The SSH Communications Company Group comprises of SSH Communications Security Corporation (referred below as "SSH Communications Security") and its subsidiaries. SSH Communications Security Corporation is registered in Helsinki, Finland and is a publicly listed company. Its subsidiaries are SSH Communications Security, Inc. (US), SSH Solutions Oy (Finland), and SSH Operations Oy that operates in Finland and Germany, and SSH Communications Security Limited that operates in Hong Kong and APAC area.
SSH Communications Security abides by its Articles of Association, as well as principles of sound corporate governance and high ethical standards in its governance and decision-making. The company complies with the Finnish Companies Act and securities market legislation, the rules of NASDAQ OMX Helsinki (former Helsinki Stock Exchange), and the joint recommendations of NASDAQ OMX Helsinki, the Helsinki Chamber of Commerce, and the Confederation of Finnish Industries regarding corporate governance of publicly listed companies (Finnish Corporate Governance Code 2010). The Code entered in force on October 1, 2010 and is available at http://cgfinland.fi/en/
The adoption and maintenance of high ethical standards is a core principle of the SSH Communications Security Corporation and its subsidiaries and affiliates worldwide. SSH Communications Security strives to undertake its business fairly with honesty and transparency. This must be reflected in every aspect of our business affairs. SSH Communications Security Corporation will comply with all laws, rules, and regulations governing anti bribery and corruption law, in all the countries where we operate. We have a zero tolerance approach to acts of bribery and corruption, by our employees or anyone acting on our behalf. SSH Communications Security Anti-Bribery and Anti-Corruption Policy
The ultimate decision-making power at SSH Communications Security is vested in the shareholders' meeting. The Annual General Meeting is held within six months of the completion of the company's fiscal year, at a time decided by the Board. The shareholder's meeting decides the number of members of the Board of Directors, and appoints the members. Additionally, under the Finnish Companies Act, the Annual General Meeting has the authority to amend the company's Articles of Association, adopt the financial statements, approve the amount of dividend, and to select the company's auditors. Each SSH Communications Security share conveys one vote at the shareholder's meeting.
Articles of Association
Annual Report 2012
Corporate Governance Statement 2013
Selvitys hallinto- ja ohjausjärjestelmistä 2013
Annual General Meeting 2013
The Annual General Meeting took place in Helsinki, Finland on Wednesday March 20, 2013 from 10.00 a.m. You may download the files listed below for more information on the event.
Invitation to the Annual General Meeting 2013 (in Finnish)
Agenda of the Annual General Meeting 2013 (in Finnish)
Hallituksen ehdotus tilikauden voiton käsittelystä ja tilintarkastajien palkkiosta ja valinnasta
Hallituksen ehdotus hallituksen valtuuttamisesta päättämään omien osakkeiden hankinnasta
Hallituksen ehdotus hallituksen valtuuttamisesta päättämään maksullisista osakeanneista sekä opito-oikeuksien ja muiden osakkeisiin oikeuttavien erityisten oikeuksien antamisesta
Financial Statements 2012
Presentation (in Finnish)
Meeting Minutes (in Finnish)
In accordance with the company's Articles of Association, the Annual General Meeting appoints three to eight members to the Board of Directors. Their term of office ends with the closing of the next Annual General Meeting following their appointment. The Board has a quorum when more than half of its members are present. The company's Articles of Association do not restrict the members' terms in office or present any specific selection criteria for the members. The Board elects a chairperson from among its members.
The SSH Communications Security Board of Directors is responsible for the company's strategic policies, and the appropriate organization of business operations and administration. The Board of Directors acts in the company's interests at all times. In addition to the tasks and responsibilities provided by the Finnish Companies Act and the company’s Articles of Association, in accordance with its agenda, the SSH Communications Security Board of Directors:
The Annual General Meeting held on 20 March 2013 elected Sami Ahvenniemi (chairman until 31 July 2013), Päivi Hautamäki (chairman from 1 August 2013) and Tatu Ylönen as members of the Board of Directors.
Minority of the Board members have independence on the company. Päivi Hautamäki is deemed to be an independent Board member. Not independent of the company are the Board members Tatu Ylönen and Sami Ahvenniemi. Tatu Ylönen is CEO and the largest shareholder who owns directly and through his holdings about 57,7 percent of SSH Communications Security shares. From 12.8.2013 onwards, Sami Ahvenniemi is the Head of the North and South America (and the member of the Group Management team).
