F-Secure's corporate governance practices comply with applicable Finnish laws as well as the rules, regulations and guidelines of NASDAQ Helsinki Oy and the Finnish Financial Supervisory Authority. This statement has been prepared in accordance with Finnish Corporate Governance Code (publicly available at issued by the Securities Market Association of Finland in 2015.

F-Secure's Corporate Governance Statement for 2016

The statement includes the tasks and responsibilities of the Board of Directors, Board Committees and other main governing bodies. The statement also describes the main features of internal control and risk management pertaining to the financial reporting process.

The key elements of the Corporate Governance practices of F-Secure Corporation are described in brief on this page.

F-Secure sees itself as a company having a vital and important role in helping prevention of unethical conduct in connected life through providing security and privacy solutions for consumers and corporations. F-Secure strives to conduct all its business in an ethical and lawful manner and has gathered its primary indicators of compliance to this code of conduct. Each employee of F-Secure is expected to know and comply with this code and report any suspected violations that they become aware of. F-Secure's subcontractors are also requested to act in compliance with this code or corresponding code of their own of at least as high standard as this code.

  1. Equal opportunities
    F-Secure is committed to equality of opportunity in all its employment practices, policies and procedures.
  2. Conflict of interests prevention
    F-Secure employees shall avoid any activity that might lead to or suggest a conflict of interest, in the form of personal benefit, between personal activities and the business of F-Secure.
  3. No bribery or corruption
    F-Secure is committed to working against corruption in all its forms, including extortion and bribery. F-Secure does not pay or authorize payment of or receive bribes or other illegal payments to obtain or retain business.
  4. Compliance with laws
    F-Secure complies with all mandatory applicable laws and regulations in the countries it operates. We also follow and embrace export control and fair competition laws and practices. As a public, listed Finnish company F-Secure complies with the rules and regulations of the NASDAQ OMX Helsinki Ltd.
  5. Protection of human rights
    F-Secure supports and respects protection of internationally proclaimed human rights.
  6. Messaging.
    F-Secure endeavors to conduct its messaging in a responsible manner.
  7. Respect for the environment
    F-Secure is environmentally friendly and operates in a manner that conserves the environment.
  8. Supplier requirements
    F-Secure requires its service providers to comply with this code of conduct or provide their own code of conduct substantially similar to F-Secure's.
  9. Information security, privacy and third party rights
    F-Secure protects the privacy and integrity of data of its business partners, end users and employees. We shall honor third party rights, including the rights of the open source community.
  10. Working with malware
    F-Secure strives to do no harm to anybody when handling malicious content. We do our best to cooperate with authorities and law enforcement in order to ensure the safety of the general public. However, our products are developed independent of governmental direction.
  1. Business Name and Domicile 
    The Finnish name of the Company is F-Secure Oyj and the English name is F-Secure Corporation, and the Company's domicile is the City of Helsinki.
  2. Line of Activity
    The Company's line of activity shall be the production of software, the import, export and sale of computers, electric devices, software, and the supply of services related to information technology, as well as consultation, training and publication activities related to information technology. The Company may also be engaged in securities trading.
  3. Book-Entry Securities System
    After a registration date specified by the Board of Directors, the shares of the Company will be incorporated in the book-entry securities system. After the registration date the right to receive funds distributed by the Company and to subscribe for shares when increasing the share capital shall be restricted to persons
    • Who have been registered as shareholders in the Shareholders' Register on the matching day
    • Whose right to payment has been registered on the matching day on the book-entry account of a registered shareholder and entered in the Shareholders' Register or
    • In case a share is nominee registered, on whose book-entry account the share has been registered on the record date and whose nominee has been registered in the Shareholders' Register of the Company on the record date as the nominee of the shares.
  4. Board of Directors
    The Company shall have a Board of Directors, which shall include at minimum three and at maximum seven ordinary members. The term of office of a member of the Board of Directors shall expire at the end of the first Annual General Meeting of Shareholders following the election.
  5. Company President
    The Board of Directors of the Company shall appoint a President and determine his/her remuneration terms.
  6. Signing of the Business Name
    In addition to the members of the Board of Directors, who can sign the business name of the Company jointly, the name can also be signed by the person or persons whom the Board of Directors has authorized to sign the business name, by the President of the Company and the Chairman of the Board of Directors alone, and by two members of the Board of Directors jointly. The Board of Directors shall decide on authorizing persons to sign for the Company per procuram.
  7. Financial Period
    The financial year of the Company is the calendar year.
  8. Auditors
    The Company shall have one Auditor, who shall be an auditing entity approved by the Finnish Central Chamber of Commerce. The term of office of the Auditor shall expire at the end of the first Annual General Meeting of Shareholders following the election.
  9. Call to a General Meeting and Right to Participate in and Vote at the General Meeting.

