For secunet effective corporate governance is one of the main prerequisites for achieving corporate objectives and increasing corporate value.
Corporate governance spans a company’s entire system for management and monitoring including its organisation, business policy principles and guidelines as well as internal and external control and monitoring mechanisms. Outstanding and transparent corporate governance ensures responsible management and control of a company in alignment with the creation of value. It promotes trust in secunet on the part of investors, financial markets, business partners and staff as well as the general public.
An effective and transparent organisation, as well as responsible and reliable Corporate Governance are of great importance to secunet Security Networks AG. The Company’s Management Board and Supervisory Board firmly believe that good Corporate Governance is key to the continued success of the Company on the market.
The term Corporate Governance describes the regulatory framework for the management and supervision of companies. In a general sense, this framework must be designed in such a way that the Management Board and Supervisory Board work to ensure that the company continues to exist and creates value sustainably. Recommendations and proposals for how this requirement can be implemented in the management and supervision of companies are summarised in the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK). The Code serves the purpose of increasing trust in companies listed on the German stock exchange.
The Management Board and Supervisory Board of secunet Security Networks AG therefore regularly check the implementation of the German Corporate Governance Code at secunet Security Networks AG. In the 2018 financial year, the Management Board and Supervisory Board of secunet Security Networks AG once again carefully deliberated on the recommendations and proposals of the German Corporate Governance Code, in the version as amended on 7 February 2017. The Declaration of Conformity set out below regarding the German Corporate Governance Code was agreed on the basis of these deliberations. This declaration is permanently available on our website and constantly updated to reflect any amendments.
In accordance with Item 3.10 of the German Corporate Governance Code and Article 289a of the German Commercial Code (Handelsgesetzbuch, HGB), the Management Board and Supervisory Board give the following report:
Management and supervisory structure
secunet Security Networks AG is subject to German stock corporation law. As a German public limited company, it has a dual management and supervisory structure consisting of a Management Board and a Supervisory Board. The Management Board consisted of three members in the 2018 financial year. The Supervisory Board is made up of six members. The Management Board and Supervisory Board work together closely and on the basis of mutual trust in their management and supervision of the Company.
The Supervisory Board performs the tasks assigned to it by law and by the Company’s Articles of Association. It supervises and advises the Management Board with regard to the management of the Company. At regular intervals, the Supervisory Board discusses business performance and planning, as well as the strategy and its implementation. It discusses the 6-month financial reports and quarterly updates with the Management Board before their publication, and approves the Annual Financial Statements of secunet Security Networks AG and the Group, taking into consideration the audit reports prepared by the auditors and its own examination. The Supervisory Board monitors the accounting process, the effectiveness of the internal control system, risk management and internal audit, as well as the auditing of the financial statements. Its tasks and responsibilities also include appointing members to the Management Board. Management Board decisions of fundamental importance, such as major acquisitions, disposals and financial measures, require the consent of the Supervisory Board. An extraordinary meeting of the Supervisory Board is convened as and when necessary should significant events arise. The Supervisory Board has drawn up rules of procedure for its work. Its Chairman coordinates the work carried out within the Supervisory Board, chairs its meetings and represents its interests externally.
In accordance with the Articles of Association, the Supervisory Board of secunet Security Networks AG comprises six members. The current terms of the members of the Supervisory Board end with the 2019 Annual General Meeting. Previously, the Supervisory Board consisted solely of shareholder representatives. Since secunet Security Networks AG normally employed more than 500 but not more than 2,000 employees for the first time in the 2018 financial year and is therefore subject to the One-Third Participation Act pertaining to employees on the Supervisory Board (Drittelbeteiligungsgesetz – DrittelbG), one third of the Supervisory Board must now consist of employee representatives. The Management Board of the Company therefore instigated the change in the composition of the Supervisory Board by initiating status proceedings in October 2018 and the procedure for election of employee representatives to the Supervisory Board in December. The latter procedure was concluded on 13 March 2019 with the election of two employee representatives. At the 2019 Annual General Meeting, four shareholder representatives will be elected to the Supervisory Board.
The knowledge, skills and professional experience required to fulfil the remit are taken into account when drawing up the nominations for election to the Supervisory Board. In addition, the Supervisory Board has defined specific targets for its composition in accordance with Item 5.4.1 of the German Corporate Governance Code, and has drawn up a skills profile for the entire Board. The purpose of the skills profile is to ensure that the members of the Supervisory Board possess all the knowledge and experience considered essential in light of the activities of secunet Group.
Taking into account the Company’s specific situation, at the next election of its members, the Supervisory Board will strive to achieve diversity among candidates with the requisite professional and personal qualifications. Among suitable candidates, the Supervisory Board will look for international experience, independence and an appropriate proportion of female members. In accordance with the recommendation in Item 5.4.1 of the German Corporate Governance Code, at least one seat on the full Supervisory Board is reserved for a female member in the Supervisory Board elections to be held in 2019 in connection with the reconstitution of the Supervisory Board as a result of the One-Third Participation Act coming into effect.
One or more Supervisory Board members should also have many years of special experience abroad, acquired as a result of working abroad or due to a foreign country of origin. In addition, the Supervisory Board should include what it considers an appropriate number of independent members within the meaning of Item 5.4.2 of the German Corporate Governance Code. On the basis of a Supervisory Board resolution dated 16 November 2017, the Supervisory Board had specified the target of having at least two independent members within the meaning of Item 5.4.2 of the German Corporate Governance Code. In any event, in the opinion of the Supervisory Board, two members of the Supervisory Board at present are independent as defined by Item 5.4.2 of the German Corporate Governance Code. They are Dr Elmar Legge and Wolf-Rüdiger Moritz. At least one member of the Supervisory Board possesses many years of international experience.
At its meeting on 28 November 2018, the Supervisory Board again dealt with the specific targets for its composition and decided to adjust its previous objectives to the extent that there should now be at least one independent Supervisory Board member within the meaning of Item 5.4.2 of the German Corporate Governance Code.
The Supervisory Board will take the above-mentioned objectives into account in its suggestions for appointments, which it will submit to the 2019 Annual General Meeting for the Supervisory Board elections, and will also strive to fulfil the skills profile for the entire Board.
Furthermore, the current composition of the Supervisory Board complies with the specifications of the skills profile. The members of the Supervisory Board possess the professional and personal qualifications deemed necessary. They are all familiar with the sector in which the company is active and have the essential knowledge, skills and experience for the Company.
The Supervisory Board does not have any committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the formation of committees.
The Management Board, as the body responsible for managing the Company, conducts the Company’s business under its own responsibility and in the Company’s interests. Its aim is to increase the enterprise value on a sustainable basis. In particular, it determines the principles of the Company’s policy and is also responsible for developing the Company’s strategy, for planning and setting the Company’s budget, for allocating resources, and for controlling and managing the Company’s corporate and business divisions. Specific measures described in the Management Board’s rules of procedure require the approval of the Supervisory Board. The Management Board is responsible for preparing the Company’s quarterly updates, the Annual Financial Statements of secunet Security Networks AG, and the Consolidated Financial Statements.
The Management Board works closely with the Supervisory Board. It informs the Supervisory Board regularly, comprehensively and without delay – by means of written and verbal reports – of all issues important to the Company as a whole with regard to strategy and strategy implementation, planning, business performance, the financial and earnings situation, and entrepreneurial risks. The Supervisory Board is involved without delay in all decisions fundamental to the Company.
Targets for the appoinment of women
In addition, the Supervisory Board has also implemented the requirements of the legislation that came into force on 1 May 2015, regarding the equal participation of women and men in management positions. For the implementation period up to 30 June 2017, a target of zero percent was set for the proportion of women on the Management Board and the Supervisory Board, and at the management level directly below the Management Board. A target of nine percent was applied for the second level of management below the Management Board. Further details on this topic can be found in the Corporate Governance Report for the 2015 financial year. The determined targets were met.
