Skip to main content

AI assistant

Sign in to chat with this filing

The assistant answers questions, extracts KPIs, and summarises risk factors directly from the filing text.

Sign up Log in

SSH Communications Security Governance Information 2021

Mar 3, 2021

3344_rns_2021-03-03_097c993c-d1f9-48d0-af55-1b87ac0a11a0.pdf

Governance Information

Open in viewer

Opens in your device viewer

SSH.COM

SSH COMMUNICATIONS SECURITY CORPORATION

CORPORATE GOVERNANCE STATEMENT

MARCH 3, 2021

SSH.COM

CORPORATE GOVERNANCE STATEMENT OF SSH COMMUNICATION SECURITY

SSH Communications Security Group comprises of SSH Communications Security Corporation ("SSH") and its subsidiaries. SSH is registered in Helsinki, Finland and is a publicly listed company in Nasdaq Helsinki (SSH1V). Its subsidiaries are SSH Communications Security, Inc. (USA), SSH Government Solutions, Inc. (USA), SSH Communications Security Limited (HK), SSH Communications Security UK Limited (UK), SSH Technology Ltd. (FIN), Kyberlejona Ltd. (FIN, 65% ownership) and SSH Operations Ltd. (FIN) which has a branch in Germany.

SSH abides by its Articles of Association as well as principles of transparent and responsible corporate governance, and high ethical standards in its governance and decision-making. The company complies with the Finnish Limited Liability Companies Act, securities market legislation, including the market abuse regulation, rules of Nasdaq Helsinki and Finnish Corporate Governance Code 2020 adopted by the Securities Market Association. This Code is available at www.cgfinland.fi.

This Corporate Governance Statement is published as a separate report from the Report of the Board of Directors at SSH's website www.ssh.com.

SSH COMMUNICATIONS SECURITY'S ADMINISTRATIVE BODIES

SSH implements a one-tier governance model, where the management of the SSH Group is a responsibility of the General Meeting of shareholders, the Board of Directors, and the CEO. Duties are defined by the Finnish Limited Liability Companies Act and the company's Articles of Association.

The General Meeting is where shareholders exercise their voting rights and is SSH's highest decision-making body, taking decisions on matters falling within its competence by virtue of the Limited Liability Companies Act and the Articles of Association.

The Annual General Meeting (AGM) elects the Board of Directors, which in turn appoints the Chief Executive Officer (CEO). The Board of Directors and CEO are responsible for the management of the Group. The Executive Management Team and other management personnel assist the CEO in his or her duties. The Board of Directors decides on the Group's administrative systems and ensures compliance with good governance principles.

ANNUAL GENERAL MEETING

The Annual General Meeting is held within six months of the completion of the company's fiscal year, at a time decided by the Board. The AGM decides on matters as required in the provisions of the Limited Liability Companies Act and Articles of Association, such as adoption of the year-end financial statements, profit distribution, and the granting of discharge from liability to the members of the Board of Directors and to the CEO. The AGM also elects the members of the Board of Directors and the auditors and decides their remuneration. Extraordinary general meeting can be called as defined

SSH.COM

in Limited Liability Companies Act. Each SSH share conveys one vote at the shareholder's meeting. Shareholders have the right to have a matter falling within the competence of the general meeting under the Limited Liability Companies' Act to be addressed at the general meeting.

BOARD OF DIRECTORS

In accordance with the company's Articles of Association, the Annual General Meeting appoints three to eight members to the Board of Directors. Their term of office ends with the closing of the next Annual General Meeting following their appointment. The Board has a quorum when more than half of its members are present. The company's Articles of Association do not restrict the members' terms in office or present any specific selection criteria for the members. The Board elects a chairperson from among its members.

SSH has established principles on diversity in accordance with the Corporate Governance Code's recommendation number 9. SSH has, and aims to continue to have in the future, members of the Board of Directors representing both genders as well as different professional and educational backgrounds. SSH's principles on diversity are taken into account when considering nominations to the Board of Directors. Decisions on the election of directors shall always be made at the general meeting.

The Board of Directors handles the company's administration and the appropriate arrangement of its operations. The Board also ensures that the supervision of the bookkeeping and asset management is appropriate. The Board makes wide-ranging and strategically important decisions concerning the company. The Board's task is to steer the company's operations in a manner that will add the greatest possible value to the company's invested capital over the long term.

