Principles
The SSH Group comprises SSH Communications Security Corp (SSH) and its subsidiaries. SSH Communications Security Corp is registered in Helsinki, Finland and is a publicly listed company. Its subsidiaries are SSH Communications Security, Inc. (US) and SSH Operations Ltd that operates in Finland, UK, and Germany.
SSH abides by its Articles of Association, as well as principles of sound corporate governance and high ethical standards in its governance and decision-making. The company complies with the Finnish Companies Act and securities market legislation, the rules of the Nasdaq OMX Nordic Exchange, Helsinki (former Helsinki Stock Exchange), and the joint recommendations of the Helsinki Stock Exchange, the Helsinki Chamber of Commerce, and the Confederation of Finnish Industries regarding corporate governance of publicly listed companies.
Shareholders' Meeting
The ultimate decision-making power at SSH is vested in the shareholders' meeting. The Annual General Meeting is held within six months of the completion of the company's fiscal year, at a time decided by the Board. The shareholder's meeting decides the number of members of the Board of Directors, and appoints the members. Additionally, under the Finnish Companies Act, the Annual General Meeting has the authority to amend the company's Articles of Association, adopt the financial statements, approve the amount of dividend, and to select the company's auditors. Each SSH share conveys one vote at the shareholder's meeting.
Board of Directors
In accordance with the company's Articles of Association, the Annual General Meeting appoints three to eight members to the Board of Directors. Their term of office ends with the closing of the next Annual General Meeting following their appointment. The Board has a quorum when more than half of its members are present. The company's Articles of Association do not restrict the members' terms in office or present any specific selection criteria for the members. The Board elects a chairperson from among its members.
SSH's Board of Directors is responsible for the company's strategic policies, and the appropriate organization of business operations and administration. The Board of Directors acts in the company's interests at all times. In addition to the tasks and responsibilities provided by the Finnish Companies Act and the company’s Articles of Association, in accordance with its agenda, SSH's Board of Directors:
- confirms the company's long-term goals and strategy
- approves the company's action plan, budget and financial plan, as well as monitors their implementation
- decides on large, single investments of strategic importance such as company and business acquisitions and divestments
- approves proposed strategically important product development projects
- appoints the CEO and determines his or her remuneration
- decides on bonus and incentive schemes for senior management
- confirms the company's risk management and reporting procedures
- determines the company's dividend policy and is responsible for the development of shareholder value
- confirms the company's values.
Board Composition
The Annual General Meeting held on 27 March 2008 elected Tomi Laamanen (chairman), Pyry Lautsuo, Juha Mikkonen, Timo Ritakallio and Tatu Ylönen as members of the Board of Directors.
Members of the Board of Directors
Board Responsibilities
The Board works to a predetermined agenda. The themes to be considered in future meetings, and the Board's agenda, are planned at the start of each new term of office. During the spring, the agenda is focused on outlining strategic policies and updating the corporate strategy. In the autumn, the focus is on tactical matters, and in November the budget for the following year is approved. Meetings in the early spring focus on preparations for the Annual General Meeting.The members of the Board receive regular updates on the company's business and financial performance. In the Board meetings, the CEO, the Chairman of the Board or another person appointed by the CEO, presents business to be considered to the Board. Each Board meeting considers a progress report provided by the CEO in line with the standard agenda. All Board meetings also monitor sales performance, market development and the company's financial performance. The company's General Counsel acts as secretary to the Board. In addition to the secretary and the CEO, the CFO and director responsible for the US operations also attend the Board meetings.
The SSH Board of Directors convened 13 times in 2007. The average attendance rate of Board members was 99 percent.
The Board evaluates its operations and processes to increase efficiency and quality. An internal self-evaluation is conducted once a year.
Committees of the Board of Directors
In a corporation, the proper functioning of the administrative and control systems requires that the work of the Board of Directors be organized as effectively as possible. The preparation of matters for which the Board of Directors is responsible can be made more effective through setting up committees comprising Board members. The Board of Directors will then make its final decisions based on the recommendations of the committees. SSH's Board of Directors has appointed an Audit Committee and a Remuneration Committee, but owing to the restricted scope of the company's activities, it had not deemed necessary to establish a separate appointment committee.
