Neste Oil Annual Report 2009

Corporate Governance Statement

Neste Oil observes good corporate governance practices in accordance with the laws and regulations applicable to Finnish listed companies, the company's own Articles of Association and the Finnish Corporate Governance Code. Neste Oil aims to implement best practices in all its operations, living up to its values of responsibility, cooperation, innovation, and excellence.

This Corporate Governance Statement has been prepared pursuant to Recommendation 51 of the new Corporate Governance Code and Chapter 2, Section 6 of the Securities Markets Act. The Corporate Governance Statement is issued separately from the company's Review by the Board of Directors.

Neste Oil abides by the principles of good corporate governance within the framework of Finland's Companies Act, its own Articles of Association, and the Governance Code covering listed companies in Finland, as it is introduced. Furthermore, Neste Oil complies with the rules of NASDAQ OMX Helsinki Ltd, where it is listed, and the rules and regulations of the Finnish Financial Supervisory Authority. Neste Oil's headquarters is located in Espoo, Finland.

Neste Oil diverges from the recommendations of the Corporate Governance Code in that the proposals covering the members of the Board of Directors and the remuneration paid to the Board presented to the Annual General Meeting are drafted by the AGM Nomination Committee rather than a Board committee. The exception is based on a position adopted by the Cabinet Committee on Economic Policy in February 2004 covering the nomination procedure related to candidate board members of publicly listed state companies.

Neste Oil issues consolidated financial statements and interim reports in accordance with the International Financial Reporting Standards (IFRS), as adopted by EU, the Securities Markets Act, as well as the appropriate Financial Supervisory Authority's standards and NASDAQ OMX Helsinki Ltd's rules. The company's Review by the Board of Directors and Parent Company's financial statements are prepared in accordance with the Finnish Accounting Act and the opinions and guidelines of the Finnish Accounting Board.

The auditor's report covers the Review by the Board of Directors, consolidated financial statements, and the parent company financial statements.

GOVERNANCE BODIES

The control and management of the Company is divided between the Annual General Meeting of Shareholders (AGM), the Supervisory Board, the Board of Directors and its two Committees, and the President & Chief Executive Officer. The Neste Executive Board (NEB) assists the President & CEO in the management and coordination of the implementation of the Company's strategic and operational goals. Each of the Company's operational business areas has its own management team.

Matters material to the Company as a whole are submitted to the President & CEO or the Board of Directors for decision. Neste Oil has one official auditor, chosen by shareholders at the AGM.

ANNUAL GENERAL MEETING

Under the Finnish Companies Act, shareholders exercise their decision-making power at General Meetings of Shareholders, and attend meetings in person or through an authorized representative. Each share entitles the holder to one vote.

Shareholders at the Annual General Meeting take decisions on matters such as:

the adoption of the Financial Statements
the distribution of profit for the year detailed in the Balance Sheet
discharging the members of the Supervisory Board, the Board of Directors, and the President & CEO from liability
the election and remuneration of the members of the Supervisory Board, the Board of Directors, and the Auditor.

The Annual General Meeting is held annually before the end of June. An Extraordinary General Meeting addressing specific matters shall be held, when considered necessary by the Board of Directors, or when requested in writing by a Company auditor or by shareholders representing at least one-tenth of all shares of the Company.

Under the Articles of Association, an invitation to the Annual General Meeting shall be delivered to shareholders no earlier than two months and no later than 17 days prior to the meeting. The invitation must be announced in at least two newspapers that are published regularly as decided by the Board of Directors, or in another verifiable manner.

The 2009 AGM

The 2009 Annual General Meeting was held on Friday, 3 April. At the meeting, the income statements and balance sheets of the Parent Company and the Group for 2008 were adopted, and the Supervisory Board, the Board of Directors, and the President & CEO were discharged from liability for 2008. The Board of Directors' proposal on the distribution of profits for 2008 by paying a dividend of EUR 0.80 per share was approved. Shareholders registered in the register of shareholders maintained by Euroclear Finland Oy on the record date for dividend payment (8 April 2009) were entitled to a dividend. In addition, decisions were made regarding the members of the Board of Directors and the Supervisory Board and their remuneration, and an auditor was elected.