The Board of Directors has confirmed a written charter for its duties, the matters it deals with, meeting practice and the decision-making procedure. In accordance with the charter, the Board deals with and makes decisions on all matters that are financially, operationally or fundamentally significant to the Group.

The Board appoints and dismisses the CEO, supervises his or her actions, and decides on his or her remuneration and other terms and conditions of service. The Board also approves the Group's strategy, operating principles and guiding values, and ensures that they are up to-date and correctly implemented. The Board also ensures that the Group has a functional system of internal controls and that the Group's risk management principles have been defined. It also ensures that key business risks have been identified and are being systematically monitored. The Board approves the operational guidelines and annual plan for the internal audit and assesses its effectiveness. Board's duties and responsibilities are described in more detail in Charter of the Board.

SSH Board of Directors convened 16 times in 2020. The attendance rate of Board members was: Ylönen (16/16, 100%), Kiianmies (11/11, 100%), Kellomäki (11/11, 100%), Österlund (7/7, 100%), Tavakka (7/7, 100%), Kuivala (5/5, 1000%), Syrjälä (5/5, 100%), Kiuru (5/5, 100%), Zettlemoyer (4/5, 80%) and Curry (4/5, 100%).

SSH.COM

The Board evaluates its operations and processes to increase efficiency and quality. An internal self-evaluation is conducted once a year.

Due to the relatively small size of the company and number of Board Members currently, SSH has no separate Committees of the Board.

COMPOSITION OF THE BOARD (ownership of shares and options per 31.12.2020)

At the Annual General Meeting held on 26 March 2020, Tatu Ylönen, Aino-Mari Kiianmies (new member) and Sampo Kellomäki (new member) were elected as directors of the company's Board of Directors. At the Extraordinary Meeting held on 26 June 2020 Henri Österlund (new member), Kai Tavakka (new member), Tatu Ylönen, Aino-Mari Kiianmies and Sampo Kellomäki were elected as directors of the company's Board of Directors. At the organizing meeting of the Board of Directors after the Extraordinary Meeting, Henri Österlund was elected as the Chairman of the Board of Directors. Kiianmies and Kellomäki are deemed to be independent of the company and of the significant shareholders of the company. Österlund and Tavakka are deemed independent of the company. The company's CFO acts as secretary to the Board.

Due to the election of the Board of Directors as described in above, both genders are represented, and majority of the Board members are considered independent of the company.

Board Members (31.12.2020):

Henri Österlund, b. 1971, M.Sc. Economics
Chairman of the Board

Henri is the founder of Accendo Capital SICAV, which creates shareholder value through active ownership. Previously, Österlund has served as a Partner of Conventum Corporate Finance, Partner of Triton Private Equity investment fund in London, and as an Analyst at Doughty Hanson Private Equity fund in Stockholm.

In addition to SSH board, he is a board member at Remedy (publ), Doro AB (publ), member of the board of Managers of Accendo Capital Managers S.à.r.l., owner of FERDINAND S.à.r.l. and Ferdinand Holdings S.L.U.

Henri owns holds a Master of Science degree in economics from the Helsinki School of Economics (currently Aalto University).

Henri owns 61,060 SSH shares. He has no option rights.

SSH.COM

Kai Tavakka, b. 1986, M.Sc. Economics, CFA
Board Member

Kai Tavakka is a partner in Accendo Capital Managers S.à.r.l. since 2015 after working in the firm since 2012. Kai has a corporate finance background (PCA Corporate Finance, Danske Corporate Finance).

He is a CFA Charterholder, and he holds a Master's degree in Economics from Aalto University.

Kai neither owns any SSH shares nor has any option rights.

Tatu Ylönen, born 1968, Lic.Sc (Tech)
Board Member, Founder

Tatu founded SSH Communications Security in 1995, grew the company to $20 million in sales and 190 employees in five years, and led the company to a public listing on NASDAQ OMX Nordic in 2000.

Tatu is an experienced entrepreneur and the original inventor of SSH (Secure Shell) and NAT Traversal technologies. He has also co-authored NIST IR 7966, guidelines for managing SSH keys.

