Board of Directors approves the policies and guidelines concerning internal control, risk management and corporate governance. The Board establishes the risk-taking level and risk bearing capacity of the Company and re-evaluates them on a regular basis as part of the strategy and goal setting of the Company. The Board reports to the shareholders of the Company.

Audit Committee

The Audit Committee of the Board of Directors is responsible for the following internal control related duties:

• • monitor the reporting process of financial statements;
• • supervise the financial reporting process;
• • monitor the efficiency of the Company's internal control, internal audit if applicable, and risk management systems;
• • process the descriptions included in the Corporate Governance statement's chapter Main features of the internal control and risk management systems related to the financial reporting process; and
• • monitor the statutory audit of the financial statements and consolidated financial statements.

A more detailed description on how the Audit Committee is fulfilling its supervisory role is available in the Committee's annual plan. The Audit Committee reports to the Company's Board of Directors

CEO

The CEO is in charge of the day-to-day management of the Company in accordance with the instructions and orders issued by the Board of Directors. The CEO sets the ground of the internal control environment by providing leadership and direction to senior managers and reviewing the way they are controlling the business. The CEO is in charge of the Company's risk management process and its continuous development, allocation of resources to the work, review of risk management policies as well as defining the principles of operation and overall process. The CEO reports to the Board on risk management as part of the monthly reporting. The CEO as well as the CFO, COO, HR Director and the subsidiaries' Managing Directors, who are subordinate to the CEO of the Lehto Group, are in charge of risk management in their own areas of responsibility.

Chief Financial Officer and financial administration

The CFO ensures and controls that the Group's accounting and financial reporting practices comply with the law and that both internal and external financial reporting is reliable.

The financial administration:

• • ensures a setup of adequate control activities for the subsidiaries in cooperation with their management;
• • follows the adequacy and effectiveness of control activities; and
• • ensures that external reporting is correct, timely and in compliance with regulations.

Group Legal Counsel

The Group Legal Counsel works as a subordinate for the CFO to ensure and monitor the manageability of the legal and contract risks. He also assists the subsidiaries in the risk assessment process of the undertakings. The Group Legal Counsel continuously develops the processes of legal risk managing in the Group.

HR Director

The HR Director ensures and controls that the Group's payroll administration and the administrative procedures related to employment relationships comply with the law and are duly implemented.

Subsidiaries' Managing Directors

The Managing Directors of the Lehto Group's subsidiaries are responsible for the implementation of internal control in their respective companies. More specific internal control policies and procedures are established within each subsidiary within the principles set by the Group functions. The subsidiaries' management is responsible for implementing risk management practices in the planning cycle and daily operations, and ensure the adherence of laws, regulations, internal policies and ethical values in their designated responsibility areas.

Some areas of risk management, in particular the management of financial risks and insurance, have been centralised for the purpose of scale advantage and for securing sufficient Group-level control.

The subsidiaries' Managing Directors must also ensure that contractual risks related to their business operations have been assessed with sufficient accuracy.

4. Other information to be provided

INSIDER ADMINISTRATION

The Board of Directors of Lehto Group Plc has ratified on 16 June 2016 the company's Insider Guidelines which include directives and policies concerning insider administration, such as manager's transactions, trading restrictions and insider's register. The Insider Guidelines supplement the provisions of the Market Abuse Regulation (EU No 596/2014, the "MAR") and any rules and regulations based on it, Finnish regulations, such as the Criminal Act (39/1889, as amended) and the Securities Markets Act (746/2012, as amended), as well as Nasdaq Helsinki's Insider Guidelines effective from 3 of July 2016.In accordance with MAR the disclosure of insider information data has been suspended and the Company has not updated a public insider information after the MAR came into force.

Lehto Group's insiders are divided into two groups. Persons obliged to declare insider holdings are members of the Board (and deputies), CEO (and Deputy CEO) and other senior management of the company, who have regular access to inside information and are in the position to make decisions about the company and its future development.

Project-specific insiders are persons who have access to specified inside information. Project-specific insiders may also include persons acting on behalf of the company, such as lawyers and consultants. The company maintains a project-specific insider's register of any such confidential project that can be described as projects as defined by Nasdaq Helsinki and that can have a material effect on the value of the company's financial instruments.

Lehto Group complies with the EU Regulation on Market Abuse (MAR), which declares that managers under the obligation to report insider holdings may not trade the company's financial instruments during the 30 days prior to the publication of a Lehto Group half year financial report, interim reviews on financial position and development or financial statements release (so called "closed period"). In accordance with the Lehto Group's regulation, the closed period ends the second day from the publication of a Lehto Group half year financial report, interim reviews on financial position and development or financial statements release. In addition Lehto recommends that trading with the company's financial instruments takes place after the end of the closed window, i.e. on the 2nd to 32nd day after the release of financial information. According to Nasdaq Helsinki's insider guidelines the closed window shall be applied to persons that take part in the company's half year financial reports and financial statements and to other persons defined by the company, i.e. extended closed window. The extended closed window implies that trading with the company's financial instruments is prohibited of persons subject to the extended closed window in the 30 days prior to publication of quartal financial information and financial statements including information concerning the financial development of the company. These trading restrictions end on the second day following the publication of financial information. In addition Lehto recommends that trading with the company's financial instruments takes place after the end of the closed window, i.e. on the 2nd to 32nd day after the release of financial information.

RELATED PARTY ADMINISTRATION

Lehto Group's related parties include Group companies, members of the Board of Directors, the CEO, the Chief Operating Officer and the Chief Financial Officer as well as entities on which related parties have influence through ownership or management. Related parties also include associated companies and joint ventures.

During its history, the Lehto Group has had relatively many related party transactions which, according to the Company, is first and foremost due to the Group's background as an entrepreneur-based business. However, the Company's management finds that, as a whole, the related party transactions performed throughout its history have advanced the Group's businesses. On 8 March 2016, the Company's Board of Directors approved the guidelines for related party transactions, which determine the principles governing any related party transactions at Lehto Group. In addition to the above-defined related parties, these guidelines are applied more extensively to the Lehto Group's entire personnel, major subcontractors and shareholders whose holding exceeds five per cent. According to the guidelines, all related party transactions shall take place, and prices and other terms shall be set, under market conditions, i.e. under the same principles as with independent parties, and clear reporting and advance approval procedures are in place for these.

INTERNAL AUDITING

The Company has no separate internal audit organisation. This is taken into account in the content and scope of the annual audit plan. On the one hand, external auditing focuses on specific areas in turn to be audited, and on the other hand, on separately agreed priority areas.

AUDITING

According to Section 6 of the Company's Articles of Association, an audit firm certified by the Finland Chamber of Commerce shall be elected as the company's auditor. The auditor's term of office shall expire at the end of the next Annual General Meeting following their election. In 2016, KMPG Oy Ab, a firm of authorised public accountants, acted as the Company's auditor, with APA Tapio Raappana as the principal auditor. The fees for audit services totalled approximately EUR 142,000. Furthermore, the Company paid the auditor for the expert services related to the IPO approximately EUR 238 000 and approximately EUR 61 000 for services not related to auditing.