Creating a safe and private world for everyone Avast annual report 2019 © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm Strategic report Governance Financial statements Avast annual report 2019 We are growing and profitable Adjusted billings $911.0m + 10.2% +5.7% organic growth actual growth Adjusted revenue $873.1m +9.1% organic growth +5.6% actual growth Adjusted EBITDA Adjusted net income $483.0m +7.9% Unlevered free cash flow $424.6m +7.9% Statutory revenue $871.1m +7.8% $322.3m +19% Net debt/ LTM adjusted EBITDA 1.8x Statutory net income $248.9m +3.2% © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm Financial statements Independent Auditor’s report 108 Consolidated financial statements 116 Notes to the consolidated financial statements Company financial statements Notes to the Company financial statements Glossary 123 166 168 171 In this report: Strategic report Introducing Avast Chairman’s statement Markets & threat landscape Business model Investment case CEO’s strategic review Our technology CFO's review Risk management People and corporate social responsibility Section 172(1) statement Governance Board of Directors 1 8 10 16 20 22 28 35 48 51 60 66 Corporate governance statement 68 Audit and Risk Committee report 74 Nomination Committee report Directors’ remuneration report Directors’ report 80 84 100 Strategic report Governance Financial statements Avast annual report 2019 01 We make the world a safer place Truly innovative cybersecurity sets people free, keeping them safe and private online. It’s hard to imagine life without our favourite devices, apps and online experiences. Our devices don’t just help us communicate, work, bank, shop, and relax; they capture the special moments and memories we treasure forever. Avast’s users rely on us to keep safe that which is irreplaceable. Across all their devices, in the home, and on the go, our users expect us to protect their most valued moments in time, secure their private activities, and allow them to keep control of their personal information. We are committed to providing our 435 million users across the world with next-generation security and privacy tools – keeping their most precious online experiences private and secure from ever-present, ever-changing cyberthreats. The future of the online world depends on users being safe and free. Our mission is to build such a world. Our impact, page 04 Our purpose underlies our strategy, and is enabled by our values and culture. Read more on page 22 © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm Our purpose Strategic report Governance Financial statements Avast annual report 2019 02 We have the right approach, scale, and technology to create long-term value We protect millions of users from billions of attacks Our platform model underpins our business growth and success users worldwide1435m+ 1.5bn monthly attacks prevented by Avast 200m new files analysed each month Our brands: 50% of our employees are in research and development roles Smart home Consumer security SMB security Protection Family safety Data breaches ? Online anonymity Users Privacy Performance Software updates 1 User is defined as a unique device that has one or more Avast free or paid products installed and has been in contact with our servers in the last 30 days. Identity protection PC maintenance © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm About us Strategic report Governance Financial statements Avast annual report 2019 03 We deliver products which consistently win awards and industry recognition. This is one reason we substantially outperformed the FTSE 250 in 2019. Industry-leading margins, cash flow, and balance sheet We delivered on FY 2019 guidance Adjusted revenue $m Adjusted EBITDA % 827.0 873.1 9.1% organic 5.6% actual 54.1 55.3 +119bps 2018 2019 2018 2019 © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm About us Strategic report Governance Financial statements Avast annual report 2019 04 Our impact PRIVACY Giving users control of their privacy Our products let users design their online privacy their way. Avast SecureLine VPN What you do online is your business. Our virtual private network makes sure it stays that way. Avast Secure Browser Modern life moves fast. Our browser has been built to prioritise security and privacy without compromising on performance. Avast AntiTrack Keep your digital footprint hidden. Take back your privacy by disguising your online activity, and blocking attempts to track you. © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v70 Modification Date: 26 February 2020 6:13 pm Strategic report Governance Financial statements Avast annual report 2019 05 Our impact FAMILY SAFETY Putting families first Today’s children are true digital natives. Parents naturally want to protect them from the dark corners of the web, while ensuring they are safe and free to enjoy educational, fun, and interesting content online. Avast protects users’ digital lives, not just their devices. We give parents control, helping them to set healthy digital boundaries. Avast Family Space Avast Family Space helps families live safely online. Parents can set filters to keep their children safe from harmful content online, and add safe physical locations like home, school, and clubs for added peace of mind. © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm Strategic report Governance Financial statements Avast annual report 2019 06 Our impact SMART HOME Smarter living for modern families Connecting home appliances and electronics to the internet can make modern life more convenient, but Internet of Things (IoT) devices often lack any security and privacy safeguards. Our plug-and-play product, Avast Omni, makes managing the smart home simple and gives control back to consumers. Avast Omni Released in summer 2019 to Avast users in the U.S., the new Avast Omni secures the connected home. It sends alerts if unusual behaviour is detected on users’ IoT devices, blocks access to potential threats, and delivers robust parental controls to help families manage their digital habits. Wind Family Protect In September 2019, Italian operator, Wind Tre, introduced router security to its offering for Wind brand subscribers. Based on Avast’s Smart Life platform, subscribers can protect their smart homes with features such as safe browsing, anomaly detection, and user alerts when unusual device behaviour is detected. © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm Strategic report Governance Financial statements Avast annual report 2019 07 Our impact SMALL TO MID-SIZED BUSINESSES Safer solutions for business Our new Avast Business Patch Management service helps SMBs manage required security updates more efficiently. With 55% of installed software on PCs worldwide out of date, our new service enables SMBs to effectively prioritise, manage, and deploy critical security updates. Digital transformation helps small to mid-sized businesses (SMBs) differentiate themselves and reach new markets. SMBs using new digital technologies must ensure they retain customers’ trust, but often do not have the extensive internal and external technical resources larger companies can draw on. In 2019, we launched a new portfolio of enterprise-class layered security solutions designed for the needs of growing businesses including its new Avast Business Secure Web Gateway and Avast Business Secure Internet Gateway. © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v69 Modification Date: 25 February 2020 2:21 pm Strategic report Governance Financial statements Avast annual report 2019 08 Another strong year Overview 2019 was another strong year for Avast as we continued to create value by delivering consistent and sustainable financial results. Our technology leadership enabled Avast to take advantage of market opportunities to execute on our strategy of driving growth while also maintaining high levels of profitability. Revenues in our core Consumer Desktop business once again grew strongly, performance in the Indirect business accelerated, and the restructuring in the Small to Mid-size business advanced well. Our performance is testimony to our employees’ passion and commitment to Avast and I would like to once again thank them for their contribution during the year. Our success is of course also tied to the loyalty of our customers. We greatly value the feedback from our more than 435 million users and draw on this data to continually improve our service to them. We believe this user base represents a massive future business opportunity. “ As an industry leader in consumer cybersecurity, Avast is in a great position to serve its customers.” John Schwarz Chairman of the Board © 2019 Friend Studio Ltd File name: ChairmansXStatement_v41 Modification Date: 25 February 2020 1:59 pm Chairman’s statement Strategic report Governance Financial statements Avast annual report 2019 09 Total FY 2019 dividend 14.7 US cents per share Shareholder returns We are pleased that our share price reflected our progress. In 2019, Avast substantially outperformed the FTSE 250 index. While we plan to continue investing in our core areas to ensure mid- and long-term growth, we also remain committed to returning value to our shareholders. Based on the performance we delivered in 2019, the Board of Directors is recommending a final dividend for the year of 10.3 US cents per share. This results in a total dividend for the year of 14.7 US cents per share (total payment of $147.8m), a pro-rata increase of 8.1% on 2018. The final dividend will be paid on 24 June 2020 to shareholders on the register on 22 May 2020. Our approach to capital allocation is based on a framework that reflects our priorities for uses of cash. This is underpinned by our commitment to maintaining a strong balance sheet. At 31 December 2019, Avast’s net debt/LTM adjusted EBITDA was 1.8x, down from 3.9x immediately prior to IPO. Our debt reduction is a testament to the favourable cash flow dynamics of our business and our prudent capital allocation strategy. Leadership and strategy We welcomed Ondrej Vlcek to the role of CEO on 1 July 2019. In Ondrej, Avast has a leader with a detailed understanding of our businesses and an outstanding track record of delivering growth. His expertise in Artificial Intelligence-based security and vision for reinventing how we protect people online bring a tremendous advantage to our business. Ondrej is also a champion of Avast’s entrepreneurial and customer-centric culture. Early in his tenure as CEO, we have all been inspired by his energy and personal commitment to promoting integrity, transparency, diversity, and openness. He has sharpened our focus on Avast’s values to support the longer-term ambition of our business and stakeholders. the spectrum of protection, performance, and privacy. We are building the future of Avast on unique competencies and well-established brands, and are successfully adapting to a range of market changes. But there are always untapped opportunities. Our leadership team continues to thoughtfully pursue organic opportunities manifest in new and improved technology and products, new partnerships, and new territories. At the same time, we recognise the potential in selective acquisitions and other strategic opportunities that serve markets complementary to ours. Data risk management Global software companies are increasingly being targeted for disruptive attacks and cyber-espionage. At Avast, we constantly work hard to stay ahead of this threat. As part of our risk monitoring process, in September 2019 we identified suspicious behaviour on our network and instigated an immediate, extensive investigation. In parallel with this, we planned and carried out proactive measures to protect our end users and ensure the integrity of both our product build environment as well as our release process. We have been committed to being as transparent as possible throughout the process. From the insights we have gathered, it is clear that this was an extremely sophisticated attempt. However, there is no evidence of harm to our users, network, or partners. Jumpshot In January 2020, we decided to terminate the provision of data to Avast’s data analytics business, Jumpshot. We reached this difficult decision because we no longer believed that the data collection business was consistent long term with our privacy priorities as a global cybersecurity company. We take seriously the responsibility to balance user privacy with the necessary use of data for our core security products. Protecting people is our top priority and we are working to ensure going forward it is embedded in everything we do in our business and in our products. well supported by the members of the Board. The work of our Board and its Committees during the year, along with the assessment of their performance, is set out in the Corporate governance report. The composition of our Board continued to evolve in 2019, with the appointment of two additional independent Directors: Ms Maggie Chan Jones, formerly CMO of SAP; and Ms Tamara Minick-Scokalo, formerly President, Growth Markets at Pearson plc. Our Directors reflect a broad range of experiences and skills to support management. Our overall aim is to continue to refresh the Board while ensuring stability and continuity, particularly in the context of the recent CEO change. We continue to monitor diversity on the Board and in the business, recognising the value and benefit diversity brings to every organisation. I thank all the Board members for their valuable contribution as we continue to maintain oversight of the strategic, operational, and governance risks across the Group, and define our path to success. Looking ahead The Group has a platform to deliver long-term, sustainable value. Avast operates globally, in large and attractive markets. As the cybersecurity threat landscape becomes infinitely more complex, our core addressable segments of consumer and small business security provide multiple avenues and adjacencies for growth. Ultimately, the strength of our organisation is based on the innovators and people that lead our businesses. The Board is confident that the Group has the right strategy, plans, and people in place to succeed. I trust you share my excitement about Avast’s growth record and our prospects for a promising future. Thank you all for your continuing support. As an industry leader in cybersecurity, Avast is in a great position to serve its customers. We offer one of the most complete portfolios of consumer security technology across Governance and diversity One of my key responsibilities as Chairman is to set the tone for Avast and ensure good governance. In this I have been John Schwarz Chairman of the Board © 2019 Friend Studio Ltd File name: ChairmansXStatement_v41 Modification Date: 25 February 2020 1:59 pm Chairman’s statement Strategic report Governance Financial statements Avast annual report 2019 10 Cybercrime is an increasing threat to our world As more aspects of our lives move online, the risks associated with banking, shopping, and socialising continue to rise. Global cybercrime damages are now predicted to cost $6 trillion annually, double the $3 trillion impact measured in 2015. This is big business. Nonetheless, adoption of new technology is growing and IoT is reshaping the places we live. Our homes are filling up with smart devices that provide convenience and delight. From smart speakers and entertainment systems, to a wide variety of home safety products such as video doorbells, smart locks, security cameras, baby monitors, and fire safety systems, many electronic devices we bring into our homes today can now be connected to the internet. The Avast Smart Home report identified 16 million smart home networks of which 40% had over five connected devices, and 41% contained at least one vulnerable device. The most common devices are media boxes, network hubs, printers, security cameras and network attached storage. The rise of the smart home In 2020 there are: 1.39bn connected devices 314m smart homes Two-thirds of people in North America and one-quarter of people in Europe have at least one IoT or connected device at home. By 2022 there will be: 2.29bn connected devices 597m smart homes Source: ABI Research, Internet of Everything forecast 2019, Q1 2019 But insufficient security leaves these connected homes vulnerable Homes worldwide with at least one vulnerable connected device Homes worldwide with at least one connected device 59% 41% Of the vulnerable devices, 69% were at risk due to default or weak access credentials, allowing hackers access to the devices. One vulnerable device can compromise the security of the whole home network and allow access to personal data, sensitive information, and even live video and audio. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Markets & threat landscape Strategic report Governance Financial statements Avast annual report 2019 11 Vulnerable Homes In October 2019, hackers successfully attacked Google Home and Amazon Alexa smart assistants to eavesdrop on user conversations without their knowledge, or to deploy phishing attacks that tricked people into sharing personal information. Popular Ring cameras have also been shown to have been infiltrated by hackers allowing them to view and speak with children in their homes. Over 40% of all smart homes worldwide, have at least one vulnerable connected device which puts the entire smart home at risk. “ There remains a lack of safeguards in place assuring the privacy and security of IoT in the home.” Galina Alperovich Senior Researcher, AI and Network Security Vulnerable businesses It’s not just homes that are at risk; businesses are vulnerable too. In April 2019, the Russian hacking group Strontium (also known as Fancy Bear) was discovered to have attacked and enslaved voice-over-IP phones, office printers, and video decoders in several customer locations to target computer networks. The same group was also believed to be behind the infection of 500,000 consumer routers in 54 countries the previous year. 90% of IoT devices on the market are made by just 100 vendors, but no standards exist to govern their security. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Markets & threat landscape Strategic report Governance Financial statements Avast annual report 2019 12 Privacy is the new security Two years of high-profile data breaches at major companies have put privacy onto the front pages of the newspapers and into the minds of consumers. While this awareness has made privacy one of the biggest societal challenges of our time, consumers still lack understanding of how their data can be abused and the full implications of it being breached. There are technologies today that have been developed specifically to collect online user data surreptitiously and misuse it through the unauthorised (and potentially insecure) storage and sharing of that data. Therefore, what starts as a privacy threat often results in a Therefore, what starts as a privacy threat often results in a corresponding security risk. Cybersecurity today already corresponding security risk. Cybersecurity today already includes privacy as a natural extension to traditional security, includes privacy as a natural extension to traditional security, shielding users from data harvesting and loss, identity theft, shielding users from data harvesting and loss, identity theft, financial loss, and online harassment, among other harms. financial loss, and online harassment, among other harms. Avast offers products, including its Avast SecureLine Avast offers products, including its Avast SecureLine VPN, Avast Secure Browser, and intelligent Avast AntiTrack VPN, Avast Secure Browser, and intelligent Avast AntiTrack solution, which prevent online information gathering solution, which prevent online information gathering and fingerprinting as part of its growing portfolio of and fingerprinting as part of its growing portfolio of privacy-first offerings. privacy-first offerings. The enhancement of surreptitious digital tracking methods is The enhancement of surreptitious digital tracking methods is an emerging category of threat we have tracked through the an emerging category of threat we have tracked through the Avast APKlab.io platform launched in 2019. Working with Apple Avast APKlab.io platform launched in 2019. Working with Apple and Google app stores, Avast Threat Intelligence exposed and Google app stores, Avast Threat Intelligence exposed and stopped multiple ‘stalkerware’ apps which are often used and stopped multiple ‘stalkerware’ apps which are often used against some of the most vulnerable members of society. against some of the most vulnerable members of society. Stopping stalkerware apps using Avast Threat Intelligence Stalkerware apps operate differently to the useful parental controls and family protection apps that help parents and children to set age limits and access boundaries for safe online activities. Once downloaded onto the device, a stalker app will generally not be visible to the device owner, allowing a person to track someone else’s mobile phone activity and location without their knowledge. Stalker apps are not only a major privacy violation, but are a personal danger to some of those least able to protect themselves. Major security breaches in 2019 2bn 1.5bn 885m 218m 11.9m Orvibo: an open database exposed over 2 billion records for more than two weeks. The IoT platform provider’s database held usernames, passwords and emails of individuals and businesses. WhatsApp: in May 2019, hackers were able to install surveillance technology on the phones of WhatsApp users who answered their phone calls through the app. WhatsApp has 1.5 billion users. First America: the largest US real estate title insurance company leaked documents on transactions and mortgages back to 2003. Zynga Games: a hacker accessed user account information on certain games. Quest Diagnostics: patient data records were accessed by an unauthorized user. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Markets & threat landscape Strategic report Governance Financial statements Avast annual report 2019 13 “ Security is the only domain where there is a true adversary, and today, that adversary also has AI.” Rajarshi Gupta Head of AI Artificial intelligence for good and evil The rapid growth of connected devices is hugely attractive to bad actors and has exponentially increased the number and speed of threats targeting them. The constant battle between cybersecurity companies and the cybercriminals is waged in real time, with the latest artificial intelligence (AI) technology being deployed both in attack and defence. Keeping people safe online relies on AI to analyse huge volumes of threat data to detect threat patterns and behaviours that cannot be identified by human intervention alone. To prevent attacks and get ahead of new unknown threats, our AI engine processes data from attacked devices to understand everything from the attack’s origins to its possible purpose. Phishing remains the most successful attack vector for consumers and businesses. We battle it by applying intelligence to the analysis of web addresses to identify and block bad or fake sites before even one user clicks on them. Avast protects more than 400 million users through our AI-based global threat intelligence network. People are losing trust in online content The fake news phenomenon remained mainstream news in 2019 through discussions of content fixing for users of social media, and for its more insidious threat, the deepfake. Using technology increasingly available to anyone, deepfakes are falsely constructed videos that look authentic. So convincing is the technology, people’s faces and voices can be manipulated to make them appear to say or do something which is not in fact real. These fakes have begun to erode user trust online and, as their sophistication increases, AI can help separate fact from fiction by looking into the technical source and construction of the content. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Markets & threat landscape Strategic report Governance Financial statements Avast annual report 2019 14 Trends for 2020 Avast Threat Intelligence predicts four threat trends for this year. Email under threat Email is still the most common way for malware to spread. However, methods are evolving to spread threats more efficiently using email and also through improved exploit kits, via supply chain attacks, and by abusing remote access to PCs. “ Cybercriminals are constantly innovating and looking for new ways to circumvent today’s powerful personal and business security solutions.” Jakub Kroustek Head of Threat Intelligence Systems © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v76 Modification Date: 26 February 2020 5:18 pm Mobile security under threat Getting malicious apps onto the Google Play Store and the Apple App Store is not easy. To make money, cybercriminals are shifting towards subscription scams and fake apps integrated with aggressive adware. Security researchers will continue to look for risks on the Apple platform, following the discovery of unpatchable iOS ‘jailbreak’ vulnerabilities. Markets & threat landscape Strategic report Governance Financial statements Avast annual report 2019 15 Privacy under threat Privacy is the new frontier for security. We see the practical applications of AI algorithms, including differential privacy, to enable profit from big data insights as currently happens today, but with the concealment of private information. Our goal is to allow individuals to take back control of their own data, by deciding whether (and which) companies can harness their data, and what data they can use. IoT security under threat Devices and even physical locations will become smart – or even smarter than they already are – to be used by vendors to collect more data about users in order to learn and predict their behaviour. Cybercriminals will continue adding obfuscation to their IoT malware and build upon older, already established, malware families to widen their IoT attack surface with newly released exploits. “ We expect malware authors will adopt other security practices to make their botnets more robust.” Daniel Uhricek Security Researcher, AI & Network Security © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Markets & threat landscape Strategic report Governance Financial statements Avast annual report 2019 16 We work every day to keep the world safe online We use our expertise to educate and empower people to keep themselves and their families safe online. Our markets and structure Headquartered in the Czech Republic, Avast has users in almost every country in the world. Our largest markets are the US and Canada, Brazil, France, UK, Russia, and Germany. Our 1,700+ employees serve consumers and clients from offices across 12 countries. Avast offers products in two segments: consumer products, which generate direct and indirect revenue streams; and products for the corporate market. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Business model Strategic report Governance Financial statements Avast annual report 2019 17 What sets us apart Our resources and relationships Value created for our stakeholders Unrivalled scale Security is a data-driven business. With over 435 million installed users, Avast has access to one of the largest consumer security platforms, giving it access to an unrivalled database of online activity that is required to provide effective protection. These large amounts of data enhance the quality of threat detection and support product development. Advanced next-generation security engine We have developed a next-generation security engine which uses a combination of behavioural detection, cloud-based machine-learning capabilities, and signature-based detection to drive best-in-class protection. Our proprietary scanning engine scans for previously unknown viruses and malware, as well as new variants of known viruses, and malware undetectable with normal definitions and virus signatures. Sophisticated consumer monetisation platform Avast’s platform uses contextual messaging to convert, up-sell, and cross-sell to the user base, efficiently targeting users at the most appropriate moment to provide quality products. Marketing campaigns are shaped through predictive modelling to optimise price, maximise the effectiveness of messages, and predict churn. Leading consumer brand The Group enjoys high brand awareness among users. Our high-quality and free-to-use products have fostered a sense of brand loyalty difficult to replicate in paid-for platforms. Attractive financial profile Avast’s cost-effective, go-to-market approach results in superior profitability, while the subscription-based business model provides a high degree of cash and revenue visibility. This allows us to invest in innovation and technology, and seize growth opportunities, generating sustainable returns for our shareholders. People and culture Avast’s innovative approach comes from some of the most talented and experienced security engineers on the planet. We attract the best and the brightest with over 50% of our employees in R&D. Our growth is fuelled by our passionate culture of wanting to win and beat the bad guys. A large majority of the Company’s R&D personnel is based in the Czech Republic, a benefit for our cost-efficient model. Technology and data Powerful technology, together with the large collections of online data, drives our business. Avast’s security engine provides for industry-leading detection rates and scanning speeds while using minimal resources and contains components that run both locally on the device as well as in the Group’s bespoke internet cloud. This results in constant updates of new detections and continuous protection against the latest threats. Data integrity and security The integrity and security of data handling are a top priority for us. Avast deploys sophisticated physical and electronic security protections and policies, procedures, and protocols to protect against attacks and to help identify suspicious activity. We continually protect data no matter what form it takes, what technology is used to process it, who handles it, and in what stage of its life cycle it may be. Our customers We are dedicated to creating a world that provides safety and privacy for all, no matter who you are, where you are, or how you connect. We always take a customer-first approach, staying responsive and adaptable to create an atmosphere where everyone’s voice counts. Our communities One of our fundamental values is to give back to the community. Our practical outreach includes education for children, teachers, and parents on how to be safe online. We organise hackathon and, tech meetups, and support cutting edge research in threat detection technology – moving the field forward every day. Through our Foundation, we create programmes that support the elderly, those living with disabilities, and the terminally ill, as well as furthering education on human rights. See the Corporate responsibility section, p56 Our people As cybersecurity pioneers, we take great pride in our innovation. We invest in our employees’ creativity by encouraging them to push boundaries and recognising great performance. We also partner with universities and non-profits to help cultivate talented people and educate the cybersecurity experts of the future. See the People section, p51 Our shareholders Avast generates shareholder value through a combination of consistent growth, high profitability, and strong cash flow. See the CFO’s Review, p35 © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Business model Strategic report Governance Financial statements Avast annual report 2019 18 How our business is structured Consumer Direct Customers pay us directly for a product $708.3m FY 2019 adjusted revenue 81% Consumer Indirect Partners pay us for distribution and access to our user base $115.5m FY 2019 adjusted revenue 13% What we do How we make money What we do How we make money Our products secure not just the devices of users, but also their data, networks, homes, and families. We offer security software under the Avast and AVG brands, in the form of both free and paid-for products. We also provide popular applications that enhance performance, such as CCleaner, and improve privacy. The rapid growth of connected devices has created new security and privacy threats, which we have developed products to address. How we do it Avast’s antivirus solutions use AI and machine learning to conduct behavioural analysis and improve detection abilities. With both local and cloud-based deep learning capabilities, Avast’s security engine is powered by a continuous data loop of inputs from our users, who act as a geographically dispersed global threat detection system. Avast monetises its user base by up-selling users of its free antivirus software to paid antivirus software with advanced features. We also cross-sell adjacent, non-antivirus paid products, such as VPN access or PC optimisation tools. Our strengths Avast runs a highly efficient, low-cost distribution platform that directly engages hundreds of millions of users. Sales are primarily subscription-based, enhancing the predictability and visibility of revenue streams. Our focus on R&D means our malware detection capability is among best in class. It means also that we are well positioned to solve the cyber security problems of tomorrow. Avast leverages its user base to partner with third-party vendors. Products and services include secure web browsing, distribution of third-party software, an e-commerce tool, and mobile advertising. In January 2020, Avast decided to terminate the provision of anonymised data to its data analytics business, Jumpshot, having concluded that the business was not consistent long term with the Group’s privacy priorities as a global cybersecurity company. How we do it Avast’s Secure Web Browser helps users to stay safe online and achieve better control of their personal online footprint. Through our partnership with Google, we distribute the Chrome browser to our user base. Avast Secure Browser typically earns a share of ad revenue based on user search. In mobile advertising, Avast serves up ads to its free mobile user base. Google Chrome is distributed into Avast’s user base in exchange for a fee. In return for delivering traffic to e-commerce partners, Avast earns revenues reflecting value received from sales and user acquisition. Advertisers pay Avast for innovative ad formats served up to its mobile users. Our strengths As with our other revenue streams, the key is our broad reach, based on a massive global user base that trusts Avast to keep them secure. Access to this user base is an attractive proposition for our carefully vetted partners. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Business model Strategic report Governance Financial statements Avast annual report 2019 19 SMB Business customers either pay us directly for a product, or buy from one of our partners $49.2m FY 2019 adjusted revenue 6% What we do How we make money We offer endpoint and network security solutions to protect small to mid-sized businesses (SMBs) against the most advanced threats. How we do it We have moved towards a unified, cloud-based solution for our security services. This means we can meet increasingly complex security demands, in a cost-effective way. Avast Business Secure Web Gateway and Secure Internet Gateway are delivered in partnership with Zscaler. We work with different types of partners, including licence resellers, distributors, and value-added resellers (VARs). We sell to businesses directly online, and via our channel partner networks. Business customers either pay us directly for a product, or buy from one of our partners. There is a growth opportunity inherent in the large-scale transition of network security from on-premise equipment to more convenient and flexible Software-as- a-Service (SaaS), cloud-based solutions. Our strengths Our antivirus endpoint platform is well-known and respected in the security industry. By introducing tailored applications and our unified endpoint and network security solution, we can offer enhanced security and target larger firms, increasing our total addressable market. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Avast’s products secure not just the devices of users, but also their data, networks, homes and offices. Business model Strategic report Governance Financial statements Avast annual report 2019 20 Growth and competitive advantage Our proven strategy, including our freemium business model and diversified product portfolio with exposure to highly profitable segments, provides multiple avenues for long-term growth. Large, attractive, and growing global market opportunity Our strategic advantages as a global leader in consumer cybersecurity position us to capitalise on long-term global trends affecting the industry. As the world becomes more technologically advanced, cybersecurity services only become even more significant. Avast has multiple avenues for growth. The Company is driving a sustained increase in its number of customers and revenue per customer, achieved through intelligent monetisation and a focus on innovation to target exciting new segments such as smart home and IoT. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Protection Users Privacy Performance Leading global consumer platform underpinned by distinctive ability to market software to consumers Avast benefits from strong levels of brand awareness. Its brands are widely recognised and respected by consumers, as well as the influential online security community. The Company has built a massive network of global users, into which is sold value- added protection, privacy, and performance solutions. This differentiated platform model is underpinned by a highly effective and efficient direct sales approach. Investment case Strategic report Governance Financial statements Avast annual report 2019 21 Investment case Differentiated cybersecurity technology supported by three decades of innovation Avast’s best marketing tool is the quality of its products, enabled by its cybersecurity talent and big data. An experienced team of 750+ engineers and 60+ dedicated data scientists and threat researchers work around the clock to assess, protect and respond. The Company’s next-generation antivirus uses artificial intelligence and employs machine-learning algorithms to continually improve performance. 750+ engineers including 60+ dedicated data scientists and threat researchers Consistent growth, high revenue visibility, strong profitability and cash flow Avast has delivered consistent good growth at scale. The Company’s subscription-based business model provides a high degree of cash and revenue visibility, while a highly cost-effective go-to-market approach results in superior profitability. Cash generation has been used to rapidly deleverage, and been a driver for ongoing organic growth, complemented by disciplined M&A. © 2019 Friend Studio Ltd File name: MarketsXampXthreats_BM_InvestCase_v75 Modification Date: 25 February 2020 6:32 pm Strategic report Governance Financial statements Avast annual report 2019 22 We make the world a safer place We are committed to ensuring everyone is safe and private online. Our mission has never wavered and our potential has never been greater as new technology increases the cyberattack surface and more people are at risk from widespread online threats. I had the honour this year to take the helm of Avast as CEO, having worked at the Company for over two decades in a number of technical and management roles. In 2019, we delivered another year of good performance, in line with company guidance. Organic revenue saw high- single digit growth with sustained high levels of profitability. We continue to expect healthy growth in 2020 and remain confident in the long-term prospects for the business. “ Our value is keeping our customers free, safe, and private online.” Ondrej VIcek Chief Executive Officer © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v57 Modification Date: 25 February 2020 2:02 pm CEO’s strategic review Strategic report Governance Financial statements Avast annual report 2019 23 2019 milestones Growth With more than 435 million users, Avast is one of the largest global cybersecurity companies. Our growth has been driven by our efficient platform model which offers a cost-efficient, viral distribution mechanism. We have 12.62 million paying customers, and are continuing to expand into new markets and extend our reach through new product offerings. We grew average revenue per customer by 3.6% and average number of products per customer by 4.2%. Innovation In consumer, we launched our IoT security product, Avast Omni, in May 2019 to our user base in North America. Our first combined software and hardware offering, Avast Omni protects users and their families online, wherever they are, and on any device. It does this through ‘in’ and ‘out of the home’ protection combined with advanced parental controls. Avast Omni was awarded ‘Best of Cybersecurity and Privacy’ at CES 2020. 12.62m paying customers +4.2% average number of products per customer +3.6% average revenue per customer We enhanced the Anti-Fingerprinting technology in Avast Secure Browser and added the Webcam Guard feature to give people even greater protection and control over their privacy online. To give us better insights into mobile threats, we launched APKlab.io, a new intelligence- driven threat hunting platform for the security analyst community. In business, we released a new Avast Business Patch Management service. Our new offering automatically identifies critical patches, prioritises their deployment, and monitors the outcome to maintain security integrity. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v57 Modification Date: 25 February 2020 2:02 pm Partnerships We partnered with Chronicle, an Alphabet company focused on cybersecurity, to support the delivery of its enterprise-level analytics platform, Backstory. Avast was an inaugural Insight Partner at launch and, through its massive global consumer threat detection network, provides analysis from its AI-driven threat engine to help protect enterprises against the biggest cybersecurity threats today. Business We launched two enterprise-class services for small and mid-sized businesses. Avast Business Secure Web Gateway and Avast Business Secure Internet Gateway offer advanced protection, flexibility, and ease of use combined with Avast’s global comprehensive threat intelligence networks. Avast Business Secure Web Gateway provides flexible and scalable enterprise-grade web security delivered within a cloud service (SaaS). Avast Secure Internet Gateway is our cloud-based solution that offers a global network of always-on security gateways to eliminate common SMB security protection gaps. In the carrier market, we deepened our existing relationship with Wind Tre, a top Italian mobile operator and one of the main operators in the fixed-line market. Together, we rolled out a new router security service based on Avast Smart Life, our IoT mobile security platform. Wind Tre is now the first of our carrier partners worldwide to add router security to its offering – helping its subscribers protect their connected homes and IoT devices. We extended our global footprint through two strategic partnerships during 2019. We entered into a master reseller agreement with Barracuda Networks. This has enabled us to extend the reach of our endpoint security products into the Barracuda managed security provider (MSP) base. Additionally, Avast Business and EET Group, a specialised IT distributor to businesses, signed a strategic partnership agreement to scale distribution of the Avast Business portfolio in Norway, Denmark, Finland, and Sweden. CEO’s strategic review Strategic report Governance Financial statements Avast annual report 2019 24 Rebuilding trust In the second half of 2019, Avast faced two significant challenges which we continue to manage today. We identified suspicious behaviour on our network in September and further investigation uncovered an attempt to gain access to our network. Evidence indicated that this was likely a supply chain attack on CCleaner, which had previously been targeted this way prior to our acquisition of the business. We took proactive measures to protect all our end users on all our products and to ensure the integrity of both our product build environment and our release process. We are confident that the measures we have put in place to ensure our product builds and business environment are secure prevented any harm to our network, users or partners. The additional scrutiny we applied to all product releases as part of best practice security did impact the release schedule of our products in Q4 2019. We were pleased that testing organisations continued to award our products as top performers in their reviews. We are returning to normal release cycles in Q1 2020. At the end of 2019, Avast also came under media scrutiny for the data handling practices of our Jumpshot subsidiary. Jumpshot helped businesses to better compete with the tech giants who dominate in search and e-commerce. It was our belief that we could leverage our tools and resources to do this more securely than the countless other companies that were collecting data. We put in place safeguards to ensure the data was de- personalised and enabled the subsidiary to run independently with its own management team and technical experts. Despite this, it became clear that no matter the steps we took internally to strip the data of personal information, and no matter how much the search engine optimisation (SEO) world valued Jumpshot, ultimately, the data collection business was not aligned with privacy priorities as a company. We announced the decision to wind down Jumpshot on 30 January 2020. “ We continue to enhance our core security products while innovating in new categories including privacy, browsing and performance.” Ondrej VIcek Chief Executive Officer We recognise that we must now focus on rebuilding the trust of our loyal users, partners, and stakeholders. It is a brand priority for 2020 and we will soon be sharing next steps on our commitment to our users’ privacy. Enabling safer online lifestyles At Avast, we have always believed in freedom, democracy and choice, and we will invest further in user experience to increase their trust. Photos, videos, chats, emails, and social interactions are increasingly driven through our devices and users want to know these are secure, backed up, and protected from attacks like ransomware. Security has moved from being an important and practical consideration to being critical to protecting some of the most valuable moments captured in people’s lives. Today, we are tackling some of the greatest tech challenges of our time: online privacy, a threat landscape expanding through consumer connected devices, and holistic network security for businesses. For consumers and small businesses alike, this is an increasingly complicated world. Next-generation technologies such as AI give cybercriminals more access than ever to vulnerable populations who are more likely to fall victim to socially engineered, AI-generated phishing attacks and other attacks. Avast grew its global footprint and reputation through our award-winning free and paid-for antivirus products, and in our global markets, we are delivering new innovative products to loyal and new users to meet their evolving security needs. The closure of Jumpshot gives us immense opportunity to build out our privacy portfolio and we are gearing innovation efforts towards this for 2020. Innovating to support evolving technology We see the increasing personalisation of devices and services, family tech, and more connected things overall in our lives as key trends. Personal assistants, doorbell cameras, and fitness watches are just three examples of popular personal tech that bring both great convenience and an inherent security risk. Security and privacy have a critical role here – the future of connected technology necessarily requires that technology to be secure so people can use it with confidence and peace of mind. Hidden voice recording capabilities in personal assistants make us wonder just who is listening. Cameras at front doors gather and share a lot more information than we would reasonably expect from such a functional device. In 2019, Avast Threat Intelligence discovered that the most popular GPS trackers all required invasive permissions requirements to function and have no in-built security features. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v57 Modification Date: 25 February 2020 2:02 pm CEO’s strategic review Strategic report Governance Financial statements Avast annual report 2019 25 When it comes to family tech, parents and children are more aware of the risks of going online and we have seen significant growth in parental controls and screen time monitoring apps. These tools, such as Avast Family Space which enables parents to control how their children use the internet, and the full-featured parental controls available in Avast Omni, help to manage family online life in a healthy and interactive way. Avast’s focus for 2020 will be on helping to simplify security and privacy, and make it more convenient and useful for users. Devices enable people to get online and access services but what we are seeing is the shift from the device to the individual. We are increasingly focused on securing the experience and online lives of people as many use their browser as their main gateway to the online world. We are also extending our offerings into adjacent categories including dedicated privacy offerings with VPN products and our popular Avast AntiTrack product. We are developing our portfolio of performance products to add lifestyle features – including photo cleaning and storage options – to help users keep on top of their digital memories, a key function of many mobile devices today. Our product brand portfolios have been a focus for us in 2019. We enhanced and streamlined the AVG range of security and privacy products, including AVG Secure Browser and AVG AntiTrack. CCleaner introduced a new user interface to provide a better, tailored experience for both technical and non-technical users, and introduced a simple Health Check feature for consumers who want it to be easy and simple to maintain their PC. HMA enhanced its reputation as one of the top VPNs on the market with the release of its highly competitive HMA version 5 in May 2019. We will also be adding innovative new features to existing products and releasing new products for all our brands in 2020 to make it easier for Avast users to choose and manage the products they like and need. Ensuring continued success Avast was founded in 1988 at a time of great change in Central and Eastern Europe, and our passionate belief in personal freedom, democracy, and choice still drives us today. Technology over these three decades has evolved at an increasingly rapid pace. Constant new threats to the security of users’ devices and data have caused us to be focused on delivering value by enabling our customers to have safe, enjoyable online lives. I am committed to a rigorous growth strategy that will deliver innovative products for our users and returns to our stakeholders. Avast already has all of the key elements in place and for 2020, we are focused on maximising them to deliver continued success. It is for this reason, I have embarked on an internal transformation programme in three areas: 1 2 3 Purpose and core values: enthuse and drive an even greater sense of purpose and core values to actively support innovation and entrepreneurialism across the Company. Growth and innovation: ensure proper capital allocation, enabling investments that support our long-term growth aspirations. Focus: place focus on our core strengths, developing products and services that are highly relevant to our users’ lives. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v57 Modification Date: 25 February 2020 2:02 pm CEO’s strategic review Strategic report Governance Financial statements Avast annual report 2019 26 1 Purpose and core values 2 Growth and innovation 3 Focus In my new role, I have taken the opportunity to revisit our Company values to ensure that we are focusing on the right elements to serve our customers to the best of our ability. I believe the way we operate as a business and the internal values we hold fuel how our employees represent what Avast is, the experience our customers have, and the wider external perception of our brand. In our fourth decade as a global business, we will address our culture to rediscover who we are and what we stand for, and build an agile organisation that can adapt to the fast-paced technology sector to the benefit of our users. I began this process in July 2019 with announcing changes in our executive bench to put in place the right team to take the Company forward. We appointed a new Chief Technology Officer, Michal Pechoucek, who is focused on R&D in big data, AI and cybersecurity. We created a new position, Chief Information Security Officer, and hired industry-recognised top performer, Jaya Baloo, to the role. Vita Santrucek was appointed General Manager of Avast Business. In early 2020, we also added Julio Bezerra, Chief Strategy and Transformation Officer, and Rebecca Grattan, Chief People and Culture Officer, completing our team. I am confident that this new team will be the driving force behind our 2020 strategy. In this new Avast, we will have a laser focus on customer-centricity, innovation, and growth. This is our path to competitive advantage and future success. To capture and better articulate this, we are developing a Culture Book with our employees that will capture all the values that we live by. This will be our guide for 2020 and beyond, supporting our transformation strategy to enable further innovation and growth. In 2019, our platform model powered our growing penetration levels and cross-sell into adjacent products. Desktop remained the main distribution channel for our products. Growth in non- antivirus (non-AV) was 23.2% organic, or 20.1% in actual rates, representing 52% of total desktop billings Our long-term objective is to accelerate Avast’s innovation programme to address the new challenges technology is creating. Beyond VPN, we need an answer to private browsing, and Avast Secure Browser fulfils this user need. New areas of concern, such as fake news and fake videos, became prominent in 2019 as AI-based tools enabled bad actors to become creative in causing disruption. These are not traditional security threats but new, pervasive challenges to a healthy online economy. These are some of the tech-age problems that we are turning our minds to now. We are approaching these challenges in two ways. We will evolve our successful platform model. It has underpinned our success for over 30 years and powered our revenue stream by enabling the diversification of our portfolio through cross-sell and up-sell opportunities. Our focus is on delivering products and services with simplicity and convenience for the user, something which is increasingly critical as the range of technologies we secure becomes more complicated than ever. We will invest significantly more in innovation. This is also an important opportunity to build on our reputation and enhance our brand perception. We need to balance the short-term needs of today’s users with planting the seeds for future development in three years, five years, and beyond. We are focused on delivering the products and services that align to our Company mission to make the online world safer. We will innovate to address the rapidly emerging threats against users, and to anticipate and prevent new threats, attacks, and online harms. It is for this reason we partnered with Barracuda to divest our the remote monitoring and management portfolio, which enable us to focus more strongly on our core security products. This focus ensures that customers always come first in everything that we do. From the day we first offered free security to users all over the world, we committed to providing every user with security and peace of mind because we believed it is the right of everyone to be safe online. World-class customer experience is our goal and we will continue to evolve the customer-centric approach that will underpin the success of our global platform model and our ability to cross-sell additional customer solutions across the entire customer journey. While providing the technology to stop attacks and such online harms has never been more important, the complexity of the threat landscape means we have a responsibility to educate our users. The Avast blog keeps our users up to date on the latest security and privacy news, and provides guidance for consumers and businesses on topics such as IoT, cyberattacks, data breaches, parental controls, and best practice security tips. In Czech Republic, we have a children’s online safety programme called Be Safe Online where Avast experts team up with a YouTube influencer and teachers to hold workshops in schools. We are constantly reviewing the user experience of all our products, and respond to user feedback by making further improvements. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v57 Modification Date: 25 February 2020 2:02 pm CEO’s strategic review Strategic report Governance Financial statements Avast annual report 2019 27 Our north star Avast set out to make the world a better place, a safer place, and we transformed the cybersecurity industry. We believe that everyone has the right to be safe and private online and this was the mentality behind us introducing the first free antivirus 20 years ago. This same belief is what drives us today. It underpins how we value user privacy and how we are focused on delivering products that empower our users to take control of their security and make the privacy choices that are right for them. We are focused on ensuring our products and practices are aligned with our values as a leader in the privacy community. Everything we do going forward will be to demonstrate our commitment to our users’ security and privacy. We have been an industry pioneer in privacy for almost a decade and we have further exciting privacy products under development for 2020. As we look ahead at 2020, our ambition to keep challenging the status quo and innovating for good continues to drive us. We have a global team of passionate, engaged employees who believe in the work that we do, who want us to change the world, and who hold us to account to do so. I am confident that we will be stronger going forward, for having made some hard decisions and dealt with these issues with transparency. We have a great opportunity and the right strategy to build on the consistent growth delivered in 2019 to continue to perform strongly in 2020. This is a time of change for Avast as we overcome the challenges of the last few months and rediscover our strengths. Our purpose Our values Innovation Security expertise Our commitment to privacy Ondrej Vlcek CEO, Avast © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v57 Modification Date: 25 February 2020 2:02 pm CEO’s strategic review Strategic report Governance Financial statements Avast annual report 2019 28 Innovation is embedded in our technology and in our mindset For over three decades, our cybersecurity experts have been continuously developing our threat detection network built on millions of sensors across the globe. One of the largest in the world, this platform has five critical components: Our global user base which provides immense quantities of real-time security data shared by hundreds of millions of devices across the globe, allowing us to detect and defend against varied and highly sophisticated cyberattacks A large operational cloud infrastructure provides our world-class threat labs operation with the scale, speed, and accuracy to quickly discover, classify, and protect against any new threat A robust protection engine with six layers of defence ensures our users remain protected at all times AI and machine learning technologies operating at scale process the security data from our user base to eliminate known threats and identify unknown threats A dedicated team of data scientists, threat researchers, and machine learning experts focused on delivering market-leading IoT and network security © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm Our technology Strategic report Governance Financial statements Avast annual report 2019 29 Our global scale and sophisticated technology puts us ahead of competitors The largest network A look inside our security engine 10,000 servers serving as a global threat detection network 60 million concurrent connections 50 petabytes of data transmitted 205 gigabits/second peak download speed 265,000 simultaneous VPN connections 2.5 trillion URLs analysed per year Machine learning Cloud Machine learning and cloud 1 2 3 Web Shield embedded in our security products, this analyses URLs to protect against phishing, malware, and other web-based threats. Static Scanner uses algorithms and a host of other techniques to check all executable code to classify files as benign or malicious. Emulators replicate the real PC environment to test for any previously unknown zero-day malware or new variants of known exploits and stop malicious execution. 4 5 6 DeepScreen uses machine learning within a safe sandbox clone of the operating system to identify any similarities with known malware families. CyberCapture sends unusual and potentially harmful files to a cloud-based clean room for analysis with advanced algorithms. Over 20,000 such files are processed every day. Behaviour Shield identifies any unusual behaviour or suspicious activities on a device and prevents them doing any harm. This shield was instrumental in stopping WannaCry in 2017. © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm Our technology Strategic report Governance Financial statements Avast annual report 2019 30 We set the benchmark for artificial intelligence in cybersecurity Today, Avast provides security, privacy, and performance products to more than 435 million users online. The vast quantities of threat data shared from our users’ devices base power our security platform which is based on machine learning technologies. Providing real-time threat data into our security engine for immediate analysis enables us to eliminate known malware and identify attack patterns of previously unknown ‘zero day’ threats. We rely on artificial intelligence (AI) to analyse huge volumes of threat data to detect threat patterns and issues in ways that would be impossible for human agents. For AI to be effective, it requires large amounts of data to identify and validate patterns – which is why Avast’s huge user base is a significant competitive advantage. This allows us to understand how the user’s device was attacked, where the attack originated, hallmarks of the attack including its purpose, and what kind of operating system the user was running when the malware attacked, all of which help us identify why the user was targeted. Advanced techniques such as deep convolutional neural networks (Deep CNN) are also applied to enhance our malware detection models. Combined, these technologies help us to protect our users from the most challenging cyberattacks and stay ahead of bad actors. © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm Our technology Strategic report Governance Financial statements Avast annual report 2019 31 Advancing excellence in AI research In 2019, we welcomed as our Chief Technology Officer Michal Pechoucek, a renowned professor at the highly regarded Czech Technical University (CTU) in Prague. In addition to leading our Technology and Innovation Group, Michal has been charged with responsibility for forging a stronger collaboration with academia in the fast- moving field of applied AI research. Michal led the Department of Computer Science in the Faculty of Electrical Engineering, and the Artificial Intelligence Center which he founded nearly 20 years previously, and is behind the new partnership of Avast and CTU which has created the Avast AI and Cybersecurity Laboratory (AAICL). “ The power of this cooperation is to share groundbreaking research and its real-world application.” Michal Pechoucek Chief Technology Officer “ AI-based adversarial attacks on cybersecurity’s malware detectors are already happening in the wild.” Sadia Afroz Senior Data Scientist, AI & Network Security Cybersec & AI Prague 2019 Security is AI’s biggest challenge, and AI is security’s best opportunity. Speakers and presenters from 11 nations explored the intersection of cybersecurity and AI at the first Cybersec & AI Prague conference on 25 October 2019, organised by Avast. Topics discussed by academics from across the world included new advancements in adversarial AI in the domain of security, security as a unique challenge for AI, use of AI in consumer security (PC, mobile, IoT), and security of AI (model training and evaluation techniques for maximum protection). © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm Our technology Strategic report Governance Financial statements Avast annual report 2019 32 Setting new standards for threat intelligence and research Between 2017 and 2018, we tracked a 375% growth in adware as a malware category and this now makes up more than 52% of all mobile threats today. Aggressive adware is malware that pushes or spams user devices with a large number of advertisements. We also saw an increase of 78% year on year in the category of mobile banking threats; these try to trick the user into giving up their bank account details by pretending to be a legitimate banking application. To help tackle this alarming uptick in mobile threats, in 2019 we created and launched APKlab.io. This is our intelligence- driven Android mobile threat hunting platform aimed at the security analyst community and is the first platform of its kind. APKlab.io collects and makes available intelligence from Avast’s global network of more than 145 million mobile users to help researchers fight the growing threat of mobile malware. All together, these apps had been installed more than 140,000 times The most installed apps being Spy Tracker, and SMS Tracker (both with more than 50,000 installs) Android apps on Google Play Store come with a nasty surprise Avast detected seven apps on the Google Play Store that were designed to allow people to stalk employees, romantic partners, or kids. We detected and reported the apps, which we suspect were created by a Russian developer, to Google which subsequently removed them from the Play Store. © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm Our technology Strategic report Governance Financial statements Avast annual report 2019 33 Partnering with the international security community to beat the bad guys Retadup In August 2019, Avast partnered with the Cybercrime Fighting Centre (C3N) of the French National Gendarmerie to neutralise over 850,000 unique infections of Retadup, a malicious worm affecting Microsoft Windows machines throughout Latin America that was capable of mining cryptocurrency, distributing ransomware, and stealing passwords. Retadup’s Command and Control (C&C) infrastructure was mostly located in France, so we collaborated with the C3N of the French National Gendarmerie. C3N replaced the malicious C&C server with a prepared disinfection server that made connected instances of Retadup self- destruct, protecting all users including Avast users, without any action required from their side. Some parts of the C&C infrastructure were also located in the U.S. The Gendarmerie alerted the FBI who took them down, and on 8 July 2019 the malware authors no longer had any control over the malware bots. “ We helped protect not just Avast users but also the rest of the world from malware on a massive scale.” Jan Vojtesek Reverse Engineer © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm Our technology Strategic report Governance Financial statements Avast annual report 2019 34 Geost A chain of small security mistakes from a criminal syndicate led to the discovery of Geost, an Android botnet that amassed millions of euros from the bank accounts of more than 800,000 victims. Researchers from Avast, Czech Technical University and UNCUYO University worked together to expose Geost, which has been in circulation since 2016. In addition to a poor choice of anonymisation platform to hide their tracks, the botmasters failed to encrypt their communications. In one conversation, a member of the ring wanted to leave the group but the leader encouraged him to stay, saying, “Alexander, really, if we started together we need to finish it. Because for now this is working and we can earn money.” The leader was also engaged in conversations about money laundering and payments using popular systems among Russian cybercriminals, with the group potentially controlling millions in currency. “ We really got an unprecedented view into how an operation like this functions.” Anna Shirokova Researcher, AI and Network Security © 2019 Friend Studio Ltd File name: Technology_v35 Modification Date: 25 February 2020 1:13 pm “ This is a highly modular and complex malware supporting a wide range of functionalities.” Adolf Streda Malware Researcher, Threat Labs Guildma This malware started its crime spate by targeting users and services in Brazil and Avast protected almost 27,000 users. We then noticed it was spreading more widely and targeting more than 130 banks and 75 other web services, such as Netflix, Facebook, Amazon, and Google Mail (although it was avoiding computers running in English). The malware included a remote access tool (RAT), spyware, as well as password stealing, and banking Trojan capabilities and spread via targeted phishing emails, posing as invoices, tax reports, invitations, and similar types of messages. The emails were personalised to address their victims by name. Our technology Strategic report Governance Financial statements Avast annual report 2019 35 A good financial performance in line with expectations Group overview The Group’s adjusted billings increased by $48.8m to $911.0m in the year ended 31 December 2019, mostly driven by the core Consumer Direct Desktop business. This represented a 5.7% increase at actual rates and organic growth1 of 10.2%. Subscription billings represented 83.4% of the Group’s total adjusted billings in FY 2019 (85.0% in FY 2018). “ In line with our expectations, the Group has achieved good growth and maintained high levels of profitability.” Phil Marshall Chief Financial Officer 1 Organic growth rate excludes the impact of FX, acquisitions, business disposals, and discontinued business. It excludes current period billings and revenue of acquisitions until the first anniversary of their consolidation. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 36 The Group’s adjusted revenue increased by $46.1m to $873.1m in the year ended 31 December 2019, which represents a 5.6% increase at actual rates and organic growth of 9.1%. Adjusted revenue included $387.6m from the release of prior-period deferred revenue. The adjusted deferred revenue2 balance at the end of the period excluding Jumpshot was $467.8m, comprising $413.6m that will be recognised within 12 months of the balance sheet date. Including Jumpshot, it was $476.3m and $422.1m respectively. This compares to $439.0m, comprising $387.6m respectively, at the same time last year. The average subscription length in the year ended 31 December 2019 was 14 months, flat versus FY 2018. The Group’s reported billings increased by $48.8m to $911.0m in the year ended 31 December 2019, which represents a 5.7% increase. The Group’s reported revenue increased by $62.8m to $871.1m, which represents a 7.8% increase. It should be noted that the difference between the Group’s statutory revenue of $871.1m and adjusted revenue of $873.1m in 2019 is diminishing as the magnitude of non-cash historical adjustments arising from the AVG acquisition decreases (for the reconciliations, please refer to ’Presentation of Results and Definitions’). These adjustments are expected to be zero after 2019. Profitability was driven by the Group’s scale and operating leverage. Adjusted EBITDA increased 7.9% to $483.0m, 8.6% excluding FX, resulting in adjusted EBITDA margin3 of 55.3% (including c.1pt upside from IFRS 16 adoption in 2019). This is in line with full year guidance of broadly flat adjusting for the IFRS 16 impact (54.1% EBITDA margin in FY 2018). The reported operating profit increased by $96.3m to $344.6m. The increase was driven by a more modest impact from the deferred revenue haircut from the AVG acquisition of $13.7m, increase in adjusted EBITDA of $35.3m, lower exceptional items of $23.8m, lower depreciation and amortisation of acquisition and non-acquisition intangibles of $33.4m, and the lower impact of other adjustments of $1.2m, partially offset by higher share-based payments costs including related employer’s costs of $(11.1)m. The table below presents the Group’s adjusted billings and adjusted revenue for the periods indicated: ($’m) Adjusted billings Consumer Acquisitions Direct (excl. Acquisitions) Discontinued Business5 Indirect (excl. Discontinued Business) SMB Disposal Managed Workplace6 SMB (excl. Disposal) Adjusted billings excl. Acquisitions, Disposals, and Discontinued business Adjusted revenue Consumer Acquisitions Direct (excl. Acquisitions) Discontinued Business Indirect (excl. Discontinued Business) SMB Disposal Managed Workplace SMB (excl. Disposal) FY 2019 FY 2018 Change % Change % (excluding FX)4 911.0 865.0 1.4 744.1 8.9 110.6 45.9 0.0 45.9 900.7 873.1 823.9 1.4 706.9 8.9 106.7 49.2 0.0 49.2 862.1 801.7 0.0 698.4 15.5 87.8 60.5 10.5 50.0 836.2 827.0 763.7 0.0 662.5 15.5 85.8 63.3 10.5 52.7 5.7 7.9 n/a 6.5 (42.6) 26.1 (24.0) n/a (8.1) 7.7 5.6 7.9 n/a 6.7 (42.6) 24.3 (22.2) n/a (6.7) 7.7 8.1 10.3 n/a 9.2 (41.7) 26.9 (22.3) n/a (6.0) 10.2 7.0 9.3 n/a 8.2 (41.7) 25.2 (21.4) n/a (5.8) 9.1 Adjusted Revenue excl. Acquisitions, Disposals, and Discontinued business 862.8 801.0 2 Adjusted deferred revenue represents the balance of deferred revenue excluding the effects of the fair value revaluation of the acquiree’s pre-acquisition deferred revenues and including the impact of gross-up adjustment. 3 Adjusted EBITDA margin percentage is defined as adjusted EBITDA divided by adjusted revenue. 4 Growth rate excluding currency impact calculated by restating 2019 actual to 2018 FX rates (see Principal exchange rates applied). Deferred revenue is translated to USD at date of invoice and is therefore excluded when calculating the impact of FX on revenue. 5 As the Company is exiting its toolbar-related search distribution business, which had previously been an important contributor to AVG’s revenues (referred to above and throughout the report, with the Group’s browser clean-up business, as ‘Discontinued Business’), the growth figures exclude Discontinued Business, which the Group expects to be negligible by the end of 2020. The Discontinued Business does not represent a discontinued operation as defined by IFRS 5 since it has not been disposed of but rather it is being continuously scaled down and is considered to be neither a separate major line of business, nor geographical area of operations. 6 On 1 February 2019, Avast plc sold the non-core asset of Managed Workplace, its remote monitoring and management product, to Barracuda Networks, Inc. (‘Barracuda’). Managed Workplace was Avast’s solution in the remote monitoring and management (RMM) space, which is sold to managed service providers (MSP). This business was not core to our SMB strategy, which focuses on securing the workplace. Barracuda, which has a large existing MSP base but did not offer an RMM solution, provides a better long-term solution for this business. In addition, Barracuda has signed a reseller agreement with Avast under which it now resells Avast’s business security solutions to MSPs. In the year ended 31 December 2018 the asset generated low teen revenue (USD million) with a materially lower margin profile than the Group. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 37 Business unit performance Consumer Direct Desktop Adjusted billings $m Adjusted revenue $m 613.9 668.3 580.0 632.9 2018 2019 2018 2019 Growth +8.9% in actual rates Growth +9.1% in actual rates Organic Organic Number of customers7 m Average products per customer8 Average revenue per customer9 $ 12.19 12.62 1.40 1.45 49.24 51.02 2018 2019 2018 2019 2018 2019 7 Users who have at least one valid paid Consumer Direct Desktop subscription (or licence) at the end of the period. 8 APPC defined as the Consumer Direct Desktop simple average valid licences or subscriptions for the financial period presented divided by the simple average number of customers during the same period. 9 ARPC defined as the Consumer Direct Desktop revenue for the financial period divided by the simple average number of customers during the same period. The largest component of the Avast business, Consumer Direct Desktop, performed strongly in the year. Adjusted billings of $668.3m were up 8.9% at actual rates, with organic growth of 11.7%. Adjusted revenue of $632.9m grew 9.1% at actual rates, with organic growth of 10.7%, in line with guidance of low double-digit growth. The number of multi-device subscriptions purchased on Consumer Direct Desktop has continued to increase. Mobile-enabled VPN and Password Manager products have led the trend, and the introduction of multi-device compatibility for other products is set to accelerate the convergence. Customer retention rates have increased to 67%, driven by lower churn in paid antivirus and CCleaner products, and growth in average products per customer. All three key operating metrics – end of period customers, average products per customer, and average revenue per customer – tracked in line with growth guidance of low-single digit, mid-single digit and mid-single digit respectively. While the number of users has remained within a consistent range, we have started to see lower value returns from our pay per install (PPI) investments, and expect that trend to continue. The consumer monetisation platform remains a key driver of growth, effectively promoting up-sells and cross-sells of products, in particular privacy products led by VPN and AntiTrack. The performance of the antivirus business has proved resilient, benefiting from enhanced product features and a reworked value proposition, built around a more streamlined product line. In July 2019, Avast released its IoT direct-to-consumer product ‘Omni’ to users in the US market. The product was named a Best of Innovation Honoree in the prestigious CES Innovation Awards. While volumes remain modest, initial customer feedback has been positive and assimilated to advance product positioning. Additional investments have been made in engagement strategies to both strengthen customer care and build customer lifetime value. Deeper analysis of processes and data has helped optimise content, frequency, and context of communications, driving an improvement in support Net Promoter Score and retention rates. There has been continued strong execution on the localisation programme, with a sustained uplift in customer numbers and penetration rates in new target countries from Malaysia in South East Asia to Poland in Europe. This is in addition to continued good growth in customer numbers in traditional markets such as the US. In FY 2020, we expect Consumer Direct Desktop to deliver mid-single digit organic revenue growth. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 38 Consumer Direct Mobile Adjusted billings $m Adjusted revenue $m 84.6 77.3 82.5 75.4 2018 2019 2018 2019 Growth -8.6% in actual rates Growth -8.6% in actual rates Organic Organic Consumer Indirect Adjusted billings $m Adjusted revenue $m 119.5 103.2 115.5 101.2 2018 2019 2018 2019 Growth +15.8% in actual rates Growth +14.1% in actual rates Organic Organic +25.2% Adjusted billings of $77.3m were down 8.6% at actual rates, representing an organic decline of 8.9%. Adjusted revenue of $75.4m was down 8.6% at actual rates, an organic decline of 9.2%, behind the guidance of mid-single digit decline. Sustained double-digit growth in the direct-to-consumer subscription business has been driven by product promotion and high renewal rates. The channel has also benefited from a positive trend in the uptake of Avast Mobile Security for iOS. The product has become a contributor to sales after its release last year and more recently benefited from enhanced privacy features. Multi-platform subscriptions sold through desktop continue to negatively impact mobile, which is a trend we expect to further dampen growth in the mobile segment. While adversely affected by the carry-over impact from the 2017 Sprint loss, performance in the carrier channel has also been affected by lower marketing investments by US carriers and subsequent weaker product performance. This resulted in weaker than expected sales in the carrier channel, notably in the second half of 2019. After strengthening its salesforce and presence in different geographies at the start of the year, Avast has since made progress in deepening new carrier relationships. The Company is involved in several late-stage tenders and discussions around the provision of IoT and other customer security solutions. The first half of 2019 saw the launch of Avast’s IoT router- based solution via the Italian operator Wind Tre, the first of our carrier partners worldwide to add the security, based on Avast’s Smart Life platform. Avast has further developed and commenced customisation of its IoT solutions in response to carriers’ stated needs. We remain cautious of the headwinds in the carrier channel, and therefore expect mid-single digit organic revenue decline in the mobile business overall in 2020. This business unit includes Avast Secure Browser (ASB), distribution of third-party software, Jumpshot analytics, and advertising within mobile applications. Within Consumer Indirect, adjusted revenue was $115.5m, up 14.1% at actual rates, with organic growth of 25.2%, in line with double-digit growth guidance. The business unit excluding Jumpshot delivered 8.6% organic revenue growth. ASB, focused on internet security and privacy, has performed strongly in the year, benefiting from organic demand including from beyond the Avast and AVG user base. At year end, the Secure Browser had 35 million active monthly users. Monetisation has continued to increase at a growing rate. Avast expects the Secure Browser to be the key driver in Consumer Indirect in the medium term. Chrome distribution continued to soften in line with expectations. The current Avast contract to distribute Chrome to Avast, AVG and CCleaner branded product sets extends to March 2020, and renewal is currently under consideration. Avast’s data analytics business, Jumpshot, delivered double-digit growth rates. In January 2020, Avast decided to terminate the provision of anonymised data to its data analytics business, Jumpshot, having concluded that the business was not consistent long term with the Group’s privacy priorities as a global cybersecurity company. In FY 2020, we expect the organic revenue growth in Consumer Indirect (excluding Jumpshot) to be high-single digit. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 39 SMB Adjusted billings $m Adjusted revenue $m 60.5 45.9 63.3 49.2 2018 2019 2018 2019 Growth -24.0% in actual rates Growth -22.2% in actual rates Organic -6.0% Organic The SMB business has performed in line with expectations of mid-single digit organic revenue decline provided at half year. Further to the launch of Secure Web Gateway in the first half of the year, in October we introduced Secure Internet Gateway (SIG). SIG is an advanced cloud security solution, set to replace hardware-based gateway solutions, with better scalability. It is especially suited to larger SMBs and MSPs. Early progress in Secure Web and Internet Gateway sales pipeline development has been encouraging. As part of Avast’s layered security protection, our new Patch Management Solution (PMS) went live in June 2019. This was followed by its fourth-quarter release on the CloudCare platform, which specifically services MSPs. In December, we additionally launched a PMS version for the Business Console platform, adding improved functionality based on customer requests. PMS is expected to become a meaningful revenue contributor within SMB over time. As part of the transition plan, the new SMB leadership team is now in place. The business has also exited several low-performing countries. The aforementioned product initiatives are at an early stage. As the SMB business continues its transition to integrated endpoint and network security, in FY 2020 we expect low-single digit organic revenue decline. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 40 Group outlook The Group expects to deliver healthy growth during FY 2020, with organic mid-single digit revenue growth. Organic billings growth for FY 2020 will be broadly in line with organic revenue growth, albeit slightly weighted towards the second half of the financial year because of the Group’s deferral of product upgrades and releases in the first half of the year. This is due to the rebuild of the product environment that was undertaken to proactively harden and further secure this infrastructure, after the attempted attack late last year. Adjusted Group EBITDA margin is expected to be broadly flat versus FY 2019. Jumpshot is expected to incur approximately $5m of operating costs, with negligible associated revenue, as the business is wound down. Incremental expense released from Jumpshot will be reinvested into the business to support long-term growth initiatives. In relation to termination of the provision of data to Jumpshot, the Group expects to incur a one-time exceptional cash cost in the range of $15-$25m in FY 2020 to cover closure costs, asset write-down, and employee restructuring. Avast will return the investments made by Ascential plc into the business, along with associated exit costs, amounting to $73m. Costs ($’m) Cost of revenues Share-based payments (incl. employer’s costs) Amortisation of acquisition intangible assets Depreciation and amortisation (excl. amortisation of acquisition intangible assets) Gross-up and other adjustments Exceptional items Adjusted cost of revenues (excluding D&A) FY 2019 FY 2018 Change Change % (210.7) (241.4) 30.7 12.7 Fav10 0.2 0.3 127.5 (39.2) (30.7) 9.4 (2.6) 0.6 (0.5) 2.3 (5.0) 90.3 (0.5) (78.8) 0.5 88.3 8.9 (0.3) 0.1 (113.2) (106.3) (6.9) (6.5) The increase in the Group’s adjusted cost of revenues reflects higher sales commissions and licence fees of $(4.1)m related to the increase in adjusted revenue, increase in costs for distribution of digital content of $(1.1)m, and investment into personnel costs of $(1.9)m, offset by a positive FX impact and other costs of $0.2m. Adjusted cost of revenues represent the Group’s cost of revenues adjusted for depreciation and amortisation charges, share-based payments charges, exceptional items, and other adjustments. The Group’s reported cost of revenues decreased by $30.7m to $(210.7)m, primarily due to the lower amortisation of acquisition intangibles. The amortisation of acquisition intangibles represents intangible assets acquired through business combinations. ($’m) Operating costs Share-based payments (incl. employer’s costs) Depreciation and amortisation (excl. amortisation of acquisition intangible assets) Exceptional items Adjusted operating costs (excluding D&A) FY 2019 FY 2018 Change Change % (315.8) (318.6) 2.8 24.4 12.7 13.7 6.8 10.7 5.9 0.9 77.9 87.8 1.7 25.0 (23.3) (93.2) (276.9) (273.0) (3.9) (1.4) The increase in the Group’s adjusted operating costs excluding the positive impact of IFRS 16 implementation of $8.5m was $(12.5)m. The increase was caused by investment into R&D of $(11.0)m, sales and marketing of $(6.9)m, offset by lower bad debt costs, and other costs of $5.4m. Adjusted operating costs represent the Group’s operating costs adjusted for depreciation and amortisation charges, share-based payments charges, and exceptional items. The decrease in the Group’s reported Operating costs of $2.8m, from $(318.6)m to $(315.8)m, reflects the lower exceptional items, partially offset by higher share-based payments and higher depreciation and amortisation of non-acquisition intangibles driven primarily by amortisation of right-of-use assets. The net impact of IFRS 16 implementation on reported operating costs including impact on amortisation is a decrease in costs of $0.8m. 10 ’Fav’ in change % represents favourable growth rate figure over 100%, ‘Unf’ represents unfavourable decline greater than negative 100%. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 41 Exceptional items Exceptional items are income or expenses that arise from events or transactions that are clearly distinct from the ordinary activities of the Group. The Group believes that these non-recurring items should be separately disclosed to show the underlying business performance of the Group more accurately. Once an item is disclosed as exceptional, it will remain exceptional through completion of the event or programme. Exceptional items in 2019 consist primarily of legal fees and restructuring costs related to the disposal of a subsidiary and related business operation (Managed Workplace business of SMB segment) and to the acquisition of TrackOFF and Tenta (see Note 6 Exceptional items). The portion of the exceptional items directly related to the disposal of a business operation was included in the investing cash flow, and costs related to the acquisition were included in operating cash flow. The net gain on disposal of a business operation of $17.5m (see Note 16 Disposal of business operation) was treated as exceptional and is not included in adjusted net income. Exceptional items in 2018 related mainly to IPO costs. Finance income and expense Adjusted finance expense on a net basis was $(61.4)m in 2019, $30.9m lower compared with $(92.3)m in 2018. Excluding the negative impact of the implementation of IFRS 16 of $(2.3)m, the adjusted finance costs decreased by $33.2m. The decrease was driven by lower total loan interest costs of $29.3m resulting from the repayment of $300m debt post IPO in 2018 and the additional repayment of $297.4m in 2019 (see Note 27 Term loan), positive FX impact of $3.8m, and decrease in other finance costs of $0.1m. The Group’s statutory net finance costs decreased by $18.4m to $(47.5)m in 2019 resulting from the decrease in adjusted finance costs described above, offset by the lower unrealised foreign exchange gains in 2019 from the euro denominated debt. ($’m) FY 2019 FY 2018 Change Change % Finance income and expenses, net Unrealised FX (gain)/loss on EUR tranche of bank loan Adjusted finance income and expenses, net (47.5) (65.9) 18.4 27.9 (13.9) (26.4) 12.5 47.4 The tax impact of other adjusted items represents the tax impact of amortisation of acquisition intangibles, deferred revenue haircut reversal arising from prior acquisitions, exceptional items, and other adjusted items, which has been calculated applying the tax rate that the Group determined to be applicable to the relevant item. Adjusted income tax is $(77.8)m for FY 2019, resulting in an adjusted effective tax rate of 19.4% (FY 2018: 20.2%). The adjusted effective tax rate is the adjusted income tax percentage of adjusted profit before tax of $400.1m (defined as adjusted net income of $322.3m before the deduction of adjusted income tax of $(77.8)m). (61.4) (92.3) 30.9 33.5 ($’m) Income tax FY 2019 FY 2018 Change Change % (65.7) 58.7 (124.3) Unf Income tax In the year ended 31 December 2019, the Group reported an income tax expense of $(65.7)m, compared with the income tax benefit of $58.7m in the year ended 31 December 2018. The income tax benefit in 2018 was primarily driven by the transfer of AVG E-comm web shop to Avast Software B.V. (Avast BV) on 1 May 2018 (IP transfer). Subsequently, the former Dutch AVG business from Avast BV (including the web shop) was sold to Avast Software s.r.o. The total net impact of this transaction was $94.4m, which was treated as an exceptional item in 2018. The transferred IP is amortised for tax purposes over 15 years. Income tax was further impacted by the tax benefit of the foreign exchange movements on intercompany loans arising in the statutory accounts of the subsidiary concerned of $0.4m (tax benefit of $9.8m in 2018) and the recognition of previously unrecognised tax losses related to the previous periods of $4.7m. Tax impact of FX difference on intercompany loans Tax impact of IP transfer Tax impact of COGS deferral adjustment Tax impact of disposal of business operations Tax impact on adjusted items Adjusted income tax (0.4) 6.3 (9.8) 9.4 (99.2) 105.5 96.3 Fav – 0.3 (0.3) Unf 2.3 – 2.3 n/a (20.3) (18.5) (77.8) (68.4) (1.9) (9.3) (10.4) (13.7) © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 42 Cash flow Unlevered free cash flow represents the amount of cash generated by operations after allowing for capital expenditure, taxation, and working capital movements. Unlevered free cash flow provides an understanding of the Group’s cash generation and is a supplemental measure of liquidity in respect of the Group’s operations. Levered free cash flow represents amounts of incremental cash flows the Group has after it has met its financial obligations (after interest and lease repayments) and is defined as unlevered free cash flow less cash interest and lease repayments. ($’m) FY 2019 FY 2018 Change Change % Adjusted cash EBITDA 519.4 476.8 42.6 8.9 Net change in working capital (excl. change in deferred revenue and deferred COGS) Capex Cash tax (excl. Dutch exit tax) (10.0) 13.8 (23.8) Unf (29.9) (16.8) (13.1) (77.7) The working capital movement in 2018 comprised a positive movement in receivables driven by the renegotiation of payment terms with payment providers. Adjusted for the impact of renegotiation of payment terms with payment providers, the cash conversion in FY 2018 would be 78%. In line with guidance, capex represents 3% of adjusted revenue in 2019, which is a slight increase versus 2018 (2%), due to investment into network infrastructure. The cash tax included in the calculation of unlevered free cash flow excludes a $49.4m Dutch exit tax paid in March 2019 as this was treated as an exceptional item. The decrease in the adjusted cash tax is driven by the Czech Republic true-up system, where a company is obliged to make quarterly income tax advances based on its last known tax liability. Upon filing a tax return, tax advances paid during the year for which the tax return is filed offset the final tax liability. As the taxable income for 2017 was significantly higher than the taxable income for 2018 due to unrealised FX gain on intercompany loans, the reported cash tax in 2018 was higher by the amount of the true-up. No such true-up payment occurred in 2019. ($’m) FY 2019 FY 2018 Change Change % (54.8) (79.8) Unlevered free cash flow 424.6 394.0 Cash interest (45.1) (67.6) Lease repayments (9.2) (1.5) (7.6) Levered free cash flow 370.4 324.9 45.5 Cash conversion11 82% 83% 25.0 30.7 22.5 31.3 7.9 33.2 Unf 14.0 Net cash flows from operating activities Net cash used in investing activities Net cash flows from financing activities 399.1 376.0 23.1 6.1 (16.7) (28.8) 12.1 42.0 (440.9) (254.0) (186.9) (73.6) The following table presents a reconciliation between the Group’s adjusted cash EBITDA and net cash flows from operating activities as per the consolidated statement of cash flows. ($’m) FY 2019 FY 2018 Change Change % Adjusted cash EBITDA 519.4 476.8 42.6 8.9 Net change in working capital (excl. change in deferred revenue and deferred COGS) Cash tax (excl. Dutch exit tax) Dutch exit cash tax Movement of provisions and allowances Exceptional items (excl. transaction costs) Employer’s costs on share-based payments FX gains/losses and other non-cash items Net cash flows from operating activities (10.0) 13.8 (23.8) Unf (54.8) (79.8) (49.4) – 25.0 (49.4) 31.3 n/a 5.9 3.5 2.4 68.6 (1.5) (25.6) 24.1 94.1 (4.2) – (4.2) n/a (6.3) (12.7) 6.4 50.4 399.1 376.0 23.1 6.1 11 Cash conversion is defined as unlevered free cash flow divided by adjusted cash EBITDA. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 43 The Group’s net cash flow from operating activities increased by $23.1m, primarily due to higher adjusted cash EBITDA of $42.6m, lower cash tax of $25.0m, lower exceptional items (excl. transaction costs) of $24.1m, positive impact of the movement in provisions and allowances of $2.4m, and positive change in FX gains/losses and other financial expenses and non-cash gains of $6.4m, offset by Dutch exit tax paid of $(49.4)m, negative impact of working capital movement (excl. change in deferred revenue and deferred COGS) of $(23.8)m, and employer’s costs on share-based payments of $(4.2)m (see Note 35 Share-based payments). The portion of the exceptional items directly related to the disposal of business operation of $(0.3)m was included in cash flows from investing activities. The Group’s net cash outflow from investing activities of $(16.7)m was comprised of capex of $(29.9)m, consideration paid for TrackOFF and Tenta acquisitions net of cash acquired of $(14.8)m (see Note 15 Business combinations), settlement of contingent consideration of $(0.2)m, proceeds from the sale of a business operation net of cash disposed and transaction costs of $26.7m (see Note 16 Disposal of a business operation), and interest received of $1.5m. The Group’s net cash outflow from investing activities in 2018 of $(28.8)m was comprised of capex of $(16.8)m, consideration paid for InLoop acquisition net of cash acquired of $(4.2)m (see Note 15 Business combinations), payment of the remaining portion of the consideration for the acquisition of AVG Technologies B.V. of $(8.0)m, and interest received of $0.3m. The Group’s net cash outflow from financing activities includes $(83.7)m final dividend paid in respect of 2018, $(43.2)m interim dividend paid in respect of 2019, $(297.4)m net voluntary repayment of borrowings, $(63.0)m mandatory repayment of borrowings, interest paid of $(45.1)m, transaction costs related to borrowings of $(0.9)m, lease repayments of $(9.2)m, proceeds from the exercise of options of $47.2m, and net proceeds from transactions with non-controlling interest, $54.3m (see Note 34 Non-controlling interest). The full amount of lease repayments in FY 2019 of $(9.2)m relates to IFRS 16 implementation and the comparable amount of cash outflow in FY 2018 was included under cash flows from operating activities. The Group’s net cash outflow from financing activities in 2018 included net proceeds from the issue of shares of $195.8m, proceeds from exercise of options in 2H 2018 of $0.9m, offset by the voluntary repayment of borrowings of $(300.0)m, the mandatory repayment of borrowings of $(78.5)m, interest paid of $(67.6)m, transaction costs related to borrowings of $(3.1)m, and lease repayments of $(1.5)m. Financing The Group reduced its term loan by the repayment of $400m from USD tranche in March 2019, while executing an incremental €177.5m ($202.6m) add-on to EUR tranche, and voluntarily repaid another $100m from USD tranche in October 2019 (see Note 27 Term loan). As of 31 December 2019, the total gross debt12 of the Group was $1,101.1m and the total net debt13 was $884.5m. The decrease in gross debt since 31 December 2018 is attributable to $297.4m voluntary repayment of borrowings, $63.0m mandatory repayment of borrowings, $6.9m decrease in lease liabilities, and a positive unrealised FX gain of $13.9m on the EUR tranche of the loan. The Group adopted IFRS 16 as of 1 January 2019 using the modified retrospective approach and did not restate for the year prior to first adoption. The balance of lease liabilities as of 31 December 2018, shown in the table below, has been presented as if adjusted for opening balance of IFRS 16 impact. In April 2019, the Group applied for the margin reduction by 0.25% p.a. on both tranches due to a favourable leverage ratio and, in October 2019, the Group further reduced the margin on the EUR tranche by 0.25% p.a. (see Note 27 Term loan). Margin USD LIBOR plus 2.25% EURIBOR plus 2.25% USD LIBOR plus 2.25% ($’m) USD tranche principal EUR tranche principal Revolver/ overdraft Lease liabilities 31 December 2019 31 December 2018 31 December 2018 incl. IFRS 16 impact 336.5 864.7 864.7 699.8 545.8 545.8 – 64.8 – – – 71.7 Gross debt 1,101.1 1,410.5 1,482.2 Cash and cash equivalents (216.6) (272.3) (272.3) Net debt 884.5 1,138.2 1,209.9 Net debt/ LTM adjusted EBITDA 1.8x 2.5x 2.7x 12 Gross debt represents the sum of the total book value of the Group’s loan obligations (i.e. sum of loan principals) and lease liabilities. Net debt indicates gross debt netted by the company’s cash and cash equivalents. Both gross debt and net debt exclude the amount of capitalised arrangement fees on the balance sheet as of 31 December 2019 of $8.7m and accrued interest of $(0.1)m (31 December 2018: $19.1m and $(0.1)m). 13 The Group applied the IFRS 16 standard as of 1 January 2019 using the modified retrospective approach and did not restate comparative amounts for the year prior to first adoption. Net debt as of 31 December 2019 includes the balance of IFRS 16 lease liabilities. No lease liabilities are included in the net debt as of 31 December 2018. Net debt as of 31 December 2018 adjusted for opening balance of IFRS 16 lease liabilities would be $1,209.9m. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 44 Principal exchange rates applied The table below summarises the principal exchange rates used for the translation of foreign currencies into US dollars. The assets and liabilities are translated using period-end exchange rates. Income and expense items are translated at the average exchange rates for the period. FY 2019 average FY 2018 average 0.6966 0.7479 Earnings per share Basic adjusted earnings per share (EPS) amounts are calculated by dividing the adjusted net income for the period by the weighted average number of shares of common stock outstanding during the year. The diluted adjusted EPS amounts consider the weighted average number of shares of common stock outstanding during the year adjusted for the effect of dilutive options. On a statutory basis, fully diluted EPS was $0.24 (see Note 14 for the statutory EPS). 0.2545 0.2757 ($’m) 0.7524 0.7720 1.0061 1.0228 0.0437 0.0461 1.1212 1.1814 1.2757 1.3357 0.2797 0.2784 0.1139 0.1230 Adjusted net income attributable to equity holders Basic weighted average number of shares Effects of dilution from share options and restricted share units Dilutive weighted average number of shares Basic adjusted EPS ($/share) Diluted adjusted EPS ($/share) FY 2019 FY 2018 322.1 270.8 973,788,157 914,567,949 44,313,005 62,120,397 1,018,101,162 976,688,346 0.33 0.32 0.30 0.28 ($:1.00) AUD BRL CAD CHF CZK EUR GBP ILS NOK Dividend The Directors propose to pay a final dividend of 10.3 cents per share in respect of the year ending 31 December 2019 (payment of $104.6m). Combined with the interim dividend of 4.4 cents per share paid in October 2019 (payment of $43.2m), this gives a total dividend for the financial year of 14.7 cents (total payment of $147.8m), which represents 40% of the Group’s levered free cash flow for the period in accordance with the Company’s dividend policy. Subject to shareholder approval, the final dividend will be paid in US dollars on 24 June 2020 to shareholders on the register on 22 May 2020. There will be an option for shareholders to elect to receive the dividend in pounds sterling and such an election should be made no later than 8 June 2020. The foreign exchange rate at which dividends declared in US dollars will be converted into pounds sterling will be calculated based on the average exchange rate over the five business days prior to 11 June 2020 and announced shortly thereafter. Proposed dividend timetable Ex-dividend date: 21 May 2020 Record date: 22 May 2020 Last date for currency election: 8 June 2020 Payment: 24 June 2020 © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s reviewCFO’s review Strategic report Governance Financial statements Avast annual report 2019 45 Presentation of results and definitions This full year report contains certain non-IFRS financial measures to provide further understanding and a clearer picture of the financial performance of the Group. These alternative performance measures (APMs) are used for the assessment of the Group’s performance and this is in line with how management monitor and manage the business day-to-day. It is not intended that APMs are a substitute for, or superior to, statutory measures. The APMs are not defined or recognised under IFRS including adjusted billings, adjusted revenue, organic growth, adjusted EBITDA, adjusted cash EBITDA, adjusted net income and unlevered free cash flow as defined and reconciled below. These non-IFRS financial measures and other metrics are not measures recognised under IFRS. The non-IFRS financial measures and other metrics, each as defined herein, may not be comparable with similarly titled measures presented by other companies as there are no generally accepted principles governing the calculation of these measures, and the criteria upon which these measures are based can vary from company to company. Even though the non-IFRS financial measures and other metrics are used by management to assess the Group’s financial results and these types of measures are commonly used by investors, they have important limitations as analytical tools, and investors should not consider them in isolation or as substitutes for analysis of the Group’s position or results as reported under IFRS. The Group considers the following metrics to be the KPIs it uses to help evaluate growth trends, establish budgets, and assess operational performance and efficiencies. ‘Adjusted’ and ‘underlying’ numbers were presented in the full year report for the year ended 2018. Many of the adjusting items were common to both and the values were similar. As presenting a large number of similar APMs can increase complexity to users, the Group limited the metrics to ‘adjusted’ measures, which is consistent with those used in the business. Organic growth APMs were introduced in this full year report to present the change in revenue and billings resulting from continuing Group operations. Besides these changes, the definitions of non-GAAP measures in the year ended 31 December 2019 are consistent with those presented in the IPO prospectus and there have been no changes to the bases of calculation. Consolidated statement of adjusted profit and loss For the year ended 31 December 2019 ($’m) REVENUES Cost of revenues GROSS PROFIT Gross profit margin Sales and marketing Research and development General and administrative Total operating costs EBITDA EBITDA margin Depreciation and amortisation14 EBIT Finance income and expenses PROFIT BEFORE TAX Income tax NET INCOME Net income margin Net income attributable to: – equity holders of the parent – non-controlling interest Earnings per share (in $ per share): Basic EPS Diluted EPS Year ended 31 December 2019 Year ended 31 December 2018 873.1 (113.2) 759.9 87.0% (123.1) (76.7) (77.0) (276.9) 483.0 55.3% (21.6) 461.5 (61.4) 400.1 (77.8) 322.3 36.9% 322.1 0.2 0.33 0.32 827.0 (106.3) 720.7 87.1% (116.3) (65.7) (91.0) (273.0) 447.7 54.1% (16.2) 431.6 (92.3) 339.3 (68.4) 270.8 32.7% 270.8 – 0.30 