    The notice of a General Meeting of Shareholders shall be delivered to the shareholders within a period stipulated by the law by publishing the notice on the Company's website.

    To be entitled to participate in the General Meeting, a shareholder shall notify the Company about his/her intention to participate in the General Meeting no later than on the date indicated in the notice.

    At a General Meeting of Shareholders, each share has one (1) vote. The voting method shall be decided by the Chairman of the Meeting.

  10. Annual General Meeting of Shareholders.
    The Annual General Meeting of Shareholders shall be held annually on the date designated by the Board of Directors within a period from the end of the financial year as defined by the law. In addition to the domicile of the Company, the General Meeting of Shareholders can be held in Espoo or Vantaa. At the Annual General Meeting there shall be presented:
    • The financial statements and the Annual Report
    • The Auditors' Report (decisions made regarding)
    • The approval of the financial statement
    • The measures to which the profit or loss of the adopted balance sheet and/or consolidated balance sheet may give cause
    • The granting of release from liability to the Members of the Board of Directors and to the President
    • The remunerations of the Members of the Board of Directors and Auditors
    • The number of the Members of the Board of Directors (elected)
    • The members of the Board of Directors
    • One auditor and a reserve auditor, if necessary

Under the Finnish Companies Act, shareholders exercise their decision-making power at General Meetings of Shareholders. A General Meeting is normally held once a year as an Annual General Meeting (AGM). A shareholder may propose items to be included on the agenda provided they are within the authority of the shareholders' meeting and the Board of Directors has been informed of the request in due time. The invitation to the AGM is published on the Company's website.

The AGM decides on matters stipulated by the Company's Articles of Association and the Finnish Companies Act, including:

  • the adoption of the Financial Statements
  • the distribution of profit for the year
  • discharging the members of the Board of Directors and CEO from liability
  • the selection of members of the Board and the decision on their remuneration
  • the election of the auditor
  • other proposals made by the Board or shareholders

Each share carries one vote in the General Meeting.

Articles of Association

More information and materials

Additional information on Annual General Meetings is available in the Materials section.

Members of the Board of Directors

Duties of the Board of Directors

The objective of the Board of Directors is to direct the company with the aim of achieving the best possible return on invested capital for shareholders in the long term.

The Board's responsibilities and duties are defined in detail in the Board's Charter (available on the Company website) and cover the following main areas:

  • approving the strategy of F-Secure, overseeing its operations and annual budgets
  • approving any major investments, acquisitions, changes in corporate structure or other significant decisions
  • ensuring that the supervision of the Company's accounting and financial management is duly organized
  • ensuring that internal control and risk management systems are in place approving personnel policies and rewards systems
  • preparing matters to be handled by the General Meeting of shareholders

The Board of Directors meets as frequently as necessary, at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations.

In accordance with F-Secure's Articles of Association, the Board of Directors comprises three to seven members, which are elected at the Annual General Meeting for a period of office that extends to the following AGM. The majority of Board members shall be independent from the Company and from its major shareholders.