After Sami Ahvenniemi joined the Company, SSH Communications Security deviates the recommendation 14 (the amount of independent board members) of The Finnish Corporate Governance Code. The main reasons for deviation are ownership structure of the company and importance of the US operations and markets for the company at this stage.
During the spring, the agenda is focused on outlining strategic policies and updating the corporate strategy. In the autumn, the focus is on tactical matters, and in November, the budget for the following year is approved. Meetings in the early spring focus on preparations for the Annual General Meeting.
The members of the Board receive regular updates on the company's business and financial performance. In the Board meetings, the CEO, the Chairman of the Board, or another person appointed by the CEO, presents business to be considered to the Board. Each Board meeting considers a progress report provided by the CEO in line with the standard agenda. All Board meetings also monitor sales performance, market development and the company's financial performance. The company's CFO acts as secretary to the Board.
The SSH Communications Security Board of Directors convened 24 times in 2012. The average attendance rate of Board members was 96 percent.
The Board evaluates its operations and processes to increase efficiency and quality. An internal self-evaluation is conducted once a year.
The SSH Communications Security Board of Directors appoints the CEO and decides the terms of his or her service contract. The CEO is in charge of the company's operative management in accordance with the Finnish Companies Act and the instructions and authority provided by the Board of Directors.
The company's CEO is Tatu Ylönen.
The CEO's retirement age and determination of pension comply with standard rules under the Employees' Pension Act. The period of notice for the CEO is three months. There is no separate severance payment agreed.
The Group Management Team supports the CEO in managing and developing SSH Group. The members in the Group Management Team are the CEO and representatives chosen from the management of the company.
The members of the Group Management Team are:
The shareholders' meeting confirms annually in advance the emoluments payable to the members of the Board of Directors. The Board of Directors confirms the salary and other benefits of the CEO, and also determines the salaries and benefits payable to senior management.
Forms of remuneration for SSH Communications Security's senior management and CEO involve a performance-related bonus. The company has no other remuneration practices, nor does it have any differing pension arrangements for the CEO or other senior management.
The bonus scheme for SSH Communications Security's senior management is based on the company's net sales and the trend in net sales, company profitability and personal qualitative and quantitative targets. The average weighting of the key financial indicators represents 70 percent of the overall target. The targets for the company's senior management are fixed for one year at a time.
The CEO's salary and other benefits in 2012 were EUR 225 000.
The number of shares and share-based rights of the members of the Board of Directors, CEO and members of the Group Management Team and corporations over which they exercise control in the company and in companies belonging to the same group as the company are available here
SSH Communications Security has established insider guidelines that comply with the Guidelines of Insiders approved for public companies by the Nasdaq OMX Nordic Exchange, Helsinki (prev. Helsinki Stock Exchange). The company maintains a public insider register of the public permanent insiders and the persons closely associated with the said permanent insiders' share and stock option holdings in the SIRE system of the Finnish Central Securities Depository Ltd. The public insider register and the principles regulating trading by insiders are available at the company's website and the company's headquarters.
The public permanent insiders of the company are members of the Board, CEO, members of the Group Management Team, and the auditors. The company also maintains a company-specific insider register of persons who by virtue of their position regularly receive insider information or could have an opportunity to gain access to insider information through the nature of their work and who are not in the public insider Register. These persons include the assistants to executive management, product management, financial administration, and management of information services. In addition, any external legal consultants used by SSH Communications Security belong to the company-specific insider register.
Insiders belonging to the public or company specific insider register are not allowed to trade in securities issued by the company for a period of 21 days prior to the announcement of an interim report and the financial statement bulletin (closed window).
The said permanent insiders are allowed to trade in securities issued by the company without a prior approval of the company's General Counsel only for a period of 21 days after the announcement of the interim report and the financial statement bulletin of the company (open window).
Under circumstances where the company is preparing an event that may have a significant impact on the stock price, a project specific insider register is established. Also the project-specific insider register will be based on the insider guidelines of the Nasdaq OMX Nordic Exchange, Helsinki (prev. Helsinki Stock Exchange). Company's General Counsel is responsible for guidance and supervision of the insider matters.