0.28 © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm 14 Depreciation and amortisation included in adjusted net income excludes amortisation of acquisition intangibles. CFO’s review Strategic report Governance Financial statements Avast annual report 2019 46 Adjusted billings Adjusted billings represent the full value of products and services being delivered under subscription and other agreements and include sales to new end customers plus renewals and additional sales to existing end customers. Under the subscription model, end customers pay the Group for the entire amount of the subscription in cash upfront upon initial delivery of the applicable products. Although the cash is paid upfront, under IFRS, subscription revenue is deferred and recognised rateably over the life of the subscription agreement, whereas non-subscription revenue is typically recognised immediately. Adjusted billings represents the Group’s reported billings. Adjusted revenue Adjusted revenue represents the Group’s reported revenue adjusted for the deferred revenue haircut reversal15 and gross-up adjustment.16 These historical adjustments are expected to be zero from 2019. The following is a reconciliation of the Group’s reported revenue to the Group’s adjusted billings and Group’s reported revenue to the Group’s adjusted revenue: ($’m) Revenue Net deferral of revenue Adjusted billings FY 2019 FY 2018 Change Change % 871.1 808.3 62.8 7.8 39.9 911.0 53.9 (14.0) (26.0) 862.1 48.8 5.7 Revenue 871.1 808.3 62.8 7.8 Deferred revenue haircut reversal/other Gross-up adjustment 1.8 0.1 17.2 1.5 (15.4) (89.3) (1.3) (91.2) Adjusted revenue 873.1 827.0 46.1 5.6 Adjusted EBITDA Adjusted earnings before interest, taxation, depreciation, and amortisation (adjusted EBITDA) is defined as the Group’s operating profit/loss before depreciation, amortisation of non-acquisition intangible assets, share-based payments including related employer’s costs, exceptional items, amortisation of acquisition intangible assets, the deferred revenue haircut reversal, and the COGS deferral adjustments.17 Adjusted cash EBITDA Cash earnings before interest, taxation, depreciation, and amortisation (adjusted cash EBITDA) is defined as Adjusted EBITDA plus the net deferral of revenue, the net change in deferred cost of goods sold, and the reversal of the COGS deferral adjustments. The following is a reconciliation of the Group’s reported operating profit to adjusted EBITDA and adjusted cash EBITDA: ($’m) Operating profit Share-based payments (incl. employer’s costs) Exceptional items Amortisation of acquisition intangible assets Deferred revenue haircut reversal/other COGS deferral adjustments Depreciation Amortisation of non-acquisition intangible assets Adjusted EBITDA Net change in deferred revenues including FX re-translation/other Net change in deferred cost of goods sold Reversal of COGS deferral adjustment Adjusted cash EBITDA FY 2019 FY 2018 Change Change % 344.6 248.3 96.3 88.4 127.5 (39.0) (30.6) 24.9 1.8 13.9 25.6 1.8 (0.1) 18.8 2.8 17.2 (1.1) 13.4 2.8 38.0 36.6 (1.8) 0.1 (8.7) 1.1 38.8 79.5 11.1 (23.8) (92.8) (15.4) (89.3) 1.0 5.5 (0.1) 1.4 6.9 89.1 41.0 (2.1) 7.9 3.9 78.7 (1.0) (90.1) 483.0 447.7 35.3 519.4 476.8 42.6 8.9 15 Under IFRS 3, Business Combinations, an acquirer must recognise assets acquired and liabilities assumed at fair value as of the acquisition date. The process of determining the fair value of deferred revenues acquired often results in a significant downward adjustment to the target’s book value of deferred revenues. The reversal of the downward adjustment to the book value of deferred revenues of companies the Group has acquired during the periods under review is referred to as the deferred revenue haircut reversal. 16 The gross-up adjustment refers to the estimated impact of the additional amount of 2015 and 2016 revenue and expenses and their deferral that would have been recognised by Avast had the contractual arrangements with certain customers qualified to have been recognised on a gross rather than a net basis prior to 2017 (AVG had historically recognised billings and revenues on a gross basis, whereas Avast recognised them on a net basis). Both businesses recognise revenue on a gross basis since 2017. 17 There was no deferred cost of goods sold (COGS) balance consolidated by the Group in the acquisition balance sheet of AVG in 2016 and thus no subsequent expense was recorded as the revenue in respect of pre-acquisition date billings was recognised. The COGS deferral adjustments refers to an adjustment to reflect the recognition of deferred COGS expenses that would have been recorded in 2016 and 2017 in respect of pre-acquisition date AVG billings, had the AVG and the Group’s businesses always been combined and had AVG always been deferring COGS. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 47 Adjusted net income Adjusted net income represents statutory net income plus the deferred revenue haircut reversal, share-based payments, exceptional items, amortisation of acquisition intangible assets, unrealised foreign exchange gain/loss on the EUR tranche of the bank loan, the COGS deferral adjustments, the tax impact from the unrealised exchange differences on intercompany loans, and the tax impact of the foregoing adjusting items and IP transfers, less gain on disposal of business operation. The following is a reconciliation of the Group’s reported net income to adjusted net income: ($’m) Net income Deferred revenue haircut reversal/other Share-based payments Exceptional items Amortisation of acquisition intangible assets Unrealised FX gain/(loss) on EUR tranche of bank loan Tax impact from FX difference on intercompany loans COGS deferral adjustments Tax impact of COGS deferral adjustment Tax impact on adjusted items Tax impact of IP transfer Gain on disposal of business operation Tax impact from disposal of business operation Adjusted net income FY 2019 FY 2018 Change Change % 249.0 241.2 7.8 3.2 1.8 24.9 1.8 88.4 17.2 13.9 25.6 127.5 (15.4) (89.3) 11.1 79.5 (23.8) (92.8) (39.1) (30.6) (13.9) (26.4) 12.5 (0.4) (0.1) – (9.8) (1.1) 0.3 (20.3) (18.5) 9.4 1.0 (0.3) (1.8) 6.3 (99.2) 105.5 (17.5) 2.3 – – 322.3 270.8 (17.5) 2.3 51.5 47.4 96.3 89.1 Unf (9.8) Fav n/a n/a 19.0 Unlevered free cash flow Represents adjusted cash EBITDA less capex, plus cash flows in relation to changes in working capital (excluding change in deferred revenue and change in deferred cost of goods sold as these are already included in adjusted cash EBITDA), and taxation. Changes in working capital are as per the cash flow statement on an unadjusted historical basis and unadjusted for exceptional items. Cash tax excludes a $49.4m Dutch exit tax paid in March 2019 as this was treated as an exceptional item. Levered free cash flow Represents amounts of incremental cash flows of the Group after it has met its financial obligations (after interest and lease repayments) and is defined as unlevered free cash flow less cash interest and lease repayments. Rounding Due to rounding, numbers presented throughout this document may not add up precisely to the totals provided; however, growth rates are calculated based on precise actual numbers. © 2019 Friend Studio Ltd File name: CFOsXReview_v36 Modification Date: 25 February 2020 6:15 pm CFO’s review Strategic report Governance Financial statements Avast annual report 2019 48 The Board adopts a measured and disciplined approach to managing risk The Audit and Risk Committee supports the Board by overseeing the Group’s risk management framework, evaluating its principal and horizon risks, and assisting the Executive Management team with developing and implementing the operational plans required to strategically manage those risks. The emerging and principal risks facing the Group are monitored and reassessed on an ongoing basis, including horizon planning, aided by continuous dialogue between the Board and management. In monitoring the risks facing the Group, the Audit and Risk Committee identify five broad categories of risk which encompass 26 specific individual risks. The Board recognises that risk is embedded in all business decisions it makes. In determining whether a risk is appropriate to take, the Board considers a number of factors, including the gravity and probability of the risk, as well as the potential impact it could have on the Group’s reputation or extent it may conflict with its core values. Following this assessment, the Board reviews the adequacy of the controls and contingency plans in place to manage those risk events. Where necessary, the Board will direct changes to be made to the Group’s controls and contingency plans. Steering committees comprising members of the Executive Management team regularly meet with both internal and external subject matter experts to monitor, review, and evaluate the risk prevention and mitigation plans. Periodic updates are provided by management to the Board on the progress in executing those plans. The Board categorises risks facing the Group in terms of those which are emerging and those which are imminent. Imminent risks require immediate and special attention from the Board and management. During the year, the Group faced two such events: first, when a third party attempted to attack Avast’s internal network, and second, when Mozilla, Opera and Chrome temporarily removed several of the Group’s browser extensions from their stores due to rules which they considered to have been breached. More details in relation to these events are set out below. In September 2019, we identified suspicious behaviour on our network, prompting an immediate and extensive investigation. A steering committee was established to manage the situation and the Board was regularly updated. We identified that a third party had infiltrated our network, with a view, we believe, to targeting the supply chain of the CCleaner business. A series of additional security measures were immediately taken to ensure the integrity of the Group’s build environments and the security of its data and network. While the Group did not find evidence that its customers and users had been compromised, it nevertheless would develop a new build environment for its products, and implement a host of new security processes to protect its network and data. We also hired a third-party forensics adviser to better understand the profile and activity of the attacker. Throughout the incident, we collaborated with the Security Information Service (BIS), which is the Czech government counterintelligence agency which has responsibility for identifying activities by foreign powers and their agents in the Czech Republic. While Avast was not legally required to disclose the attack, it decided to announce the attack to its users online for the purposes of full transparency, and in an effort to promote wider industry collaboration. In December 2019, Mozilla, Opera, and Chrome suspended four of the Group’s browser extension products from their stores based on the manner in which Avast collected and used browsing data from users through the products. Management promptly notified the Board of this development and investigated claims by the store owners that the collection methods did not comply with store rules. The Company then modified its practices after which the browser extensions were readmitted to the Mozilla, Opera and Google Chrome stores. In response to this incident, the Group took two actions: first, additional procedures were put in place to ensure that store rules are subject to increased internal scrutiny in future; and second, the Board undertook an in-depth review of the Group’s data handling practices. Following this review, the Board decided to immediately discontinue the data feed provided by the Group to Jumpshot, Inc., its data analytics business. The decision to terminate the provision of data to Jumpshot was made in the best long-term interest of the Group and its shareholders. While we believe that the Group acted in accordance with privacy regulations and strived to implement responsible privacy practices, the Board decided the data collection business was ultimately incompatible with the Group’s core security mission. In order to implement a swift and orderly wind down of the Jumpshot business, Avast repurchased the entire 35% equity interest held by Ascential plc in Jumpshot. The Board expects to have substantially completed the wind down of Jumpshot by the end of 2020. Further details of the risk management and internal control systems are included in the Audit and Risk Committee Report on pages 74 to 79. © 2019 Friend Studio Ltd File name: Risk_v39 Modification Date: 25 February 2020 6:02 pm Risk management Strategic report Governance Financial statements Avast annual report 2019 49 The Board has identified five principal risks facing the Group, which remain broadly unchanged from last year. The risks fall into the following categories: Description Movement Impact Strategy If we do not offer products and services that appeal to users, our free user base may materially decline and/or we will fail to monetise our products and services. Our strategy to address this risk and achieve long-term strategic objectives is to invest in product innovation, product management, quality assurance, and customer care. Offering The risk is that our product and service offerings stop appealing to users. People The risk is talented people leave or do not join our workforce. If we cannot attract or retain a talented workforce, we will not remain competitive in our industry. We believe we need to create an exciting brand; provide attractive and internationally competitive compensation; provide our people with global mobility; recruit from a broad pool of candidates; promote based on diversity of backgrounds, skills, cultures, gender, and ethnicity; and provide effective training for personal and professional growth in order to achieve long-term strategic objectives. We strive for strong, effective, and comprehensive data and systems security and governance. As a result, we have implemented a host of new security processes and measures to protect the data we store, the systems that store such data, and the updates we provide to provision our products and services. We develop products and services designed for security and privacy, and believe this helps us maintain an ethical culture in which people are concerned about and committed to securing and protecting data. Data and our security systems The risk is that the data we store, such as customer data, and the systems that store, manage, and process this data become compromised. Failing to protect the data we store and the systems that store this data could have a material adverse impact on our reputation, and our ability to provision services and updates, potentially resulting in a material decline in our user base, negative financial consequences, and investigations, fines and censure by governmental and regulatory bodies. Regulatory We operate a digital business globally, and the scale and complexity of new laws, including regarding data protection, auto-renewal billing, and tax, are increasing as the digital economy becomes the backbone of global economic growth. Concentration Our products rely on our users being able to easily find and install them. New laws may impose restrictions and obligations on the Group that negatively impact the Group’s profitability and ability to grow. We monitor global legal developments and participate in industry-wide lobbying. We face exposure and risks from large vendors, such as Microsoft, Google, Apple, Facebook, Digital River, and telecommunication carriers, who may take actions that restrict our users from being able to access and use our products. We develop deep partner relationships with these vendors; however, we continually seek out additional strategic partnerships and growth through organic initiatives. © 2019 Friend Studio Ltd File name: Risk_v39 Modification Date: 25 February 2020 6:02 pm Principal risks Strategic report Governance Financial statements Avast annual report 2019 50 Viability statement The Directors have assessed the viability of the Group over a three-year period, taking into account the Group’s current position and the potential impacts of the principal risks documented on pages 49 to 50 of the Annual Report. Based on this assessment, the Directors confirm that they have a reasonable expectation that the Group will be able to continue to operate and meet its liabilities over the next three years, through to 31 December 2022. The Group annually prepares, and updates on a rolling basis, a three-year strategic plan, whose foundation is the more detailed one-year budget (also prepared annually for review by the Board). The output of this three-year plan is used to perform debt and associated covenant headroom profile analysis, which includes sensitivity to business-as-usual risks impacting EBITDA. Following assessment of the planning process, the Directors have determined that three years is an appropriate period over which to assess the Group’s viability. Progress against the strategic plan is reviewed regularly by the Board through presentations from senior management on the performance of their respective business units. While the Directors have no reason to believe that the Group will not be viable over a longer period, the period of three years has been chosen as this matches the term of the majority of the Group’s sales (typically one to three years in duration, with a weighted average contract life of around 14 months) which therefore aids the accuracy of planning with a single renewal cycle, thereby providing a greater degree of certainty over the forecasting assumptions used and, in the view of the Directors, still provides an appropriate long-term outlook. In making this viability statement, the Board carried out a robust assessment of the principal risks facing the Group, including those that would threaten its business model, future performance, solvency, or