NOMINATION COMMITTEE

The AGM appointed a Nomination Committee comprising the Chairman and Vice Chairman of the Board as expert members, and representatives of the Company's three largest

Governance & Shares and shareholders Corporate Governance Statement

Neste Oil Annual Report 2009

NEST

The Finnish Corporate Governance Code issued by the Securities Market Association can be consulted at www.cgfinland.fi.

shareholders holding the largest number of votes associated with all the Company's shares on the first working day of November preceding the AGM 2010. The Chairman of the Board of Directors was responsible for convening the committee, and the committee for electing its chairman.

Duties

The Nomination Committee was responsible for drafting proposals for the following AGM on the following:

the number of members of the Board of Directors
the members of the Board
the remuneration to be paid to the Chairman, Vice Chairman, and members of the Board. The Nomination Committee was required to present its proposal to the Board of Directors by February 1 prior to the next AGM at the latest.

In 2009

The Nomination Committee comprised Pekka Timonen of the Prime Minister's Office, Timo Ritakallio of the Ilmarinen Mutual Pension Insurance Company, and Risto Murto of the Varma Mutual Pension Insurance Company. Timo Peltola, Chairman, and Mikael von Frenckell, Vice Chairman of Neste Oil's Board of Directors, acted as the Committee's expert members. The Nomination Committee met twice and made its proposal concerning Board members and the remuneration payable to them on 1 February 2010.

SUPERVISORY BOARD

The Supervisory Board is required to have between six and 12 members, including Chairman and Vice Chairman. The members are appointed by the Annual General Meeting for a one-year term ending with the next AGM. It is also expected that labor unions representing Neste Oil's employees will appoint a maximum of three employee representatives, who shall be entitled to attend Supervisory Board meetings but are not its members.

Members

The members of the Supervisory Board, whose term began on 3 April 2009 and will end at the Annual General Meeting to be held in the first half of 2010, are as follows:

Heidi Hautala (Chairman), born 1955, M.Sc., Member of the European Parliament
Kimmo Tiilikainen (Vice Chairman), born 1966, M.Sc., Member of the Finnish Parliament
Esko Ahonen, born 1955, Construction Engineer, Member of the Finnish Parliament
Mikael Forss, born 1954, Ph.D, Director, Social Insurance Institution of Finland
Timo Heinonen, born 1975, M.Sc., Member of the Finnish Parliament
Markus Mustajärvi, born 1963, M.Sc., Forest Engineer, Member of the Finnish Parliament
Jutta Urpilainen, born 1975, M.Sc., Member of the Finnish Parliament
Anne-Mari Virolainen, born 1965, M.Sc., Member of the Finnish Parliament

Area of responsibility

The Supervisory Board meets as frequently as necessary, and is convened by the Chairman or by the Vice Chairman in his absence. The Supervisory Board plans a schedule for its regular meetings. Meetings shall be held at the Company's Head Office or at another specified location. With the Chairman's consent, meetings may also be held as teleconferences. A secretary appointed by the Supervisory Board shall take the minutes of the meeting.

Duties

overseeing the administration of the Company by the Board of Directors and the President & CEO
submitting a statement on the Financial Statements, Review by the Board of Directors, and the Auditors' Report to the AGM.

In 2009

The Supervisory Board convened five times in 2009, and the average attendance rate was 69%. Meetings covered subjects such as the Company's interim reports, financial statements, and business plans.

BOARD OF DIRECTORS

Under the Company's Articles of Association, the Board of Directors consists of five to eight members elected at the Annual General Meeting for a term ending at the following AGM. A person who has reached the age of 68 cannot be elected. All members are required to deal at arm's length with the Company and its subsidiaries and to disclose all circumstances that might constitute a conflict of interest. Board members are not covered by the Company's incentive or pensions schemes.

