For secunet effective corporate governance is one of the main prerequisites for achieving corporate objectives and increasing corporate value.

Corporate governance spans a company’s entire system for management and monitoring including its organisation, business policy principles and guidelines as well as internal and external control and monitoring mechanisms. Outstanding and transparent corporate governance ensures responsible management and control of a company in alignment with the creation of value. It promotes trust in secunet on the part of investors, financial markets, business partners and staff as well as the general public.

Declaration on Corporate Management pursuant to § 289f and §315d of the German Commercial Code (HGB)

An effective and transparent organisation, as well as responsible and reliable corporate governance is very important at secunet Security Networks AG. The Company’s Management Board and Supervisory Board firmly believe that good corporate governance is key to the continued success of the Company on the market.

The term Corporate Governance describes the regulatory framework for the management and supervision of companies. In a general sense, this framework must be designed in such a way that the Management Board and Supervisory Board work to ensure that the company continues to exist and creates value sustainably. Recommendations and proposals for how this requirement can be implemented in the management and supervision of companies are summarised in the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK). The Code serves the purpose of increasing trust in companies listed on the German stock exchange.

The Management Board and Supervisory Board of secunet Security Networks AG therefore regularly check the implementation of the German Corporate Governance Code at secunet Security Networks AG. In the 2019 financial year, the Management Board and Supervisory Board of secunet Security Networks AG once again carefully deliberated on the recommendations and proposals of the German Corporate Governance Code, in the version applicable in the 2019 financial year, as amended on 7 February 2017. The Declaration of Conformity set out below regarding the German Corporate Governance Code was agreed on the basis of these deliberations. This declaration is permanently available on our website and constantly updated to reflect any amendments.

In accordance with Item 3.10 of the German Corporate Governance Code in the version applicable in the 2019 financial year and with Section 289f of the German Commercial Code (Handelsgesetzbuch, HGB), the Management Board and Supervisory Board give the following report:

Management and supervisory structure

secunet Security Networks AG is subject to German stock corporation law. As a German public limited company, it has a dual management and supervisory structure consisting of a Management Board and a Supervisory Board. The Management Board consisted initially of three members in the 2019 financial year and then of four members with effect from 1 June 2019. The Supervisory Board is made up of six members. The Management Board and Supervisory Board work together closely and on the basis of mutual trust in their management and supervision of the Company.

Supervisory Board

The Supervisory Board performs the tasks assigned to it by law and by the Company’s Articles of Association. It supervises and advises the Management Board with regard to the management of the Company. At regular intervals, the Supervisory Board discusses business performance and planning, as well as the strategy and its implementation. It discusses the half-year financial reports and quarterly updates with the Management Board before their publication, and approves the Annual Financial Statements of secunet Security Networks AG and the Group, taking into consideration the audit reports prepared by the auditors and its own examination. The Supervisory Board monitors the accounting process, the effectiveness of the internal control system, risk management and internal audit, as well as the auditing of the financial statements. Its tasks and responsibilities also include appointing members to the Management Board. Management Board decisions of fundamental importance, such as major acquisitions, disposals and financial measures, require the consent of the Supervisory Board. An extraordinary meeting of the Supervisory Board is convened as and when necessary should significant events arise. The Supervisory Board has drawn up rules of procedure for its work. Its Chairman coordinates the work carried out within the Supervisory Board, chairs its meetings and represents its interests externally. The Supervisory Board strives to continually improve the efficiency of its activities. In the 2019 financial year, the review of the Supervisory Board’s efficiency was again included as a separate item on the agenda for the meetings of the Supervisory Board.

In accordance with the Articles of Association, the Supervisory Board of secunet Security Networks AG comprises six members. Until the end of the 2019 Annual General Meeting, the Supervisory Board consisted solely of shareholder representatives. Since it became foreseeable in the 2018 financial year that secunet security Networks AG would now generally have more than 500 but not more than 2,000 employees and thus be subject to the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz – DrittelbG), one third of the Supervisory Board must now consist of employee representatives. The Management Board of the Company instigated the change in the composition of the Supervisory Board by initiating status proceedings in October 2018 and the procedure for election of employee representatives to the Supervisory Board in December 2018. The latter procedure was concluded on 13 March 2019 with the election of two employee representatives, Ms Gesa-Maria Rustemeyer and Mr Jörg Marx. At the 2019 Annual General Meeting, Mr Ralf Wintergerst, Dr Peter Zattler, Professor Dr Günter Schäfer and Dr Elmar Legge were elected to the Supervisory Board as the four shareholder representatives.

The knowledge, skills and professional experience required to fulfil the remit are taken into account when drawing up the nominations for election to the Supervisory Board. In addition, the Supervisory Board has defined specific targets for its composition in accordance with Item 5.4.1 of the German Corporate Governance Code in the version applicable in the 2019 financial year, and has drawn up a skills profile for the entire Board. The purpose of the skills profile is to ensure that the members of the Supervisory Board possess all the knowledge and experience considered essential in light of the activities of secunet Group. Furthermore, an age limit of 70 years is planned for members of the Supervisory Board.

Taking into account the Company’s specific situation, the Supervisory Board strives to achieve diversity among candidates with the requisite professional and personal qualifications when its members are elected. The Supervisory Board therefore looks for international experience, independence and an appropriate degree of female representation among suitable candidates. In accordance with the recommendation in Item 5.4.1 of the German Corporate Governance Code in the version applicable in the 2019 financial year, at least one seat on the full Supervisory Board was reserved for a female member in the Supervisory Board elections held in 2019 in connection with the reconstitution of the Supervisory Board as a result of the One-Third Participation Act coming into effect.

One or more Supervisory Board members should also have many years of special experience abroad, acquired as a result of working abroad or due to a foreign country of origin. In addition, the Supervisory Board should include what it considers an appropriate number of independent members within the meaning of Item 5.4.2 of the German Corporate Governance Code in the version applicable in the 2019 financial year. Furthermore, on the basis of the resolutions passed by the Supervisory Board, the latter should include one independent member within the meaning of Item 5.4.2 of the German Corporate Governance Code in the version applicable in the 2019 financial year. In the opinion of the Supervisory Board, this requirement is currently met by the member Dr Elmar Legge. Until the Supervisory Board was reconstituted in May 2019, the Supervisory Board had another member, Mr Wolf-Rüdiger Moritz, who, in the Supervisory Board’s assessment, was independent within the meaning of Item 5.4.2 of the German Corporate Governance Code in the version applicable in the 2019 financial year. At least one member of the Supervisory Board should possess many years of international experience.

At its meeting on 4 May 2017, the Supervisory Board resolved the aforementioned objectives for its composition for the period until 30 June 2022 and took them into account in its election proposals to the 2019 Annual General Meeting.

The composition of the Supervisory Board complied with the specifications of the skills profile both before and after the Supervisory Board elections in 2019. The Supervisory Board members possessed and possess the professional and personal qualifications deemed necessary. They were and are all familiar with the sector in which the Company is active and had and have the essential knowledge, skills and experience for the Company.

The Supervisory Board does not have any committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the formation of committees.

Management Board

The Management Board, as the body responsible for managing the Company, conducts the Company’s business under its own responsibility and in the Company’s interests. Its aim is to increase the enterprise value on a sustainable basis. In particular, it determines the principles of the Company’s policy and is also responsible for developing the Company’s strategy, for planning and setting the Company’s budget, for allocating resources, and for controlling and managing the Company’s corporate and business divisions. Specific measures described in the Management Board’s rules of procedure require the approval of the Supervisory Board. The Management Board is responsible for preparing the Company’s quarterly updates, the Company’s half-year financial reports, the Annual Financial Statements of secunet Security Networks AG, and the Consolidated Financial Statements.

The Management Board works closely with the Supervisory Board. It informs the Supervisory Board regularly, comprehensively and without delay – by means of written and verbal reports – of all issues important to the Company as a whole with regard to strategy and strategy implementation, planning, business performance, the financial and earnings situation, and entrepreneurial risks. The Supervisory Board is involved without delay in all decisions fundamental to the Company.