In its meeting on 4 May 2017, the Supervisory Board established a target of 17 percent for the Supervisory Board, relating to the implementation period from 1 July 2017 to 30 June 2022, with the goal of electing at least one woman to the Supervisory Board in the next regular Supervisory Board elections at the 2019 Annual General Meeting. This target applies to the reconstitution of the full Supervisory Board, which will take place through the elections to the Supervisory Board at the 2019 Annual General Meeting and in connection with the One-Third Participation Act taking effect.
In the same meeting on 4 May 2017, the Supervisory Board also maintained the previously determined target of zero percent for the Management Board relating to the implementation period up to 31 May 2019, because no expansion of the Management Board was intended at the time of the decision. Against the background of the expansion of the Management Board as of 1 January 2018 through the appointment of Mr Axel Deininger and the planned appointment of two further new Management Board members in the 2019 financial year announced in secunet Security Networks AG’s press release of 19 December 2018, the Supervisory Board again addressed the targets for composition of the Management Board at its meeting on 27 March 2019, in particular the targets for the participation of women, and decided to retain the target of zero percent with regard to the proportion of women on the Management Board for the implementation period up to 31 May 2019 and beyond that up to 31 May 2020. This is essentially due to the fact that the search for suitable female candidates remains challenging in the current market environment and in secunet Security Networks AG’s areas of business, and therefore a higher target cannot at present be regarded as realistic from the point of view of the Supervisory Board.
With regard to the two management levels below the Management Board, the Management Board set the following targets for the period from 1 July 2017 to 30 June 2022: zero percent for the first level and eleven percent for the second level. In view of the small size of the Company, the limited number of management positions and the associated low level of fluctuation, the Management Board is of the opinion that more ambitious targets would not currently be realistic. However, the Management Board reiterates its intention to move towards a higher proportion of management positions being held by women to the greatest extent possible.
In the 2018 financial year, the proportion of women at the second management level below the Management Board increased to 10.5 percent, thereby exceeding the target.
Responsible risk management
Good Corporate Governance also means that the Company must take a responsible approach to risk. Systematic risk management as part of our value-oriented Group management ensures that risks are identified and evaluated at an early stage, and that risk positions are optimised. The Management Board reports regularly to the Supervisory Board on the current development of key risks. Details of risk management at secunet Security Networks AG can be found in the Management Report. It also contains the report on the key characteristics of the internal control and risk management system relating to accounting.
Transparent Corporate Governance
Transparency in Corporate Governance is very important to the Management Board and Supervisory Board of secunet Security Networks AG. Shareholders, all participants in the capital market, financial analysts, shareholder associations and the media are provided with comprehensive, regular and up-to-date information regarding the Company’s position and key changes to the Company’s business.
secunet Security Networks AG reports to its shareholders four times a year on business performance and on the financial and earnings situation, and makes all reports and information permanently available to shareholders on the Company’s website at www.secunet.com. The dates for regular financial reporting are listed in the financial calendar. If any circumstances arise at secunet Security Networks AG that might significantly influence the stock market price of secunet Security Networks AG, this will be disclosed via ad hoc notifications. The financial calendar and ad-hoc announcements are available to view on the website of secunet Security Networks AG under >> The Company >> Investor Relations >> Financial Reports and News.
Shareholders and Annual General Meeting
The shareholders of secunet Security Networks AG may exercise their rights, including voting rights, at the Annual General Meeting. Shareholders can exercise their voting rights at the Annual General Meeting themselves or choose an agent or Company proxy bound by their instructions to exercise the voting rights. The Annual General Meeting takes place in the first eight months of the financial year. The Chairman of the Supervisory Board normally chairs the Annual General Meeting. Ahead of the Annual General Meeting, shareholders receive comprehensive information about the past financial year and about the individual items on the agenda of the upcoming meeting by way of the Annual Report and invitation to the meeting. All relevant documents and information on the Annual General Meeting, together with the Annual Report, are also available on our website.
In accordance with the provisions of law, the auditors are appointed by the Annual General Meeting. At the Annual General Meeting on 9 May 2018, the Düsseldorf branch of the auditing firm KPMG AG Wirtschaftsprüfungsgesellschaft was appointed as auditors for secunet Security Networks AG and Group auditors for secunet Group for the 2018 financial year, and was therefore selected to perform an audit review of the Condensed Financial Statements and the Interim Management Report of secunet Security Networks AG and secunet Group as at 30 June 2018.
Shareholders are notified of important dates by means of a financial calendar published in the Annual Report, in the quarterly updates and on the Company’s website.
Further detailed information about secunet Security Networks AG is available on our website at www.secunet.com.
Corporate Governance Guidelines
The Articles of Association of secunet Security Networks AG form the basis of our Company. The Company’s Articles of Association, the current Declaration of Conformity, the Declarations of Conformity for previous years and further Corporate Governance documents can be found online at www.secunet.com under >> The Company >> Investor Relations >> Corporate Governance.
The Management Board has introduced a Code of Conduct for the Company and its employees, summarising the business principles of secunet Security Networks AG. These principles are a crucial part of how secunet Security Networks AG sees itself, and of the expectations that it strives to meet. The Code of Conduct sets down standards of conduct for dealing with all the economic, legal and moral challenges that we face in our day-to-day business activities, and is intended to serve as a benchmark and guide when working with customers, suppliers and other business partners, as well as for our conduct towards our competitors. It also governs our conduct in financial matters and trading in secunet shares, their derivatives and other financial instruments. The Company has set up a compliance unit to handle questions arising in connection with the Code of Conduct.
In accordance with the provisions of Item 4.1.3, sentence 3 of the German Corporate Governance Code, the Company has provided its employees with an opportunity to report, under protection, legal violations within the Company by means of an electronic whistleblower system. This option is also available to third parties.
Management Board and Supervisory Board remuneration
secunet Security Networks AG complies with statutory regulations and the recommendations of the German Corporate Governance Code and discloses the remuneration of each individual member of the Management Board. In this Annual Report (more specifically, in the remuneration report, which forms part of the Management Report), we detail the remuneration of the members of the Management Board and Supervisory Board.
Information on stock option programmes and similar securities-based incentive systems
No stock option programmes or similar securities-based incentive systems exist for members of corporate bodies or employees of the Company.
Notification of transactions under Article 19 of the European Market Abuse Regulation (Directors’ Dealings)
Article 19 of the European Market Abuse Directive (EU) No. 596 / 2014 requires members of corporate bodies (Supervisory Board / Management Board) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such transactions reaches 5,000 euros within a single calendar year. Directors’ Dealings disclosures are also published on our website under Investor Relations. No Directors’ Dealings were reported in the 2018 financial year.
Accounting and auditing of the financial statements
secunet Security Networks AG prepares its Consolidated Financial Statements and Consolidated Interim Financial Statements in accordance with the International Financial Reporting Standards (IFRS). The Annual Financial Statements of secunet Security Networks AG are prepared in accordance with German commercial law (HGB). The Annual and Consolidated Financial Statements are compiled by the Management Board and audited by the auditors and the Supervisory Board. Quarterly updates and the 6-month report are discussed by the Management Board and Supervisory Board prior to their publication.
secunet Security Networks AG’s Consolidated and Annual Financial Statements have been audited by KPMG AG Wirtschaftsprüfungsgesellschaft, Düsseldorf branch, the auditors appointed by the 2018 Annual General Meeting. The audits were performed in accordance with Article 317 HGB and with due consideration for the generally accepted standards for the audit of financial statements in Germany promulgated by the Institute of Public Auditors in Germany (IDW). The undersigned auditors for the Annual Financial Statements and Consolidated Financial Statements of secunet Security Networks AG are Mr Martin C Bornhofen and Dr Dominic Sommerhoff.
It was also contractually agreed with the auditors that they inform the Supervisory Board without delay of any potential grounds for exclusion or bias and of any findings or occurrences of significance to the Supervisory Board’s remit that came to light during the auditing of the financial statements.
