Governance

Board of directors

Board of directors

Risto Siilasmaa

Chairman of the Board of Directors since 2006

Pertti Ervi

Board member since 2003

Bruce Oreck

Member of the Board since 2016

Päivi Rekonen

Member of the Board since 2017

Tuomas Syrjänen

Member of the Board since 2019

Robert Bearsby

New member of the Board

Keith Bannister

New member of the Board

Duties of the board of directors

The objective of the Board of Directors is to direct the company with the aim of achieving the best possible return on invested capital for shareholders in the long term.

The Board's responsibilities and duties are defined in detail in the Rules of Procedure of the Board of Directors and it covers the following main areas:

  • approving the strategy of F-Secure, overseeing its operations and annual budgets
  • approving any major investments, acquisitions, changes in corporate structure or other significant decisions
  • ensuring that the supervision of the Company's accounting and financial management is duly organized
  • ensuring that internal control and risk management systems are in place approving personnel policies and rewards systems
  • preparing matters to be handled by the General Meeting of shareholders

The Board of Directors meets as frequently as necessary, at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations.

In accordance with F-Secure's Articles of Association, the Board of Directors comprises three to seven members, which are elected at the Annual General Meeting for a period of office that extends to the following AGM. The majority of Board members shall be independent from the Company and from its major shareholders.

One member of the Board of Directors is elected from F-Secure Corporation's personnel in the following manner: an election is arranged for F-Secure personnel. Each permanent employee of F-Secure Corporation is eligible as a candidate. The Executive Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for election as a new member of the Board by the Annual General Meeting.

The Board's Executive Committee prepares the proposals for board candidates to be approved by the shareholders at the General Meeting. Proposals are based on candidates' skills and qualifications and on maintaining diversity on the Board of Directors. Currently both genders are represented in the Board of Directors.

Board committees

Audit committee

The Audit Committee reviews, instructs and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as an adequate knowledge of and experience in financial and supervisory matters. All members of the Audit Committee must be independent from F-Secure Corporation and from major shareholders in the company.

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition of the Board of Directors and compensation of the company’s management as well as remuneration and incentives of key personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders. The Personnel Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of Personnel Committee meetings are made available for all members of the Board of Directors.

13 May 2020 11:00

CEO and leadership team

CEO and leadership team

Samu Konttinen

President and CEO

Eriikka Söderström

Chief Financial Officer

Jari Still

Chief Information Officer

Jyrki Tulokas

Chief Technology Officer

Kristian Järnefelt

EVP, Consumer Security

Juha Kivikoski

EVP, Business Security

Ian Shaw

EVP, Cyber Security Consulting

Tim Orchard

EVP, Managed Detection & Response

Eva Tuominen

EVP, People Operations & Culture

Antti Hovila

EVP, Strategy, Brand & Communications

Duties of the ceo

The Board of Directors appoints the CEO and decides upon his/her remuneration and other benefits. The CEO is responsible for the day-to-day management of the Company. His/her duties include:

  • managing the business according to the instructions issued by the Board of Directors
  • presenting the matters to be handled in the Board of Directors' meetings
  • implementing the decisions made by the Board of Directors
  • other duties determined in the Companies Act

Duties of the leadership team

The Leadership Team supports the CEO in the daily operative management and development of the Company. The CEO appoints the Leadership Team members and decides upon the terms and conditions of their employment.

04 Nov 2019 11:42

Sustainability

Sustainability

In the digital and connected world we currently live in, cyber attacks and malware have the ability to seriously damage global businesses, result in losses of hundreds of millions of euros, and even cause human suffering. For 30 years, F-Secure has been committed to helping people and businesses fight these cyber threats. Improving our customers' security, resilience and the sustainability of their digital lives or businesses, is why we exist.

We believe that through our core business and everyday actions we play a vital role in ensuring the functioning of modern society, and help to maintain trust between people and organizations. Internally, we emphasize the importance of a sense of fellowship among our employees, and we have always put a strong emphasis on shared core values.

F-Secure is committed to sustainable practices in carrying out our business. Corporate responsibility is led by the CEO with the support of the Leadership Team, and with the Board of Directors approving the annual Statement of Non-financial Information. To ensure that corporate responsibility is integrated into all business operations, governance and compliance processes have been established.

This Statement of Non-Financial Information lists key areas of responsibility that are considered most material in accordance with the Finnish Accounting Act.

19 Mar 2020 15:00

Annual general meeting

Annual general meeting

Under the Finnish Companies Act, shareholders exercise their decision-making power at General Meetings of Shareholders. A General Meeting is normally held once a year as an Annual General Meeting (AGM). A shareholder may propose items to be included on the agenda provided they are within the authority of the shareholders' meeting and the Board of Directors has been informed of the request in due time. The invitation to the AGM is published on the Company's website.