Targets for the appointment of women

The Supervisory Board has implemented the requirements of the legislation that came into force on 1 May 2015 regarding the equal participation of women and men in management positions.

At its meeting on 4 May 2017, the Supervisory Board established a target of 17 percent for the Supervisory Board, relating to the implementation period from 1 July 2017 to 30 June 2022, which corresponds to the goal of electing one woman to the Supervisory Board. The Supervisory Board took this target into account in its election proposals to the Annual General Meeting in May 2019.

At the same meeting on 4 May 2017, the Supervisory Board also maintained the previously determined target of zero percent for the Management Board relating to the implementation period up to 31 May 2019, because no expansion of the Management Board in this period was intended at the time of the decision. Against the background of the expansion of the Management Board implemented as of 1 January 2018 through the appointment of Mr Axel Deininger, the Supervisory Board again addressed the targets for composition of the Management Board at its meeting on 27 March 2019, in particular the targets for the participation of women, and decided to retain the target of zero percent with regard to the proportion of women on the Management Board for the implementation period up to 31 May 2019 and beyond that up to 31 May 2020. This is essentially due to the fact that the search for suitable female candidates remains challenging in the current market environment and in secunet Security Networks AG’s areas of business, and therefore a higher target cannot at present be regarded as realistic from the point of view of the Supervisory Board. Mr Torsten Henn and Dr Kai Martius were appointed to the Management Board with effect from 1 June 2019.

With regard to the two management levels below the Management Board, the Management Board set the following targets for the period from 1 July 2017 to 30 June 2022: zero percent for the first level and eleven percent for the second level. In view of the small size of the Company, the limited number of management positions and the associated low level of fluctuation, the Management Board is of the opinion that more ambitious targets would currently not be realistic. However, the Management Board reiterates its intention to move towards a higher proportion of management positions being held by women to the greatest extent possible.

In the 2019 financial year, the proportion of women at the second management level below the Management Board was 8 percent (previous year: 10.5 percent).

Responsible risk management

Good corporate governance also means that the Company must take a responsible approach to risk. Systematic risk management as part of our value-oriented Group management ensures that risks are identified and evaluated at an early stage, and that risk positions are optimised. The Management Board reports regularly to the Supervisory Board on the current development of key risks. Details of risk management at secunet Security Networks AG can be found in the combined Management Report. It also contains the report on the key characteristics of the internal control and risk management system relating to accounting.

Transparent corporate governance

Transparency in corporate governance is very important to the Management Board and Supervisory Board of secunet Security Networks AG. Shareholders, all participants in the capital market, financial analysts, shareholder associations and the media are provided with comprehensive, regular and up-to-date information regarding the Company’s position and key changes to the Company’s business.

secunet Security Networks AG reports to its shareholders four times a year on business performance and on the financial and earnings situation, and makes all reports and information permanently available to shareholders on the Company’s website at www.secunet.com. The dates for regular financial reporting are listed in the financial calendar. If any circumstances arise at secunet Security Networks AG that might significantly influence the stock market price of secunet Security Networks AG, these are disclosed in ad hoc announcements in accordance with the legal requirements. The financial calendar and ad hoc announcements are available to view on the website of secunet Security Networks AG under >> The Company >> Investor Relations >> Financial News and Reports.

Shareholders and Annual General Meeting

The shareholders of secunet Security Networks AG may exercise their rights, including voting rights, at the Annual General Meeting. Shareholders can exercise their voting rights at the Annual General Meeting themselves or choose an agent or Company proxy bound by their instructions to exercise the voting rights. The Annual General Meeting takes place in the first eight months of the financial year. The Chairman of the Supervisory Board normally chairs the Annual General Meeting. Ahead of the Annual General Meeting, shareholders receive comprehensive information about the past financial year and about the individual items on the agenda of the upcoming meeting by way of the Annual Report and invitation to the meeting. All relevant documents and information on the Annual General Meeting, together with the Annual Report, are also available on our website.

In accordance with the provisions of law, the auditors are appointed by the Annual General Meeting. At the Annual General Meeting on 15 May 2019, the Düsseldorf branch of the auditing firm KPMG AG Wirtschaftsprüfungsgesellschaft was appointed as auditors for secunet Security Networks AG and Group auditors for secunet Group for the 2019 financial year, and was therefore selected to perform an audit review of the Condensed Financial Statements and the Interim Management Report of secunet Security Networks AG and secunet Group as at 30 June 2019.

Shareholders are notified of important dates by means of a financial calendar published in the Annual Report, in the quarterly updates and on the Company’s website.

Further detailed information about secunet Security Networks AG is available on our website at www.secunet.com.

Corporate governance guidelines

The Articles of Association of secunet Security Networks AG form the basis of our Company. The Company’s Articles of Association, the current Declaration of Conformity, the Declarations of Conformity for previous years and further corporate governance documents can be found online at www.secunet.com under >> The Company >> Investor Relations >> Corporate Governance.

The Management Board has introduced a Code of Conduct for the Company and its employees, summarising the business principles of secunet Security Networks AG. These principles are a crucial part of how secunet Security Networks AG sees itself, and of the expectations that it strives to meet. The Code of Conduct sets down standards of conduct for dealing with all the economic, legal and moral challenges that we face in our day-to-day business activities, and is intended to serve as a benchmark and guide when working with customers, suppliers and other business partners, as well as for our conduct towards our competitors. It also governs our conduct in financial matters and trading in secunet shares, their derivatives and other financial instruments. The Company has set up a compliance unit to handle questions arising in connection with the Code of Conduct.

In accordance with the provisions of Item 4.1.3, sentence 3 of the German Corporate Governance Code in the version applicable in the 2019 financial year, the Company has provided its employees with an opportunity to report, under protection, legal violations within the Company by means of an electronic whistleblower system. This option is also available to third parties.

Management Board and Supervisory Board remuneration

secunet Security Networks AG complies with statutory regulations and the recommendations of the German Corporate Governance Code in the version applicable in the 2019 financial year and discloses the remuneration of each individual member of the Management Board. In this Annual Report (more specifically, in the remuneration report, which forms part of the Management Report), we detail the remuneration of the members of the Management Board and Supervisory Board.

Information on stock option programmes and similar securities-based incentive systems

No stock option programmes or similar securities-based incentive systems exist for members of corporate bodies or employees of the Company.

Notification of transactions under Article 19 of the European Market Abuse Regulation (managers’ transactions)

Article 19 of the European Market Abuse Regulation (EU) No. 596 / 2014 requires members of corporate bodies (Supervisory Board / Management Board) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches or exceeds 20,000 euros (until 31 December 2019: 5,000 euros) within a single calendar year. Disclosures regarding managers’ transactions (directors’ dealings) are also published on our website under Investor Relations. No managers’ transactions were reported in the 2019 financial year, in which the threshold of 5,000 euros was applicable.

Accounting and auditing of the financial statements

secunet Security Networks AG prepares its Consolidated Financial Statements and Consolidated Interim Financial Statements in accordance with the International Financial Reporting Standards (IFRS) as applicable in the EU. The Annual Financial Statements of secunet Security Networks AG are prepared in accordance with German commercial law (HGB) and the German Stock Corporation Act. The Annual and Consolidated Financial Statements are compiled by the Management Board and audited by the auditors and the Supervisory Board. Quarterly updates and the half-year financial report are discussed by the Management Board and Supervisory Board prior to their publication.

secunet Security Networks AG’s Consolidated and Annual Financial Statements have been audited by KPMG AG Wirtschaftsprüfungsgesellschaft, Düsseldorf branch, the auditors appointed by the 2019 Annual General Meeting. The audits were performed in accordance with Section 317 HGB and with due consideration for the generally accepted standards for the audit of financial statements in Germany promulgated by the Institute of Public Auditors in Germany (IDW). The undersigned auditors for the Annual Financial Statements and Consolidated Financial Statements of secunet Security Networks AG are Mr Martin C Bornhofen and Dr Dominic Sommerhoff.

It was also contractually agreed with the auditors that they inform the Supervisory Board without delay of any potential grounds for exclusion or bias and of any findings or occurrences of significance to the Supervisory Board’s remit that came to light during the auditing of the financial statements.

