Governance

Annual general meeting

Annual general meeting

Under the Finnish Companies Act, shareholders exercise their decision-making power at general meetings of shareholders. A general meeting is normally held once a year as an annual general meeting (AGM). A shareholder may propose items to be included on the agenda provided they are within the authority of the shareholders’ meeting and the Board of Directors has been informed of the request in due time. The invitation to the AGM is published on the company’s website.

The AGM decides on matters stipulated by the company’s articles of association and the Finnish Companies Act, including:

  • the adoption of financial statements
  • the distribution of profit for the year
  • discharging the members of the Board of Directors and CEO from liability
  • the selection of members of the Board and the decision on their remuneration
  • the election of the auditor
  • other proposals made by the Board or shareholders

Each share carries one vote in the general meeting.

2020

Annual general meeting of shareholders 2020

Annual general meeting of F‑Secure Corporation was held on Tuesday, 12 May 2020, starting at 2:00 p.m. at the Company headquarters at the address Tammasaarenkatu 7, Helsinki, Finland.

Materials

2019

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2019

F-Secure's Annual General Meeting was held on Tuesday, 19 March 2019, starting at 3:00 p.m. at the Company headquarters at the address Tammasaarenkatu 7, Helsinki, Finland.

Materials

Notice to the AGM

Proposed Board Members

The Annual Report for 2018

CEO presentation

Resolutions of the Annual General Meeting

Minutes of the meeting (in Finnish)

Privacy Statement (in Finnish)

2018

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2018

The Annual General Meeting of F-Secure Corporation was held on Wednesday, 4 April 2018 at 3.00 pm Finnish Time at Company Headquarters in Ruoholahti, Helsinki.

MATERIALS

2017

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2017

The Annual General Meeting of F-Secure Corporation is scheduled to be held on Wednesday, 5 April 2017 at 3.00 p.m. Finnish Time at Company Headquarters in Ruoholahti, Helsinki.

2016

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2016

The Annual General Meeting of F-Secure Corporation was held on Thursday, April 7th 2016 at 3:30 p.m. at company headquarters. Material related to the meeting can be found below.

MATERIALS

2015

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2015

The Annual General Meeting of F-Secure Corporation was held on April 8th 2015 at 3.30 pm. Finnish Time at Company Headquarters in Ruoholahti, Helsinki. Material related to the meeting can be found below.

Materials

2014

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2014

The Annual General Meeting of F-Secure Corporation was held April 3rd, 2014 at 15:30 Finnish Time at Company Headquarters in Ruoholahti. Material related to the meeting can be found below.

2013

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2013

The Annual General Meeting of F-Secure Corporation was held on Wednesday, April 3, 2013. Below you can find material related to the meeting.

2012

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2012

The Annual General Meeting 2012 was arranged on April 3, 2012 in address Tammasaarenkatu 7, 00180 Helsinki. Below you can find material related to the meeting.

2011

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2011

The Annual General Meeting of F-Secure Corporation was held on Wednesday, March 30, 2011. Please find below the materials related to the meeting.

2010

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2010

The Annual General Meeting of F-Secure Corporation was held on Wednesday March 24,2010 in HTC Ruoholahti, Tammasaarenkatu 3, 00180 Helsinki.

2009

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2009

The Annual General Meeting of F-Secure Corporation was held on Thursday March 26, 2009 in High Tech Center, Tammasaarenkatu 3, 00180 Helsinki. Below you can find material relating to the meeting.

2008

ANNUAL GENERAL MEETING OF SHAREHOLDERS 2008

The Annual General Meeting of F-Secure Corporation was held on Wednesday March 26, 2008 in address F-Secure Oyj, Tammasaarenkatu 3, 00180 Helsinki. Below you can find material relating to the meeting.

EXTRAORDINARY GENERAL MEETING OF SHAREHOLDERS 2008

Extraordinary general meeting of shareholders of F-Secure Corporation was held on Tuesday October 28, 2008 starting at 5.00 pm in address F-Secure Plc, Tammasaarenkatu 7 (Ruoholahti), 00180 Helsinki. Below you can find material relating to the meeting.