The AGM decides on matters stipulated by the Company's Articles of Association and the Finnish Companies Act, including:

  • the adoption of the Financial Statements
  • the distribution of profit for the year
  • discharging the members of the Board of Directors and CEO from liability
  • the selection of members of the Board and the decision on their remuneration
  • the election of the auditor
  • other proposals made by the Board or shareholders

Each share carries one vote in the General Meeting.

2020

Annual general meeting of shareholders 2020

Annual General Meeting of F-Secure Corporation was held on Tuesday, 12 May 2020, starting at 2:00 p.m. at the Company headquarters at the address Tammasaarenkatu 7, Helsinki, Finland.

Materials

2019

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2019

F-Secure's Annual General Meeting was held on Tuesday, 19 March 2019, starting at 3:00 p.m. at the Company headquarters at the address Tammasaarenkatu 7, Helsinki, Finland.

Materials

Notice to the AGM

Proposed Board Members

The Annual Report for 2018

CEO presentation

Resolutions of the Annual General Meeting

Minutes of the meeting (in Finnish)

Privacy Statement (in Finnish)

2018

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2018

The Annual General Meeting of F-Secure Corporation was held on Wednesday, 4 April 2018 at 3.00 pm Finnish Time at Company Headquarters in Ruoholahti, Helsinki.

MATERIALS

2017

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2017

The Annual General Meeting of F-Secure Corporation is scheduled to be held on Wednesday, 5 April 2017 at 3.00 p.m. Finnish Time at Company Headquarters in Ruoholahti, Helsinki.

2016

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2016

The Annual General Meeting of F-Secure Corporation was held on Thursday, April 7th 2016 at 3:30 p.m. at company headquarters. Material related to the meeting can be found below.

MATERIALS

2015

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2015

The Annual General Meeting of F-Secure Corporation was held on April 8th 2015 at 3.30 pm. Finnish Time at Company Headquarters in Ruoholahti, Helsinki. Material related to the meeting can be found below.

Materials

2014

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2014

The Annual General Meeting of F-Secure Corporation was held April 3rd, 2014 at 15:30 Finnish Time at Company Headquarters in Ruoholahti. Material related to the meeting can be found below.

2013

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2013

The Annual General Meeting of F-Secure Corporation was held on Wednesday, April 3, 2013. Below you can find material related to the meeting.

2012

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2012

The Annual General Meeting 2012 was arranged on April 3, 2012 in address Tammasaarenkatu 7, 00180 Helsinki. Below you can find material related to the meeting.

2011

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2011

The Annual General Meeting of F-Secure Corporation was held on Wednesday, March 30, 2011. Please find below the materials related to the meeting.

2010

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2010

The Annual General Meeting of F-Secure Corporation was held on Wednesday March 24,2010 in HTC Ruoholahti, Tammasaarenkatu 3, 00180 Helsinki.

2009

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2009

The Annual General Meeting of F-Secure Corporation was held on Thursday March 26, 2009 in High Tech Center, Tammasaarenkatu 3, 00180 Helsinki. Below you can find material relating to the meeting.

2008

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2008

The Annual General Meeting of F-Secure Corporation was held on Wednesday March 26, 2008 in address F-Secure Oyj, Tammasaarenkatu 3, 00180 Helsinki. Below you can find material relating to the meeting.

EXTRAORDINARY GENERAL MEETING OF SHAREHOLDERS 2008

Extraordinary general meeting of shareholders of F-Secure Corporation was held on Tuesday October 28, 2008 starting at 5.00 pm in address F-Secure Plc, Tammasaarenkatu 7 (Ruoholahti), 00180 Helsinki. Below you can find material relating to the meeting.

15 May 2020 10:55

Disclosure policy

Disclosure policy

F-Secure's Disclosure Policy describes the key principles and practices that the company applies in its investor relations and financial reporting.

Disclosure policy (pdf)

Code of conduct Corporate governance

Corporate governance

F-Secure's corporate governance practices comply with applicable Finnish laws as well as the rules, regulations and guidelines of NASDAQ Helsinki Oy and the Finnish Financial Supervisory Authority. This statement has been prepared in accordance with Finnish Corporate Governance Code (publicly available at https://cgfinland.fi/en) issued by the Securities Market Association of Finland in 2015.

F-Secure's corporate governance statement

The statement includes the tasks and responsibilities of the Board of Directors, Board Committees and other main governing bodies. The statement also describes the main features of internal control and risk management pertaining to the financial reporting process.

The key elements of the Corporate Governance practices of F-Secure Corporation are described in brief on this page.

Remuneration

Remuneration of the board

The remuneration of the Board is decided by the Annual general meeting. The decisions are made public after the meeting. Read more about the decisions on remuneration on the Annual General Meeting section.

