QPR Software Oyj — Governance Information 2023

Mar 20, 2023

1

QPR Software's

Corporate Governance Statement 2022

QPR SOFTWARE'S CORPORATE GOVERNANCE STATEMENT 2022

The Finnish Corporate Governance Code

Compliance with the Corporate Governance Code

QPR Software Plc has complied with the Corporate Governance Code 2020 issued by the Finnish Securities Market Association since the financial year that started on January 1, 2020.

Deviations from Recommendations

QPR Software Plc complies with the Finnish Corporate Governance Code with the following exceptions: The Board of Directors has not established any committees. The Board has deemed that considering the size of the Group, the scope of its operations, and existing control systems, separate committees are not necessary. The Board as such is responsible for the duties of the audit committee as well as other committees.

The Board of Directors does not have representatives of both genders. The Board consists of only four persons, each of whom represents a well-defined competence profile. When the current Board was elected, the best suited candidate for each target profile was male. The composition of the Board is evaluated annually, and the aim is to have representatives from both genders elected to the Board at the latest in 2024.

Availability of the Corporate Governance Code on the Internet

The Finnish Corporate Governance Code is publicly available, for example, on the website of the Finnish Securities Market Association, at www.cgfinland.fi.

BOARD OF DIRECTORS

Composition of the Board of Directors

The Board of Directors consists of the following members elected in the Annual General Meeting March 25, 2021: Pertti Ervi, Matti Heikkonen, Antti Koskela and Jukka Tapaninen. In the Annual General Meeting held on April 6, 2022, Pertti Ervi, Matti Heikkonen, Antti Koskela, and Jukka Tapaninen were re-elected to the Board of Directors.

Pertti Ervi

Chairman of the Board b. 1957, engineer

About

• Chairman of the Board since March 2021.
• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• Independent management consultant and professional board member
• Computer 2000 AG, Co-CEO 1995 2000.
• Computer 2000 Finland Oy, Founding Member and Managing Director 1983 1995.

Key positions of trust

• Chairman of the Board, F-Secure Oyj, 2022 present
• Member of the Board, WithSecure Oyj, 2003 present
• Member and Chairman of the Board, Efecte Oyj, 2008 present
• Chairman of the Board, Mintly Oy, 2017 2022
• Member of the Board, Pointsharp Holding AB, 2021 present
• Member and Chairman of the Board, Teleste Oyj, 2009 2020
• Member and Chairman of the Board, Comptel Oyj, 2011 2017
• Chairman of the Board, Stonesoft Oyj, 2004 2007

Pertti Ervi held 45,358 shares of QPR Software Plc on December 31, 2022.

Antti Koskela Member of the Board b. 1971 Master of Science in Technology

About

• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• WithSecure Oyj, Executive Vice President and Chief Product Officer, 2021 present
• Elisa Oyj, Vice President, Business Development, 2020 2021
• Nokia Software, CDO and Vice President, 2018 2020
• Comptel, CTO and Executive Vice President, 2011 2017
• Nokia Siemens Networks, various managerial positions, 2007 2011
• Nokia Networks, various managerial positions, 1999 2007

Antti Koskela held 27, 527 shares of QPR Software Plc on December 31, 2022.

Matti Heikkonen

Member of the Board b. 1976 Master of Science in Technology

About

• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• Enreach for Enterprises, CEO, 2021 present
• Benemen Oy, CEO, 2018 2021
• Questback AS, EVP Global Operations, 2010 2018
• Digium Oy, CEO, 2007 2010
• Nokia, various managerial positions, 2004 2007
• Various CEO and managerial positions in the software industry, 1998 2004

Key positions of trust

• Chairman of the Board, Benemen Oy, 2017 2018
• Member of the Board and Audit Committee, F-Secure Oyj, 2013 2019
• Member and Chairman of the Board, Mobile Wellness Solutions MWS Oy, 2015 2019
• Member and Chairman of the Board, The Finnish Software and E-business Association, 2004 – 2017
• Member of the Board, Ixonos Oyj, 2011 2015

Matti Heikkonen held 9, 067 shares of QPR Software Plc on December 31, 2022. Double Trade Oy, which is under Mr. Heikkonen's control, owned 40 922 QPR Software Plc:n shares as of December 31, 2022.