The Condensed Consolidated Interim Financial Statements and the Interim Group Management Report as at 30 June 2019 were subjected to an audit review by KPMG AG Wirtschaftsprüfungsgesellschaft.

Declaration of Conformity under Section 161 of the German Stock Corporation Act dated 27 November 2019

The management and supervisory boards of companies listed on the German stock exchange are legally obliged, in accordance with Section 161 of the German Stock Corporation Act (Aktiengesetz, AktG), to annually declare whether the official recommendations of the Government Commission on the German Corporate Governance Code applicable at the time of making the declaration have been fulfilled and will be fulfilled. The Company is furthermore required to disclose which recommendations of the Code have not been applied or will not be applied and to explain the reasons for this. This Declaration of Conformity is printed in full below, with explanations. The Declaration of Conformity can also be found on secunet Security Networks AG’s website under >> The Company >> Investor Relations >> Corporate Governance. The Declarations of Conformity issued in the last five years are permanently available on the website.

The Company complies with, and will continue to comply with, the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version of 7 February 2017 applicable in the 2019 financial year and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the following exceptions:

3.8, para. 3
A similar deductible shall be agreed upon in any D&O policy for the Supervisory Board.

Explanation: The secunet Supervisory Board conducts its business with the utmost sense of responsibility. A deductible would not give rise to any additional improvement or incentive.

5.1.2, para. 2, sentence 3
An age limit for members of the Management Board shall be specified.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

5.3.1
Depending on the specifics of the enterprise and the number of its members, the Supervisory Board shall form committees with sufficient expertise.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the formation of committees.

5.3.2
The Supervisory Board shall set up an Audit Committee.

Explanation: The Supervisory Board consists of six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to accounting, risk management, compliance and the auditing of the financial statements.

5.3.3
The Supervisory Board shall form a Nomination Committee.

Explanation: The Supervisory Board of secunet Security Networks AG consists of only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the Annual General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been set up.

5.4.1, para. 2, sentence 1
The Supervisory Board shall specify concrete objectives regarding its composition which, whilst considering the specifics of the enterprise, take into account the international activities of the enterprise, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members’ term of office, both to be specified, as well as diversity.

Explanation: The Supervisory Board of secunet Security Networks AG has not specified a regular limit for the term of office on the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the Board, especially since the Board’s work may benefit from the experience of long-standing members.

5.4.6, para. 1, sentence 2
The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.

Explanation: Since the Supervisory Board has no committees, there is currently no question of a special chairmanship and committee membership remuneration.

 

secunet Security Networks AG

Essen, 27 March 2020

- For the Management Board -              - For the Supervisory Board -

 

 

Former Corporate Governance Reports:

Declaration of conformity under section 161 AktG

The Management Board and Supervisory Board of secunet Security Networks AG hereby submit the following Declaration of Conformity regarding the recommendations of the Government Commission on the German Corporate Governance Code in accordance with Section 161 of the German Stock Corporation Act (Aktiengesetz, AktG):

I.

Since submission of the last Declaration of Conformity in November 2019, secunet Security Networks AG has complied with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 7 February 2017 (DCGK 2017) and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the following exceptions:

 

D&O insurance for the Supervisory Board

Section 3.8, para. 3 DCGK 2017: A similar deductible shall be agreed upon in any D&O policy for the Supervisory Board.

Explanation: The Supervisory Board of secunet Security Networks AG conducts its business with the utmost sense of responsibility. A deductible would not give rise to any additional improvement or incentive.

 

Age limit for Management Board members

Section 5.1.2, para. 2, sentence 3 DCGK 2017: An age limit for members of the Management Board shall be specified.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

 

Regular limit for the term of office on the Supervisory Board

Section 5.4.1, para. 2, sentence 1 DCGK 2017: The Supervisory Board shall determine concrete objectives regarding its composition, and shall prepare a profile of skills and expertise for the entire Board. Within the company-specific situation the composition of the Supervisory Board shall reflect appropriately the international activities of the company, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members’ term of office, both to be specified, as well as diversity.

Explanation: The Supervisory Board of secunet Security Networks AG has not specified a regular limit for the term of office on the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the Board, especially since the Board’s work may benefit from the experience of long-standing members.

 

Establishment of Supervisory Board committees and remuneration of committee members

Section 5.3.1 DCGK 2017: Depending on the specific circumstances of the enterprise and the number of Supervisory Board members, the Supervisory Board shall form committees of members with relevant specialist expertise.

 

Section 5.3.2 DCGK 2017: The Supervisory Board shall establish an Audit Committee [...].

 

Section 5.3.3 DCGK 2017: The Supervisory Board shall form a Nomination Committee.

 

Section 5.4.6, para. 1, sentence 2 DCGK 2017: The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the establishment of committees.

Due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.

Furthermore, due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been established.

Since the Supervisory Board has no committees, the issue of a special remuneration for committee chairs and members is not currently relevant.

 

II.

secunet Security Networks AG intends to comply with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 16 December 2019 (DCGK 2020) and published by the German Ministry of Justice in the official part of the Federal Gazette on 20 March 2020, with the following exceptions: 

 

Age limit for Management Board members

Recommendation B.5 DCGK 2020: An age limit shall be specified for members of the Management Board and disclosed in the Declaration of Corporate Governance.

Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.

 

Establishment of Supervisory Board committees, cooperation with the external auditors and remuneration of committee members

Recommendation C.10 DCGK 2020: […], the Chair of the Audit Committee as well as the Chair of the committee that addresses Management Board remuneration shall be independent from the company and the Management Board. The Chair of the Audit Committee shall also be independent from the controlling shareholder.

 

Recommendation D.2 DCGK 2020: Depending on the specific circumstances of the enterprise and the number of Supervisory Board members, the Supervisory Board shall form committees of members with relevant specialist expertise. The respective committee members and the committee chairs shall be named in the Declaration of Corporate Governance.

 

Recommendation D.3 DCGK 2020: The Supervisory Board shall establish an Audit Committee [...].

 

Recommendation D.4 DCGK 2020: The Chair of the Audit Committee shall have specific knowledge and experience in applying accounting principles and internal control procedures, shall be familiar with audits, and shall be independent. The Chair of the Supervisory Board shall not chair the Audit Committee.

 

Recommendation D.5 DCGK 2020: The Supervisory Board shall form a Nomination Committee, composed exclusively of shareholder representatives, which names suitable candidates to the Supervisory Board for its proposals to the General Meeting.

 

Recommendation D.11 DCGK 2020: The Audit Committee shall conduct an evaluation of the quality of the audit on a regular basis.

 

Recommendation G.17 DCGK 2020: Remuneration for Supervisory Board membership shall take appropriate account of the larger time commitment […] of the Chair and the members of committees.

Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Four members are elected by the shareholders and two members by the employees (employee representatives) in accordance with the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz). Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the establishment of committees.

Due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.

Furthermore, due to the number of Supervisory Board members and the composition of the Supervisory Board, establishing a separate Nomination Committee would not increase the efficiency of the work performed by the Supervisory Board with regard to the nomination of suitable candidates for the Supervisory Board’s proposals to the General Meeting for the election of Supervisory Board members. An additional Nomination Committee has therefore not been established.

Since the Supervisory Board has no committees, the issue of the independence of the Chair of the Audit Committee or of the Chair of the committee that addresses Management Board remuneration is not currently relevant, nor is that of a special remuneration for committee chairs and members.

 

secunet Security Networks AG

Essen, 26 November 2020

- For the Management Board -                     - For the Supervisory Board -

 


Former Statements:

 

German corporate governance code:

German corporate governance code

Renumeration of the Management Board and Supervisory Board

The remuneration report summarises the principles used to determine the remuneration of the Management Board of secunet AG and sets out the amount and structure of the income received by its members. It sets out the principles behind, and amount of, the remuneration received by the Supervisory Board, and also provides information on the shareholdings of Management Board and Supervisory Board members.

Remuneration of the Management Board

The Supervisory Board of secunet AG is responsible for determining the remuneration of the Management Board.