Prior to his current role as Board Member, Tatu has held various executive roles in the company throughout the years, including CEO, CTO, and Chief Innovation Officer. He is also the largest shareholder of the company.

Tatu holds a degree of Licentiate of Technology from the Helsinki University of Technology (now Aalto University) in Finland.

Tatu owns 6,987,123 SSH shares. He has no option rights

Aino-Mari Kiianmies, LL.M, M.Sc.(Econ.), M.Soc.Sc.
Board Member

Aino-Mari Kiianmies has a multidisciplinary background with a strong focus on leadership. She understands the cruciality of fundamentals and the right mental mindset for every great leader and successful business. Her clients include the largest Finnish corporations and C-level executives.

Ms. Kiianmies holds five bachelor's and three master's degrees in business and law (LLM, M.Sc.(Econ.), M.Soc.Sc.), and she has done doctoral-level studies both in finance and leadership. She has co-founded two startups and acts as an advisor for health and wellness technology firms in several startup accelerators.

SSH.COM

Ms. Kiianmies is the Finnish representative at EWLA, European Women Lawyers Association, a chairman of the board at the Finnish Women Lawyers Association, and a member of the Future committee of The Association of Finnish Lawyers.

Aino-Mari neither owns any SSH shares nor has any option rights.

Sampo Kellomäki, M.Sc (Computer Science)

Board Member

Sampo has founded two software startups, Symlabs SA (identity management and directory services) and Synergetics SA (privacy and personal data management). He has also been an angel investor and director in other startups.

He has a strong background in cryptography, credential management, identity management, and privacy. Sampo has contributed to identity management and identity federation standards and contributed to several cryptographic protocol implementations.

Sampo has acted as Chief Technology Officer (CTO) and leader of architecture and development in various companies.

Sampo holds a Master of Science degree in Computer Science from Helsinki University of Technology (currently Aalto University).

Sampo neither owns any SSH shares nor has any option rights.

CEO AND EXECUTIVE MANAGEMENT TEAM

The SSH Board of Directors appoints the CEO and decides the terms of his or her service contract. The CEO oversees the company's operative management in accordance with the Finnish Companies Act and the instructions and authority provided by the Board of Directors. The CEO is responsible for the day-to-day management of the company and business planning. The Company's CEOs during 2020 were Kaisa Olkkonen and Teemu Tunkelo (from 24.3 onwards).

The Executive Management Team supports the CEO in managing and developing SSH Communications Security Group, and the members of the Executive Management Team report to the CEO. The Executive Management Team meets regularly, and the CEO chairs the meetings. All issues addressed in the meetings and related decisions are recorded in the meeting minutes.

SSH.COM

Executive Management Team Members (composition and holdings per 31 December 2019):

Teemu Tunkelo, b. 1961, M.Sc. Engineering, PhD in Economics
Chief Executive Officer

Teemu Tunkelo is an international business leader who has served major companies, such as Voith, Siemens, ABB, Invensys, and Compaq in global management and technology leadership roles for 25 years in Zurich, London, Munich, Helsinki, and Cleveland (Ohio).

His prior experience also includes being CEO of Enfo (prev. Tietosavo), a software company of 300 people and a board member at Nixu, the largest cybersecurity consulting company in Finland.

At Voith, he created Voith digital solutions, a 2000-person strong business that combines IT, automation, and digital solutions.

Teemu holds a Master of Science degree Helsinki University of Technology (currently Aalto University) in Finland and a Doctor of Philosophy degree from the University of Lausanne in Switzerland.

Teemu owns 20.300 SSH shares and has 475.000 option rights.

Niklas Nordström, born 1979, LL.M., BEc
Chief Financial Officer

Niklas brings with him over 10 years of cross-industry financial management experience gained from working in demanding senior financial roles in various Nasdaq companies. He is responsible for financial management, treasury, human resources, legal, corporate development, and corporate governance. Niklas is also the director of SSH's cryptographic solutions business.

Prior to joining the company, he worked as CFO for Biohit Oyj, a Helsinki based public biotechnology company.

He holds a Master of Laws degree from the University of Kent in Canterbury, UK and a Bachelor of Economics, Accounting and Finance degree from the Inholland University of Applied Sciences in the Netherlands.

Niklas does not own any SSH shares but has 370.000 option rights.