One member of the Board of Directors is elected from F-Secure Corporation's personnel in the following manner: an election is arranged for F-Secure personnel. Each permanent employee of F-Secure Corporation is eligible as a candidate. The Executive Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for election as a new member of the Board by the Annual General Meeting.

The Board's Executive Committee prepares the proposals for board candidates to be approved by the shareholders at the General Meeting. Proposals are based on candidates' skills and qualifications and on maintaining diversity on the Board of Directors. Currently both genders are represented in the Board of Directors.

Board committees

The Board has two permanent Committees: an Audit Committee and an Executive Committee (nomination and remuneration issues).

Audit Committee

The Audit Committee reviews, instructs and evaluates risk management, internal controls, IT strategy and practices, financial reporting as well as auditing of the accounts. The Audit Committee also regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as an adequate knowledge of and experience in financial and supervisory matters. All members of the Audit Committee must be independent from F-Secure Corporation and from major shareholders in the company.

Executive Committee

The Executive Committee prepares material and instructs with issues related to the composition and compensation of the Board of Directors and the remuneration and incentivization of key managerial personnel. The Committee also prepares the proposals for the Board composition and remuneration for the Annual General Meeting of Shareholders.

Members of the Leadership team

Duties of the CEO

The Board of Directors appoints the CEO and decides upon his/her remuneration and other benefits. The CEO is responsible for the day-to-day management of the Company. His/her duties include:

  • managing the business according to the instructions issued by the Board of Directors
  • presenting the matters to be handled in the Board of Directors' meetings
  • implementing the decisions made by the Board of Directors
  • other duties determined in the Companies Act

Duties of the Leadership Team

The Leadership Team supports the CEO in the daily operative management and development of the Company. The CEO appoints the Leadership Team members and decides upon the terms and conditions of their employment.

Remuneration of the Board

The remuneration of the Board is decided by the Annual general meeting. The decisions are made public after the meeting. Read more about the decisions on remuneration on the Annual General Meeting section.

Annual general meeting

Remuneration of the CEO and management

The Board of Directors decides on the remuneration and other benefits of the CEO. The CEO also belongs to the Company's long-term incentive program. The Board of Directors decides on the remuneration and other benefits of the Leadership Team.

More information on the remuneration of the CEO and Leadership team, option programs and other related issues can be found in note 27 to the financial statements in the Annual Report.

Annual report

Remuneration statement

The following statement contains broad information on remuneration issues in F-Secure. The statement has been prepared according to the Finnish Corporate Governance Recommendation for Listed Companies published by the Securities Market Association. Please find the statement below. This statement is updated on regular basis if changes occur.

Read the full remuneration statement

Risk management is used as a tool to help managers make better risk-balanced decisions in an uncertain environment. The objective of F-Secure's risk management is to ensure a current, correct and comprehensive understanding and prioritized management of key uncertainties related to strategy implementation and business operations.

The foundation for risk management is defined in the Company's Risk Management Policy. The Board of Directors approves the Risk Management Policy and determines the Company's overall attitude towards risks. The Board of Directors and its Audit Committee monitor the Company's key risks and related controls and the effective implementation of the policy. The Audit Committee annually conducts a key risk review and evaluates the effectiveness of the risk management framework. The risk management framework consists of risk management responsibilities, related policies, operating principles and tools.

The CEO and Leadership Team are accountable to the Board for approving the Company's risk management standards and ensuring that they are applied in a consistent manner across the organization. The Leadership Team conducts a Company-level risk review biannually as part of the operational planning and approves the company-level risk profile.

The Corporate Risk Management function provides and maintains a process to identify, analyze, evaluate, and treat risks. Risk assessment is regularly conducted and aligned with the Company strategy process and annual operational planning. Risk management processes follow an annual cycle including both top-down and bottom-up reviews.

The same tools are applied to assess uncertainties related to key projects and business decisions, e.g. M&A transactions, major investments and new business initiatives.

Major risks

Risks are defined as uncertainties which can impact the achievement of the Company's short and long term objectives. Risks are assessed as a combination of probability and impact. F-Secure uses the following categories to group the risks: strategic, operational, financial and compliance risks.