In the 2019 financial year, the remuneration package for the members of the Management Board who were active in the 2019 financial year was made up of five components: a fixed annual salary, a variable bonus, a special bonus, ancillary non-cash benefits and a contribution to the retirement pension.

The Management Board remuneration package is broken down as follows:

» The fixed component is paid monthly in the form of a salary.

» The variable component is based on the Company’s results. It consists of a short-term component and a long-term component. The short-term component is measured on the basis of sales revenue and EBIT for the current financial year (2019 in this case), while the long-term component is measured based on the average EBIT of the past three financial years (2017 – 2019 in this case).

» At its discretion, the Supervisory Board can award each of the members of the Management Board a special bonus for their exceptional contributions in the financial year.

» Non-cash and other benefits essentially comprise the taxable values of company car usage.

» The retirement pension contributions paid to members of the Management Board are set out in their individual contracts of employment. These pension commitments provide for a life annuity with provision for dependants.

Management Board contracts do not expressly provide for any severance payment in the event that the employment relationship is prematurely terminated. In addition, Management Board contracts do not include any specific regulations to govern the event that a “change of control” occurs – that is when one or several shareholders acting jointly obtain the majority voting rights of secunet AG and exert a dominating influence, causing secunet AG to become a dependent company by means of the conclusion of an intercompany agreement within the meaning of Section 291 of the German Stock Corporation Act (Aktiengesetz, AktG), or in the event of the merger of secunet AG with other companies.

The Management Board members do not receive any additional remuneration for the performance of their duties in the subsidiaries.

Following the recommendations of the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK), the remuneration of the secunet AG Management Board is constituted as follows:

The following payments were made for the remuneration of the members of the Management Board in the 2019 financial year:

Total remuneration of the members of the Management Board in the 2019 financial year was 1,961 thousand euros (previous year: 1,420 thousand euros).

The pension entitlements of the Management Board members were as follows as at 31 December 2019:

As at 31 December 2018, the pension entitlements of the Management Board members were as follows:

Owing to the right, in accordance with Article 67 (1) and (2) of the Introductory Act to the German Commercial Code (Einführungsgesetz zum Handelsgesetzbuch, EGHGB), to choose to annually add 1 / 15 to the difference resulting from the change in valuation under the German Accounting Law Modernisation Act (Bilanzrechtsmodernisierungsgesetz, BilMoG), there is a shortfall between the amount of the HGB obligation and the provision set aside, totalling 60 thousand euros.

As at 31 December 2019, the members of the Management Board held a total of 880 shares in secunet. No secunet shares were held by members of the Management
Board on the same reporting date of the previous year.

The members of the Management Board of the Company were not granted any loans during the reporting period.

Furthermore, in the past financial year no member of the Management Board was promised or granted any benefits by a third party in respect of his activity as a member
of the Management Board.

Remuneration of the Supervisory Board

The remuneration of the Supervisory Board is laid down in Article 17 of the Articles of Association of secunet AG. It is based on the tasks and responsibilities of the members of the Supervisory Board.

Remuneration of the Supervisory Board was revised at the Annual General Meeting of secunet AG on 15 May 2019. The members of the Supervisory Board receive a fixed remuneration of 12 thousand euros (previously: 8 thousand euros). The Chairman of the Supervisory Board receives a remuneration of 24 thousand euros (previously 16 thousand euros), and the Vice Chairman of the Supervisory Board receives 16 thousand euros (previously 12 thousand euros). This increases the total annual remuneration of the Supervisory Board from 60 thousand euros to 88 thousand euros. If changes are made within the Supervisory Board during the year, remuneration is granted on a pro-rata basis. Travel expenses associated with Supervisory Board activities are reimbursed separately according to travel expense reports.

For the 2019 financial year, Supervisory Board remuneration totalled 77.8 thousand euros (previous year: 60.0 thousand euros). The increase results from the prorata consideration of the increase in remuneration after the 2019 Annual General Meeting.

The members of the Supervisory Board do not receive any loans from the Company.

As on the same reporting date in the previous year, no Supervisory Board members held any secunet shares as at 31 December 2019.

In the year under review, members of the Supervisory Board did not receive any other remuneration or benefits for services provided personally, in particular consulting and agency services.

For the individual members of the Supervisory Board, the entitlements can be presented as follows:

Forecast, Opportunities and Risk Report

1. Risk report

1.1 Risk management objectives and methods

Risk management is carried out in the same way and in parallel for secunet Group and secunet AG. The function presented below and the description of individual risks and opportunities thus apply to both secunet Group and secunet AG.

Risk management at secunet is carried out by a risk committee. This comprises the members of the Management Board and the departmental manager responsible for risk management. The risk committee meets regularly once a quarter. Any developments that could jeopardise the fulfilment of objectives, or which may even threaten the survival of the Company, are subjected to intense analysis, scrutiny and assessment by the risk committee. The aim of doing this is to ensure that information about risks, and the associated financial implications, is detected as early as possible in order to implement suitable measures. The existing opportunities and associated potential for earnings are to be identified and leveraged.

As part of the preparation for meetings of the risk committee, a comprehensive risk inventory takes place in each area of the Company. Following a bottom-up approach, the risks are identified and aggregated, then assessed according to their damage extent and probability of occurrence.

The Company-specific risks surveyed in this manner are then discussed at the risk committee meetings, implementing a top-down approach. The effects of risks and opportunities are not offset against each other. A net presentation is shown when evaluating the potential effects of risks, i. e. the effects of any risk minimisation measures already taken are considered as part of the evaluation. Depending on the probability-weighted damage value of the risks (risk value), the further treatment of the risks is then determined. This ranges from pure documentation where the value is negligible (the probability-weighted damage value in the 2019 financial year was up to 1.25 million euros in EBIT losses) and further observation (monitoring of existing measures – for a risk value of up to 2.6 million euros in the 2019 financial year) to the need to take and monitor measures immediately (reporting threshold – at a probability-weighted damage value of over 2.6 million euros in the 2019 financial year). The value limits defined above are re-determined annually based on the planned annual result. Insofar as the identified risks are quantifiable, the corresponding risk values (relating to the reporting date) are adopted in the reporting system.

Proposals for countermeasures are then drawn up, if required. The Management Board examines these measures and implements them promptly. During the course of the 2019 financial year, several instances of risk were identified and necessitated measures. For the main part, these related to the areas of distribution and production. Operative damage management implemented in each of these cases was able to contribute to reducing the relevant risk value to significantly below the warning threshold in all cases.

The early risk detection and risk management system of secunet AG is being continuously developed and improved.

1.2 Individual risks

Since 2019, the risks for secunet Group and thus also for secunet AG as the parent company of the Group have been primarily classified according to their origin in the functional areas of secunet as follows:

» Sales risks: these are risks in all areas connected with distribution. They relate primarily to the functions purchasing and inbound logistics, sales and outbound logistics as well as distribution and marketing.

» Product risks: these are the risks that can arise in connection with products and solutions from secunet. They relate primarily to risks from technical defects or possible security weaknesses in the components used. Also included in this category are risks from the divisions responsible for planning and coordinating the market-readiness of products and solutions from secunet Group.

» Project risks: these are the risks that can arise in connection with development and consulting projects. They mainly include the risks relating to budget planning and subsequent budget compliance.

» Structural risks: these are the risks arising from support functions such as finance and controlling, legal and human resources, and IT. Risks from M & A activities and compliance risks are also recorded here.

In the early risk detection and risk management system for the year 2018, the classification of risks was still based on their impact on the stages of secunet’s value creation (risks to the corporate infrastructure, product management risks, distribution risks, risks in production). The revised and optimised classification categorises some risks more strongly according to areas of responsibility (product management and production risks have become product and project risks) while others remain largely unchanged (corporate infrastructure has become structural risks, distribution is now sales).

The coronavirus poses a further risk for business development in 2020. The virus has been spreading further around the world since January 2020. The Management Board is assessing the potential effects of the corona pandemic on secunet Group continuously and with high priority. All aspects of business operations are being examined and evaluated, with appropriate measures being developed where necessary. This applies in particular to outsourced supplies and the work performed on customer premises as well as to secunet Group’s own infrastructure and employees. It is not possible to reliably make any meaningful statements for secunet Group in this respect at the time of preparing this report.

