AI assistant
SSH Communications Security — Governance Information 2013
Feb 27, 2013
3344_rns_2013-02-27_b30952ec-8f62-4615-b453-47adf17792db.pdf
Governance Information
Open in viewerOpens in your device viewer
ssh
SSH COMMUNICATIONS SECURITY CORPORATION
CORPORATE GOVERNANCE STATEMENT
FEBRUARY 26, 2013
ssh
CORPORATE GOVERNANCE STATEMENT OF SSH COMMUNICATION SECURITY - FEBRUARY 26, 2013
SSH Communications Security Group comprises of SSH Communications Security Corporation ("SSH") and its subsidiaries. SSH is registered in Helsinki, Finland and is a publicly listed company. Its subsidiaries are SSH Communications Security, Inc. (USA), SSH Operations Ltd (FIN), SSH Communications Security Limited (HK) that operates in Asia Pacific and SSH Solutions Ltd. (FIN) for the purpose of managing SSH's IPR assets. During the fiscal year 2012, SSH Communications Security Licensing S.A.R.L (Luxemburg) and UK branch of SSH Operations Ltd. were closed.
SSH abides by its Articles of Association as well as principles of sound corporate governance, and high ethical standards in its governance and decision-making. The company complies with the Finnish Companies Act and securities market legislation and Finnish Corporate Governance Code 2010 adopted by the Securities Market Association. The Code entered in force on October 1, 2010 and is available at www.cgfinland.fi. The Corporate Governance Statement of SSH can also be reviewed at SSH's website www.ssh.com.
ANNUAL GENERAL MEETING
The ultimate decision-making power at SSH is vested in the shareholders' meeting. The Annual General Meeting is held within six months of the completion of the company's fiscal year, at a time decided by the Board. The shareholder's meeting decides the number of members of the Board of Directors, and appoints the members. Additionally, under the Finnish Companies Act, the Annual General Meeting has the authority to amend the company's Articles of Association, adopt the financial statements, approve the amount of dividend, and to select the company's auditors. Each SSH share conveys one vote at the shareholder's meeting.
BOARD OF DIRECTORS
In accordance with the company's Articles of Association, the Annual General Meeting appoints three to eight members to the Board of Directors. Their term of office ends with the closing of the next Annual General Meeting following their appointment. The Board has a quorum when more than half of its members are present. The company's Articles of Association do not restrict the members' terms in office or present any specific selection criteria for the members. The Board elects a chairperson from among its members.
Board of Directors is responsible for the company's strategic policies, and the appropriate organization of business operations and administration. The Board of Directors acts in the company's interests at all times. In addition to the tasks and responsibilities provided by the Finnish Companies Act and the company's Articles of Association, in accordance with its agenda, SSH Board of Directors:
- appoints and dismisses the CEO and decides on his/her service terms
- approves hiring of Group Management Team members
ssh
- approves bonus and incentive schemes for CEO and personnel
- approves the company's long term strategy and annual budget and follows their implementation
- reviews and approves interim reports and annual report
- confirms the company's risk management and reporting procedures
- decides acquisitions and other significant investments
- decides other matters that belongs to Board of Directors power due to the Finnish Companies Act or other legislation
BOARD OF DIRECTORS – MEMBERS
The Annual General Meeting held on 28 March 2012 elected Päivi Hautamäki (chairman), Sami Ahvenniemi and Tatu Ylönen as members of the Board of Directors.
Päivi Hautamäki, born 1964, Master of Law, LLM
Board member and Chairman of the Board since 2012
General Counsel at Eltel Group
Päivi Hautamäki has extensive experience of more than 15 years in energy, IT and industry field. She is the General Counsel at Eltel Group. Prior to joining the company in 2012, she was the General Counsel at F-Secure Corporation, an anti-virus and computer security and computer software company, the Legal Counsel at Fortum Oyj, a Finnish energy company, and the General Counsel at Winwind Ltd, a wind turbine manufacturer. She is also a member of the IPR committee of the Board of Central Chamber of Commerce in Finland and a Member of the Board of Finnish Industrial Lawyers.
Päivi Hautamäki has a Master of Law degree from Helsinki University.
Päivi Hautamäki does not own any SSH shares.
Sami Ahvenniemi, born 1972, M.Sc (Tech.) in Industrial Engineering and Management
Board member since 2012
Co-Founder & Partner at Conor Venture Partners Ltd
Sami Ahvenniemi is Co-Founder & Partner at Conor Venture Partners, an early stage Nordic technology venture capital company. Mr. Ahvenniemi has 15 year experience in working with technology companies having held executive positions both in Finland and in the United States. Prior to starting his venture career in 2002, Mr. Ahvenniemi held several executive positions at SSH Communications Security Corporation between 1998 and 2002 and was among other positions the first founding CEO of its operation in the USA in 1998.