The most significant risks for F-Secure are related to the following factors:

  • Volatility of the economic environment and its potential impact on business volumes
  • Security market transformation and changes in customer demand
  • Changes in the competitive environment
  • Potential loss of key customers and partnerships
  • Failure to attract and retain required human capital
  • Competitiveness of F-Secure's product portfolio in the rapidly changing market
  • Intellectual property (IPR) claims against F-Secure
  • Risk exposure from contractual liability requirements
  • Failure to successfully complete acquisitions or divestments
  • Failure of new product launches
  • Potential security threats related to F-Secure's products and services
  • Credit risk due to regional political or financial climate and regulation
  • Tax risk relating to changing laws and regulations and interpretations of said regulations by the relevant authorities

The purpose of Internal Control is to ensure that operations are effective and aligned with the strategy, and that financial reporting and management information is reliable and in compliance with applicable regulations and operating principles.

Internal control consists of all the guidelines, policies, processes, practices and relevant information about organizational structure that help ensure that the business conduct is in compliance with all applicable regulations. The purpose of internal control is also to ensure that accounting and financial information provides a true and accurate reflection of the activities and financial situation of the company. Actual performance is monitored against sales and cost targets by operative reporting systems on a daily, weekly, or monthly basis.

The Company constantly monitors its key financial processes linked to cost efficiency and profitability as well as incoming and outgoing payment transactions. If any inconsistencies appear, the issues are handled without delay. The Company's controlling team is responsible for the consistency and reliability of internal control methods. The team works in close cooperation with the CFO and business units, providing relevant data for business planning purposes and sales estimates. The team also regularly assesses and monitors the reliability of estimates and revenue recognition through various follow-up methods.

Internal audit

F-Secure's Audit Committee considers regularly the need for and appropriateness of a separate Internal Audit function. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the Company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested from time to time. The guidelines and policies are coordinated by the Company's finance department with active involvement by the legal team.  

The absence of a separate Internal Audit function is considered when defining the scope of the Company's external audit. This is evident for example in the audit of F-Secure's foreign subsidiaries, where the scope often exceeds the legal requirements in order to serve the purpose of internal auditing.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors and head of the Company's legal team to discuss related matters of their areas of responsibility.

The company has taken into use a direct line for all employees to notify the Board of any unethical activity or abuse.

F-Secure's IR-function is in charge of the company's insider issues. The Company follows the insider regulations of NASDAQ Helsinki Oy. Insiders are divided into three categories:

  • Managers with duty to notify the Company and the Financial Supervisory Authority of transactions (the Board of Directors, the CEO, the CFO and heads of Business Units) and their closely associated persons 
  • Project specific insiders 
  • Persons with access to unpublished significant financial information

Management's transactions 

Notifications on transactions by managers with duty to declare trading and their closely associated persons are published as stock exchange releases, and published on the IR website. Instructions for declaring trading are available here.

As a general rule, insiders are not entitled to trade shares or other financial instruments 30 days prior to the publication of the Company's financial statements. Project-based insiders are not entitled to trade at all until the termination of the project.

Silent period

The Company observes a silent period of 21 days before each quarterly report announcement. During the silent period, the Company will arrange neither meetings nor conference calls with the investor community.

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company's financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

F-Secure's corporate governance practices comply with applicable Finnish laws as well as the rules, regulations and guidelines of NASDAQ Helsinki Oy and the Finnish Financial Supervisory Authority. This statement has been prepared in accordance with Finnish Corporate Governance Code (publicly available at issued by the Securities Market Association of Finland in 2015.

F-Secure's Corporate Governance Statement for 2016

The statement includes the tasks and responsibilities of the Board of Directors, Board Committees and other main governing bodies. The statement also describes the main features of internal control and risk management pertaining to the financial reporting process.

The key elements of the Corporate Governance practices of F-Secure Corporation are described in brief on this page.