15 May 2020 10:55

Group management

F‑Secure’s highest decision-making body is the General Meeting of Shareholders which elects the members of the Board of Directors. The Board of Directors is responsible for the administration of F‑Secure Corporation and appropriate organization of its operations. The Board of Directors appoints the CEO. The CEO, assisted by the Leadership Team, is responsible for managing the company’s business and implementing its strategic and operational targets.

Board of Directors

Composition

Risto Siilasmaa

Chairman of the Board of Directors since 2006

Pertti Ervi

Board member since 2003

Bruce Oreck

Member of the Board since 2016

Päivi Rekonen

Member of the Board since 2017

Tuomas Syrjänen

Member of the Board since 2019

Robert Bearsby

New member of the Board

Keith Bannister

New member of the Board

Duties of the board of directors

The Board of Directors is responsible for the administration of F‑Secure Corporation and appropriate organization of its operations. The Board’s operations, responsibilities and duties are based on the Finnish Companies Act and other applicable legislation and are supplemented by the Board Charter. These cover the following main areas:

  • approving the strategy of F‑Secure, overseeing its operations and annual budgets
  • appointing and dismissing the CEO
  • approving any major investments, acquisitions, changes in corporate structure or other matters that are significant or far-reaching
  • ensuring that the supervision of the company’s accounting and financial management is duly organized
  • ensuring that internal control and risk management systems are in place
  • approving personnel policies and rewards systems
  • preparing matters to be handled at the General Meeting

The Board of Directors meets as frequently as necessary and according to the Board Charter at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations. The Board of Directors primarily strives at unanimous decisions. If a decision cannot be made unanimously, the decision will be made by voting and with single majority. If the votes are even, the Chairman’s vote is decisive.

In accordance with F‑Secure’s Articles of Association, the Board of Directors comprises three to seven members, who are elected at the Annual General Meeting for a period of office that extends to the subsequent AGM. The Board of Directors represents all shareholders.

Diversity is an essential part of F‑Secure’s success. According to Diversity Principles established by the Board of Directors, an optimal mix of diverse backgrounds, expertise and experience strengthens the Board’s performance and promotes creation of long-term shareholder value. The Diversity Principles of the Board of Directors aim to strive towards appropriately balanced gender distribution. Both genders are represented in the Board of Directors.

To create openness, one member of the Board of Directors is elected from among F‑Secure’s personnel. An election is arranged annually for F‑Secure personnel and each permanent F‑Secure employee based in Finland is eligible to stand as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections,and chooses a candidate from amongst them to be proposed for election as a member of the Board by the Annual General Meeting. Matti Aksela was appointed to the Board of Directors through this process in 2019.

The majority of Board members are independent from the company and from its major shareholders.

Board committees

In 2019, the Board established two committees: Audit Committee and Personnel Committee (nomination and remuneration matters). The Board of Directors appoints from among itself the members and the Chairman of the committee. Each committee must have at least three members. The Board of Directors confirms the main duties and operating principles of each committee. The duties of each Committee are defined in the committee charter.

Audit committee

The Audit Committee monitors and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also prepares a proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as an adequate expertise and experience with respect to the committee’s area of responsibility and the mandatory tasks relating to auditing. The majority of members of the Audit Committee shall be independent from F‑Secure Corporation and at least one member shall be independent of the company’s significant shareholders. The Audit Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of the Audit Committee meetings are made available for all members of the Board of Directors. The Audit Committee convenes at least four (4) times a year as notified by the Chairman of the Committee.

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition of the Board of Directors and compensation of the company’s management as well as remuneration and incentives of key personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders. The Personnel Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of Personnel Committee meetings are made available for all members of the Board of Directors. The Personnel Committee convenes at least two (2) times a year as notified by the Chairman of the Committee.

CEO and Leadership Team

Composition

Juhani Hintikka

President and CEO

Eriikka Söderström

Chief Financial Officer

Juha Kivikoski

EVP, Business Security

Kristian Järnefelt

EVP, Consumer Security

Edward Parsons

EVP, Cyber Security Consulting

Tim Orchard

EVP, Managed Detection & Response

Jyrki Tulokas

Chief Technology Officer

Jari Still

Chief Information Officer

Antti Hovila

EVP, Strategy, Brand & Communications

Eva Tuominen

EVP, People Operations & Culture

Duties of the ceo

The CEO is responsible for the day-to-day management of the company. The CEO’s main duties include:

  • managing the business according to the instructions issued by the Board of Directors
  • presenting the matters to be handled in the Board of Directors’ meetings
  • implementing the decisions made by the Board of Directors
  • other duties determined in the Limited Liability Companies Act

Samu Konttinen has been F‑Secure’s President and CEO since 2016. The remuneration of the CEO is specified in the F‑Secure Remuneration Statement.