Jussi Mononen, born 1964, M.Sc. (Engineering)
Vice President, Strategy and Business Development

Jussi is a seasoned growth company executive who has been CEO and founder of several venture-backed companies. He is responsible for SSH's strategy process, corporate development, and investor communications.

SSH.COM

He has nearly 30 years of management and consulting experience from international technology-intensive businesses with a sound understanding of strategy, communications, marketing, operations, processes, and critical success factors. He also has a strong track record in fundraising and M&A transactions.

Jussi holds a Master of Science degree in Industrial Engineering and Management from the Helsinki University of Technology (Aalto University) in Finland.

Jussi does not own SSH shares but has 305.000 option rights.

The following people also served in the executive management team during 2020:

  • Kaisa Olkkonen, Chief Executive Officer, 01-03/2020.
  • Simo Karkkulainen, Chief Marketing Officer, 01-02/2020
  • Timo Lilja, Vice President Engineering, 01-05/2020.
  • Joe Scaff, Chief Sales Officer, 01-05/2020.
  • Markku Rossi, Chief Technology Officer, 01-05/2020.
  • Sami Ahvenniemi, Chief Customer Officer, 01-05/2020.

REMUNERATION STATEMENT AND INCENTIVE PLANS

SSH Communication Security has established a remuneration policy of governing bodies, which complies with legislation and the Finnish Corporate Governance Code 2020. This policy sets out the principles for remuneration of the Board of Directors and the Chief Executive Officer.

According to the applicable regulations, this Remuneration Policy was presented for the first time in AGM 2020 and is intended to be valid until the AGM 2024. It was supported unanimously in the AGM 2020 with advisory resolution. Remuneration Report will be presented to the Annual General Meeting annually starting from AGM 2021.

The Annual General Meeting confirms the remuneration payable to the members of the Board of Directors. The Board of Directors decides the salary and other benefits of the CEO and determines the salaries and benefits payable to senior management.

Forms of remuneration for SSH Communications Security's senior management involve a performance-related bonus. The company has no other remuneration practices, nor does it have any differing pension arrangements for the CEO or other senior management. The targets for the company's senior management are fixed for the target period at a time.

Further information on remuneration can be found from company's website, remuneration policy and annually published remuneration reports (from 2021 onwards).

SSH.COM

In accordance with the authorization from the Annual General Meeting, the Board of Directors decided on the following new stock option plans in 2020:

  • 13 of February 2020, Stock Option Plan 2020A (max. number of stock options 980.000, subscription period 1.12.2022 - 31.3.2024)

Stock option plans are explained in more detail in the consolidated financial statement and in stock exchange releases published on the above dates.

In Annual General Meeting 2020 approved following annual compensation for the Board of Directors: 28.800 euros for Chairman and 24.000 euros for other members of the Board. Extraordinary General Meeting did not chance the compensations.

Remunerations paid to the Board of Directors during 2020:

  • Tatu Ylönen 7.500 EUR (no compensation after 26.3)
  • Henri Österlund (from 26.6.) 14.743 EUR
  • Kai Tavakka (from 26.6.) 12.286 EUR
  • Aino-Mari Kiianmies (from 26.3.) 18.000 EUR
  • Sampo Kellomäki (from 26.3) 18.000 EUR
  • Petri Kuivala (until 26.3) 8.750 EUR
  • Timo Syrjälä (until 26.3) 7.500 EUR
  • Sauli Kiuru (until 26.3) 7.500 EUR
  • Anne Marie Zettlemoyer (until 26.3) 7.500 EUR
  • Sam Curry (until 26.3) 7.500 EUR

The CEO's (Kaisa Olkkonen until 23.3. and Teemu Tunkelo from 24.3.) annual salary and other benefits in 2020 were:

Kaisa Olkkonen 203.903,25€ (incl. termination compensation 111.450,67€)

Teemu Tunkelo 192.525,08€

Both CEO's variable component in 2020 was 30% of the fixed salary, but now payments were made based on this during 2020.

Board of Directors can grant stock options to CEO according to the same principles and terms as to other SSH employees, including same share subscription periods. Stock options are intended to form part of the incentive and commitment program of the key personnel of SSH Communications Group and to motivate the key personnel to work on a long-term basis to increase shareholder value of the company.