As in previous years, the principal risks identified and quantified primarily concern sales risks (acquisition and execution of orders) and project risks (processing of projects).

1.2.1 Sales risks

The area of sales risks is dominated by distribution risk. secunet is active in the project business. Many projects relate to infrastructures and solutions that are designed on an individual basis. The IT security infrastructures based on these are often associated with high investment volumes, resulting in a complex and often protracted tendering and decision-making process for the customer. This applies to both Public Sector and Business Sector customers and places great limitations on the ability to plan for sales revenues, leading to a potential associated volatility in secunet’s business. The distribution risk is continuously monitored as part of risk management and in the ongoing Management Board meetings and, if necessary, it is countered with suitable measures. These measures for reducing the distribution risk often consist of establishing close contact, and thus ongoing cooperation with the customer, through the use of dedicated key account managers, for example.

Closely linked to distribution risk is the risk factor of customer structure to the extent that secunet conducts the majority of its business with public sector authorities and organisations. The loss of segments of demand from this customer group can have negative effects on sales revenue and earnings. This risk is regularly discussed in depth by the risk committee. Investments in IT, and notably in IT security, are seen as particularly important for the smooth delivery of projects for the public sector, particularly in a world where information technologies play an increasingly important role. The risk of a downturn in demand from public sector customers is therefore constantly monitored, although it is currently considered to be relatively low.

In order to be better placed in the medium term to react to the potential risk of a decline in demand from public sector customers, and in order to reduce and compensate for any resulting decline in sales revenue and earnings, secunet will continue to devote intensive efforts to the expansion of its activities for the private sector target group (Business Sector).

A further risk can be seen in the fact that a large part of the sales revenue is concentrated on a small number of public clients and companies. If one of these major customers is absent for even a short period of time, and the corresponding expected orders are delayed, secunet’s attainment of annual objectives may be endangered at the very least. In this case too, the use of key account managers in distribution can help towards risk reduction. Thanks to their close contact with the customer, they can ensure a timely reaction to changes in demand.

Furthermore, the fact that the business results are still heavily influenced by domestic demand is seen as a risk for the further growth of secunet. As a result, the expansion of high-performance international distribution, tapping of new markets and the acquisition of additional customers abroad will remain a focus of efforts for the future development of the Company. One strategic measure is the pooling of international distribution activities in the marketing company founded for this purpose.

The distribution risk at the time of creating this report is classified as negligible.

Sales risks also include warehousing risks. These increase as secunet AG’s product business grows. Warehousing risks include the risk associated with the ability to deliver at short notice, which is countered by suitably networked material planning. At the same time, hardware components in particular are becoming obsolete because of accelerating technical progress. Where applicable, inventories lose their value because of this technical ageing process. secunet stays abreast of these risks through professional inventory optimisation. Inventories were written down by 0.6 million euros in the 2019 financial year.

Positive commercial framework conditions in the German market for IT security have attracted new competitors, particularly in recent years. The changing intensity of the competition that this entails is continually monitored and evaluated by secunet. Currently, there are no signs of a negative impact on secunet’s market position.

Sales risks aggregated over all the individual risks identified in this area, totalling 0.2 million euros as at the end of December 2019, were classified as negligible.

1.2.2 Product risks

The secunet AG product portfolio is concentrated on solutions in the area of cyber security. In the case of the SINA product family in particular, these solutions are protected and approved at a high level in cryptographic terms.

One risk that is evaluated on an ongoing basis in connection with the technical properties of these products is the effect of any possible – as yet undetected – security weaknesses in these solutions. In this context, the focus is on the question of whether and to what extent the security promise made to its customers by secunet in connection with the solution as a whole might be compromised as a result of security holes in individual components.

A comprehensive process of ongoing risk identification and assessment takes place in this area for the purposes of risk minimisation. As part of this process, secunet collects and evaluates findings about potential security risks from a wide range of sources. Even if potential vulnerability of the systems merely seems possible as a result of this evaluation, customers are informed immediately and supported in closing the potential security hole.

This process of monitoring and solving potential technical security risks is implemented in close collaboration with the Company’s development and certification partner, the German Federal Office for Information Security (BSI).

In view of the risk minimisation measures in use, the economic risk connected with technical product security is believed to be low.

Potential warranty claims are taken into account by creating appropriate risk provisions.

In conjunction with the development of new products, the following risks are discussed and evaluated regularly:

» Risk of a possible decline in demand: the product fails to prove itself on the market.

» Risk of undesirable technical developments: the product contains defects that lead to warranty claims.

» Risk of failure to complete the product in time: the development project takes considerably more time than estimated.

In the past, secunet primarily developed products and solutions in response to orders to cover specific security needs in the public sector. Its high-security IT solutions are tailored precisely to customers’ needs; secunet products are generally not designed without a specific requirement in mind. Most of the products developed by secunet are made to order and are accordingly financed by the customer. Therefore, no development risks exist in terms of potentially waning demand. The risks associated with developing new products that subsequently prove unsuccessful on the market have therefore not been of primary significance for secunet in most product areas.

With the development of the secunet konnektor in the 2018 financial year and due to the volume of the associated investments, risk evaluation has focused more closely on development risks. Similar observations were made in the 2019 financial year with regard to the secunet Communicator in the Public Sector, and the secunet konnektor for data centres and secunet edge in the Business Sector. The focus here is less on the sales prospects associated with the products than on the duration of development and certification. The greatest risk for development projects is underestimation of the time required before new solutions are ready for acceptance. This can lead to expenditure of time and personnel, which limits the profitability of these projects. In order to keep these risks as low as possible, secunet uses extensive project planning and control mechanisms in different locations, paired with a dedicated reporting line. This part of the risk analysis and risk management is identical to the activities that apply for major projects. In the area of development projects, the risk at the time of creating this report is classified as low.

Product risks aggregated over all the individual risks identified in this area, totalling 0.1 million euros as at the end of December 2019, were classified as negligible.

1.2.3 Project risks

Major projects: distribution and project management (distribution and production risk)

In addition to the distribution risks for major projects already described under sales risks, there is also a project management risk. In addition, there are specific risks for very long-term major projects.

The project management risk arises after the commissioning of major projects: these projects are characterised by multiple uncertainties in their implementation due to the sheer fact of their size. The risk may then consist of a failure to maintain schedules and project budgets. secunet takes these risks into account by means of a comprehensive project management system, which is used to create regular management reports for project managers, division heads and the Management Board. The risks arising from major projects are continuously monitored – in the same way as development risks – with comprehensive project planning and control mechanisms, in conjunction with a risk-oriented reporting system. In the event of deviation from the set targets, measures to reduce the risk are resolved and implemented immediately. These can consist of making additional capacity available for processing the project or discussing deviations with the customer in order to bring expectations into line with the altered framework conditions.

In very long-term projects that extend over periods of more than five years, there may be additional risks, for example because the solutions implemented reach the end of their technological service life (update problems, problems with outdated technology). Furthermore, a replacement risk may be posed by suppliers who disappear from the market over the course of such projects.

Project risks aggregated over all the individual risks identified in this area, totalling 0.3 million euros as at the end of December 2019, were classified as negligible.

1.2.4 Structural risks
Structural risks resulting from support functions such as finance and controlling, legal and human resources, and IT were not identified in the 2019 financial year or were classified as harmless. The same applied to potential compliance risks.

The risks from M & A activities also include investment risk. In this context, the major shareholdings of secunet AG were continuously evaluated in the 2019 financial year. As at the end of 2019, the investment risk was classified as negligible.

2. Opportunities

The driving factors outlined below continue to have a positive effect on the future growth of secunet:

2.1 Growth through increasing awareness

Increasing sensitivity to IT security issues in recent years has received strong support as a result of reporting in the media on cyber security threats (such as wiretapping cases, attempted and successful hacking of the networks of authorities and companies, attacks on critical infrastructures) over the same time period.