Mr. Ahvenniemi holds several board memberships in international growth companies such as Neo Technology (California), Sensinode (California/Finland) and Behaviometrics (Sweden).
ssh
Sami Ahvenniemi has a Master of Science degree in Industrial Engineering and Management from Aalto University School of Science and Technology.
Sami Ahvenniemi does not own any SSH shares.
Tatu Ylönen, born 1968, LicSc (Tech)
Board member since 1995
Major shareholder, CEO since September 26, 2011
Mr. Ylönen has established and led several companies prior to SSH Communications Security Corporation. These include New Generation Software (NGS) Ltd. in 1988 and Applied Computing Research (ACR) Ltd. in 1994. He is an internationally respected network security expert, and has made key industry contributions to data security standardization.
In 1995, Mr. Ylönen invented Secure Shell (SSH) for secure remote access. Since that time, Secure Shell has become a pervasive network data security standard used across the Internet and in enterprise networks.
Mr. Ylönen graduated in 1992 from Helsinki University of Technology with a Master of Science degree in Technology, and a major in Computer Sciences. He also holds a Licentiate of Technology diploma from Helsinki University of Technology.
He is a member of the IEEE (Institute of Electrical and Electronics Engineers), ACM (Association for Computing Machinery), the AFCEA (Armed Forces Communications and Electronics Association) and ACL (Association for Computational Linguistics). He has authored several articles in national and international journals and periodicals.
Tatu Ylönen owns 17.727.698 SSH shares (holdings of interest parties included).
The majority of the Board members have no dependence on the company. Päivi Hautamäki and Sami Ahvenniemi are deemed to be independent Board members. Tatu Ylönen owns directly and indirectly approximately 57,7 percent of the total number of SSH's shares and is therefore classified as not independent Board member of the company.
BOARD RESPONSIBILITIES
The Board works to a predetermined agenda. The themes to be considered in future meetings, and the Board's agenda, are planned at the start of each new term of office. During the spring, the agenda is focused on outlining strategic policies and updating the corporate strategy. In the autumn, the focus is on tactical matters, and in November the budget for the following year is approved. Meetings in the early spring focus on preparations for the Annual General Meeting.
The members of the Board receive regular updates on the company's business and financial performance. In the Board meetings, the CEO, the Chairman of the Board or another person
ssh
appointed by the CEO, presents business to be considered to the Board. Each Board meeting considers a progress report provided by the CEO in line with the standard agenda. All Board meetings also monitor sales performance, market development and the company's financial performance. The company's CFO acts as secretary to the Board.
SSH Board of Directors convened 24 times in 2012. The average attendance rate of Board members was 95,8 percent.
The Board evaluates its operations and processes to increase efficiency and quality. An internal self-evaluation is conducted once a year.
Due to the relatively small size of the company and number of Board Members currently, SSH Communications Security has no separate Committees of the Board.
CEO AND GROUP MANAGEMENT TEAM
SSH Board of Directors appoints and releases the CEO and decides the terms of his/her service contract. The CEO is in charge of the company's operative management in accordance with the Finnish Companies Act and the instructions and authority provided by the Board of Directors.
The Group Management Team supports the CEO in managing and developing SSH Communications Security Group, and the members of the Group Management Team report to the CEO. The Group Management Team meets regularly and the meetings are chaired by the CEO. All issues addressed in the meetings and related decisions are recorded in the meeting minutes.
Tatu Ylonen, born 1968, LicSc (Tech.)
President and Chief Executive Officer
Tatu Ylonen developed the Secure Shell technology for remote access and founded SSH Communications Security Corporation. He is an internationally respected network security expert. Owns 17.727.698 SSH shares (holdings of interest parties included).
The CEO's retirement age and determination of pension comply with standard rules under the Employees' Pension Act. The period of notice for the CEO is three months. The total remuneration of Managing Director at the date is EUR 0 per month. There is no separate severance payment agreed. The Managing Director is entitled to annual bonus scheme which will be decided by the Board of Directors every year during the first quarter or latest one month after Annual General Meeting. For reaching FY2012 performance criteria decided separately by the Board of Directors, maximum bonus is EUR 300,000.
ssh
Jyrki Lalla, born 1964, M.Sc
Chief Financial Officer (starting 1.4.2012)
Jyrki Lalla is responsible for Financial Management, Treasury, Human Resources, Corporate Development and Corporate Governance. He also acts as Secretary to the Board of Directors.
Prior to joining the company in February 2012, Mr. Lalla held several senior financial management positions at Nokia Corporation and Nokia Siemens Networks in Finland, Italy, Great Britain and Germany. Mr. Lalla has headed finance and control for global software and service businesses in Europe, Middle-East and Africa. Jyrki has gained extensive experience in ramping up international operations in high growth organizations with specific responsibilities for functional areas such as acquisitions, divestments, outsourcing and mergers. He also has knowledge of development processes and systems for finance & control, overall operations and risk management.