Remuneration of the CEO and management

The Board of Directors decides on the remuneration and other benefits of the CEO. The CEO also belongs to the Company's long-term incentive program. The Board of Directors decides on the remuneration and other benefits of the Leadership Team.

More information on the remuneration of the CEO and Leadership team, option programs and other related issues can be found in note 27 to the financial statements in the Annual Report.

Remuneration statement

The following statement contains broad information on remuneration issues in F-Secure. The statement has been prepared according to the Finnish Corporate Governance Recommendation for Listed Companies published by the Securities Market Association. Please find the statement below. This statement is updated on regular basis if changes occur.

Articles of association

Articles of association

  1. Business name and domicile 
    The Finnish name of the Company is F-Secure Oyj and the English name is F-Secure Corporation, and the Company's domicile is the City of Helsinki.
  2. Line of activity
    The Company's line of activity shall be the production of software, the import, export and sale of computers, electric devices, software, and the supply of services related to information technology, as well as consultation, training and publication activities related to information technology. The Company may also be engaged in securities trading.
  3. Book-entry securities system
    After a registration date specified by the Board of Directors, the shares of the Company will be incorporated in the book-entry securities system. After the registration date the right to receive funds distributed by the Company and to subscribe for shares when increasing the share capital shall be restricted to persons
    • Who have been registered as shareholders in the Shareholders' Register on the matching day
    • Whose right to payment has been registered on the matching day on the book-entry account of a registered shareholder and entered in the Shareholders' Register or
    • In case a share is nominee registered, on whose book-entry account the share has been registered on the record date and whose nominee has been registered in the Shareholders' Register of the Company on the record date as the nominee of the shares.
  4. Board of directors
    The Company shall have a Board of Directors, which shall include at minimum three and at maximum seven ordinary members. The term of office of a member of the Board of Directors shall expire at the end of the first Annual General Meeting of Shareholders following the election.
  5. Company president
    The Board of Directors of the Company shall appoint a President and determine his/her remuneration terms.
  6. Signing of the business name
    In addition to the members of the Board of Directors, who can sign the business name of the Company jointly, the name can also be signed by the person or persons whom the Board of Directors has authorized to sign the business name, by the President of the Company and the Chairman of the Board of Directors alone, and by two members of the Board of Directors jointly. The Board of Directors shall decide on authorizing persons to sign for the Company per procuram.
  7. Financial period
    The financial year of the Company is the calendar year.
  8. Auditors
    The Company shall have one Auditor, who shall be an auditing entity approved by the Finnish Central Chamber of Commerce. The term of office of the Auditor shall expire at the end of the first Annual General Meeting of Shareholders following the election.
  9. Call to a General Meeting and right to participate in and vote at the General Meeting
    The notice of a General Meeting of Shareholders shall be delivered to the shareholders within a period stipulated by the law by publishing the notice on the Company's website.

    To be entitled to participate in the General Meeting, a shareholder shall notify the Company about his/her intention to participate in the General Meeting no later than on the date indicated in the notice.

    At a General Meeting of Shareholders, each share has one (1) vote. The voting method shall be decided by the Chairman of the Meeting.

  10. Annual General Meeting of Shareholders
    The Annual General Meeting of Shareholders shall be held annually on the date designated by the Board of Directors within a period from the end of the financial year as defined by the law. In addition to the domicile of the Company, the General Meeting of Shareholders can be held in Espoo or Vantaa. At the Annual General Meeting there shall be presented:
    • The financial statements and the Annual Report
    • The Auditors' Report (decisions made regarding)
    • The approval of the financial statement
    • The measures to which the profit or loss of the adopted balance sheet and/or consolidated balance sheet may give cause
    • The granting of release from liability to the Members of the Board of Directors and to the President
    • The remunerations of the Members of the Board of Directors and Auditors
    • The number of the Members of the Board of Directors (elected)
    • The members of the Board of Directors
    • One auditor and a reserve auditor, if necessary
Risk management

Risk management

The objective of F-Secure's risk management is to ensure a current, correct and holistic understanding and prioritized management of key uncertainties related to strategy implementation and business operations. The process and risk management methods in use are constantly developed to respond to the changing needs of the company. During 2017 the development was concentrated on the risk management framework and a new model considering the following three risk categories was taken in use.

  • Strategic risks: Risks related to strategic objectives and competitive environment, managed by the leadership team and board of directors
  • Business risks: risks that threaten the achievement of the business objectives, identified and managed by the organizational units as part of the operational planning and management
  • Operational risks: Risks relating to the company's daily operations and processes as well as to potential disruptions, managed within the organizational units

The objective in organizing the risk management process has been to empower the organization to identify and manage risks. This approach enables understanding of risk management objectives and distribution of responsibility for risk management decisions making in in adequate level of the organization.