Tomi Laamanen acts as the Chairman of the Audit Committee. As the CEO, CFO and the auditor participate in the committee meetings, the Board has deemed one Board member to be sufficient in the Committee. The Committee convenes a minimum of twice a year, and the Board has confirmed the principal responsibilities of the Audit Committee to be as follows:
- monitoring the financial performance of the company
- monitoring the financial reporting (financial statements, interim reports)
- assessing the sufficiency and due form of internal administration and risk management
- ensuring compliance with laws and regulations
- preparing the appointment of an auditor
- communicating with the auditor, studying the auditing plan and the auditor's report.
The Audit Committee convened twice in 2007.
The Board of Directors in its December 2007 meeting decided that it was justified to establish a Remuneration Committee to plan executive and employee compensation and reward scheme. The Remuneration Committee began its work on January 1, 2008 and comprises of Tomi Laamanen and Tatu Ylönen.
CEO
SSH's Board of Directors appoints the CEO and decides the terms of his or her service contract. The CEO is in charge of the company's operative management in accordance with the Finnish Companies Act and the instructions and authority provided by the Board of Directors.
Since July 2, 2002, the company's CEO has been Arto Vainio, BSc (Econ), born 1950. Prior to joining SSH, Mr. Vainio was Vice President, Marketing at Tellabs. Prior to that he was Vice President, Sales, South-East Asia, for Nokia Telecommunications (now Nokia Siemens Networks). Mr. Vainio owns 5,000 SSH shares.
More Information about Arto Vainio
The CEO's retirement age and determination of pension comply with standard rules under the Employees' Pension Act. The period of notice for the CEO is six months. Severance payment is equivalent to twelve months' salary.
Management Team
The operative management of SSH consists of Executive Management and Business Management. The Executive Management supports the CEO in managing and developing SSH Group. The members in the Executive Management are the CEO and representatives chosen from the management of the company. The Business Management is responsible for the implementation and development of SSH Tectia business strategy. The Business Management includes, in addition to the members of the Executive Management, the directors responsible for business operations and various corporate support functions.
The members of the Executive Management are: George Adams, executive responsible for the US subsidiary, Mika Peuranen, CFO, Pekka Rauhala, General Counsel and Arto Vainio, CEO.
The members of the Business Management and their areas of responsibility are available here.
Salaries and remuneration
The shareholders' meeting confirms annually in advance the emoluments payable to the members of the Board of Directors. The Board of Directors confirms the salary and other benefits of the CEO, and also determines the salaries and benefits payable to senior management.
Forms of remuneration for SSH's senior management and CEO involve a performance-related bonus and option schemes. The company has no other remuneration practices, nor does it have any differing pension arrangements for the CEO or other senior management.
The bonus scheme for SSH's senior management is based on the company's net sales and the trend in net sales, company profitability and personal qualitative and quantitative targets. The weighting of the corporate financial indicators varies between different members of the company's management. The average weighting of the key financial indicators represents 75-85 percent of the overall target, however, the VP's of Sales and VP of R&D and Product Management are also incented by specific revenue growth linked performance in their own responsibility areas. The targets for the company's senior management are fixed for one year at a time.
The Board of Directors
- Tomi Laamanen EUR 1,400/month
- Pyry Lautsuo EUR 1,400/month
- Juha Mikkonen EUR 1,400/month
- Timo Ritakallio EUR 1,400/month
- Tatu Ylönen (no salary or remuneration)
- Arto Vainio, salary and other benefits in 2007 were EUR 188,428.
Neither the members of the Board of Directors nor the CEO were given stock options during the fiscal year. The numbers of shares and stock options held by the members of the Board of Directors, CEO, and members of the Executive Management are available here.
Insiders
SSH has established its own insider guidelines that comply with the Guidelines of Insiders approved for public companies by the Nasdaq OMX Nordic Exchange, Helsinki (prev. Helsinki Stock Exchange). The company maintains a public insider register of the public permanent insiders and the persons closely associated with the said permanent insiders' share and stock option holdings in the SIRE system of the Finnish Central Securities Depository Ltd. The public insider register and the principles regulating trading by insiders are available at the company's website and the company's headquarters.The public permanent insiders of the company are members of the Board, CEO, members of the Executive Management, and the auditors.
The company maintains also a company-specific insider register of persons who by virtue of their position regularly receive insider information or could have an opportunity to gain access to insider information through the nature of their work and who are not in the public insider Register. These persons include the members of the Business Management, the assistants to executive management, product management, financial administration, and management of information services. In addition, any external legal consultants used by SSH belong to the company-specific insider register.
Insiders belonging to the public or company specific insider register are not allowed to trade in securities issued by the company for a period of 21 days prior to the announcement of an interim report and the financial statement bulletin (closed window).