Mr. Lalla has a Master of Science degree from Turku School of Economics and Business Administration and further studies in finance from Hanken School of Economics and IMD.
Owns 100 000 SSH shares (no holdings of interest parties) and 100 000 options.
Matthew McKenna, born 1973, MBA
Chief Operating Officer & Executive Vice President, Global Sales and Marketing
Matthew McKenna brings extensive technology experience to SSH's sales and marketing team and is responsible for all revenue-generating operations at the company. His expertise in strategically delivering technology solutions that anticipate the marketplace has helped SSH win the trust of 7 of the Fortune 10 and more than 3,000 customers worldwide.
Prior to joining SSH Communications Security, Matthew served as a member of the executive management team of ADP Dealer Services Nordic and Automaster Oy, where he was responsible for international channel operations and manufacturer relations. He was responsible for key accounts including Mercedes Benz, General Motors and Scania CV. Automaster was acquired by ADP in 2009
Matthew holds a BA in German from the University of South Carolina and an MBA from the Helsinki School of Economics and Business Administration.
Matthew McKenna owns 32 000 SSH shares (holdings of interest parties included) and 200 000 options.
Kalle Jaaskelainen, born 1977, BA (Science)
Vice President & Head of Research and Development
Kalle has over ten years of experience in the information security and communication network industry. His technical background and sales expertise creates an ideal combination for understanding the market and customers' challenges along with the technical implementation
ssh
possibilities. His current role as Vice President & Head of Research & Development and Customer Services allows him to support and serve a majority of the global Fortune 500 companies.
Kalle received his Bachelor of Science from the Vantaa Institute of Technology where he specialized in Telecommunication and Computer networks and carries a CISSP certification.
Kalle Jäaskeläinen owns 10 000 SSH shares (no holdings of interest parties) and 100 000 options.
REMUNERATION AND INCENTIVE PLANS
The shareholders' meeting confirms annually in advance the emoluments payable to the members of the Board of Directors. The Board of Directors confirms the salary and other benefits of the CEO, and also determines the salaries and benefits payable to senior management.
Forms of remuneration for SSH Communications Security's senior management and CEO involve a performance-related bonus. The company has no other remuneration practices, nor does it have any differing pension arrangements for the CEO or other senior management. The targets for the company's senior management are fixed for one year at a time.
Stock option plans have been issued in 2012. In accordance with the authorization from the Annual General Meeting, the Board of Directors decided on 27 July 2012 an option plan I/2012 of maximum 2,000,000 options, each of which entitles to subscribe one share at a price of EUR 0.65. The Board of Directors decided on 4 December, 2012, upon a share issue directed to personnel, from which 197,300 shares were subscribed increasing the shareholder's equity with EUR 5,919. Stock option plans are explained in more detail under the note 20 to the consolidated financial statement.
In November 2009, the former Management Group and former CEO of the Group set up a company named SSH Management Investment Oy (SMI), through which the management incentive scheme has been implemented. The company owns 1,433,750 shares in the parent company. This arrangement is explained in more detail under the note 29 "Group companies and related party transactions" to the consolidated financial statement.
Remunerations to the Board of Directors:
- Päivi Hautamäki EUR 24,000/year
- Sami Ahvenniemi EUR 18,000/year
- Tatu Ylönen (no salary or remuneration)
The CEO's salary and other benefits in 2012 were EUR 225.000.
The number of shares and stock options held by the members of the Board of Directors, CEO and members of the Group Management Team are included in their personal profiles above.
INSIDER MANAGEMENT
ssh
SSH Communications Security has established insider guidelines that comply with the Guidelines of Insiders approved for public companies by the Nasdaq OMX Nordic Exchange, Helsinki (prev. Helsinki Stock Exchange). The company maintains a public insider register of the public permanent insiders and the persons closely associated with the said permanent insiders' share and stock option holdings in the SIRE system of the Finnish Central Securities Depository Ltd. The public insider register and the principles regulating trading by insiders are available at the company's website and the company's headquarters.
The public permanent insiders of the company are members of the Board, CEO, members of the Group Management Team, and the auditors. The company also maintains a company-specific insider register of persons who by virtue of their position regularly receive insider information or could have an opportunity to gain access to insider information through the nature of their work and who are not in the public insider Register. These persons include the assistants to executive management, product management, financial administration, and management of information services. In addition, any external legal consultants used by SSH Communications Security belong to the company-specific insider register.
Insiders belonging to the public or company specific insider register are not allowed to trade in securities issued by the company for a period of 21 days prior to the announcement of an interim report and the financial statement bulletin (closed window).