The aim of internal administration and risk management is to ensure efficient, appropriate operations, dependable financial information and compliance with regulations and internal processes. SSH Communications Security's Board of Directors ensures that the company has defined principles of internal administration, and that the company monitors the effectiveness of the administration. The ultimate responsibility for the company's accounting and supervision lies with the SSH Communications Security Board of Directors. The Board also approves SSH Communications Security's risk management and reporting procedures and monitors the adequacy, appropriateness and efficiency of the company's administrative processes.
The CEO, assisted by other operative management, is responsible for the practical arrangements for accounting and administration mechanisms and for compliance with laws, regulations, company processes, and the Board's decisions. To support its operations, the company has a number of rules and guidelines. Process and quality work ensures that there is a description of all processes, and that the various process interfaces are properly defined and documented. Processes are also intended to ensure that everyone in the organization knows how the company works, and how the work of each individual is integrated into the company's operations. Supervisory actions ensure compliance with rules, guidelines, and processes.
The company sets annual financial targets in connection with the budget and constantly tracks target achievement. The company's organizational structure supports efficient planning, implementation, and monitoring of business operations. Balanced Scorecard measurements ensure that the targets are in balance.
Risk management is a part of SSH Communications Security's internal administration. It aims to ensure that major risks affecting the company's business and operating environment are identified and monitored. Since the United States is the main market area, any risks including currency risks associated with that country are considered to be significant. Other major risks are related to product technology, competitor activities and profitability. Property, business interruption and liability risks are covered by insurance.
SSH Communications Security's main market area is the United States. To reduce this market dependency risk, the company is actively seeking to expand operations in Europe. Sales operations are supported by the company's own legal unit, which, through continuous management of contracts, seeks to reduce the risks related to the company's business operations. SSH Communications Security protects its copyrights and trademarks through sales agreements. The company also has an active patent policy to protect its technology. SSH Communications Security encourages its employees to make and protect inventions.
SSH Communications Security has a process in place whereby any network security risks found in the company's products are promptly reported to senior management. Corrections are made immediately and updates are supplied to customers without delay. The company's critical information systems are secured and operations can continue, even in the event of an external catastrophe. SSH Communications Security actively uses its own products to protect the information system architecture. Encryption and strong authentication protect the company's confidential data communications from both internal and external threats.
Financial risk management is described separately in the financial statements section of the company's annual report. SSH Communications Security provides no financing for its customers other than by granting normal payment periods. The company has a strong balance sheet and no significant long-term liabilities. Asset managers invest the company's cash reserves in accordance with a policy approved by the Board of Directors. Since most of SSH Communications Security's invoicing takes place in US dollars, the company is hedged against exchange rate risks.
Because of the relatively small size of the company, SSH Communications Security has no separate internal audit organization. The continuous monitoring by the auditors in conjunction with the interim reports also aims to assess and develop the effectiveness of risk management, monitoring and administration processes, and to support the Board with its monitoring responsibility.
The company's auditors provide shareholders with a report, as required by law, in conjunction with the annual financial statements. The principal aim of the statutory audit is to verify that the financial statements give a true and fair view of the company's financial performance and situation for each fiscal year. In addition to the Auditor's report provided with the annual financial statements, the auditors report on their findings to the company's Board of Directors in connection with the interim reports.
In accordance with the Articles of Association, SSH Communications Security has one Principal Auditor authorized by the Chamber of Commerce, and one Deputy Auditor. If a firm of Authorized Public Accountants is appointed as the principal auditor, there is no need to appoint a deputy auditor. The auditors are appointed at the Annual General Meeting. SSH Communications Security's auditor is KPMG with Kirsi Jantunen as principal auditor.
In 2011, the auditor's fees were EUR 18,000 in the Group and EUR 18,000 in the parent company. Other fees charged by the firm of auditors were EUR 38,596 in the Group and EUR 17,880 in the parent company. Other fees were mostly related to tax advice.
SSH Communications Security aims to give the markets a clear view of the company's operations and financial performance in accordance with the regulations on the disclosure obligation for publicly listed companies. The company prefers electronic forms of communication. All stock market releases, other investor information, and the latest company information are available at ssh.com website.