The said permanent insiders are allowed to trade in securities issued by the company without a prior approval of the company's General Counsel only for a period of 21 days after the announcement of the interim report and the financial statement bulletin of the company (open window).
Under circumstances where the company is preparing an event that may have a significant impact on the stock price, a project specific insider register is established. Also the project-specific insider register will be based on the insider guidelines of the Nasdaq OMX Nordic Exchange, Helsinki (prev. Helsinki Stock Exchange). Company's General Counsel is responsible for guidance and supervision of the insider matters.
Insider Register (updated once a month)
Internal Administration, Risk management and Internal Auditing
The aim of internal administration and risk management is to ensure efficient, appropriate operations, dependable financial information and compliance with regulations and internal processes. SSH's Board of Directors ensures that the company has defined principles of internal administration, and that the company monitors the effectiveness of the administration. The ultimate responsibility for the company's accounting and supervision lies with SSH's Board of Directors. The Board also approves SSH's risk management and reporting procedures and monitors the adequacy, appropriateness and efficiency of the company's administrative processes.
The CEO, assisted by other operative management, is responsible for the practical arrangements for accounting and administration mechanisms and for compliance with laws, regulations, company processes, and the Board's decisions. To support its operations, the company has a number of rules and guidelines. Process and quality work ensures that there is a description of all processes, and that the various process interfaces are properly defined and documented. Processes are also intended to ensure that everyone in the organization knows how the company works, and how the work of each individual is integrated into the company's operations. Supervisory actions ensure compliance with rules, guidelines, and processes.
The company sets annual financial targets in connection with the budget and constantly tracks target achievement. The company's organizational structure supports efficient planning, implementation, and monitoring of business operations. Balanced Scorecard measurements ensure that the targets are in balance.
Risk management is a part of SSH's internal administration. It aims to ensure that major risks affecting the company's business and operating environment are identified and monitored. Since the United States is the main market area, any risks including currency risks associated with that country are considered to be significant. Other major risks are related to product technology, competitor activities and profitability. Property, business interruption and liability risks are covered by insurance.
SSH's main market area is the United States. To reduce this market dependency risk, the company is actively seeking to expand operations in Europe. Sales operations are supported by the company's own legal unit, which, through continuous management of contracts, seeks to reduce the risks related to the company's business operations. SSH protects its copyrights and trademarks through sales agreements. The company has also an active patent policy to protect its technology. SSH encourages its employees to make and protect inventions.
SSH has a process in place whereby any network security risks found in the company's products are promptly reported to senior management. Corrections are made immediately and updates are supplied to customers without delay. The company's critical information systems are secured and operations can continue, even in the event of an external catastrophe. SSH actively uses its own products to protect the information system architecture. Encryption and strong authentication protect the company's confidential data communications from both internal and external threats.
Financial risk management is described separately in the financial statements section of the company's annual report. SSH provides no financing for its customers other than by granting normal payment periods. The company has a strong balance sheet and no significant long-term liabilities. Asset managers invest the company's cash reserves in accordance with a policy approved by the Board of Directors. Since most of SSH's invoicing takes place in US dollars, the company is hedged against exchange rate risks.
Because of the relatively small size of the company, SSH has no separate internal audit organization. The continuous monitoring by the auditors in conjunction with the interim reports also aims to assess and develop the effectiveness of risk management, monitoring and administration processes, and to support the Board with its monitoring responsibility.
Auditors
The company's auditors provide shareholders with a report, as required by law, in conjunction with the annual financial statements. The principal aim of the statutory audit is to verify that the financial statements give a true and fair view of the company's financial performance and situation for each fiscal year. In addition to the Auditor's report provided with the annual financial statements, the auditors report on their findings to the company's Board of Directors in connection with the interim reports.In accordance with the Company Bylaws, SSH has one Principal Auditor authorized by the Chamber of Commerce, and one Deputy Auditor. If a firm of Authorized Public Accountants is appointed as the principal auditor, there is no need to appoint a deputy auditor. The auditors are appointed at the Annual General Meeting. SSH's auditor is PricewaterhouseCoopers Oy with Henrik Sormunen APA as principal auditor.
In 2007, the auditor's fees were EUR 51,863 in the Group and EUR 47,525 in the parent company. Other fees charged by the firm of auditors were EUR 37,727 in the Group and EUR 2,964 in the parent company. Other fees were mostly related to tax advice.