Members were elected for a new term on 3 April 2009. The Board consists of eight members, all of who are independent, with the exception of Markku Tapio, who represents the Company's majority shareholder. To be considered independent, a Board member may not have any material relationship with the Company other than Board membership and may not be dependent on any of the company's major shareholders.

Area of responsibility

The Board shall meet as frequently as necessary, with approximately six to eight regular

Governance & Shares and shareholders Corporate Governance Statement 53

Neste Oil Annual Report 2009

Board of Directors, 31 December 2009

	Born	Education	Position	Main occupation	Independent of the company	Independent of major shareholders	Personnel and Remuneration Committee	Audit Committee	Board	Committees
Timo Peltola	1946	M.Sc. (Econ.)	Chairman	Prof. board member	●	●	●		100%	100%
Mikael von Frenckell	1947	M.Sc. (Soc.)	Vice Chairman	Partner	●	●	●		100%	100%
Michiel Boersma	1947	Ph.D. (Chem. Tech.)	Member	Prof. board member	●	●	●		100%	100%
Anomaija Haarla	1953	Ph.D. (Tech.), MBA	Member	President and CEO	●	●	●		100%	100%
Nina Linander	1959	M.Sc. (Econ.), MBA	Member	Partner	●	●		●	100%	100%
Hannu Ryöppönen*	1952	B.A. (Business Adm.)	Member	Prof. board member	●	●		●	100%	100%
Markku Tapio	1948	M.Sc. (Econ.)	Member	Senior Financial Counselor	●			●	100%	100%
Maarit Toivanen-Koivisto	1954	M.Sc. (Econ.)	Member	CEO	●	●		●	100%	100%

Board member since 3 April 2009; when Antti Tanskanen left Neste Oils Board of Directors.

meetings annually, all scheduled in advance. In addition, extraordinary meetings, if requested by a Board member or the President & CEO, shall be convened by the Chairman, or, if the Chairman is prevented from attending, by the Vice Chairman, or if deemed necessary by the Chairman. The Board constitutes a quorum if more than half of its members are present. The Board is responsible for preparing an operating plan for itself for the period between Annual General Meetings, to include a timetable of meetings and the most important matters to be addressed at each meeting. The Board evaluates its performance annually to determine whether it is functioning effectively, and shall discuss its review after the end of each fiscal year at the latest.

Duties

The Board's responsibilities and duties are defined in detail in the Charter of the Board approved by the Board and cover the following main areas:

being responsible for the administration and appropriate organization of the operations of the Neste Oil Group in compliance with the relevant legislation and regulations, the Company's Articles of Association, and instructions provided by the Annual General Meeting
being responsible for the strategic development of Neste Oil and for supervising and steering its business.
deciding on Neste Oils key operating principles
confirming the annual business plan
approving the annual financial statements and interim reports
deciding on major investments and divestments
confirming Neste Oils values and most important policies and overseeing their implementation
appointing the President & CEO and his or her immediate subordinates and deciding on their remuneration
confirming the Neste Executive Board's and Neste Oil's organizational and operational structure at senior management level
determining the Company's dividend policy to be followed when making proposal regarding dividends to the AGM.

In 2009

The Board convened nine times in 2009, and the attendance rate at meetings was 100%.

BOARD COMMITTEES

The Board has established an Audit Committee and a Personnel and Remuneration Committee, both of which have four members. A quorum exists when more than two members, including the Chair, are present. All members are elected from amongst the members of the Board for a one-year term. The tasks and responsibilities of each Committee are defined in their Charters, which are approved by the Board. The schedule and frequency of Committee meetings is determined by the Chair and the members of the Committees. Committees meet at least twice a year. Each Committee reports regularly on its meetings to the Board. Reports include a summary of the matters addressed and the measures undertaken. Each Committee conducts an annual self-evaluation of its performance and submits a report to the Board.

Audit Committee

Under its Charter, the Committee shall consist of a minimum of three Board members who are independent of and not affiliated with the Company or any of its subsidiaries, and have sufficient knowledge of accounting practices and the preparation of financial statements and other qualifications the Board deems necessary. The Audit Committee is permitted to use external consultants and experts when deemed necessary.