Investigation into the medium to long-term assessment of risk among companies and decision-makers reveals that much greater importance will be placed on cyber security going forward. The issue of cyber security is the focus for a wide range of investigations and seminars, as well as publications derived from them. Cyber incidents are increasingly at the centre of risk assessments – not just those conducted on behalf of authorities, but also by private companies. Cyber incidents have consistently been included in the top three business risks in Germany over the past three years, as identified in the Allianz Risk Barometer 2020, for example; the same picture emerges in the global view. The World Economic Forum’s Global Risk Report 2020 also lists cyber attacks and the vulnerability of critical infrastructure among the top 10 risks worldwide.

A positive trend in the demand for high-quality, trustworthy IT security solutions “made in Germany” can be inferred from this. This applies both to authorities, which are adding IT system and infrastructure security to their existing efforts, and to companies, which are countering the now-specific risks of economic / industrial espionage, for example, with appropriate safeguards. An additional group is made up of providers of critical infrastructures for which IT security is becoming ever more important (see also “Growth due to increasing regulation”). With the relevant distribution activities aimed at authorities and companies, secunet intends to participate in this positive development of demand.

The increasing interest in IT security, driven also by prominent media attention, and the subsequent growth in demand are also resulting in increasing competition. This must be taken into account when evaluating opportunities.

2.2 Growth due to increasing regulation

The German federal government wants to increase the protection of critical infrastructures such as energy and telecommunications networks as well as that of IT systems. To this end, the German IT Security Act (IT-Sicherheitsgesetz, ITSiG) was passed in July 2015. This results in growth opportunities at different levels:

» The legislation particularly affects operators of critical infrastructures – i. e. facilities that are of central importance to the community – such as energy supply, for example. They are to meet specific IT security requirements. This will result in potential demand for implementation concepts to meet these requirements.

» Furthermore, the role of the BSI has been strengthened by this law and takes into account its growing importance as a central body for IT security. Among other things, the BSI has been empowered to inspect and evaluate IT products and systems on the market with regard to their IT security, and to publish the results if necessary. This could give rise to positive stimulus in the product business of secunet.

A further development of the laws regulating critical infrastructures is expected for the future. Both the specific targets and the sectors covered are to be extended, for example.

2.3 Growth through new markets

IT security solutions “made in Germany” enjoy a good reputation around the world due to their quality and trustworthiness. There is rising international demand for corresponding high-quality solutions such as those offered by secunet.

Under the pressure of wiretapping cases and cyber attacks coming to light, demand is likely to stimulate even greater differentiation between producer countries, from which secunet also benefits as a German manufacturer. In addition, many secunet products are approved for use in an international context, for example by the EU and NATO.

The range of products and services from the Business Sector division for customers in the industrial sector is to be expanded abroad, for example for foreign subsidiaries and production facilities of German corporations. To this end, promising potential is being identified and examined.

The expansion of foreign activities via secunet’s own distribution and via local multipliers will contribute to leveraging these potentials.

2.4 Growth through acquisitions

In addition to organic growth on domestic and foreign markets, secunet has for years pursued the objective of triggering additional growth through M&A activities. Growth in the product area through acquisition of the relevant solution providers is promising. The market for companies with high-quality, reliable IT security solutions for processing classified information – in which secunet is an active player – is split into many small to medium-sized providers. In addition, the M&A business remains characterised by very high price expectations on the part of sellers. The process of identifying promising targets at acceptable prices is time-consuming as a result, but is nonetheless being pursued on an ongoing basis.

3. Overview of risks and opportunities

An overview of opportunities and risks which could impact on the further development of secunet Group shows a promising evaluation overall.

The assessment revealed that the risks at the time of creating the report are negligible overall and can thus be controlled, and the identified risks, both individually and as a whole, do not threaten the continued existence of the Group and the Company in terms of illiquidity or excessive debts in the reporting period of at least one year. In the operational management of the Group, measures are continuously being taken to prevent a worsening of the risk situation. At the same time, the utilisation of the opportunities described above is being driven forward by a number of activities. No material risks are present as at the balance sheet date.

The business development of secunet AG is subject to the same risks and opportunities as those of the Group. The presentation and evaluation of risks and opportunities thus also apply in the same way for secunet AG.

4. Forecast

During the past financial year, sales revenue and EBIT increased sharply once again, and 2019 consequently ended with outstanding results. The Management Board of secunet AG is fundamentally optimistic about the conditions for good business performance in the coming year 2020. However, the coronavirus represents a risk for the development of business in 2020 that is difficult to assess.

The framework conditions for the 2020 financial year gave reason for optimism before taking the potential effects of the coronavirus into account:

» The macroeconomic growth outlook of the German federal government was positive: growth of 1.1% in the price-adjusted gross domestic product was forecast for the current year.

» For the domestic market, we were still expecting growing demand for IT security. This affects both the Public Sector, i.e. business with public customers, and the Business Sector, which serves companies in both the private sector and the healthcare sector. For 2020, Bitkom predicted growth of 7.5 percent to 4.9 billion euros in spending on hardware, software and services in the IT security sector. secunet will be able to meet this growing demand well in future, with optimised and new services, products and solutions.

» The foreign market holds significant growth potential, which secunet is fundamentally well positioned to leverage. The secunet AG and secunet International GmbH & Co. KG employees in international distribution have many years of experience in the Group and in dealing with international customers.

» During the course of the year, secunet Group again increased its number of productive employees and can therefore translate increasing demand and high capacity utilisation into good business results.

» The efforts to expand national and international defence budgets and the focus on cyber defence justify positive growth expectations.

At the time of preparing this report, the Management Board considers secunet Group and secunet AG to be well positioned and still sees the Company and the Group in a good situation:

» The economic and financial standing of secunet Group and secunet AG is good; growth so far has been achieved profitably, there are no loans, and liquid funds are high.

» The Management Board is of the opinion that secunet has high-performing, motivated and highly qualified employees, providing an excellent basis of expertise.

» The Company’s existing product and service portfolio has done well in terms of standing up to competition, and is continuing to expand in close cooperation with customers and their needs. Further additions to the product range will also support future growth.

» secunet believes that secunet’s products and solutions have an excellent reputation, the Company is well-known as a provider of high-quality and trustworthy IT security to meet the highest demands and therefore has a stable and reliable (existing) customer structure.

Nevertheless, risks might also be encountered in the coming year:

» secunet is still largely dependent on the procurement activities of the German federal authorities. At the present time, the effects of changing budgetary policy cannot yet be assessed. Negative implications for secunet could include the postponement or cancellation of planned projects.

» Project business also holds both opportunities and risks: the scope of investment decisions for major projects, especially if these are part of a political process, can significantly delay the start of expected procurements. In addition, ongoing major projects always face the potential risk of incalculable delays or budget overruns.

» The great attention focused on the topic of IT security is fuelling the expectation of growing demand. However, driven by the same attention, increasing competition is also apparent, with consequences that cannot yet be foreseen.

» The spread of the coronavirus poses a risk for business development in 2020. The virus has been spreading further around the world since January 2020. The Management Board is assessing the potential effects of the corona pandemic on secunet Group continuously and with high priority. All aspects of business operations are being examined and evaluated, with appropriate measures being developed where necessary. This applies in particular to outsourced supplies and the work performed on customer premises as well as to secunet Group’s own infrastructure and employees. According to an estimate by the ifo institute published on 19 March 2020, the German economy could shrink by 1.5 percent in 2020.

It is not possible to make any meaningful statements for secunet Group in this respect at the time of preparing this report.

The excellent business results achieved in the 2019 financial year represent a challenge for further growth – surpassing record results is becoming increasingly difficult. For example, the healthcare sector is no longer expected to experience the kind of extraordinary economic upswing triggered in the 2019 financial year by the roll-out of healthcare connectors in medical practices.

For this reason, the company’s Management Board is formulating its expectations for secunet Group for the coming 2020 financial year as follows, subject to the further development of the corona epidemic: a slight decline in sales revenue is anticipated. Accordingly, EBIT for secunet Group is expected to be slightly lower than that of the previous year.