About

• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• Aiforia Technologies, CEO, 2020 present
• Pegasystems, VP and Managing Director EMEA, APAC and Japan, 2016 2020
• SAP, Vice President Global/EMEA, 2005 2016
• Basware, SVP and General Manager, 2002 2005
• Stonesoft Inc, CEO Americas, 2000 2002
• HP, Regional and Global managerial roles, Sales and Business Development, 1995 2000

Key positions of trust

• Vice Chairman of the Board, Aiforia Oy, 2015 2020
• Member of the Board, WeVision Oy, 2014 present
• Member of the Board, Meshworks Wireless Oy, 2011 present
• Chairman of the Board, Addoro Ab, 2014 2017 (acquisition)
• Member of the Board, Findity Ab, 2013 2016
• Member of the Board, VeliQ B.V., 2015

Jukka Tapaninen held 17,556 shares of QPR Software Plc on December 31, 2022.

Jukka Tapaninen

Member of the Board

b. 1963 Master of Science in Economics

Charter of the Board (Summary)

Board meetings:

• The Board convenes regularly, at least 8 times a year, according to a pre-agreed schedule.
• At least one meeting focuses on strategy and one on the budget.
• When necessary, the Chairman of the Board or CEO may call for an additional Board meeting.
• The agenda and material shall be delivered to Board members no less than three working days before the meeting, if not otherwise agreed with the Chairman.

Information:

• Board members shall receive a monthly report containing the Group's actual results, budget comparison, and commentary on the results including reasons for any significant budgetary deviations. The report also includes a summary of other significant matters within Group.
• All significant matters shall be informed to the Board immediately.
• Four times a year, the Board will be presented with each closing quarter's risk management report as part of the management reporting.

Matters to be handled at Board meetings include:

• Matters specified in the Finnish Companies Act.
• Approves strategy and the annual budget, and monitors their execution.
• Appoints and discharges the CEO and decides on the terms of their employment.
• Approves the hiring of personnel reporting directly to the CEO, and their terms of employment.
• Determines the principles of compensation for senior management.
• Approves incentive pay schemes for the CEO and personnel.
• Prepares a proposal on employee stock option plans for the board meeting and decides on its allocation to employees.
• Reviews and approves financial statements, including interim reports and financial statements bulletins.
• Approves acquisitions and significant unbudgeted investments and otherwise significant decisions.
• Approves the dividend distribution policy and prepares a proposal to the board meeting on their distribution.
• Approves the investment policy.
• Approves related party transactions.
• Monitors the implementation of internal controls, internal audits, and risk management.
• Handles matters that have been agreed upon by the Chairman of the Board and the CEO to be handled by the Board of Directors or that otherwise fall within the Board's decision-making authority pursuant to the Finnish Companies Act,

the Articles of Association, or other applicable laws and provisions.

Operations in the financial year 2021

In the financial year 2022, QPR Software Plc's Board of Directors convened 21 times. The average attendance rate of the Board members was 98%. The Board of Directors make a self-assessment of its activities. The Board did not establish any committees.

Diversity of the Board

The Board of Directors of QPR Software Plc are elected based on business needs and the merits of the candidates, bearing in mind the advantages of diversity. The selection criteria consist of professional competence, experience, and personal qualities. In assessing professional competence and experience, special attention is paid to experience in international software business and business development, as well as experience in financing, economics, and entrepreneurship.

The Company aims to have both genders represented on the Board. In 2022, four board members were elected at the Annual General Meeting. At the moment, there are no female board members.

The Board of Directors of QPR Software Plc has set these diversity principles. They are presented and reported in the Company´s Corporate Governance Statement.

Committees

The Board has deemed that considering the size of the Group, the scope of its operations, and existing control systems, separate committees are not necessary. The Board as such is responsible for the duties of the audit committee as well as other committees.

Supervisory Board

QPR Software Plc does not have a Supervisory Board.

CHIEF EXECUTIVE OFFICER

Chief Executive Officer of QPR Software Plc

Jussi Vasama (b. 1974) started as the CEO of QPR Software Plc on October 1, 2021. Jussi Vasama holds a Master's degree in Industrial Engineering and Management.

Jussi Vasama has more than 20 years of experience in international professional services and software business. Since 2007, Vasama was employed by Basware Corporation and held various positions in sales, professional services, and customer support, e.g., as Country Manager of Finland. Most recently, Vasama served as Chief Customer Officer and was a member of the Executive Management Team. He was responsible for the Corporation's Professional Services and Customer Success, as well as global customer support, and led an international organization of nearly 600 people. Prior to that, Vasama worked as a management consultant at Vectia Ltd for 7 years.