The CEO's retirement age and determination of pension comply with standard rules under the Employees' Pension Act. The period of notice for the CEO is three months, with 3 months' severance payment. CEO and Board of Directors may also agree on CEO's annual bonus scheme / incentives.

SSH.COM

The number of shares and stock options held by the members of the Board of Directors, CEO and members of the Executive Management Team are included in their personal profiles above.

The remuneration of the executive team members consists of fixed monthly salary, personal incentives and company-wide incentives. The executive management team members' salary and other benefits in 2020 were in total EUR 1.179.520.

INSIDER MANAGEMENT

SSH strictly follows the legislation applying to the management of insiders, including, but not limited to the Market Abuse Regulation (EU), Securities Markets Act as well as the Guidelines for Insiders approved by Nasdaq Helsinki Ltd., and the stipulations and guidelines of the FSA.

SSH keeps a non-public register of the managers and persons closely associated with them that are subject to the obligation to notify transactions (Market Abuse Regulation, MAR, Article 19).

When significant projects are at the preparation stage, the company also draws up insider registers for the projects concerned (event-based) fulfilling the requirements of MAR and of secondary regulation adopted pursuant to it. Insiders are given written notification of their status as insiders and instructions on the obligations that apply to insiders. All insiders must acknowledge in writing the duties entailed and be aware of the sanctions related to insider regulation.

SSH has ensured the reliable management of an insider list. Insider list are drawn up in electronic format and kept updated at all times. Information included in the insider lists follows the template of Commission Implementing Regulation (Annex I). The insider list is stored for at least five (5) years.

SILENT PERIOD

SSH Communications Security follows a silent period starting 30 days before the publication of its financial reports, during which company refrains from contact with representatives of the capital markets and financial media. A closed period before the announcement of the company's annual financial statements starts from the year end.

In addition to other trading restrictions, during the silent period, the individuals belonging to SSH management are prohibited from dealing in SSH Communications Security's financial instruments. SSH has imposed similar closed periods preceding the financial performance disclosures also on persons involved in the preparation of SSH Communications Security's interim reports and financial statements.

Silent periods during the financial year 2021:

  • 18.1. – 18.02.2021
  • 27.3. – 27.04.2021
  • 20.6. – 20.07.2021
  • 21.9. – 21.10.2021

SSH.COM

INTERNAL AUDITING AND CONTROL

Because of the relatively small size of the company, SSH Communications Security has no separate internal audit organization.

Internal control seeks to ensure that the Group’s operations are efficient and profitable, that reporting is reliable, and that the Group’s operating principles and applicable legislation and regulations are observed.

The Board of Directors is responsible for ensuring that the Group’s internal controls and risk management are adequate and appropriately organized for the company’s business operations. The Board supervises the CEO to ensure that he or she handles the company’s business operations and administration in accordance with the guidelines and instructions issued by the Board of Directors. To ensure adequate risk management, the Board of Directors discusses the Group’s business and financial reports, as well as any substantial changes that have occurred in the company’s business. The Board also assesses the adequacy and appropriateness of internal controls and risk management.

The CEO is responsible for the practical organization of internal controls. Among other duties, he or she ensures that the company’s accounting practices comply with the law and is handled in a reliable manner. The Group’s directors and managers are responsible for internal controls within their own areas of responsibility.

The Board is responsible for ensuring that the Group has defined guidelines and practices on internal control and that the internal controlling is effective and monitored. The Board also confirms the risk management and reporting procedures, and supervises the adequacy, appropriateness and efficiency of the company’s management processes.

The CEO, assisted by other executive management, is responsible for the organization of accounting, administration and control mechanisms, and ensures that laws and regulations, company policies and board decisions are followed. Internal rules and guidelines have been published to support the company’s operations. It is also ensured that there is a process description of all key processes and that the different process interfaces are clearly defined and described. The purpose of defining the processes is to ensure that everyone in the organization knows how the company operates and how each employee’s work links into the company’s overall activities. Supervision and monitoring measures ensure compliance with rules, instructions and processes.

The company sets financial targets annually for budgeting, and continuously monitors their implementation and fulfilment of these targets. The company’s organizational structure supports effective business planning, implementation and control.