The Condensed Consolidated Interim Financial Statements and the Interim Group Management Report as at 30 June 2018 were subjected to an audit review by KPMG AG Wirtschaftsprüfungsgesellschaft.
Declaration of Conformity under Article 161 of the German Stock Corporation Act
The management and supervisory boards of companies listed on the German stock exchange are legally obliged, in accordance with Article 161 of the German Stock Corporation Act (Aktiengesetz, AktG), to annually declare whether the official recommendations of the Government Commission on the German Corporate Governance Code applicable at the time of making the declaration have been fulfilled and will be fulfilled. The Company is furthermore required to disclose which recommendations of the Code have not been applied or will not be applied and to explain the reasons for this. This Declaration of Conformity is printed in full below, with explanations. The Declaration of Conformity can also be found on secunet Security Networks AG’s website under >> The Company >> Investor Relations >> Corporate Governance. The Declarations of Conformity issued in the last five years are permanently available on the website.
The Company complies with, and will continue to comply with, the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version in force on 7 February 2017 and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the following exceptions:
3.8 Para. 3 A similar deductible shall be agreed upon in any D & O policy for the Supervisory Board.
Explanation: The secunet Supervisory Board conducts its business with the utmost sense of responsibility. A deductible would not give rise to any additional improvement or incentive.
5.1.2 Para. 2 sentence 3 An age limit for members of the Management Board shall be specified.
Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.
5.3.1 Depending on the specifics of the enterprise and the number of its members, the Supervisory Board shall form committees with sufficient expertise.
Explanation: The Supervisory Board of secunet Security Networks AG has no committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. Given a board of this size, efficient operation of the Supervisory Board can be guaranteed without the formation of committees.
5.3.2 The Supervisory Board shall set up an Audit Committee.
Explanation: The Supervisory Board consists of six members. Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statements.
5.3.3 The Supervisory Board shall form a Nomination Committee.
Explanation: The Supervisory Board of secunet Security Networks AG consists of only six members. All members are elected by the shareholders. An additional Nomination Committee has therefore not been set up.
5.4.1 Para 2 sentence 1 The Supervisory Board shall determine concrete objectives regarding its composition, and shall prepare a profile of skills and expertise for the entire Board. Within the company- specific situation the composition of the Supervisory Board shall reflect appropriately the international activities of the company, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members’ term of office, both to be specified, as well as diversity.
Explanation: The Supervisory Board of secunet Security Networks AG has not determined a regular limit for the length of membership in the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the Board, especially since the Board’s work may benefit from the experience of long-standing members.
5.4.6 Para. 1 sentence 2 The status as Chair or membership of a committee shall also be taken into consideration when specifying the remuneration of Supervisory Board members.
Explanation: Since the Supervisory Board has no committees, there is currently no question of a special chairmanship and committee membership remuneration.
secunet Security Networks AG
Essen, 27 March 2018
- The Executive Board - - The Supervisory Board -
The Management Board and Supervisory Board of secunet Security Networks AG hereby issue the following Declaration of Conformity regarding the recommendations of the Government Commission on the German Corporate Governance Code according to Article 161 of the German Stock Corporation Act (Aktiengesetz, AktG).
secunet Security Networks AG complies with the recommendations of the Government Commission on the German Corporate Governance Code, as amended in the version of 7 February 2017 and published by the German Ministry of Justice in the official part of the Federal Gazette on 24 April 2017, with the exceptions stated below. Furthermore, secunet Security Networks AG has complied with the recommendations subject to the exceptions below since it issued its last Declaration of Conformity in November 2017 and will continue to comply with the recommendations subject to these exceptions in future:
3.8 Para. 3 An excess should be agreed in D&O insurance for the Supervisory Board.
Explanation: The secunet Supervisory Board conducts its business with the utmost sense of responsibility. An excess would not give rise to any additional improvement or incentive.
5.1.2 Para. 2 Clause 3 An age limit should be set for Management Board members.
Explanation: secunet Security Networks AG does not stipulate an age limit for Management Board members, as the age of the particular Management Board member is not a blanket criterion for suitability to hold a position on the Management Board. An age limit would therefore generally limit the selection of suitable candidates to an unreasonable degree.
5.3.1 Depending on the specifics of the company and the number of its members, the Supervisory Board shall form professionally qualified committees.
Explanation: The Supervisory Board doesn’t have any committees. In the opinion of the Supervisory Board, this is not in fact necessary, as the Supervisory Board comprises only six members. In a panel of this size, efficient operation of the Supervisory Board is also guaranteed without the formation of committees.
5.3.2 The Supervisory Board should set up an Audit Committee.
Explanation: The Supervisory Board consists of six members. Due to the number of Supervisory Board members and the composition of the Supervisory Board, setting up a separate Audit Committee would not increase the efficiency of the work performed by the Supervisory Board in relation to accounting, risk management, compliance and the auditing of the financial statement.
5.3.3 The Supervisory Board should form a Nomination Committee.
Explanation: The Supervisory Board of secunet Security Networks AG consists of only six members. All members are elected by the shareholders. An additional Nomination Committee has therefore not been set up.
5.4.1 Para. 2 Clause 1 The Supervisory Board shall determine concrete objectives regarding its composition, and shall prepare a profile of skills and expertise for the entire Board. Within the company-specific situation the composition of the Supervisory Board shall reflect appropriately the international activities of the company, potential conflicts of interest, the number of independent Supervisory Board members within the meaning of number 5.4.2, an age limit and a regular limit to Supervisory Board members’ term of office, both to be specified, as well as diversity.
Explanation: The Supervisory Board of secunet Security Networks AG has not determined a regular limit for the length of membership in the Supervisory Board. In the view of the Supervisory Board such a restriction is not necessary with regard to efficient operation of the panel, especially since the panel's work can benefit from the experience of long-standing members.
5.4.6 Para. 1 Clause 2 When setting the remuneration of Supervisory Board members, committee chairmanship and committee memberships are to be taken into account.
Explanation: The Supervisory Board doesn't have any committees; there is therefore currently no question of a special committee chairmanship and committee membership remuneration.
secunet Security Networks AG
Essen, 28 November 2018
- The Management Board - - The Supervisory Board -
- Declaration of conformity under section 161 AktG, November 2018
- Declaration of conformity under section 161 AktG, November 2017
- Declaration of conformity under section 161 AktG, November 2016
- Declaration of conformity under section 161 AktG, November 2015
- Declaration of conformity under section 161 AktG, November 2014
- Update to Declaration of conformity under section 161 AktG, 2013/2014
- Declaration of conformity under section 161 AktG, November 2013
- Declaration of conformity under section 161 AktG, December 2012
German corporate governance code:
The remuneration report summarises the principles used to determine the remuneration of the Management Board of secunet AG and sets out the amount and structure of the income received by its members. It sets out the principles behind, and amount of, the remuneration received by the Supervisory Board, and also provides information on the shareholdings of Management Board and Supervisory Board members.
Remuneration of the Management Board
The Supervisory Board of secunet AG is responsible for determining the remuneration of the Management Board.
In the 2018 financial year, the remuneration package for the members of the Management Board who were active in the 2018 financial year was made up of five components: a fixed annual salary, a variable bonus, a special bonus, ancillary non-cash benefits and a contribution to the retirement pension.
The Management Board remuneration package is broken down as follows:
- The fixed component is paid monthly in the form of a salary.
- The variable component is based on the Company’s results. It consists of a short-term component and a long-term component. The short-term component is measured on the basis of sales revenue and EBIT for the current financial year (2018 in this case), while the long-term component is measured based on the average EBIT of the past three financial years (2016 – 2018 in this case).