Duties

The responsibilities and duties of the Audit Committee are defined in detail in the Charter approved by the Board and cover the following main areas:

monitoring the Company's reporting process of the financial statements and – to the extent appropriate – interim reports
supervising the financial reporting process
monitoring the efficiency of the Company's internal control, internal audit, and risk management systems
reviewing the Company's Corporate Governance Statement in which the description of the main features of the internal control and the risk management systems pertaining to the financial reporting process are included
monitoring the statutory audit of the financial statements and consolidated financial statements
evaluating the independence of the Company's Statutory Auditor particularly the provision of related services to the company to be audited
preparing the proposal or recommendation for resolution on the election of the Statutory Auditor
reviewing all the material reports produced by the Statutory Auditor addressed to the Company or its subsidiaries
evaluating the Company's compliance with laws and regulations
approving internal audit policy and reviewing the annual plan for Internal Audit and internal audit reports
monitoring the Company's financial position.

In 2009

The Audit Committee comprised Nina Linander (Chair), Hannu Ryöppönen (as of 3 April 2009), Markku Tapio, Maarit Toivanen-Koivisto, as well as Antti Tanskanen, whose membership of the Board and the Audit Committee ended on 3 April 2009. The Committee convened six times, and the attendance rate

Governance & Shares and shareholders Corporate Governance Statement

Neste Oil Annual Report 2009

Fees charged by the statutory auditor EUR 1,000

	2009	2008
Audit fees	916	786
Others	470	1,022
Total	1,386	1,808

was 100%. In addition to its normal duties in 2009, the Committee focused on monitoring and reviewing the development of risk management and financial reporting.

Personnel and Remuneration Committee

The Personnel and Remuneration Committee consists of the Chairman of the Board and at least two non-executive members of the Board.

Duties

The responsibilities and duties of the Personnel and Remuneration Committee are defined in detail in the Charter approved by the Board and cover the following main areas:

preparing the appointments of key executive personnel and making proposals to the Board on compensation and incentive systems for key personnel
preparing and proposing to the Board the appointments of the President & CEO and the members of the Neste Executive Board, and the terms and conditions of their employment, and
monitoring and evaluating the performance of the President & CEO and the members of the Neste Executive Board.

In 2009

The Personnel and Remuneration Committee comprised Timo Peltola (Chair), Michiel Boersma, Mikael von Frenckell, and Ainomaija Haarla. The Committee convened six times, and the attendance rate was 100%. Key activities during 2009 included appointing the members of the Neste Executive Board, monitoring the implementation of the Company's reorganization and change management, and developing a new long-term share incentive system and remuneration arrangements for the Company's key personnel.

PRESIDENT & CEO

The President & CEO manages the Company's

business operations in accordance with the Finnish Companies Act and instructions issued by the Board of Directors. The President and CEO is responsible for ensuring that the accounts of the company are in compliance with the law and that its financial affairs have been arranged in a reliable manner.

The President & CEO is appointed by the Board of Directors, which evaluates the performance of the President & CEO annually and approves his remuneration on the basis of a proposal by the Personnel and Remuneration Committee.

In addition to a monthly salary and fringe benefits, the President & CEO is eligible for an annual performance-based bonus (see pages 64-65). In the event that the Company decides to give notice of termination, the President & CEO is entitled to his or her salary during his or her period of notice (6 months) and a severance payment equaling 18 months' salary.

The retirement age of the President & CEO is 60 years, and the pension paid is 60% of retirement salary. The pension is insured by an insurance company. The insurance contributions for 2009 totaled EUR 387,000.

In 2009

Matti Lievonen, born 1958, B.Sc. (Eng.), eMBA, acted as the Company's President & CEO.

NESTE EXECUTIVE MANAGEMENT BOARD (NEMB)

The Neste Executive Management Board (NEMB) is responsible for leading and setting operational business targets and monitoring progress on achieving them.

