Anti-bribery Policy

INTRODUCTION

The adoption and maintenance of high ethical standards is a core principle of SSH Communications Security and its subsidiaries and affiliates worldwide (collectively “SSH”). SSH strives to undertake its business fairly with honesty and transparency. This must be reflected in every aspect of our business affairs.

The action and conduct of our directors, officers, and employees, as well as others acting on our behalf are essential to maintaining these standards. To that end, all personnel, including agents, consultants and contractors as well as partners, resellers and suppliers involved in our business worldwide are informed about and should become familiar and comply with this Anti-Bribery & Anti-Corruption Policy.

SSH´s aim is to limit its exposure to bribery and corruption by:

    Setting out a clear Anti-Bribery & Anti-Corruption Policy (“Policy”);
    Communicate this Policy internally to all employees and include it in new employee training;
    Training employees so that they can recognize and avoid the use or receipt of bribery;
    Encouraging its employees to be vigilant and to report any suspicion of bribery, providing them with suitable and confidential channels of communication and ensuring sensitive information is treated appropriately;

PURPOSE

SSH will comply with all laws, rules, and regulations governing anti bribery and corruption law, in all the countries where we operate. We have a zero tolerance approach to acts of bribery and corruption, by our employees or anyone acting on our behalf. SSH does not approve use or receipt of bribery or corruption in any form. SSH, its officers and employees are forbidden from offering or paying bribes in any form to any party in any region.

Any breach of this Policy will be regarded as a serious matter which is likely to result in disciplinary action.

The purpose of this Policy is to ensure compliance by all employees, officers and directors of SSH, and its subsidiaries and affiliates, with the U.S. Foreign Corrupt Practices Act (FCPA), UK Bribery Act and all other mandatory anti-corruption laws of countries in which SSH does or intends to do business.

SCOPE

This Policy applies to all employees, officers and directors of SSH worldwide. This Policy applies without regard to regional customs, local practices or competitive conditions.

Our policy, in doing business anywhere in the world, is that SSH as company, all our affiliates, employees, officers and directors and all persons that act as a representative, agent, or advisor to SSH, must comply fully with applicable anti-corruption laws.

Bribery is committed when an inducement or reward is provided, in order to gain any commercial, contractual, regulatory or personal advantage for SSH or another party. SSH, its officers, and employees are strictly forbidden from directly or indirectly offering, giving, soliciting or receiving or accepting bribes in any form from any party under any circumstances. Also, making purchases where the purchaser receives a personal gift or benefit in any form from the seller in exchange for the purchase are prohibited without case-by-case approval from the SSH Corporation CFO.

For clarity, any delay or loss of business resulting from employee´s refusal to pay a bribe, will not lead to any disciplinary procedures.

This Policy is not intended to prohibit SSH Communications Security, its directors, officers or employees from: (a) participating in loyalty programs operated by hotel chains, airlines, credit card companies or other similar programs, provided that the selection of such vendors does not cause SSH Corporation to utilize a less advantageous alternative.

(b) giving or accepting customary holiday presents or giving or accepting gifts consistent with local customs or practices, provided that in no case shall such gifts: (i) exceed €100 in value to or from a single business partner or to or from a single recipient in any calendar year, or (ii) be made to any person acting on behalf of a government, public international organization, or any department, agency, or instrumentality of such government or organization.

(c) participating in dinners, social events or other activities with business partners consistent with local customs or practices, provided that participation therein does not raise suspicion of bribery or other unethical conduct, and provided that in no case shall such activities: (i) exceed €500 in value from a single business partner or to or from a single recipient in any calendar year, or (ii) involve any person acting on behalf of a government, public international organization, or any department, agency, or instrumentality of such government or organization.

This Policy is not meant to prohibit normal and appropriate hospitality or the giving of a ceremonial gift on a festival or at another special time providing they are customary in a particular market, are proportionate and are properly recorded. For clarity a “quid pro quo” (a benefit or advantage offered for something in return), gifts in the form of cash/or cash equivalent vouchers (excluding normal low monetary value marketing activities, for example, at SSH marketing/sales events, industry conferences or trade shows), entertainment of a sexual or similarly inappropriate nature or making incomplete, false or inaccurate entries in books and records are always strictly prohibited without exceptions.

THIRD PARTIES

This Policy prohibits corrupt offers, promises, bribes and payments made through partners, resellers, intermediary agents, joint ventures, or any other third parties. Therefore, it is important to conduct the necessary level of due diligence on such third parties, and not disregard or ignore facts which indicate a probability that a bribe or corrupt payment may occur. The purpose is to ensure, to the extent possible, that SSH retains only reputable and honest agents, resellers and partners. This is Policy is communicated to all third parties acting on SSH´s behalf.

Furthermore, this Policy strictly prohibits SSH, its officers, and employees: a) selecting vendors, partners, resellers based on non-business reasons, such as personal or former non-business relationships and b) directing business to a relative, friend, or company in which you or one of your family members has a direct or indirect financial or personal interest.

EMPLOYEE RESPONSIBILITY AND BREACHES OF POLICY

All SSH employees have a responsibility to help detect, prevent and report instances not only of bribery and corruption, but also of any other suspicious activity or wrongdoing in connection with SSH’s business worldwide. SSH is committed to ensuring that all employees have a safe, reliable, and confidential way of reporting any suspicious activity. Employees may report the issue/concern to their superior or to SSH Legal in the first instance.

In the event that an incident of bribery, corruption, or wrongdoing is reported, SSH will act as soon as possible to evaluate the situation. In addition to any internal procedures, this includes the referral to appropriate government enforcement agencies.

Violations of the Policy, including involvement in any corrupt activities and failure to report actual or potential breaches of the Policy (or its associated procedures), will likely lead to disciplinary action in accordance with applicable disciplinary procedures. Please also note that in some circumstances, failure to report actual or suspected violations of this Policy may itself constitute a legal offense.

SSH is committed to report all instances of bribery, corruption and other forms of dishonesty to the relevant authorities and to facilitating criminal action against the individuals concerned where appropriate and will seek redress for any losses arising from such actions.

The Anti-Bribery and Corruption Policy was adopted by the Board on 4th of September 2012.