- At its discretion, the Supervisory Board has awarded each of the members of the Management Board a special bonus for its exceptional contributions in the 2018 financial year. This amounts to 100 thousand euros for the Chairman of the Management Board Dr Baumgart and to 50 thousand euros for the Management Board members Mr Deininger and Mr Pleines.
- Non-cash and other benefits essentially comprise the taxable values of company car usage.
- The retirement pension contributions paid to members of the Management Board are set out in their individual contracts of employment. These pension commitments provide for a life annuity with provision for dependants.
Management Board contracts do not expressly provide for any severance payment in the event that the employment relationship is prematurely terminated. In addition, Management Board contracts do not include any specific regulations to govern the event that a “change of control” occurs – that is when one or several shareholders acting jointly obtain the majority voting rights of secunet AG and exert a dominating influence, causing secunet AG to become a dependent company by means of the conclusion of an intercompany agreement within the meaning of Article 291 of the German Stock Corporation Act (Aktiengesetz, AktG), or in the event of the merger of secunet AG with other companies.
The Management Board members do not receive any additional remuneration for the performance of their duties in the subsidiaries.
Following the recommendations of the German Corporate Governance Code (Deutscher Corporate Governance Kodex, DCGK), the remuneration of the secunet AG Management Board is constituted as follows:
Total remuneration of the members of the Management Board in the 2018 financial year was 1,420 thousand euros (previous year: 1,159 thousand euros).
The pension entitlements of the Management Board members were as follows as at 31 December 2018:
As at 31 December 2017, the pension entitlements of the Management Board members were as follows:
Owing to the right, in accordance with Article 67, Para. 1 and 2 of the Introductory Act to the German Commercial Code (Einführungsgesetz zum Handelsgesetzbuch, EGHGB), to choose to annually add 1 / 15 to the difference resulting from the change in valuation under the German Accounting Law Modernisation Act (Bilanzrechtsmodernisierungsgesetz, BilMoG), there is a shortfall between the amount of the HGB obligation and the provision set aside, amounting to a total of 72 thousand euros.
As on the same reporting date in the previous year, no Management Board members held any secunet shares as at 31 December 2018.
The members of the Management Board of the Company were not granted any loans during the reporting period.
Furthermore, in the past financial year no member of the Management Board was promised or granted any benefits by a third party in respect of his activity as a member of the Management Board.
Remuneration of the Supervisory Board
The remuneration of the Supervisory Board is laid down in Article 17 of the Articles of Association of secunet AG. It is based on the tasks and responsibilities of the members of the Supervisory Board.
The remuneration of the Supervisory Board is regulated as follows: the members of the Supervisory Board receive a fixed payment amounting to 8 thousand euros. The Chairman of the Supervisory Board receives a payment of 16 thousand euros, and the Vice Chairman of the Supervisory Board receives 12 thousand euros. If changes are made within the Supervisory Board during the year, remuneration is granted on a pro-rata basis. Travel expenses associated with Supervisory Board activities are reimbursed separately according to travel expense reports.
For the 2018 financial year, Supervisory Board remuneration totalled 60.0 thousand euros (previous year: 60.0 thousand euros).
For the individual members of the Supervisory Board, the entitlements can be presented as follows:
The members of the Supervisory Board do not receive any loans from the Company.
As on the same reporting date in the previous year, no Supervisory Board members held any secunet shares as at 31 December 2018.
In the year under review, members of the Supervisory Board did not receive any other remuneration or benefits for services provided personally, in particular consulting and agency services.
As at 26 March 2019
1. Risk report
1.1 Risk management objectives and methods
Risk management within secunet Group is conducted by a risk committee. This is composed of the Management Board, the COO (Chief Operating Officer) and the CTO (Chief Technical Officer), the head of the corporate strategy department, the commercial manager and the head of service and process management. It meets regularly, once every quarter. Any developments that could jeopardise the fulfilment of objectives, or which may even threaten the survival of the Company, are subjected to intense analysis, scrutiny and assessment by the risk committee. The aim of doing this is to ensure that information about risks, and the associated financial implications, is detected as early as possible in order to implement suitable measures. The existing opportunities and associated potential for results can also be detected and leveraged within the planning and controlling process.
As part of the preparation for meetings of the risk committee, a comprehensive risk inventory takes place in each area of the Company. Following a bottom-up approach, the risks are identified and aggregated, then assessed according to their damage extent and probability of occurrence.
The Company-specific risks surveyed in this manner are then discussed at the risk committee meetings, implementing a top-down approach. The effects of risks and opportunities are not offset against each other. A net presentation is shown when evaluating the effects of risks, i. e. the effects of any risk minimisation measures already taken are considered as part of the evaluation. Depending on the probability-weighted damage value of the risks (risk value), the further treatment of the risks is then determined. This ranges from pure documentation where the value is not critical (the probability-weighted damage value in the 2018 financial year was up to 0.5 million euros in EBIT losses) and further observation (monitoring – for a risk value of up to 1.2 million euros in the 2018 financial year) to the need to take immediate action (warning limit – at a probability-weighted damage value of over 1.2 million euros in the 2018 financial year). The value limits defined above are re-determined annually based on the planned annual result. Insofar as the identified risks are quantifiable, the corresponding risk values (relating to the reporting date) are adopted in the reporting system.
Proposals for countermeasures are then drawn up, if required. The Management Board examines these measures and implements them promptly. During the course of the 2018 financial year, several instances of risk were identified and necessitated measures. For the main part, these related to the areas of distribution and production. Operative damage management implemented in each of these cases was able to contribute to reducing the relevant risk value to significantly below the warning threshold in all cases. The early risk detection and risk management system of secunet AG is being continuously developed and improved.
1.2 Individual risks
The risks for secunet Group, and therefore also for secunet AG as the Group parent company, are divided into the following main categories according to their effects on value creation levels.
- Risks to the company infrastructure: these are risks arising from the framework conditions of the Company’s development, such as strategy and organisation, as well as supporting functions, e. g. finance and controlling, legal and HR.
- Product management risks: these are risks from the divisions responsible for planning and coordinating the market-readiness of products and solutions from secunet Group.
- Distribution risks: these are risks in all areas connected with distribution./li>
- Risks in production: these are risks which arise in connection with the provision of products and solutions, as part of consultancy and development projects and in the supply of hardware, for example.
As in previous years, risks in the 2018 financial year were primarily focused on the areas of distribution (acquisition of orders) and production (project processing).
1.2.1 Competitive environment (distribution risk)
secunet Group generates a large part of its sales revenues with the SINA product family. These products bring competitive advantages to secunet in several ways: firstly by representing an area of technological leadership, and also because of the wide range of approvals and certifications awarded to individual products. Risks that endanger this competitive advantage are regularly assessed, but not currently apparent.
The risk committee keeps itself up-to-date on any risks that could endanger secunet’s technological edge in the market. To this end, the status of technological development of secunet’s products is reviewed and the opinion of expert employees sought on whether, and to what extent, the Company’s technological advantage is threatened by competitors’ product developments. If necessary, risk reduction measures are triggered. These may take the form of accelerated development cycles, for example, or the inclusion of new application scenarios for secunet solutions.
The competitive national environment also means there is a risk that rival businesses will attempt to challenge secunet’s privileged market position in terms of business with German government agencies. If this were to happen, secunet would be exposed to much greater competitive pressure in this target customer segment. This risk is also regularly assessed and evaluated by the risk committee and the Management Board.
In the recent past in particular, the competitive environment that secunet operates in has been consolidated through increased concentration. New competitors have also emerged. A market that was once split into many providers, including smaller providers, has developed a structure with larger market participants. These trends are closely monitored and their potential consequences evaluated as part of ongoing risk management and secunet’s strategic management.
As a result of increasing attention on the topic of IT security, an increasing demand for products and solutions in the field of IT security is expected. The market for IT security is thus also becoming more attractive for suppliers who have not previously been active in it. These potential new suppliers are increasing competitive intensity and could endanger secunet’s market position – particularly in the private business sector. This sector primarily includes certified consultants, IT companies and the consulting departments of auditing companies. The assessment that the risk of increased competitive intensity is in balance with the opportunity for market growth due to increasing awareness in the public realm is still valid.