The forecast for secunet AG is subject to the same risks and opportunities as those of secunet Group. Accordingly, the Management Board is expecting a slight decline in sales revenue and EBIT for secunet AG.

The effects of the coronavirus epidemic, which has been spreading since the beginning of the year, on the business development of secunet Group cannot be reliably assessed at present – they represent a considerable factor of uncertainty. The Management Board currently sees no need to adjust its expectations regarding the anticipated development in 2020 compared to the November 2019 planning taken into account in the above forecast and approved by the Supervisory Board.

Directors' Dealings

Article 19 of the European Market Abuse Directive (EU) No. 596 / 2014 requires members of Company bodies (Supervisory / Management Boards) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches 5,000 euros (with effect from 1 January 2020 20,000 euros) within a single calendar year. Directors’ Dealings disclosures are also published on our website under Investor Relations. No Directors’ Dealings were reported in the financial year 2019.

Articles of Association of secunet Security Networks AG

I. General Provisions

Article 1 Company Name, Registered Office and Fiscal Year

(1) The Company is registered under the name of

secunet Security Networks Aktiengesellschaft

(1) Its registered office is in Essen.

(2) The fiscal year is the calendar year.

Article 2 Object of the Company

(1) The object of the Company is the provision of telecommunications and information technology security services, in particular consultancy and systems solutions for information security, as well as the manufacture and sale of security technology products and systems, and related activities.

(2) The Company is entitled to engage in all transactions and take all measures that appear suited to serving the object of the Company. It may also establish, acquire or invest in other companies with the same or a related object, as well as manage such companies or restrict itself to administering the investments. It may spin off its operations in whole or in part to affiliated companies or transfer them to affiliated companies.

Article 3 Announcements and Information

(1) The announcements of the Company shall be published in the German Federal Gazette (“Bundesanzeiger”).

(2) Information may also be communicated to the holders of listed securities of the Company by means of remote data transmission. 

II. Share Capital and Shares

Article 4 Share Capital

(1) The share capital of the Company amounts to 6,500,000.00 euros
(in words: six million five hundred thousand euros).

(2) The share capital is divided into 6,500,000 no-par-value bearer shares. In the amount of 1,278,229.70 euros, the share capital consists of the share capital of Secunet Networks GmbH, which was transformed by way of a change of legal form pursuant to Sections 190 et seq. of the German Transformation Act (Umwandlungsgesetz, UmwG).

Article 5 Shares

(1) The shares are bearer shares. If, in the event of a capital increase, the resolution on the increase does not specify whether the new no-par-value shares should be bearer shares or registered shares, they shall be bearer shares.

(2) Collective certificates may be issued for multiple shares. Shareholders are not entitled to have certificates issued for their shares.

(3) A facsimile signature of the Management Board shall be sufficient for the signing of shares and interim certificates. In all other respects, the form and content of the share certificates and the dividend and renewal coupons shall be determined by the Management Board with the approval of the Supervisory Board. The same applies to bonds and interest coupons.

(4) In a capital increase resolution, the profit participation of new no-par-value shares may be determined in deviation from Section 60 (2), sentence 3 of the German Stock Corporation Act (Aktiengesetz, AktG).

III. Management Board

Article 6 Composition of the Management Board

(1) The Management Board comprises one or more members. The appointment of deputy members of the Management Board is permissible.

(2) The Supervisory Board determines the number of Management Board members, appoints the Management Board members and deputy Management Board members, and revokes their appointments. It is also responsible for appointing a member of the Management Board as Chairman and other members of the Management Board as Deputy Chairmen.

Article 7 Representation

(1) If only one Management Board member is appointed, this member shall be the sole representative of the Company. If more than one Management Board member is appointed, the Company shall be represented by two Management Board members, or by one Management Board member together with an authorised signatory (Prokurist).

(2) Deputy members of the Management Board have the same rights as full members of the Management Board with regard to external representation of the Company.

(3) The Supervisory Board may authorise all or individual members of the Management Board to represent the Company alone and exempt them from the restrictions of Section 181 of the German Civil Code (Bürgerliches Gesetzbuch, BGB) regarding multiple representation. Section 112 of the German Stock Corporation Act remains unaffected.

(4) The Management Board shall conduct the Company’s business in accordance with the provisions of the law, the Articles of Association and the rules of procedure established by the Supervisory Board.

(5) The Management Board shall direct the Company on its own responsibility and decide on all matters of material or fundamental importance. Notwithstanding this overall responsibility, each member of the Management Board shall independently direct the area of operations assigned to him by the schedule of responsibilities.

(6) The Management Board shall take appropriate measures, in particular setting up a monitoring system, in order to identify at an early stage any developments that could jeopardise the continued existence of the Company.

Article 8 Rules of Procedure and Resolutions of the Management Board, Transactions requiring Approval

(1) The Supervisory Board shall establish the rules of procedure for the Management Board.

(2) Resolutions of the Management Board are passed by a simple majority of votes. Different majority requirements and further regulations concerning the passing of resolutions by the Management Board may be laid down in the rules of procedure.

(3) The Supervisory Board shall stipulate certain types of transactions that the Management Board may only undertake with the prior approval of the Supervisory Board. The approval of the Supervisory Board may be granted in advance in the form of a general authorisation for a specific category of the transactions designated.

IV. Supervisory Board

Article 9 Composition and Term of Office of the Supervisory Board

(1) The Supervisory Board comprises six members, four of whom are elected by the Annual General Meeting and two by the employees in accordance with the German One-Third Participation Act.

(2) The members of the Supervisory Board are appointed for the period up to the end of the Annual General Meeting that resolves on the discharge from liability for the fourth fiscal year after commencement of the term of office. The Annual General Meeting may determine a shorter term of office for the Supervisory Board members that it appoints. The fiscal year in which the term of office begins is not taken into account. The appointment of a successor for a member of the Supervisory Board retiring from the board before the end of their term of office shall be for the remainder of the term of office of the member retiring prematurely.

(3) The members of the Supervisory Board may resign from office at any time by means of a written declaration addressed to the Chairman of the Supervisory Board or to the Management Board, subject to a notice period of four weeks without stating any reasons, or at any time for good cause.

Article 10 Duties and Powers of the Supervisory Board

(1) The rights and duties of the Supervisory Board are determined by the statutory regulations, the provisions of these Articles of Association and rules of procedure established in accordance with Article 13.

(2) The members of the Supervisory Board have the same rights and duties. They are not bound by orders and instructions. In exercising their mandate, they must act with the diligence of a prudent and conscientious controller of the management.

(3) They must maintain secrecy with regard to confidential information and secrets of the Company, namely business or trade secrets, which have become known to them through their work on the Supervisory Board. In particular, they are obliged to maintain secrecy about confidential reports they have received and about confidential discussions. If a member of the Supervisory Board wishes to pass on information to third parties, where it cannot be ruled out with certainty that said information is confidential or relates to Company secrets, the member is obliged to inform the Chairman of the Supervisory Board in advance and give him an opportunity to express his opinion.

(4) Members of the Supervisory Board who violate their duties are jointly and severally liable to compensate the Company for any resulting damage.

(5) The Supervisory Board is entitled to adopt amendments and additions to the Articles of Association that only affect the wording by a majority of votes.

Article 11 Declarations of Intent of the Supervisory Board

Declarations of intent of the Supervisory Board are made on behalf of the Supervisory Board by the Chairman or, if he is unavailable, by the Deputy Chairman.

Article 12 Chairman of the Supervisory Board and Deputy Chairman

The Supervisory Board shall elect a Chairman and a Deputy Chairman from among its members for the term of office determined in Article 9 (2) of these Articles of Association. The election shall take place in a meeting, which does not have to be specially convened, at the close of the Annual General Meeting at which the shareholders’ representatives on the Supervisory Board to be elected by the Annual General Meeting have been appointed. If the Chairman or Deputy Chairman resigns from office before the end of their term of office, the Supervisory Board shall hold a new election for the remaining term of office of the resigning member.

Article 13 Rules of Procedure and Committees of the Supervisory Board

(1) The Supervisory Board shall establish its own rules of procedure.