In 2009

The Neste Executive Management Board met nine times and comprised the President and CEO, business area Executive Vice Presidents, the CFO and the Senior Vice President, Production and Logistics.

NESTE EXECUTIVE BOARD (NEB)

The Neste Executive Board (NEB) assists the President & CEO in Company management and in the deployment of the Company's strategic and operational goals. Members are appointed by the Board of Directors.

The NEB meets regularly, on average once a month. Members receive a base salary and are eligible for an annual performance-based bonus. In addition, all members are entitled to fringe benefits. Their typical period of notice is six months. NEB members have signed employment agreements that provide for a fixed severance pay equal to six or, in the case of Deputy CEO, 12 months salary.

The retirement age of NEB members is 60-62 years. The pension paid can be a maximum of 66% or 60% of the retirement salary. In the first case the pensions are insured and paid by Neste Oil Pension Fund, and in the latter, pensions are insured by an insurance company. Pension benefits concerning persons, who have joined the management team after year 2007, are defined contribution plans. Pension insurance contributions for 2009 totaled EUR 592,000.

In 2009

The Neste Executive Board comprised 10 members and met 15 times in 2009. The NEB in 2009 consisted of the President & CEO, three business area Executive Vice Presidents, and the heads of Production and Logistics, Communications, Marketing and Public Affairs, Technology and Strategy, Sustainability and HSSE, and Human Resources, and the CFO.

AUDITOR

The Annual General Meeting elects an auditor annually, which must be an auditing company approved by the Finnish Central Chamber of Commerce. The auditor's term of office ends at the end of the next AGM following the election.

Governance & Shares and shareholders Corporate Governance Statement

Neste Oil Annual Report 2009

In 2009

Ernst & Young Oy was elected as Neste Oil's auditor, with Anna-Maija Simola, certified public accountant, as main responsible auditor.

INTERNAL AUDIT

The Internal Audit Unit is an independent corporate function and its operations are based on international professional standards covering internal audits and rules of ethics.

Duties

The Internal Audit Unit:
- provides objective assurance and consultation services designed to add value and improve the Company's operations
- assists the organization in evaluating and improving the effectiveness of risk management, financial control, and governance processes
- audits the operations of Neste Oil's refineries, subsidiaries, and other units on a regular basis, and
- carries out assignments requested by management or the Board of Directors' Audit Committee. The roles, responsibilities, and authorities of Internal Audit are covered in the Internal Audit Charter. Together with an annual operating plan, it is approved by the Board of Directors' Audit Committee.

Internal Audit reports to the Board's Audit Committee and administratively to the President & CEO. Internal Audit is a staff function without any direct authority over the activities it reviews.

INSIDER GUIDELINES

Neste Oil complies with the Insider Guidelines of the Helsinki exchanges established on 2 June 2008. The Company has also approved its own Guidelines for Insiders, which are stricter in some areas. The Company's closed window (see below), for example, exceeds minimum NASDAQ OMX Helsinki requirements.

The Company's Guidelines for Insiders are updated regularly and are available to all personnel. The Company arranges training on

insider guidelines for personnel and expects that its guidelines are followed. The Company supervises compliance with insider guidelines by checking disclosed information with those concerned annually. The Company's General Counsel is responsible for the coordination and supervision of insider matters. The head of each common function or business area is responsible for supervising insider matters within his or her organization.

The members of the Board of Directors and the Supervisory Board, the President & CEO, the Company's main responsible auditor, and the members of the Neste Executive Board and its secretary have all been classified as insiders subject to a declaration requirement. The holdings of Company securities by such insiders are filed in the public Insider Register, which can be consulted at the Company's web site. A public register is maintained in the insider register system of Euroclear Finland Oy (www.rcsd.eu).

The Company has also designated certain other executives, as well as certain individuals responsible for the Company's finances, financial reporting, and communications, who receive inside information on a regular basis due to their position or duties, as permanent Company-specific insiders.