Different risk modelling and quantification methods developed by the F-Secure risk management consulting services are used to identify and analyze the risks when appropriate. During 2017, a new method for risk quantification was taken in use to analyze selected risks. Financial quantification is useful to analyze cases where the risk consequence has high variation. In these cases, it is adequate to create good understanding of the different outcome options of the realization of risk prior to deciding on the risk treatment strategy.

The most significant risks and their treatment strategies are reported annually to the Audit Committee of the Board of Directors.

The most significant risks

Risks are defined as uncertainties which can impact the achievement of the Company's short and long term objectives. Risks are assessed as a combination of probability and impact.

Endpoint protection market disruption

Endpoint security market is highly competitive. Operating system manufacturers have increased their focus to built-in security features and at the same time new vendors and technologies have emerged. Successful security vendors must have in-depth understanding of cyber security threat landscape, hacker techniques and technologies used as well as continue to innovate in defense technologies.

Market Consolidation

The cyber security market is consolidating due to economies of scale. Companies have to succeed in choosing the right acquisition targets, as well as successfully integrate target companies.

Failure to innovate and develop new technologies

In a rapidly evolving industry it is vital to keep the products and services relevant to the customers while introducing new technologies to the market. The Company is driving technology simplification and R&D effectivization initiatives as well as investments to artificial intelligence to ensure a competitive product portfolio.

Failure to attract and retain talent

Competition for capable personnel is increasing and there is structural undersupply of talent in the security industry. The Company is thus further developing and adopting new ways of recruitment, building its own talent and knowledge pools and investing to training and development of personnel.

Other notable risks

Other risks that affect the F-Secure business include but are not limited to:

  • Intellectual property (IPR) claims against F-Secure
  • Risk exposure from contractual liability requirements
  • Failure of new product launches
  • Potential security threats related to F-Secure's products and services
  • Credit risk due to regional political or financial climate and regulation
  • Tax risk relating to changing laws and regulations and interpretations of said regulations by the relevant authorities
Internal control

Internal control

The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.

Internal control consists of all the guidelines, policies, processes, practices and relevant information about organizational structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual performance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.

The Company constantly monitors its key financial processes linked to sales, revenue, costs and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The Company's finance department is responsible for the consistency and reliability of internal control methods. The finance team works in close cooperation with the CFO and businesses, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition.

Internal audit

F-Secure's Audit Committee considers regularly the need for and appropriateness of a separate Internal Audit function. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the Company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the Company's finance department with active involvement by the legal team.

The absence of a separate Internal Audit function is considered when defining the scope of the Company's external audit. Where necessary, the Board may also purchase Internal Audit services from an external provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors and head of the Company's legal team to discuss related matters of their areas of responsibility.

The Company has taken into use two direct lines for all employees to notify the Board and Leadership Team of any unethical activity or abuse.

Insider issues and silent period

Insider issues and silent period

F-Secure's IR-function is in charge of the company's insider issues, with the exception of project based insider issues, which are managed by the Legal department. The Company follows the insider regulations of NASDAQ Helsinki Oy and has adopted the new Market Abuse Regulations (EU, N:o 596/2014, "MAR"), which came into force on 3 July 2016. F-Secure has published an internal guideline on insider issues and regularly trains employees and management on insider issues.

Insider registries

F-Secure maintains three separate lists of insiders and other persons relevant for insider issues:

  • project based insiders (maintained by the Legal team)
  • list of persons discharging managerial responsibilities, as well as persons closely associated with them, as specified by MAR
  • other insiders, including people participating in the preparation of financial reporting or otherwise having access to significant non-published financial information.

Managers' transactions

Persons discharging managerial responsibilities ("Managers") comprise the Board of Directors, the CEO, the CFO and other members of the Leadership Team. These persons have a duty to notify within three business days F-Secure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of F-Secure. The Company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers' transactions are available on the Company's website.

Closed window

All insiders or their interest parties are not entitled to trade shares, options, or other securities 30 days prior to the publication of financial reports. Additionally, project-based insiders are never entitled to trade shares, options, or other securities during the duration of an insider project, including the day the insider information is made public.

Silent period

F-Secure observes a silent period of 21 days before each quarterly report announcement. During the silent period, the Company will arrange neither meetings nor conference calls with the investor community.

Auditors

Auditors

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company's financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

Modern Slavery Statement

F-Secure Modern Slavery Statement

By publishing a statement based on the UK Modern Slavery Act F-Secure sets a clear signal against slavery and servitude, forced or compulsory labor and human trafficking in its value chain.

At F-Secure, we constantly strive to create the best environment for employees to perform, innovate and develop. Treating every employee fairly and with respect is a fundamental part of the company culture. This is fully in line with our policy on human rights and our Code of Conduct.