The said permanent insiders are allowed to trade in securities issued by the company without a prior approval of the company's General Counsel only for a period of 21 days after the announcement of the interim report and the financial statement bulletin of the company (open window).
Under circumstances where the company is preparing an event that may have a significant impact on the stock price, a project specific insider register is established. Also the project-specific insider register will be based on the insider guidelines of the Nasdaq OMX Nordic Exchange, Helsinki (prev. Helsinki Stock Exchange). Company's CFO is responsible for guidance and supervision of the insider matters.
INTERNAL ADMINISTRATION
The aim of internal administration and risk management is to ensure efficient, appropriate operations, dependable financial information and compliance with regulations and internal processes. SSH Communications Security's Board of Directors ensures that the company has defined principles of internal administration, and that the company monitors the effectiveness of the administration. The ultimate responsibility for the company's accounting and supervision lies with the SSH Communications Security Board of Directors. The Board also approves SSH Communications Security's risk management and reporting procedures and monitors the adequacy, appropriateness and efficiency of the company's administrative processes.
ssh
The CEO, assisted by other operative management, is responsible for the practical arrangements for accounting and administration mechanisms and for compliance with laws, regulations, company processes, and the Board's decisions. To support its operations, the company has a number of rules and guidelines. Process and quality work ensures that there is a description of all processes, and that the various process interfaces are properly defined and documented. Processes are also intended to ensure that everyone in the organization knows how the company works, and how the work of each individual is integrated into the company's operations. Supervisory actions ensure compliance with rules, guidelines, and processes.
The company sets annual financial targets in connection with the budget and constantly tracks target achievement. The company's organizational structure supports efficient planning, implementation, and monitoring of business operations. Balanced Scorecard measurements ensure that the targets are in balance.
RISK MANAGEMENT
Risk management is a part of SSH Communications Security's internal administration. It aims to ensure that major risks affecting the company's business and operating environment are identified and monitored. Since the United States is the main market area, any risks including currency risks associated with that country are considered to be significant. Other major risks are related to product technology, competitor activities and profitability. Property, business interruption and liability risks are covered by insurance.
SSH Communications Security's main market area is the United States. To reduce this market dependency risk, the company is actively seeking to expand operations in Europe. Sales operations are supported by the company's own legal unit, which, through continuous management of contracts, seeks to reduce the risks related to the company's business operations. SSH Communications Security protects its copyrights and trademarks through sales agreements. The company also has an active patent policy to protect its technology. SSH Communications Security encourages its employees to make and protect inventions.
SSH Communications Security has a process in place whereby any network security risks found in the company's products are promptly reported to senior management. Corrections are made immediately and updates are supplied to customers without delay. The company's critical information systems are secured and operations can continue, even in the event of an external catastrophe. SSH Communications Security actively uses its own products to protect the information system architecture. Encryption and strong authentication protect the company's confidential data communications from both internal and external threats.
Financial risk management is described separately in the financial statements section of the company's annual report. SSH Communications Security provides no financing for its customers other than by granting normal payment periods. The company has a strong balance sheet and no significant long-term liabilities. Asset managers invest the company's cash reserves in accordance
ssh
with a policy approved by the Board of Directors. Since most of SSH Communications Security's invoicing takes place in US dollars, the company is hedged against exchange rate risks.
INTERNAL AUDITING
Because of the relatively small size of the company, SSH Communications Security has no separate internal audit organization. The continuous monitoring by the auditors in conjunction with the interim reports also aims to assess and develop the effectiveness of risk management, monitoring and administration processes, and to support the Board with its monitoring responsibility.
AUDITORS
The company's auditors provide shareholders with a report, as required by law, in conjunction with the annual financial statements. The principal aim of the statutory audit is to verify that the financial statements give a true and fair view of the company's financial performance and situation for each fiscal year. In addition to the Auditor's report provided with the annual financial statements, the auditor's report on their findings to the company's Board of Directors in connection with the interim reports.
In accordance with the Articles of Association, SSH Communications Security has one Principal Auditor authorized by the Chamber of Commerce, and one Deputy Auditor. If a firm of Authorized Public Accountants is appointed as the principal auditor, there is no need to appoint a deputy auditor. The auditors are appointed at the Annual General Meeting. SSH Communications Security's auditor is KPMG with Kirsi Jantunen as principal auditor.
In 2012, the auditor's fees were EUR 27 599 in the Group and EUR 19 000 in the parent company. Other fees charged by the firm of auditors were EUR 19 414 in the Group and EUR 5 952 in the parent company. Other fees were mostly related to tax advice.
PUBLIC COMMUNICATIONS
SSH Communications Security aims to give the markets a clear view of the company's operations and financial performance in accordance with the regulations on the disclosure obligation for publicly listed companies. The company prefers electronic forms of communication. All stock market releases, other investor information, and the latest company information are available at ssh.com website.