Permanent insiders may not trade in any Company securities during the period from the closing date of an interim or annual accounting period to the date of publication of the interim report or financial statements bulletin for that period. The minimum period concerned is always 28 days prior to the date of publication of the interim report or the financial statements bulletin (closed window). The publication dates of interim reports and financial statements bulletins are shown in the financial calendar at www.nesteoil.com.

Individuals who participate in the development and preparation of projects that involve inside information, such as mergers and acquisitions, are considered project-specific insiders. Such people are included in a separate register of Project-Specific Insiders maintained by the Company's Legal Department.

RISK MANAGEMENT

The objective, framework, and process of risk management

The Corporate Risk Management Policy and Principles approved by the Board of Directors define the risk management principles to be used for managing the risks associated with the strategic and operational targets of the Group as a whole and its business areas and common functions. The Board is also responsible for approving Neste Oil's Treasury Risk Management Principles and Credit and Counterparty Risk Management Principles.

Business areas and corporate common functions have additional principles, instructions, and procedures related to risk management, approved by the President & CEO or the executive vice presidents of business areas.

Neste Oil's business, personnel, assets, and operating environment are exposed to a wide range of operational risks due to the extent, diversity, and nature of the Company's business activities and areas. Continuous operational activities are involved in tackling risks in functions such as finance, HSSE, ICT, as well as those related to reputation, legal affairs, technology, investments, and HR.

Neste Oil recognizes that risk is an integral and unavoidable component of its business and is characterized by both threat and opportunity.

The company's Risk Management Policy is based on:
- emphasizing the awareness and proactive management of risks
- exploiting risk management to enhance opportunities and reduce threats thus gaining competitive advantage
- ensuring that sufficient attention is given to risks and risk control, particularly in the areas of HSSE and sustainability
- managing risks as an integrated part of planning, decision-making, and operational

Governance & Shares and shareholders Corporate Governance Statement

Neste Oil Annual Report 2009

Risk management process

Risk Management Governance

processes, with a defined structure of roles and responsibilities.

Neste Oil's risk management framework is based on three risk assessment elements:

An Enterprise Risk Management (ERM) process. This is a systematic way of identifying threats and opportunities related to strategic targets and business plans.
Risk manuals for specific risk disciplines. Risk manuals and defined processes cover e.g. credit and counterparty risk principles, price risk management principles and instructions, treasury principles and instructions, and proprietary trading manuals and instructions.
Risk awareness in the organization. This is based on proactive thinking and behavior among individual employees.

Risk management is realized through these three elements by following the basic risk management process (above).

Risk management governance framework

The Board of Directors is responsible for setting the Group's risk appetite and for approving the Corporate Risk Management Policy and Principles for managing risk.

The Group's risk management governance is based on the three lines of defense model, which distinguishes between:

Business areas and common functions owning and managing risk
Risk management specialists controlling, consulting, and developing systems, and
The Audit Committee, which provides independent assurance of the overall efficacy of the company's risk management.

Risk management line responsibility

As part of the first line of defense, the President and CEO, supported by the Neste Executive Board, has overall responsibility for the management of risks.

In late 2009, Neste Oil established a Risk Management Committee steered by the Chief Financial Officer. The committee provides a comprehensive understanding of the overall risks the organization faces to the

Governance & Shares and shareholders Corporate Governance Statement

Neste Oil Annual Report 2009

Performance Management

Plan and set targets

Review performance quarterly

Review operational performance and portfolio versus targets
Ensure that progress is made and corrective actions are taken
Review and analyze performance versus targets
Prepare for interim reporting

Monitor, analyze, and plan corrective actions

Management reporting
Monitor and report performance status and analyses
Gap identification to understand deviations
Corrective actions taken immediately to tackle the gaps

Neste Executive Board, particularly related to risks that threaten the company's strategy and business plans, as well as investments and new business models.

Management and staff in Neste Oil's business areas and common functions are responsible for assessing and managing risks related to planning, decision-making, and operational processes in their areas.

Risk management control and consultation

The second line of defense comprises the Chief Risk Officer, supported by the risk management specialists in the Corporate Risk Management function and other common functions and business areas. They are responsible for overseeing specific risk disciplines, consulting and facilitating risk management processes, and developing risk management systems.