In addition to growing businesses internationally, Vasama is experienced in operating in cloud and SaaS environments, developing and innovating new business models, and leading global change initiatives, such as building a partner ecosystem.

Jussi Vasama held 58,380 shares of QPR Software Plc on December 31, 2022.

Duties of the Chief Executive Officer

QPR's Board of Directors appoints the CEO and decides on the terms of their service. The CEO's terms of service have been agreed on in writing. The CEO is not appointed for a fixed term but is appointed indefinitely.

The CEO manages the Company's operations in accordance with the Finnish Companies Act and the Board of Directors' instructions and rules and informs the Board of Directors about the development of the Company's business and financial situation. The CEO is also in charge for the Company's day-to-day management and for ensuring that the Company's financial administration is arranged in a reliable manner. The CEO is the primarily presenter in board meetings and responsible for preparing proposals for board decisions.

INTERNAL CONTROL AND RISK MANAGEMENT

Internal Control

QPR Software's internal controls and risk management aim to ensure that the Group operates efficiently and effectively, distributes reliable information, complies with regulations and operational principles, reaches its strategic goals, reacts to changes in the market and operating environment, and ensures continuity of its business.

It is the duty of the Board of Directors to monitor the appropriateness, effectiveness, and efficiency of risk management and internal controls within the Group.

The Board assesses the risks based on the threat they pose to shareholders. The Board also oversees that the Company has defined operating principles for internal control and that the Company monitors the effectiveness of controls.

Internal Control and Risk Management Systems Associated with Financial Reporting

The ultimate responsibility for accounting and financial management lies with QPR Software Plc's Board of Directors. The Board is responsible for internal control, and the CEO is responsible for organizing internal controls and for monitoring of effectiveness of controls.

Business operations are controlled and monitored through a Group-wide reporting and forecasting system. The CEO and the CFO use monthly reports to provide a review of the Group's situation and development for the Board and Executive Management Team.

Risk Management

The Group's CFO is responsible for coordinating and reporting on the Group's internal controls and risk management. The Group's risk management is driven by the requirements arising from legislation, shareholder expectations regarding business objectives, as well as the expectations from customers, personnel, and other important stakeholders.

QPR's risk management aims to systematically and comprehensively identify the risks related to its operations and to ensure that risks are managed and considered in decision making. Risk management responsibilities are integrated throughout the organization. Risk management is developed by continuously improving the Company's operational processes.

The principle of materiality is used as the basis for identifying risks: the realization of monitored risks must have a material effect on the Company's business operations.

QPR Software has identified the following three groups of risks related to its operations:

• risks related to business operations,
• risks related to information and products, and

• risks related to financing.

Property, operational and liability risks are covered by insurance.

QPR Software Plc's Management System was awarded the ISO 9001:2015 quality certificate covering all of the Company's activities, which are audited annually by an external evaluator.

RISKS RELATED TO BUSINESS OPERATIONS

The following risks are related to QPR Software's business operations:

• • Country risk. Risk is measured by assessing the potential loss of country-specific revenue. Risk is managed by continuously gathering market information and diversifying business across geographical markets and industries.
• • Customer risk. Risk is measured in terms of software maintenance customer churn and the share of overdue accounts receivable in total receivables (%). Risk is managed by taking good care of every customer and reseller, as well as by actively following up on accounts receivable.
• • Personnel risk. Risk is measured in terms of personnel churn. Risk is managed through skilled recruitment, professional management practices, and by providing opportunities for job rotation as well as learning and growth.
• • Legal risk. Risk is measured by comparing the cumulative euro-value of all open legal disputes with annual net sales (%). Risk is managed with good knowledge of contract law and standard terms, and by conducting activities that are both ethical and in line with Company values.

QPR's country and customer risks are mitigated by conducting business in more than 50 countries, in both public and private sectors, as well as in several different industries.

Reasonable credit risk concerning individual business partners is characteristic to any international business. QPR seeks to limit this risk by continuously monitoring standard payment terms, receivables, and credit limits.