RELATED PARTY TRANSACTIONS

Company evaluates and monitors transactions concluded between the company and its related parties to ensure that any conflicts of interest are taken into account appropriately in the decision-making

SSH.COM

process. The company keeps a list of parties that are related to the company. Regarding the related party transactions, the company also takes into account the general principles of the Limited Liability Companies Act, such as the purpose of generating profit for shareholders, the principle of equity of shareholders and the diligence obligation of the management.

All material decisions related to any agreements with related parties or any other related party transactions are made by the Board of Directors. Decision-making procedure for related party transactions is based on careful preparatory work and appropriate reports, opinions and assessments taking into account all relevant disqualification provisions under the applicable laws and corporate governance rules. Related party transactions are identified, reported, and controlled by the impartial board members and CFO, who monitors and reports the company's related party transactions in accordance with the company's reporting practices.

Related party will not participate in making decisions related to any agreement between him/her and the company, or related to any matter that concerns an agreement between the company and a third party, where the related party is likely to have an essential interest in the matter.

RISK MANAGEMENT

Risk management aims to ensure that company's strategic and operational targets are reached and operations safeguarded.

Risk management principles:

Risk management is based on the risk management policy approved by the Board of Directors. We define a risk as an external or internal uncertainty factor that, if realised, would either positively or negatively affect our potential to achieve our strategic and financial targets. We seek to forecast, identify, evaluate and control significant strategic, operative, financial and accident risks. The Board of Directors defines the Group's risk appetite and risk tolerance through its decisions and monitors the sufficiency and effectiveness of the Group's risk management.

Responsibilities:

The CEO is responsible for the implementation of risk management. The CFO holds primarily responsibility for managing financial risks and coordinates the implementation of risk management processes, and reports risks to the CEO, the Executive Management Team and the Board of Directors. The Executive Management Team members are responsible for executing the risk management policy in their own areas. General Counsel is responsible for contractual and legal risk management and reports risks to the CEO and CFO. Every employee is responsible for identifying any risks relating to their own work and bringing them to the attention of their supervisor.

SSH Communications Security's largest risks and uncertainties:

Ongoing COVID-19 pandemic is significant macroeconomic risk, which can increase challenges of license sales if it continues. The largest risks that might impact the profitability of the company are listed below. Other risks, which are currently either unknown or considered immaterial to the company may, however, become material in the future.

SSH.COM

Largest risks:
- uncertainty of the macroeconomic environment, such as COVID-19
- cybercrime, including e.g. ransomware
- delays in product development and closing new business as well as phasing of new business cases
- ability to execute our strategy
- ability to retain and recruit key personnel
- maintaining our ability to innovate and develop our product portfolio including intellectual property rights (IPR)
- IPR litigation and the utilization of our patent portfolio
- as a large portion of the company revenue is invoiced in USD currency, possible large fluctuation in USD currency rates could have unpredictable effects for profitability that are at the time difficult to estimate. The company decides on hedging of USD based contracts case by case.

Principles and organization of risk management of SSH Communications Security can be read from company's webpage: www.ssh.com.

AUDITORS

SSH Communications Security has one auditor, which must be a firm of authorized public accountants approved by Finland's Central Chamber of Commerce. The Annual General Meeting elects the auditor for a term of office that runs until the end of the following Annual General Meeting.

The scope of the audit encompasses the Group's accounting, administration, Financial Statements and Board of Directors' Report for each accounting period. The Auditor makes regular reports to the Board of Directors and submits an Auditors' Report to the Annual General Meeting. The Auditors' Report contains a statement as to whether the Financial Statements and the Board of Directors' Report give a true and fair view, as defined in the rules governing financial reporting, of the Group's operative result and financial position, and as to whether the information contained in the Board of Directors' Report is consistent with the Financial Statements. The auditor's fee is paid annually on the basis of an invoice, in accordance with the Annual General Meeting's decision.

SSH Communications Security's auditor is Ernst & Young Oy with Erkka Talvinko as principal auditor.