Risk management effectiveness assurance

The third line of defense, led by the Audit Committee, is designed to provide an independent assurance on the efficacy of systems of governance and risk management. Internal Audit plays a key role in the third line of defense and provides assurance to the Audit Committee.

Risk reporting

Corporate risk reporting to the Board of Directors, the Audit Committee, the President & CEO, and the Neste Executive Board takes place according to the following main principles:
- risks threatening strategic and business plan targets are reported as part of the corporate planning process
- risk treatments are reported through the Risk Management Committee as part of the corporate reviewing process
- reporting on the overall financial risk situation is provided as part of monthly reporting.

PERFORMANCE MANAGEMENT PROCESS

The Neste Oil Performance Management Process plays an essential role in helping the Group reach its strategic goals and reinforcing performance culture.

Excellent operational performance is based on setting challenging targets, executing action plans, reviewing progress, giving feedback, and measuring results and performance.

From the financial reporting point of view, Neste Oil's Performance Management Process consists of the monthly Management Reporting Process and the quarterly Performance Review Process. At corporate level, results and information in management reporting and performance reviews are compared to strategic goals and business plans and to analyses and planned corrective actions throughout the year. Business areas and common functions follow a similar approach, but emphasize a more detailed analysis and definition of corrective actions, as well as continuous improvement and prioritization of actions and development projects.

INTERNAL CONTROL

Objectives for internal control

The objective of internal control in Neste Oil is to ensure efficient implementation of the company's strategy and effective operations, assure compliance with both internal instructions and laws and regulations, achieve appropriate financial reporting, and prevent fraud. Internal control is integrated into daily processes and activities, as well as risk management.

The main responsibility for internal control lies with the line organizations of business areas and common functions. Identifying the main risks of processes and defining adequate control points are essential to ensuring an appropriate level of control. In addition to daily monitoring, line organizations evaluate their level of internal control by reviewing, assessing, and auditing their processes, and develop their system by taking corrective actions as needed.

Line management also has primary responsibility for organizing sufficient control to ensure compliance with the company's overall management principles, policies, principles, and instructions.

Roles and responsibilities

Under the Finnish Companies' Act, the Board of Directors is responsible for ensuring that there is adequate control over the company's accounts and finances. Responsibility for arranging this control is delegated to the CEO, who is required to ensure that the accounts of the company are in compliance with the law and that its financial affairs have been arranged in a reliable manner.

The heads of business areas and common functions are responsible for establishing and maintaining adequate and effective controls in their operations. Responsibility for the practical implementation of this is delegated to each organizational level. Managers at each of these levels are responsible for implementing corporate principles and instructions in their organization, and for assessing the effectiveness of controls as often as needed.

To ensure sufficient control and support the line organization, business controllers and their teams have an independent role in controlling their business line as agreed. In certain areas such as credit and counterparty risks, Risk Management has risk control responsibility. In respect of financial reporting, Finance has a key role in control activities. Other corporate functions also play a role in assisting, assuring, and monitoring the operation of internal control procedures, such as HSSE audits.

Internal Audit has overall responsibility for evaluating that internal control processes and procedures operate adequately and effectively.

Governance & Shares and shareholders Corporate Governance Statement

Neste Oil Annual Report 2009

As part of Corporate Governance, the Audit Committee oversees the Company's finances, financial reporting, risk management, and internal auditing.

Components of internal control

Neste Oil's internal control framework is based on the COSO (The Committee of Sponsoring Organizations of the Treadway Commission) framework.

Control environment

Neste Oil's values and management systems are the foundation of the control environment and provide the background for shaping people's consciousness. With respect to financial reporting:

the CEO and corporate management are responsible for underlining the importance of ethical principles and correct financial reporting;
the Audit Committee, appointed by the Board of Directors, is responsible for overseeing the financial reporting process and related controls;
clearly defined financial reporting roles, responsibilities, and authorities provide a clear framework for everyone; and
the structure of the organization and the resources allocated within it (segregation of duties, adequate financial reporting competencies recruited and retained) are designed to provide effective control over financial reporting.