RISKS RELATED TO INFORMATION AND PRODUCTS

QPR Software has identified the following three risks related to information and products:

• • Risk related to products. Risk is managed by ensuring that the Company's product range remains competitive by differentiating from competitors through the strengths of its content and products. The Company seeks to ensure the security of its products using automatic malware prevention.
• • Intellectual Property Rights. The Company's Intellectual Property Rights (IPR) are protected by the confidentiality of the source code, its secure storage, and selected patent applications. In its new process mining business, the Company has adopted a more active IPR strategy. As a result, QPR filed patent applications for five separate inventions in Finland and the USA in 2012. The inventions relate to automated business process discovery based on processing event data. In April 2015, QPR announced that the U.S. Patent and Trademark Office has granted a patent as a result of the applications. In May 2016, QPR informed that the U.S. Patent and Trademark Office granted an additional patent to its process mining technology. In addition, the Company uses contract management and internal training to

ensure that third-party IPRs are not used without permission in QPR products. The Company has a legal expenses insurance.

• Information and security risks. QPR Software regularly monitors and mitigates information security risks in its operations and reports to the Board of Directors. We use both governance and technological means to improve the security of our systems. To mitigate information security risks, we have adopted data and vendor governance models, conducted annual audits of our partners, and organized relevant in-house training to improve security awareness.

There have not been any significant changes in QPR's information and product related risks in 2022.

RISKS RELATED TO FINANCING

QPR Software has identified the following two financing risks:

• • Currencies. Foreign currency risk is measured by calculating the share of all non-euro receivables in total receivables, or the share of an individual non-euro currency in all receivables (%). The risk is managed by using the euro as the primary invoicing currency and by currency hedging in accordance with the Company's hedging policy. The Company constantly monitors the development of open positions of the most important invoicing currencies. At the end of the financial year, the Company had not hedged its foreign currency (non-euro) trade receivables.
• • Short-term cash flow. The risk is measured based on the forecasted cash flow. The risk is managed by actively monitoring the forecast and by effectively collecting overdue receivables. The risks related to

the Company's financial position are mitigated by recurring revenue representing a relatively large share of net sales. The Group's financial position is fair due to performance of the period. This financial statement has been prepared according to Going Concern -principle considering efficiency improvement measures, operating forecast as well as the re-financing agreement the company made in January 2023.

The risks related to the Company's financial position are mitigated by relatively high share of recurring revenue in net sales.

OTHER INFORMATION TO BE PROVIDED IN THE CORPORATE GOVERNANCE STATEMENT

Main Procedures Relating to Insider Administration

QPR's Insider Guidelines include Nasdaq Helsinki Ltd's Guidelines for Insiders of Listed Companies (updated January 1, 2021) and the Market Abuse Regulation (MAR). Both documents are included in QPR's guidelines as such. QPR's Insider Guidelines set trade restrictions prohibiting Persons Discharging Managerial Responsibilities (PDMRs), permanent insiders and event-based insiders from making transactions with QPR's securities during a closed

period of 30 days ("closed window") prior to the publication of financial statements. The closed window ends the day after the publication of the financial statements. According to QPR's Insider Guidelines, permanent insiders must notify the CEO and the Chairman of the Board about the intention to trade QPR's securities prior to executing a transaction.

The CEO, members of the Board of Directors and the Executive Management Team are considered PDMRs – this is because they are regularly exposed to inside information and have the right to make decisions regarding the future of QPR. QPR's permanent insiders include employees or other outsourced persons that due to their position or the nature of their responsibilities have access to inside information.

In case QPR prepares an event that could significantly impact the Company's value (e.g., a corporate acquisition), an event-based insider list must be created for the project. Event-based insiders are persons that contractually work for QPR either directly or indirectly and have access to inside information; as well as any organization that is provided inside information about the project.

QPR's CFO manages insider issues and supervises compliance with QPR's Insider Guidelines. The CFO also maintains QPR's insider register.

Due to the MAR regulation, the information in the insider register system, NetSire, is based on the status of July 2, 2016, and is no longer updated.

QPR Software Plc's managers and their closely associated persons, as referred to in the MAR regulation, have been requested to notify of their transactions as of July 3, 2016.

Audit

The Board elects the auditors at the Annual General Meeting. Only auditors approved by the Finnish Central Chamber of Commerce are considered. In 2021, the elected auditors were the Authorized Public Accountant Firm KPMG Oy Ab, which declared Miika Karkulahti, Authorized Public Accountant, as the principal auditor. The auditor's term expires at the close of the next Annual General Meeting following the election.

In 2022, the auditors were paid EUR 65,800 for audit services and EUR 5, 419 for non-audit services. EUR 37,000 of the fees were related to year 2021 audit and EUR 27,400 was related to 2022 audit.