Duties of the leadership team

The Leadership Team supports the CEO in the daily operative management of the company.

13 May 2020 11:00

Remuneration

Remuneration of the board

The remuneration of the Board is decided by the Annual general meeting. The decisions are made public after the meeting. Read more about the decisions on remuneration on the Annual General Meeting section.

Remuneration of the CEO and management

The Board of Directors decides on the remuneration and other benefits of the CEO. The CEO also belongs to the Company's long-term incentive program. The Board of Directors decides on the remuneration and other benefits of the Leadership Team.

More information on the remuneration of the CEO and Leadership team, option programs and other related issues can be found in note 27 to the financial statements in the Annual Report.

Remuneration statement

The following statement contains broad information on remuneration issues in F-Secure. The statement has been prepared according to the Finnish Corporate Governance Recommendation for Listed Companies published by the Securities Market Association. Please find the statement below. This statement is updated on regular basis if changes occur.

Audit

Audit

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company's financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

Internal control and risk management

Risk management and internal control processes at F‑Secure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

Internal control

The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.

Internal control consists of all the guidelines, policies, processes, practices and relevant information about organizational structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual performance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.

The company constantly monitors its key financial processes linked to sales, revenue, costs and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The Company’s finance department is responsible for the consistency and reliability of internal control methods. The finance team works in close cooperation with the CFO and businesses, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition.

Internal audit

Audit Committee considers the need for and appropriateness of a separate Internal Audit function on a regular basis. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the company’s finance department with active involvement by the legal department.

The absence of a separate Internal Audit function is considered when defining the scope of the company’s external audit. Where necessary, the Internal Audit services will be purchased from an external service provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors.

The company has taken into use a whistleblowing line for any employees to notify the Board and Leadership Team of any compliance concerns.

Risk management

Risk management and internal control processes at F‑Secure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

F‑Secure’s Board of Directors defines the principles of risk management and internal controls which are followed within the company. The Audit Committee assists the Board in the supervision of F‑Secure’s risk management function. The CEO is accountable for ensuring that the risk management principles are implemented and applied constantly and consistently across the organization.

The primary goal of F‑Secure’s risk management principles is to empower the organization to identify and manage risks more effectively. The potential negative impact and probability of different situations arising from our business operations on the company, its customers, or its partners are monitored as part of the risk management process.

F‑Secure promotes continuous risk evaluation by the company’s personnel. The relevant operational risks identified through the risk management process are regularly reviewed by the CEO and Leadership Team and the company’s statutory auditor. Risk Management is an integrated part of F‑Secure’s governance and management and the risk management process is aligned with the ISO-31000 standard. The Audit Committee regularly evaluates the effectiveness of the risk management system.

Risks and uncertainties

The following risks and uncertainties can adversely impact F‑Secure’s sales, profitability, financial condition, market share, reputation, share price or the achievement of the company’s short- and long-term objectives. The matters described here should not be construed as exhaustive list. The most significant risks are:

COVID-19 pandemic

Cyber security consulting is negatively affected by the COVID-19 pandemic. Further slowdown in the new sales of software products and Managed Detection and Response (MDR) service may occur if the situation prolongs.

Goodwill is tested for impairment annually and whenever there is indication that it might be impaired. The impacts of the pandemic on cyber security consulting can be seen as such indication, and an impairment testing of consulting goodwill was carried out during second quarter based on updated long-term forecasts approved by the Board of Directors. Testing resulted in no need for impairment, although sensitivity of the testing has decreased. Management continues to assess the need for updated testing regularly.

Under pandemic an increase in credit losses and delayed customer payments may occur. Until the end of first half no significant risks have realized, but as the impacts of the pandemic on customers may arise in longer term, management has reassessed the provision for expected credit losses under IFRS 9 and a slight increase has been booked during the first half to address increased risk.