Overall, the stated risks arising from the competitive environment at the time of creating this report are deemed to be manageable and therefore not critical.
1.2.2 Customer structure (distribution risk)
Customer structure risk exists to the extent that secunet conducts the majority of its business with public sector authorities and organisations. The loss of segments of demand from this customer group can have very negative effects on sales revenue and results. This risk has been discussed in depth by the risk committee. Investments in IT, and notably in IT security, are seen as particularly important for the smooth delivery of projects for the public sector, particularly in a world where information technologies play an increasingly important role. The risk of a downturn in demand from public sector customers is therefore constantly monitored, although it is currently considered to be relatively low. Another high-risk area with regard to the foreseeability of sales revenues relates to the often long-term decision-making processes for major projects. Measures for risk limitation in this case include the use of key account managers in distribution as well as continuous dialogue with major customers.
The fact that a significant proportion of procurements from public customers take place on the basis of framework agreements can present itself as a risk in the event that these framework agreements are re-tendered. The associated distribution risk is taken into account by secunet’s operational units and is reduced to an acceptable level through risk-reducing measures.
In order to be better placed in the medium term to react to the potential risk of a decline in demand from public sector customers, and in order to reduce and compensate for any resulting decline in sales revenue and results, secunet will continue to devote intensive efforts to the expansion of its activities for the private sector target group.
A further risk can be seen in the fact that a large part of the sales revenue is concentrated on a small number of public clients and companies. If one of these major customers is absent for even a short period of time, and the corresponding expected orders are delayed, secunet’s attainment of annual objectives may be endangered at the very least. In this case too, the use of key account managers in distribution can help towards risk reduction. Thanks to their close contact with the customer, they can ensure a timely reaction to changes in demand.
Furthermore, the fact that the business results are still heavily influenced by domestic demand is seen as a risk for the further growth of secunet. As a result, the expansion of high-performance international distribution, tapping of new markets and the acquisition of additional customers abroad will remain a focus of efforts for the future development of the Company. One strategic measure is the pooling of international distribution activities in the marketing company founded for this purpose.
The distribution risk resulting from the customer structure at the time of creating this report is classified as low.
1.2.3 Product development risks (production risk)
Various ongoing projects are being carried out to ensure the technological enhancement of the SINA product family, a number of them having a significant volume. The development project for the secunet konnektor also has a substantial scope. To this extent, it is justifiable to consider the risks for secunet arising from such development projects.
In conjunction with the development of new products, the following risks are discussed and evaluated regularly:
- Risk of a possible decline in demand: the product fails to prove itself on the market.
- Risk of undesirable technical developments: the product contains defects that lead to warranty claims.
- Risk of failure to complete the product in time: the development project takes considerably more time than estimated.
To date, the risks associated with developing new products that subsequently prove unsuccessful on the market have not been of primary significance for secunet in most product areas.
Due to the volume of the associated investments, the development of the secunet konnektor was the subject of ongoing risk evaluation in the 2018 financial year. The focus here was less on the sales prospects associated with the secunet konnektor than on the duration of development and certification. At the end of 2018, the development process was completed upon successful certification and rollout of the first konnektors commenced. The risk was thus eliminated again at the end of the year.
The development risks for secunet Group’s other products are lower. Its high-security IT solutions are tailored precisely to customers’ needs; secunet products are generally not designed without a specific requirement in mind. Most of the products developed by secunet are made to order and are accordingly financed by the customer. This largely relates to the SINA product family in the High Security business division. Product innovations in the areas of biometrics and sovereign documents, such as the secunet biomiddle biometric middleware, or the Golden Reader Tool platinum edition, were also developed as a result of issues raised during consulting activities. Therefore, no development risks exist in terms of potentially waning demand.
Potential warranty claims are taken into account by creating appropriate risk provisions.
The greatest risk for development projects is underestimation of the time required before new solutions are ready for acceptance. This can lead to expenditure of time and personnel, which limits the profitability of these projects. In order to keep these risks as low as possible, secunet uses extensive project planning and control mechanisms in different locations, paired with a dedicated reporting line. This part of the risk analysis and risk management is identical to the activities that apply for major projects. In the area of development projects, the risk at the time of creating this report is classified as low.
1.2.4 Major projects: distribution and project management (distribution and producation risk)
secunet is primarily active in the project business. Many projects relate to infrastructures and solutions that have been designed on an individual basis. In addition, IT security infrastructures are often associated with high investment volumes. There are two main risks for such major projects: the distribution risk and the project management risk. In addition, there are specific risks for very long-term major projects.
Distribution risk is a result of the costly, and often protracted, tendering and decision-making procedures to meet customer requirements. This places great limitations on the ability to plan for sales revenues, leading to a potential associated volatility in secunet’s business. This distribution risk is continuously monitored as part of risk management and in the ongoing Management Board meetings and, if necessary, it is countered with suitable measures. These measures for reducing the distribution risk also often consist of establishing close contact, and thus ongoing cooperation with the customer, through the use of dedicated key account managers, for example.
The project management risk arises after the commissioning of major projects: these projects are characterised by multiple uncertainties in their implementation due to the sheer fact of their size. The risk may then consist of a failure to maintain schedules and project budgets. secunet takes these risks into account by means of a comprehensive project management system, which is used to create regular management reports for project managers, division heads and the Management Board. The risks arising from major projects are continuously monitored – in the same way as development risks – with comprehensive project planning and control mechanisms, in conjunction with a risk-oriented reporting system. In the event of deviation from the set targets, measures to reduce the risk are resolved and implemented immediately. These can consist of making additional capacity available for processing the project or discussing deviations with the customer in order to bring expectations into line with the altered framework conditions.
In very long-term projects that extend over periods of more than five years, there may be additional risks, for example because the solutions implemented reach the end of their technological service life (update problems, problems with outdated technology). Furthermore, a replacement risk may be posed by suppliers who disappear from the market over the course of such projects.
Amounting to 0.3 million euros at the end of December 2018, risks from major projects were classified as low.
1.2.5 Technical product security risk (product management and production risk
The secunet AG product portfolio is concentrated on solutions in the area of cyber security. In the case of the SINA product family in particular, these solutions are protected and approved at a high level in cryptographic terms.
One risk that is evaluated on an ongoing basis in connection with the technical properties of these products is the effect of any possible – as yet undetected – security weaknesses in these solutions. In this context, the focus is on the question of whether and to what extent the security promise made to its customers by secunet in connection with the solution as a whole might be compromised as a result of security holes in individual components.
A comprehensive process of ongoing risk identification and assessment takes place in this area for the purposes of risk minimisation. As part of this process, secunet collects and evaluates findings about potential security risks from a wide range of sources. Even if potential vulnerability of the systems merely seems possible as a result of this evaluation, customers are informed immediately and supported in closing the potential security hole.
This process of monitoring and solving potential technical security risks is implemented in close collaboration with the Company’s development and certification partner, the German Federal Office for Information Security (BSI).
In view of the risk minimisation measures in use, the economic risk connected with technical product security is believed to be low.
1.2.6 Distribution risk associated with warehousing
As secunet AG’s product business grows, warehousing risks are also increasing. On the one hand, this is due to the risk associated with the ability to deliver at short notice, which can be countered by suitably networked material planning. At the same time, hardware components in particular are becoming obsolete because of accelerating technical progress. Where applicable, inventories lose their value because of this technical ageing process. As part of the risk inventory in the fourth quarter of 2018, the warehousing risk was valued at 0.1 million euros. secunet stays abreast of these risks through professional inventory optimisation.