In 2020, the auditor's fees were:

Principal Auditor (Ernst & Young)
- Statutory auditing EUR 65.720
- Other auditing EUR 5.625
- Other services EUR 2.009

SSH.COM

Other auditors:
- Statutory auditing EUR 7.050
- Tax consultancy EUR 15.158
- Other services EUR 0

DISCLOSURE POLICY

SSH Communications Security Group’s parent company, SSH Communications Security Corporation, is domiciled in Helsinki, Finland, and its share is listed on NASDAQ Helsinki. In its communications SSH Communications Security observes Finnish and EU legislation, the rules of Nasdaq Helsinki, the regulations of the Finnish Financial Supervisory Authority, as well as the principles set out in the Company’s Corporate Governance Statement. SSH Communications Security’s communications are based on facts and objectivity, and guided by the general principles of trustworthiness, openness and timeliness. SSH aims to provide the market with a clear and comprehensive picture of the company’s operations and financial condition in accordance with the notification obligation of a listed company. The company favors communications in electronic form. All company stock exchange releases, other investor information on the company, and other latest information are available on the company’s website. SSH Board of Directors approves the Disclosure Policy, which is revised when necessary.

BUSINESS ETHICS AND RESPONSIBILITY

SSH operates in a socially and ethically responsible manner, respects the environment and society, promotes the internationally proclaimed human rights and ensures ethical business practices at all times.

SSH has set out a clear Anti-Bribery & Anti-Corruption Policy which prohibits all forms of bribery and corruption. The policy is communicated to all employees in a new employee training. Any allegations of bribery or corruption will be investigated thoroughly. The Anti-Bribery & Anti-Corruption Policy is available at www.ssh.com. SSH has also established a whistle-blower process which is initiated when someone reports suspected internal or external misconduct or violation of law, regulations, human rights, labor practices or similar within the operations of SSH Group or by its personnel.

SSH has introduced Code of Conduct as a generally applied guideline describing the expected conduct at SSH Communications Security. It is created for the benefit of all employees, partners, and stakeholders to promote a high standard of professional conduct and uniformity within the company. SSH expects professional, honest, and respectful conduct in all business dealings and relationships with colleagues, customers, and any other people.

SSH respects the surrounding environment and aims to make sure that all of its offices are green and energy-efficient, and that environmental impacts are maintained as low as possible. Most of the environmental impact comes from energy consumption of the offices, which is minimized by reusing supplies and recycling. Travel emissions from employee commuting and business travelling are minimized by supporting remote working and online conferencing options.

SSH is a responsible employer and ensures that all employees of SSH have right to safe and healthy working environment. SSH has a zero-tolerance for any form of discrimination or harassment. SSH has

SSH.COM

internal policies for non-discrimination and harassment and it provides training on these issues to all employees worldwide. Every employee is treated with equal consideration and fairness. All decisions concerning employment are determined by the employee's performance, not on any discriminatory grounds, such as gender, age, nationality, ethnicity, religion, political affiliation, disability or sexual orientation. All full-time employees had individual development discussions and were part of the performance management program.

Company emphazises that working environments are safe and comfortable, where personal well-being is promoted. SSH headquarters in Finland moved to a new modern and energy efficient office space during the spring of 2020.

SSH considers diversity as a strength and actively encourages diversity throughout the organization, including top management and the Board of Directors. The principles on diversity are always taken into account when considering nominations to the Board of Directors. SSH aims to have board members representing both genders, as well as different professional and educational backgrounds.

At the end of 2020, SSH Communications Security Group had 94 employees, increased by 4 employees from the end of 2019. Approximately 15,8% (2019: 16.7%) of the personnel were female and 84,2% (2019: 83.3%) were male. Average age of all employees was 43 years (2018: 42.2 years). 33.% of employees worked in sales, marketing and customer services, 51% in R&D and 16% in administration. Approximately 40,4% (2018: 37.7%) of the employees had been working for SSH less than 2 years, 36,2% (2018: 40.0%) for 2-5 years, 20,2% (2018: 13.3%) for 5-10 years, and 3,2% (2018: 8.9%) for over 10 years.

More from SSH Communications Security

Earnings Release 2026
Apr 28
Interim / Quarterly Report 2026
Apr 28
Interim / Quarterly Report 2026
Apr 28
Interim / Quarterly Report 2026
Apr 28
Capital/Financing Update 2026
Apr 9
Capital/Financing Update 2026
Apr 9
Board/Management Information 2026
Apr 2
Board/Management Information 2026
Apr 2
Share Issue/Capital Change 2026
Mar 30
Share Issue/Capital Change 2026
Mar 30
View all filings →