Endpoint protection market disruption

Endpoint security market is highly competitive. Operating system manufacturers have increased their focus to built-in security features and at the same time new vendors and technologies have emerged. F‑Secure has to succeed in maintaining in-depth understanding of cyber security threat landscape, hacker techniques and technologies used as well as continue to innovate in defense technologies.

Market consolidation

The cyber security market is consolidating due to economies of scale. F‑Secure has to succeed in finding the right acquisition targets, as well as successfully integrating the target companies.

Risks relating to launch of new technologies

In a rapidly evolving industry it is vital to keep the products and services relevant to the customers while introducing new technologies to the market on-time. F‑Secure is driving technology simplification and R&D effectivization initiatives as well as investments to artificial intelligence to ensure a competitive product portfolio.

Attracting and retaining talent

Competition for capable personnel is increasing and there is structural undersupply of talent in the cyber security industry. F‑Secure is continuously developing and adopting new ways of recruitment, building its own talent and knowledge pools and investing to training and development of personnel.

Geopolitical risks

F‑Secure operates globally in different countries, and local regulation is exposing the company to geopolitical risks, including, for instance, unfavorable tax matters or export controls, BREXIT being one example of these risks. Changes in regulations or their application, applicable to current or new technologies or services, may adversely affect F‑Secure’s business operations.

Currency fluctuations

Increased amount of operations and sites outside the Eurozone in different currencies exposes F‑Secure to an increased risk related to currency fluctuations.

Insiders

Insider management

F‑Secure complies with the applicable legislation, including EU Market Abuse Regulation “MAR”, the regulations of the Finnish Financial Supervisory Authority as well as Nasdaq Helsinki’s Guidelines for Insiders. F‑Secure has established its own insider policy to complement the regulation and guidelines above.

F‑Secure maintains a list of all persons who have regular access to company’s financial data. Due to the sensitive nature of financial information, persons having access to financial information before publication of an interim financial report or a year-end report shall be subject to a thirty (30) day trading restriction prior to publication of such report (“Closed Period”).

In addition, F‑Secure maintains a project-specific insider list of any projects and events which, if realized, would be likely to have a significant effect on the value of F‑Secure’s shares or other financial instruments, and which have been subject to delaying of disclosure in accordance with MAR.

F‑Secure has decided not to include any persons as permanent insiders. All persons with inside information regarding a project will be included in the project specific insider list.

Persons discharging managerial responsibilities (“Managers”) comprise the Board of Directors, the CEO and other members of the Leadership Team. These persons have a duty to notify F‑Secure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of F‑Secure within three business days. The company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers’ transactions are available on the company’s website.

Closed window

All insiders or their interest parties are not entitled to trade shares, options, or other securities 30 days prior to the publication of financial reports. Additionally, project-based insiders are never entitled to trade shares, options, or other securities during the duration of an insider project, including the day the insider information is made public.

Silent period

F-Secure observes a silent period of 21 days before each quarterly report announcement. During the silent period, the Company will arrange neither meetings nor conference calls with the investor community.

Disclosure policy

F-Secure's Disclosure Policy describes the key principles and practices that the company applies in its investor relations and financial reporting.

Disclosure policy (pdf)

Corporate governance

Corporate governance

F‑Secure’s corporate governance practices are based on applicable Finnish laws, the rules of Helsinki Stock Exchange (NASDAQ Helsinki Oy) and the regulations and guidelines of Finnish Financial Supervisory Authority as well as with the company’s Articles of Association. This statement has been prepared in accordance with the Finnish Corporate Governance Code 2020 (publicly available at cgifinland.fi/en) issued by the Securities Market Association of Finland.