Risk assessment

The Enterprise Risk Management (ERM) process defines the mechanisms used to identify, analyze, and manage the potential risks related to Neste Oil's objectives. The process is primarily focused on strategic, business, and operational risks, and does not cover all the risks threatening the reliability of reporting.

As a prerequisite for risk assessment, the organization's objectives need to be established. With respect to financial reporting, the general objective is to have reliable reporting and ensure that transactions are recorded and reported completely and correctly.

Based on risk assessment, the requirement for internal control has been included in the Principle and Instruction for Control over Financial Reporting.

Control activities

Control activities are instructions, guidelines, and procedures established and executed to help ensure that the actions identified by management as necessary to address the relevant risks are effectively carried out. Policies and other principles to be followed are documented in Neste Oil's management systems. The most important areas from the standpoint of financial reporting are included in the Controller's Manual.

Neste Oil's entity-level and process-level control activities with respect to reliable financial reporting are described in the Principle and Instruction for Control over Financial Reporting. These establish the minimum controls to be used and include controls related to transactions in a specific process as well as controls carried out as part of the monthly reporting process. Typical control activities include authorizations, automatic or manual reconciliations, third party confirmations, control reports, access controls to IT systems, and analytical reviews.

The principle and related detailed Instruction were implemented in selected businesses and units during 2009 that represent the majority of Neste Oil's reported results and are also representative from a risk management point of view. Neste Oil's other businesses and units will implement the principle during 2010.

Information and communication

Information and communication systems enable Neste Oil's personnel to capture and exchange the information needed to conduct, manage, and control operations. With respect to controlling financial reporting, this means that there is adequate information and communication regarding accounting and reporting principles.

The main means of communicating the matters relevant for correct financial reporting are the Controller's Manuals used at common function and business area levels, which include instructions covering accounting principles, planning, estimating, and reporting, as well as periodic controllers' meetings.

Monitoring

Monitoring is a key component of the internal control system and enables management and the Board of Directors and the Audit Committee to determine whether the other components of the system are functioning as they should and to ensure that internal control deficiencies are identified and communicated in a timely manner to those responsible for taking corrective action and to management and the Board as appropriate.

Effective monitoring is based on an initial evaluation of controls and whether they are effective in mitigating the risks identified. The ongoing operation of controls is regularly monitored as part of regular management activities, as the efficacy of controls can diminish over time due to changes in the operating environment that affect the risks that controls are designed to mitigate, or due to changes in the controls themselves caused by changes in processes, IT, personnel, or other factors.

Governance & Shares and shareholders Corporate Governance Statement 59

AI assistant

Neste Oyj — Governance Information 2009

3230_rns_2010-03-11_94d10564-51bd-4322-97f9-db18ae6285dd.pdf

Corporate Governance Statement

GOVERNANCE BODIES

ANNUAL GENERAL MEETING

The 2009 AGM

NOMINATION COMMITTEE

Duties

In 2009

SUPERVISORY BOARD

Members

Area of responsibility

Duties

In 2009

BOARD OF DIRECTORS

Area of responsibility

Duties

In 2009

BOARD COMMITTEES

Audit Committee

Duties

In 2009

Personnel and Remuneration Committee

Duties

In 2009

PRESIDENT & CEO

In 2009

NESTE EXECUTIVE MANAGEMENT BOARD (NEMB)

In 2009

NESTE EXECUTIVE BOARD (NEB)

In 2009

AUDITOR

Risk management governance framework

Risk management line responsibility

Performance Management

Review performance quarterly

Monitor, analyze, and plan corrective actions

Risk management control and consultation

Risk management effectiveness assurance

Risk reporting

PERFORMANCE MANAGEMENT PROCESS

INTERNAL CONTROL

Objectives for internal control

Roles and responsibilities

Components of internal control

Control environment

Risk assessment

Control activities

Information and communication

Monitoring

More from Neste Oyj

Neste Oyj Governance Information 2009