(2) The Supervisory Board may form committees and, to the extent permitted by law, also delegate decision-making powers to them.

Article 14 Convening of the Supervisory Board

(1) The Supervisory Board must hold at least two meetings in each half of the calendar year.

(2) It must be convened immediately if this is necessary for business reasons or if a member of the Supervisory Board or the Management Board requests a meeting, stating the purpose and reasons. In such cases, the meeting of the Supervisory Board must take place within two weeks of being convened.

(3) The Chairman of the Supervisory Board is responsible for convening a meeting and determining the agenda and the form of the meeting. The proposed resolutions must be included with the invitation.

(4) Meetings shall be convened in writing, by fax or by e-mail, stating the agenda and the form of the meeting and giving two weeks’ notice. In urgent cases, the Chairman may shorten the period of notice and convene a meeting by word of mouth or telephone.

Article 15 Resolutions of the Supervisory Board

(1) The Supervisory Board shall have a quorum if all members are invited and at least half of the members participate in the resolution process. Members also participate in the resolution process if they abstain from voting.

(2) Unless the rules of procedure of the Supervisory Board contain special provisions, the form of voting shall be determined by the Chairman of the Supervisory Board.

(3) Resolutions are passed by a simple majority of the votes cast, unless otherwise required by law or the Articles of Association. This also applies to elections.

(4) If there is a tie vote, a fresh debate is only initiated if the majority of the Supervisory Board so decides. Otherwise, a new vote must be held immediately. In this new vote on the same matter, the Chairman of the Supervisory Board shall have two votes if the result is still a tie vote.

(5) An absent member of the Supervisory Board may have their written vote submitted by another member of the Supervisory Board. This also applies to the casting of votes in the event of a renewed vote on the same matter. The written vote shall only be effective if the content of the resolution adopted does not deviate from the announced resolution content.

(6) Resolutions on matters whose treatment has not been announced at least one week prior to the meeting, as well as voting outside meetings, are only permissible if no Supervisory Board member objects immediately.

(7) A Supervisory Board member may not participate in voting on an item on the agenda if the resolution relates to the execution of a legal transaction with said member or the initiation of a legal dispute between said member and the Company.

Article 16 Minutes of the Supervisory Board

Minutes shall be taken of meetings of the Supervisory Board and of votes taken outside meetings and shall be signed by the Chairman of the Supervisory Board.

Article 17 Remuneration of the Supervisory Board

(1) Each member of the Supervisory Board shall receive a remuneration of 12,000.00 euros for their activities, payable on completion of the fiscal year. The Chairman of the Supervisory Board shall receive twice the amount for an ordinary member of the Supervisory Board, i.e. 24,000.00 euros; the Deputy Chairman shall receive 1.33 times the amount for an ordinary member of the Supervisory Board, i.e. 16,000.00 euros.

(2) Members of the Supervisory Board who have belonged to the Supervisory Board for only part of a fiscal year shall receive the remuneration pursuant to paragraph 1 pro rata corresponding to the ratio of their period of membership to the full fiscal year.

(3) The members of the Supervisory Board shall also be reimbursed for expenses incurred in the performance of their duties. Any value-added tax payable on their remuneration shall be reimbursed to the members of the Supervisory Board by the Company.

(4) The members of the Supervisory Board may receive additional remuneration further to the remuneration specified in paragraph 1, provided that this is resolved by the Annual General Meeting with the required majority.

V. Annual General Meeting

Article 18 Convening of the Annual General Meeting

(1) The Annual General Meeting shall be held at the registered office of the Company or in a German city with more than 200,000 inhabitants. The Annual General Meeting shall be convened by the Executive Board or, in the cases prescribed by law, by the Supervisory Board. The period of notice for convening the meeting shall be governed by the statutory regulations.

(2) The Annual General Meeting shall be held within the first eight months of each fiscal year. Extraordinary General Meetings may be convened as often as appears necessary in the interest of the Company.

Article 19 Participation in and Proceedings of the Annual General Meeting

(1) Only those shareholders who register for the Annual General Meeting and furnish proof of their entitlement are entitled to participate in the Annual General Meeting and exercise their voting rights. The registration and proof of entitlement must be received by the Company at the address specified in the invitation at least six days before the Annual General Meeting, not including the day of receipt.

(2) Registration according to paragraph 1 must be made in text form. Proof of entitlement according to paragraph 1 requires proof of share ownership. Evidence in text form provided by the final intermediary pursuant to Section 67c (3) AktG shall be sufficient in any case. The proof of share ownership must relate to the beginning of the 21st day prior to the Annual General Meeting.

(3) The chairman of the meeting is authorised to permit the full or partial video and audio transmission of the Annual General Meeting in a manner to be specified by him. The transmission may also be made in a form to which the public has unrestricted access.

Article 20 Voting Rights at the Annual General Meeting

(1) Each share entitles the holder to one vote at the Annual General Meeting.

(2) Voting rights may be exercised by a proxy. Outside the scope of Section 135 AktG, granting or revoking a power of attorney and providing proof of authorisation to the Company shall be done in text form (Section 126b BGB). In the invitation to the Annual General Meeting, the Company shall offer an electronic means of transmitting the proof of authorisation. If the shareholder appoints more than one person as a proxy, the Company may reject one or more of these persons.

Article 21 Chairing of the Annual General Meeting

(1) The Annual General Meeting shall be chaired by the Chairman of the Supervisory Board or, if he is unavailable, by the Deputy Chairman or, if he too is unavailable, by a Supervisory Board member to be designated by the Supervisory Board. If no member of the Supervisory Board takes the chair, the chairman of the meeting shall be elected by the Annual General Meeting.

(2) The chairman shall conduct the proceedings and determine the order in which the agenda is dealt with, the method and order of voting and the order of verbal contributions. The chairman may impose reasonable time limits on the shareholders’ right to speak and ask questions.

Article 22 Resolutions of the Annual General Meeting

The resolutions of the Annual General Meeting require a simple majority of the votes cast, insofar as the Articles of Association or statutory legal provisions do not specify anything to the contrary.

VI. Annual Financial Statements, Management Report, Appropriation of the Balance Sheet Profit

Article 23 Annual Financial Statements and Management Report, Discharge of the Management Board and the Supervisory Board

(1) Within the first three months of each fiscal year, the Management Board shall prepare the management report and the annual financial statements for the past fiscal year and submit them to the auditor.

(2) After the audit report has been received, the annual financial statements and the management report, together with the audit report and the proposal for the resolution of the Annual General Meeting on appropriation of the balance sheet profit, shall be presented to the Supervisory Board.

(3) The Supervisory Board shall submit its comments on these documents within one month of receipt.

(4) The annual financial statements, the management report, the report of the Supervisory Board and the proposal of the Management Board on appropriation of the balance sheet profit shall be made available to every shareholder in accordance with the statutory provisions from the time the Annual General Meeting is convened.

(5) Within the first eight months of each fiscal year, the Annual General Meeting shall resolve, after receiving the report to be submitted by the Supervisory Board pursuant to Section 171 (2) AktG, on the discharge of the Management Board and the Supervisory Board from their liability, on the appropriation of the balance sheet profit, on the election of the auditor and, in the cases prescribed by law, on the adoption of the annual financial statements.

(6) If the Company is obliged to prepare consolidated financial statements and a Group management report, paragraphs 1-5 shall apply accordingly to the consolidated financial statements and the Group management report.

VII. Other Conditions

Article 24 Partial Invalidity

The invalidity of any provision of the Articles of Association shall not affect the validity of the other provisions of the Articles of Association.

Article 25 Costs

The Company shall bear the formation expenses in the amount of DM 20,000.00.

Annual Auditors

On 8 July 2020, the Annual General Meeting of secunet Security Networks AG appointed PriceWaterhouseCoopers GmbH, headquarters Frankfurt am Main, branche office Essen, to serve as the Auditor of secunet Security Networks AG and as the Consilidated Annual Auditor of the secunet Group for the Financial Year 2020, as well as the Auditor for a review of the Condensed Financial Statements and the Interim Management Report of secunet Security Networks AG and the secunet Group as at 30 June 2020.