Corporate governance statement archive Articles of association
  1. Business name and domicile 
    The Finnish name of the Company is F-Secure Oyj and the English name is F-Secure Corporation, and the Company's domicile is the City of Helsinki.
  2. Line of activity
    The Company's line of activity shall be the production of software, the import, export and sale of computers, electric devices, software, and the supply of services related to information technology, as well as consultation, training and publication activities related to information technology. The Company may also be engaged in securities trading.
  3. Book-entry securities system
    After a registration date specified by the Board of Directors, the shares of the Company will be incorporated in the book-entry securities system. After the registration date the right to receive funds distributed by the Company and to subscribe for shares when increasing the share capital shall be restricted to persons
    • Who have been registered as shareholders in the Shareholders' Register on the matching day
    • Whose right to payment has been registered on the matching day on the book-entry account of a registered shareholder and entered in the Shareholders' Register or
    • In case a share is nominee registered, on whose book-entry account the share has been registered on the record date and whose nominee has been registered in the Shareholders' Register of the Company on the record date as the nominee of the shares.
  4. Board of directors
    The Company shall have a Board of Directors, which shall include at minimum three and at maximum seven ordinary members. The term of office of a member of the Board of Directors shall expire at the end of the first Annual General Meeting of Shareholders following the election.
  5. Company president
    The Board of Directors of the Company shall appoint a President and determine his/her remuneration terms.
  6. Signing of the business name
    In addition to the members of the Board of Directors, who can sign the business name of the Company jointly, the name can also be signed by the person or persons whom the Board of Directors has authorized to sign the business name, by the President of the Company and the Chairman of the Board of Directors alone, and by two members of the Board of Directors jointly. The Board of Directors shall decide on authorizing persons to sign for the Company per procuram.
  7. Financial period
    The financial year of the Company is the calendar year.
  8. Auditors
    The Company shall have one Auditor, who shall be an auditing entity approved by the Finnish Central Chamber of Commerce. The term of office of the Auditor shall expire at the end of the first Annual General Meeting of Shareholders following the election.
  9. Call to a General Meeting and right to participate in and vote at the General Meeting
    The notice of a General Meeting of Shareholders shall be delivered to the shareholders within a period stipulated by the law by publishing the notice on the Company's website.

    To be entitled to participate in the General Meeting, a shareholder shall notify the Company about his/her intention to participate in the General Meeting no later than on the date indicated in the notice.

    At a General Meeting of Shareholders, each share has one (1) vote. The voting method shall be decided by the Chairman of the Meeting.

  10. Annual General Meeting of Shareholders
    The Annual General Meeting of Shareholders shall be held annually on the date designated by the Board of Directors within a period from the end of the financial year as defined by the law. In addition to the domicile of the Company, the General Meeting of Shareholders can be held in Espoo or Vantaa. At the Annual General Meeting there shall be presented:
    • The financial statements and the Annual Report
    • The Auditors' Report (decisions made regarding)
    • The approval of the financial statement
    • The measures to which the profit or loss of the adopted balance sheet and/or consolidated balance sheet may give cause
    • The granting of release from liability to the Members of the Board of Directors and to the President
    • The remunerations of the Members of the Board of Directors and Auditors
    • The number of the Members of the Board of Directors (elected)
    • The members of the Board of Directors
    • One auditor and a reserve auditor, if necessary
Corporate responsibility

In the digital and connected world we currently live in, cyber attacks and malware have the ability to seriously damage global businesses, result in losses of hundreds of millions of euros, and even cause human suffering. For 30 years, F-Secure has been committed to helping people and businesses fight these cyber threats. Improving our customers' security, resilience and the sustainability of their digital lives or businesses, is why we exist.

We believe that through our core business and everyday actions we play a vital role in ensuring the functioning of modern society, and help to maintain trust between people and organizations. Internally, we emphasize the importance of a sense of fellowship among our employees, and we have always put a strong emphasis on shared core values.

F-Secure is committed to sustainable practices in carrying out our business. Corporate responsibility is led by the CEO with the support of the Leadership Team, and with the Board of Directors approving the annual Statement of Non-financial Information. To ensure that corporate responsibility is integrated into all business operations, governance and compliance processes have been established.

This Statement of Non-Financial Information lists key areas of responsibility that are considered most material in accordance with the Finnish Accounting Act.

Corporate Responsibility Statement archive Code of Conduct Modern Slavery Statement

By publishing a statement based on the UK Modern Slavery Act F‑Secure sets a clear signal against slavery and servitude, forced or compulsory labor and human trafficking in its value chain.

At F‑Secure, we constantly strive to create the best environment for employees to perform, innovate and develop. Treating every employee fairly and with respect is a fundamental part of the company culture. This is fully in line with our policy on human rights and our Code of Conduct.

19 Mar 2020 15:00