The driving factors outlined below continue to have a positive effect on the future growth of secunet:
2.1 Growth throug increasing awareness
Increasing sensitivity to IT security issues in recent years has received strong support as a result of reporting in the media on cyber security threats (such as wiretapping cases, attempted and successful hacking of the networks of authorities and companies, attacks on critical infrastructures) over the same time period. Investigation into the medium to long-term assessment of risk among companies and decision-makers reveals that much greater importance will be placed on cyber security going forward. The topic of cyber security is the focus for a wide range of investigations and seminars, as well as publications derived from them. Cyber incidents are increasingly at the centre of risk assessments – no longer just those conducted on behalf of authorities, but also by private companies. Over the past three years, for example, cyber risks have consistently been included in the top three risks on the Allianz Risk Barometer of the Top Business Risks in Germany. A positive trend in the demand for high-quality, trustworthy solutions “made in Germany” can be inferred from this. This applies both to authorities, which are adding IT system and infrastructure security to their existing efforts, and to companies, which are countering the now-specific risks of economic / industrial espionage with appropriate safeguards. An additional group is made up of providers of critical infrastructures for which IT security is becoming ever more important (see also “Growth through increasing regulation”). With the relevant distribution activities aimed at authorities and companies, secunet intends to participate in this positive development of demand.
The increasing interest in IT security, driven also by media attention, and the subsequent growth in demand are also resulting in increasing competition. This must be taken into account when evaluating opportunities.
2.2 Growth throug increasing regulation
The German federal government wants to increase the protection of critical infrastructures such as energy and telecommunications networks as well as that of IT systems. To this end, the German IT Security Act (IT-Sicherheitsgesetz, ITSiG) was passed in July 2015. This results in growth opportunities at different levels:
- The legislation particularly affects operators of critical infrastructures – i. e. facilities that are of central importance to the community – such as energy supply, for example. They are to meet specific IT security requirements. This will result in potential demand for implementation concepts to meet these requirements.
- Furthermore, the role of the BSI has been strengthened by this law and takes into account its growing importance as a central body for IT security. Among other things, the BSI has been empowered to inspect and evaluate IT products and systems on the market with regard to their IT security, and to publish the results if necessary. This could give rise to positive stimulus in the product business.
A further development of the laws regulating critical infrastructures is expected for the future. Both the specific targets and the sectors covered are to be extended, for example.
2.3 Growth through new markets
IT security solutions “made in Germany” enjoy a good reputation around the world due to their quality and trustworthiness. There is rising international demand for corresponding high-quality solutions such as those offered by secunet. Under the pressure of wiretapping cases and cyber attacks coming to light, demand is likely to stimulate even greater differentiation between producer countries, from which secunet also benefits. In addition, many secunet products are approved for use in an international context, for example by the EU and NATO.
The expansion of foreign activities via secunet’s own distribution and via local multipliers will contribute to leveraging these potentials.
2.4 Growth through acquisitions
In addition to organic growth on domestic and foreign markets, secunet has for years pursued the objective of triggering additional growth through M & A activities. Growth in the product area through acquisition of the relevant solution providers is promising. The market for companies with high-quality, reliable IT security solutions for processing classified information – in which secunet is an active player – is split into many small to medium-sized providers. In addition, the M & A business is currently characterised by very high price expectations on the part of sellers. The process of identifying promising targets at acceptable prices is time-consuming as a result, but is nonetheless being pursued on an ongoing basis.
3. Overview of risks and opportunities
An overview of opportunities and risks which could impact on the further development of secunet Group shows a promising evaluation overall.
The assessment revealed that the risks at the time of creating the report can generally be kept at bay and controlled, and the identified risks, both individually and as a whole, do not threaten the continued existence of the Company in terms of illiquidity or excessive debts in the reporting period of at least one year. In the operational management of the Group, measures are continuously being taken to prevent a worsening of the risk situation. At the same time, the utilisation of the opportunities described above is being driven forward by a number of activities. No key risks are present as at the balance sheet date.
The business development of secunet AG is subject to the same risks and opportunities as those of the Group. The presentation and evaluation of risks and opportunities thus also apply in the same way for secunet AG.
The framework conditions for the 2019 financial year give reason for optimism.
- The macroeconomic growth forecast of the German federal government is positive: growth of 1.0% in the price-adjusted gross domestic product for the current year.
- For the domestic market, we are still expecting growing demand for IT security. This affects both the Public Sector, i. e. business with public customers, and the Business Sector, which serves companies in the private sector.
- The foreign market holds significant growth potential; secunet is generally well-positioned to leverage this potential. The secunet International GmbH & Co. KG employees in international distribution have many years of experience in the Group and in dealing with international customers.
- During the course of the year, secunet Group again increased its number of productive employees and can therefore convert increasing demand and high capacity utilisation into good business results.
- The market for IT security is growing; dynamic technological development in IT continually creates new applications and demands, thereby opening up great opportunities, especially in the area of IT security. secunet will be able to meet this demand well in future, with optimised and new services, products and solutions.
- The efforts to expand national and international defence budgets and the focus on cyber defence justify positive growth expectations.
Nevertheless, risks might also be encountered in the coming year:
- secunet is still largely dependent on the procurement activities of the German federal authorities. At the present time, the effects of changing budgetary policy cannot yet be assessed. Negative implications for secunet could include the postponement or cancellation of planned projects.
- Project business also holds both opportunities and risks: the scope of investment decisions for major projects, especially if these are part of a political process, can significantly delay the start of expected procurements. In addition, ongoing major projects always face the potential risk of incalculable delays or budget overruns.
- The attention focused on the topic of IT security is driving the expectation of increasing demand. However, driven by the same attention, increasing competition is also apparent, with consequences that cannot yet be foreseen.
At the time of issuing this report, the Company and the Group are in a good position in the opinion of the Management Board:
- The economic and financial situation of secunet Group and secunet AG is good; previous growth was achieved without declines in profitability, there are no loans, and liquid funds are high.
- secunet has high-performing, motivated and highly qualified employees – providing an excellent basis of expertise.
- The Company’s existing product and service portfolio has done well in terms of standing up to competition, and is continuing to expand in close cooperation with customers and their needs. Of particular importance with regard to the outlook for 2019 is the secunet konnektor, which is expected to generate significant growth impulses. Further additions to the product range will also support future growth.
- secunet’s products and solutions have an excellent reputation, the Company is well-known as a provider of high-quality and trustworthy IT security to meet the highest demands and therefore has a stable and reliable (existing) customer structure.
- The Company’s existing product and service portfolio has done well in terms of standing up to competition, and is continuing to expand in close cooperation with customers and their needs.
- The Company is well-known as a provider of high-quality and trustworthy IT security to meet the highest demands, and therefore has a stable and reliable (existing) customer structure.
At the time this report was prepared, secunet Group and secunet AG were in a good position. During the past financial year, sales revenue and EBIT increased sharply once again, and 2018 consequently ended with excellent results. The Management Board of secunet AG is generally optimistic about business development for the coming year 2019.
The outstanding business results already achieved in the 2018 financial year represent a challenge for further growth – surpassing record results is becoming increasingly difficult. For this reason, the company’s Management Board is formulating its expectations for secunet Group for the coming 2019 financial year as follows: a slight increase in sales revenue is anticipated. Due to price and wage developments, the Management Board expects the EBIT margin to be slightly below the previous year’s level. Accordingly, EBIT for secunet Group is expected to be slightly lower than that of the previous year. Due to the rollout of the secunet konnektor in doctors’ practices, a disproportionately high increase in sales revenue is anticipated in the Business Sector division – as a result, the contribution to consolidated sales revenues in this segment is expected to increase. How great this change will be depends substantially on the sales success of the secunet konnektor. In line with the increase of the revenue share in the Business Sector, a higher EBIT is also expected in this division.
The forecast for secunet AG is subject to the same risks and opportunities as those of secunet Group. Accordingly, the Management Board is expecting a slight increase in sales revenue and a moderate decrease in EBIT for secunet AG.
Article 19 of the European Market Abuse Directive (EU) No. 596 / 2014 requires members of Company bodies (Supervisory / Management Boards) and certain executives, as well as closely related parties, to disclose transactions in secunet shares or related financial instruments where the sum total of such
transactions reaches 5,000 euros within a single calendar year. Directors’ Dealings disclosures are also published on our website under Investor Relations. No Directors’ Dealings were reported in the financial year 2018.
I. General Provisions
Section 1 Company, registered office and fiscal year
(1) The corporation manages the company secunet Security Networks Aktiengesellschaft
(2) Its registered office is in Essen.
(3) The fiscal year is the calendar year.
Section 2 Purpose of the company
(1) The purpose of the company is to provide security services in telecommunication and information technology, in particular consultancy and system solutions for information security, as well as the production and sale of security products and systems, and associated activities.
(2) The company is authorised to serve the purpose of the company in all transactions and measures that seem appropriate. It may also found, acquire and invest in other companies with the same or a related purpose, as well as managing such companies or limiting itself to stake management. It may outsource some or all its operations to affiliated companies or cede some or all of its operations to affiliated companies.
Section 3 Notification and informing
(1) The corporation's notifications are provided in the Federal Gazette.
(2) Information can also be transferred to owners of listed securities in the corporation by means of data transfer.
II. Capital stock and shares
Section 4 Capital stock
(1) The corporation's capital stock is €6,500,000 (in words: six million five hundred thousand euros).
(2) The capital stock is apportioned into 6,500,000 no-par value shares, which are bearer shares. €1,278,229.70 of the capital stock consists of capital stock in Secunet Networks GmbH, which was converted by means of a change of form pursuant to Sections 190 et seqq, Reorganisation of Companies Act (Umwandlungsgesetz, UmwG).
Section 5 Shares
(1) The shares are bearer shares. If, in the event of a capital increase, the resolution on the increase of capital does not determine whether the new no-par value shares are bearer or registered shares, they shall be bearer shares.
(2) Uniform certificates can be issued in relation to several shares. The shareholders shall have no right to securitise their shares.
(3) A duplicated signature from the Management Board shall suffice for execution. In other respects, the form and content of the share certificates as well as the profit share and renewal coupons are determined by the Management Board with the approval of the Supervisory Board. The same applies for bonds and interest coupons.
(4) In other respects, a resolution on the increase of capital may stipulate the profit participation of new no-par value shares, by way of derogation from Section 60, Para. 2, Clause 3, Stock Corporation Act (Aktiengesetz, AktG).
III. Management Board
Section 6 Composition of the Management Board
(1) The Management Board consists of one or several members. Deputy members of the Management Board may be appointed.
(2) The Supervisory Board is responsible for determining the number and appointment of members of the Management Board and of deputy members of the Management Board, and revoking their appointment; the Supervisory Board is also responsible for nominating a member of the Management Board as the Chair of the Management Board, as well as additional Management Board members as deputy Management Board members.
Section 7 Representation
(1) If only one member of the Management Board has been appointed, this individual shall represent the corporation alone. If several members of the Management Board have been appointed, the corporation shall be represented by two members of the Management Board or by one member of the Management Board in combination with an authorised officer.
(2) Deputy members of the Management Board shall have the same rights as ordinary members of the Management Board with respect to representing the corporation externally.
(3) The Supervisory Board may grant all or some of the members of the Management Board power of sole representation, and release them from the restrictions of Section 181 German Civil Code, (Bürgerliches Gesetzbuch, BGB) in the event of multiple representation. This does not affect Section 112 AktG.
(4) The Management Board manages the corporation's transactions in accordance with the provision of the law, of the Articles of Association, and of the rules of procedure issued by the Supervisory Board.
(5) The Management Board manages the corporation under its own responsibility, and makes decisions about all matters of fundamental importance. Notwithstanding this overall responsibility, each member of the Management Board independently manages the business area allocated to him/her by the schedule of responsibilities.
(6) The Management Board must undertake appropriate measures, in particular setting up a monitoring system, in order that the existence of developments that put the corporation at risk are detected at an early stage.
Section 8 Rules of procedure, and passing of resolutions by the Management Board; transactions requiring approval
(1) The Supervisory Board issues the rules of procedure for the Management Board.
(2) Resolutions of the Management Board are passed with a simple majority vote. Alternative majority requirements and additional regulations regarding the passing of resolutions by the Management Board may be put in place in the rules of procedure.
(3) The Supervisory Board defines certain types of transactions that the Management Board is only permitted to undertake with advance approval from the Supervisory Board. The approval of the Supervisory Board may be issued in advance in the form of a general authorisation for a certain set of designated transactions.
IV. Supervisory Board
Section 9 Composition and term of office for the Supervisory Board
(1) The Supervisory Board consists of six members.
(2) Members of the Supervisory Board are selected by the Annual General Meeting, unless otherwise stipulated by the Articles of Association or statutory provisions.
(3) Unless the Annual General Meeting expressly specifies a shorter period of time, members of the Supervisory Board are appointed for a period up to the conclusion of the Annual General Meeting that passes a resolution, on discharge for the fourth fiscal year after the start of the term of office. The fiscal year in which the term of office begins is not included in this. A successor to any member of the Supervisory Board who leaves before the expiry of his/her term of office is appointed for the remainder of the term of office of the member who left prematurely.
(4) Members of the Supervisory Board may vacate their position by means of a written declaration addressed to the Chair of the Supervisory Board or to the Management Board, without stating reasons and subject to a notice period of four weeks; alternatively, if they state good cause, no notice period shall apply.
Section 10 Responsibilities and powers of the Supervisory Board
(1) The rights and obligations of the Supervisory Board are determined in accordance with statutory provisions, regulations of Articles of Association, and rules of procedure issued in accordance with Section 13.
(2) Members of the Supervisory Board have equal rights and obligations. They are not bound to orders and instructions. In practising the office, they must apply the care of a reputable and diligent inspector of managers.
(3) They must maintain confidentiality with respect to the company's confidential information and secrets, namely business or trade secrets, which have become known to them through their activity on the Supervisory Board. In particular, they are required to maintain confidentiality with respect to any confidential reports and confidential advice that they receive. If a member of the Supervisory Board wishes to pass to third parties information which may in any way be confidential or may in any way relate to company secrets, the member is required to inform the Chair of the Supervisory Board of this in advance, and provide him/her with the opportunity to provide a re-sponse.
(4) Members of the Supervisory Board who breach their obligations are required to com-pensate the corporation for the damage caused by the breach, as joint and several debtors.
(5) The Supervisory Board is authorised to put in place changes and supplements to the Articles of Association by means of a majority vote, provided that these changes and supplements only affect the wording.
Section 11 Declarations of intention on the part of the Supervisory Board
Declarations of intention on the part of the Supervisory Board are issued in the name of the Supervisory Board by the Chair; if the Chair is not present, they are issued by his/her deputy.
Section 12 Chair of the Supervisory Board and his/her deputy
The Supervisory Board selects from its members a Chair and a deputy for the term of office determined in Section 9 Para. 3 of these Articles of Association. The vote is taken directly after the Annual General Meeting, in which the members of the Supervisory Board for the shareholders to be selected by the Annual General Meeting are appointed, at a meeting that is not convened separately.
If the Chair or his/her representative leaves his/her office before the expiry of the term of office, the Supervisory Board must make a new selection for the remaining term of office of the individual who has left.
Section 13 Rules of procedure and committees of the Supervisory Board
(1) The Supervisory Board provides the rules of procedure.
(2) The Supervisory Board may form committees and, in as far as is legally permissible, also transfer decision-making authorities to them.
Section 14 Convening the Supervisory Board
(1) The Supervisory Board must hold at least two meetings in each half of the calendar year.
(2) It must be convened immediately if necessary for business reasons, or if a member of the Supervisory Board or if the Management Board demands that the meeting is convened, stating the purpose and reasons for this. The meeting of the Supervisory Board must take place within two weeks of being convened in these cases.
(3) The Chair of the Supervisory Board is responsible for drafting and determining the agenda, as well as the format of the meeting. Suggested resolutions must also be transferred together with the invitation.
(4) The meeting is convened in writing, by fax, or by email, stating the agenda as well as the format of the meeting, with a notice period of two weeks. In urgent cases, the Chair may shorten the notice period and convene the meeting verbally by telephone.
Section 15 Passing of resolutions by the Supervisory Board
(1) The Supervisory Board is quorate if all members have been invited and at least half of members participate in passing the resolution. A member also takes part in the resolution if he/she abstains from voting.
(2) The type of vote is determined by the Chair of the Supervisory Board, unless the rules of procedure issued by the Supervisory Board contains specific regulations in this respect.
(3) Unless otherwise stipulated by law or the Articles of Association, resolutions are passed with a simple majority of votes cast. The same also applies for elections.
(4) If there is a tied vote, a new debate shall only take place if the majority of the Supervisory Board resolves upon this. Otherwise, a new vote must be conducted immediately. In the event of a new vote regarding the same subject, the Chair of the Supervisory Board shall have two votes, including if this produces a tied vote.
(5) If a member of the Supervisory Board is not present, this individual may have a written vote submitted through another member of the Supervisory Board. This also applies for issuing a vote in the event of a new voting process regarding the same subject. The submission of a written vote is only effective if the resolution passed does not deviate in content from the announced content of the resolution.
(6) Resolutions passed about subjects the treatment of which has not been notified at least one week before the meeting, as well as votes outside meetings, are only permitted if not objected to immediately by any member of the Supervisory Board.
(7) A member of the Supervisory Board may not participate in a vote regarding a subject on the agenda if the resolution concerns the undertaking of a legal transaction with him/her, or the initiation of a legal dispute between him/her the company.
Section 16 Supervisory Board minutes
Minutes must be produced both of meetings of the Supervisory Board and of votes that take place outside meetings; these minutes must be signed by the Chair of the Supervisory Board.
Section 17 Supervisory Board remuneration
(1) Each member of the Supervisory Board receives remuneration of €8,000 for his/her activity after the conclusion of the fiscal year. The Chair of the Supervisory Board receives double the amount given to an ordinary member of the Supervisory Board, i.e. an amount of €16,000; his/her deputy shall receive 1.5 times the amount given to an ordinary member of the Supervisory Board, i.e. €12,000.
(2) Members of the Supervisory Board who are only part of the Supervisory Board during a portion of the fiscal year receive pro rata remuneration in accordance with Para. (1) based on the proportion of the whole fiscal year for which they are part of the Supervisory Board.
(3) Members of the Supervisory Board also receive compensation for the expenses they incur whilst exercising their office. Any VAT to be paid on their receipts is reimbursed to members of the Supervisory Board by the corporation.
(4) Members of the Supervisory Board may also receive further remuneration in addition to the remuneration defined in Para. (1), provided that this additional amount is resolved upon by the Annual General Meeting with the required majority.
V. Annual General Meeting
Section 18 Convening the Annual General Meeting
(1) The Annual General Meeting takes place at the corporation's registered office or in a major German city with more than 200,000 inhabitants. The Annual General Meeting is convened by the Management Board or, in legally stipulated cases, by the Supervisory Board. The statutory specifications apply for the
(2) The ordinary Annual General Meeting is held within the first eight months of each fiscal year. Extraordinary Annual General Meetings may be convened as often as seems required in the interests of the corporation.
Section 19 Participation in and process for the Annual General Meeting
(1) Only shareholders who register for the Annual General Meeting and verify their authorisation are authorised to participate in the Annual General Meeting, and to exercise their voting right. The registration and verification of authorisation must be received by the corporation at the address notified in the convocation at least six days before the Annual General Meeting, whereby the day of receipt is not included in the six days.
(2) A certificate regarding share ownership, issued by the custodian institute in written format (Section 126b BGB) in German or English, is sufficient for authorisation in accordance with Para. 1. The certificate of share ownership must relate to the start of the 21st day before the Annual General Meeting.
(3) The chair of the meeting is authorised to permit the complete or partial transfer of image and sound of the Annual General Meeting using a method that he/she may determine in further detail. This transfer may also take a form that provides unrestricted access for the public.
Section 20 Voting right in the Annual General Meeting
(1) Each share grants one vote in the Annual General Meeting.
(2) The voting right may be exercised by an authorised agent. Beyond the scope of Sec-tion 135 AktG, authorisation is issued and revoked and empowerment is verified to the corporation in written format (Section 126b BGB). The corporation offers an electronic method for the transfer of the certificate of empowerment, within the invitation to the Annual General Assembly. If the shareholder empowers more than one per-son, the corporation may refuse one or several of these individuals.
Section 21 Chairmanship in the Annual General Meeting
(1) The Chair of the Supervisory Board acts as chair in the Annual General Meeting (AGM); if the Chair of the Supervisory Board is unable to chair the AGM, his/her deputy will do so; if the deputy is also unable to chair the AGM, a member of the Supervisory Board to be determined by the Supervisory Board shallchair the AGM. If the Chair is not taken by any member of the Supervisory Board, the leader of the meeting is elected by the Annual General Meeting.
(2) The Chair leads negotiations and determines the sequence of dealing with items on the agenda, the type and sequence of votes, and the sequence of verbal contributions. The Chair may appropriately limit the time for which each shareholder is entitled to ask questions and speak.
Section 22 Passing of resolutions by the Annual General Meeting
Resolutions of the Annual General Meeting are passed with a simple majority of votes cast unless the Articles of Association or mandatory legal provisions provide otherwise.
VI. Annual financial statement, management report, appropriation of balance sheet profit
Section 23 Annual financial statement and management report; discharge of the Management Board and Supervisory Board
(1) The Management Board must issue and submit to the auditor the management report and annual financial statement for the previous fiscal year in the first three months of each fiscal year.
(2) After receipt of the audit report, the annual financial statement and the management report together with the audit report and the suggestion for the resolution of the Annual General Meeting regarding the appropriation of balance sheet profit must be submitted to the Supervisory Board.
(3) The Supervisory Board must state a position on these submissions within one month of receipt.
(4) The annual financial statement, management report, report from the Supervisory Board and the suggestion from the Management Board regarding the appropriation of balance sheet profit must be made accessible to each shareholder from the time of the convocation of the ordinary Annual General Meeting onward, in accordance with statutory specifications.
(5) The Annual General Meeting shall, in the first eight months of each fiscal year, pass a resolution after receiving the report to be provided by the Supervisory Board pursu-ant to Section 171 Para. 2 AktG, regarding the discharge of the Management Board and of the Supervisory Board, regarding the appropriation of balance sheet profit, regarding the choice of auditor, and – in the cases specified by law – regarding the assessment of the annual financial statement.
(6) If the corporation is required to create a consolidated financial statement and a group management report, paragraphs 1-5 shall apply mutatis mutandis for the consolidated financial statement and the group management report.
VII. Other conditions
Section 24 Partial nullity
If any provision in the Articles of Association is invalid, this shall not impact the validity of the other provisions in the Articles of Association.
Section 25 Costs
The corporation shall bear the costs of founding, which comprise 20,000 Deutschmark.
On 9 May 2018 the annual general meeting of secunet Security Networks elected KPMG AG Wirtschaftsprüfungsgesellschaft, branch office Essen, to serve as the annual auditor and consolidated annual auditor for the financial year 2017.
The general annual meeting of secunet Security Networks AG also elected KPMG AG Wirtschaftsprüfungsgesellschaft, branch office Essen, to serve as the annual auditor and consolidated annual auditor for the financial year 2017 and as the auditor for the review of the condensed financial statements and of the interim management report as at 30 June 2018.