liquidity. The strategic plan has been tested for a number of scenarios which assess the potential impact of severe but plausible risks to the long-term viability of the Group. The scenarios, and their effect on EBITDA and on the ability to meet financial covenants, were considered both individually and in combination. The scenarios responded to the principal risks facing the business as well as considering the potential impact of Brexit. They included reductions in certain revenue streams, forex volatility and new initiatives not materialising. The scenario with the most significant individual impact was a sustained mid-single digit year-on-year decline in revenues from the Consumer Desktop business. The Directors reviewed and discussed the process undertaken by management, and also reviewed the results of reverse stress testing performed to provide an illustration of severe contraction in revenue of the largest business unit, that would be required to break the Group’s covenants or exhaust all available cash. The process of identifying, assessing, and managing principal risks is set out above in this section on pages 49 to 50. The Directors consider that this stress-testing-based assessment of the Group’s prospects is reasonable and the Group’s business model has proven to be strong and defensive in the long term. Additional considerations Evolving consumer security industry The Board believes that the consumer security industry is becoming more competitive and complex, in particular the gradual dominance of Microsoft’s Windows Defender antivirus solution. The Board considers that the evolution of the consumer security market could potentially pose a material risk to the Group’s future performance, including the risks outlined under the Offering and Concentration categories listed above. The Board and management regularly monitor these risks, and implement strategies to protect the Group’s business. Brexit Following the UK’s withdrawal from the European Union (Brexit), the Directors have continued to keep under consideration the impact of Brexit on the Group. The Group operates internationally with a diverse geographic spread. While negative downward pressure on sterling post-Brexit may negatively impact the USD functional results of the Group, the impact is mitigated by the fact that only 9% of our global billings are sourced in either the UK or in sterling. The exact nature of the trading arrangements between the UK and the EU following the UK’s withdrawal from the EU currently remains uncertain and as a consequence the Directors have considered a number of scenarios and the Group’s potential responses to them. This scenario planning has included anticipating changes to the operations of the Group and its supply chain, which are not considered to be significant or pose a heightened risk to the Group. The impact of Brexit on the current and future employees has also been considered and while there may be some disruption or changes in the UK, these are not currently anticipated to materially affect one of the Group’s principal risks, the recruitment and retention of key personnel. © 2019 Friend Studio Ltd File name: Risk_v39 Modification Date: 25 February 2020 6:02 pm Principal risks Strategic report Governance Financial statements Avast annual report 2019 51 Avast is proud of its involvement with communities through a wide range of philanthropic and charitable activities. These activities fall into areas that are related to the Company’s core business areas of cybersecurity and technology, as well as other important social causes. Driven by our values Avast’s values inform our approach to doing business. They underpin our employee relationships with each other, the communities we are part of, and our stakeholders. Customer comes first Think big No BS, ever Give back Social Responsibility Framework The Company is involved in a wide range of philanthropic and charitable causes, both related to its core business areas of cybersecurity and technology, as well as other social and community-related activities. Engaged people 1 We believe that Avast’s culture and its people are among our competitive advantages. Thriving communities Our commitment to social responsibility starts with the way we do business, but it doesn’t end there. 2 3 Environmental stewardship Avast is committed to operating in an environmentally responsible manner and reducing its overall environmental impact, practising good stewardship, and mitigating any negative environmental effects that may stem from our global business operations. These three parts of our framework are explained in more detail on the following pages. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 52 “ We are building a world-class people experience to attract, grow and retain a diverse and talented team of colleagues.” Rebecca Grattan Chief People and Culture Officer 1 Engaged people We believe that Avast’s culture and its people are among our competitive advantages. Our employees, who work daily to keep more than 435 million users safe online, are passionate, talented, and dedicated. Avast works hard to build and maintain workforce engagement by empowering our employees with opportunities to grow and develop themselves, while contributing to Avast’s success. In 2019, we took the opportunity to revisit the way in which we articulate our culture. We believe that four Values best express who we are today and what we stand for. These four Values together with a set of Behaviours that we are still in the process of developing will be incorporated into a Culture Book that we intend to publish in 2020 following a wider consultation with employees. Employee engagement Engaged employees feel strongly connected to the Company and its mission, customers, and social purpose. They put in discretionary effort, work diligently to advance the Company’s strategy and goals, and are committed to promoting the Company as an employer and a brand. Avast’s Your Voice survey tracks employee engagement year over year, providing insights into areas for improvement that will help to raise employees’ sense of connection and commitment to the organisation. At the end of 2018, our engagement was 64%. Across the organisation in 2019, actions taken in response to the survey included refining structures within departments to better support strategic initiatives and goals, instituting broader reward and recognition programmes, putting in place programmes for high-potential employees, and establishing the Avast Careers programme to encourage and support internal mobility and career growth within the organisation. Customer comes first: our customers (free and paid) are central to everything we do. We take the time to deeply understand their needs, and take their views into account when deciding what functionality we build, how our interfaces look, and how we package and price our solutions. After a year of change, including the appointment of Ondrej Vlcek as CEO and the addition of new members to the Executive Management team, Avast’s 2019 employee engagement, measured in December 2019, was 73%, a 9% increase over 2018. Think big: Avast is committed to innovation. This year, we made a significant increase in investment in innovation and we expect to continue to grow our investment in 2020. No BS, ever: we have no room in our company for politics or excessive bureaucracy. We embrace constructive honesty and candour, and our decisions are data-driven and fact-based. Give back: we believe in giving back to the communities where we live and work. In 2019, we made substantial contributions through the Avast Foundation to innovative programmes in the areas of palliative care, early childhood intervention, and innovative education. We also provided financial support to more than 80 projects nominated by our employees and coordinate many different community volunteering opportunities for our people. Avast will continue to measure employee engagement annually at the end of each year to track our progress and set priorities and a roadmap for continued improvement in the following year. Board involvement Our Board plays an active role both in relation to the relaunching of our corporate culture and in monitoring and managing workforce engagement. We make regular reports to the Nomination Committee or Board on the continued progress of our corporate culture initiative, including the employee consultation process. The Board has assigned to the Nomination Committee responsibility for measuring compliance with the culture once the Avast Culture Book has been finalised. In the area of workforce engagement, one of © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 53 our directors, Company co-founder Pavel Baudis, has taken on the role of Designated Non-Executive Director for Workforce Engagement. In that capacity, Mr Baudis visits our offices to meet with employees and address their concerns. In 2019, Mr Baudis visited our London office and in January and February 2020, he visited our Brno, Belgrade, and Zilina offices. Mr Baudis will provide his insights and any recommendations to management and to the Board,. Benefits philosophy Our compensation and benefits are tailored in each market to attract and retain the best employees. At the same time, Avast strives to maintain a consistent Company-wide approach to work – life balance and flexibility, participation in opportunities such as the Avast Foundation’s Together with Employees programme and the Employee Share Matching Plan, and learning and development opportunities. We aim to create comfortable working environments where employees are recognised and rewarded, have opportunities to develop, and are enabled to contribute their best work to the Company’s success. Avast Careers We strive to be the best place for our people to grow, offering an environment that nurtures talent and rewards achievement. The 2018 employee engagement results revealed that our employees sought more opportunities for personal and professional development and were eager to identify pathways for growing their careers at Avast. To support this, we launched programmes for high-potential employees in order to give them additional exposure to senior management and to empower these ambitious leaders to take on greater responsibility and challenges. A total of 24 employees have participated thus far, and the programme will continue. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm Working together Great environments spark creativity and collaboration. Whether in London, Prague, Emeryville, or elsewhere, our offices are designed to enable our people to do their best work. People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 54 Additionally, in February 2019, we launched the Avast Careers internal mobility programme. Through the programme, internal vacancies are regularly shared with all employees, along with content encouraging applications, and success stories of individuals who have moved into new roles as part of their career journey. Because internal mobility forms part of our broader professional development framework, all internal applicants have the opportunity to speak to our Recruitment and HR teams about their suitability for the role and to be interviewed by the hiring manager. Those who are not successful in their application receive valuable feedback as to how they can develop themselves towards similar roles in the future and gain access to existing learning and development resources to help them grow. Since the programme launched, 224 individuals have applied for internal vacancies. Of those who have applied, 109 have successfully moved into new roles (57 into higher positions and 44 laterally), and another 13 are still in the application process. In addition to supporting employees’ career goals and encouraging engagement, the internal mobility programme helps to fill important roles with employees who are invested in the Company’s success and already a good fit for the Company and culture. It helps to develop individuals who have a greater understanding of the business as a whole, and to break down silos between teams. Learning and development The fast pace of changes on the outside continues to bring new challenges our leaders have to be prepared to meet. That’s why we put a substantial effort into developing our people at all levels of the organisation and provide them with the skills and knowledge they need to lead their teams to success and to make an impact on our business. Throughout 2019, 56 leaders in Europe and 25 leaders in the US have participated in the senior management development programme launched at the end of last year and aimed at developing their leadership skills and improving their ability to lead self-regulating teams. At Avast, we place a great importance on the ability of our people to operate with a growth mindset, in line with our core Company Value of ‘thinking big’. That’s why we encourage employees to participate in trainings that develop not only their technical acumen but also soft and interpersonal skills. To that end, we have run a total of 57 sessions across Europe and the US attended by more than 1,000 people. Our virtual university, developed in partnership with Coursera and launched in 2018, allows employees to choose from a rich offering of both technical and soft skills curriculums regardless of their location. More than 500 people have enrolled in an online course and taken the opportunity to develop their skills in their chosen area at their own pace. Recognising that diversity is an important part of our culture and a driver of our future growth; we encourage our people in their language education to enhance their ability to understand and nurture intercultural differences within Avast. More than 360 students enrolled in the language classes with nine languages on offer. In Q4, we have laid a foundation to a comprehensive mentoring programme, sponsored by our CEO Ondrej Vlcek, to be launched in 2020. Through the programme we aim to connect experienced, senior executives and leaders as mentors with high-potential individuals within the organisation. Awards and recognition In 2019, Avast ranked second in the Top 5 Tech Employers in the Czech Republic, based on an independent survey of over 10,000 university students and recent graduates. Avast also ranked as the sixth most attractive Czech employer, according to the 2019 Randstad Awards, which looks at the country’s largest 150 employers in the private sector based on a survey of nearly 5,000 individuals from the general public. Diversity Diversity of thought is an important cornerstone of innovation and creativity. At Avast, we recognise that our customers are best served by a workforce that is both diverse and inclusive, where people from many backgrounds hold a variety of viewpoints that they feel comfortable advancing to the benefit of the Company, our customers, and our stakeholders. Our Code of Conduct states our commitment to creating respectful and inclusive workplaces in which all employees can thrive, regardless of their background or identity, and our Diversity and Recruitment policies ensure that we apply best practices in hiring diverse talent and providing equal opportunities for learning and development and career advancement to all our employees. We believe attending to diversity in leadership will help us attract the best talent, bring us closer to our customers, and build an increasingly diverse, inclusive, and innovative workforce over time. In 2019, we have focused on gender diversity, although Avast strongly believes that diversity is broader than gender and that fostering an environment of inclusion for all types of people is critical to building the workforce of the future. Our CFO Phil Marshall has been appointed to be our executive sponsor for diversity and to define and set our goals in this area. In 2019, we added two experienced women leaders to our Board of Directors, Maggie Chan Jones and Tamara Minick-Scokalo, demonstrating our dual commitments to improving the ratio of women on our board and to filling our leadership ranks with a qualified team bringing to bear a variety of industry experiences and backgrounds to guide the company. In 2019, we also added a new Chief Information Security Officer role to the Executive Management team in recruiting to the Company Jaya Baloo, an industry-recognised CISO at the top of her game. She is well-known for her work in the telecommunications industry, and brings a wealth of experience in developing and implementing best practice security. She also lectures on quantum computing at the Singularity University. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 55 As of December 2019, across our 20 global offices, we have people from over 49 nationalities, with the population in the headquarters representing over 50 countries. Our employee population at the end of December 2019 is 27% female and 73% male. Within the technology industry, and specifically within cybersecurity, gender disparities remain. Avast engages on the issues of women and diversity in tech in multiple ways. We have continued to work with organisations taking direct steps to bring more women and girls into tech. For instance, in the UK, we have partnered with the organisation Learning People, whose mission is to make education and entry into the tech sector accessible to people of all backgrounds. We have also joined the Learning People’s Advisory Board, which aims to open opportunities in the tech industry to more people of all backgrounds and to establish a better understanding of the skills required by IT companies in order to help close the gap. We have also had our women leaders speaking at public events, for example, our CMO, Robin Selden spoke on career planning at the Women in Business forum in the UK and our new CISO, Jaya Baloo, spoke at an Avast women’s networking event at London’s Science Museum. These are just a few avenues for using our platform to promote the importance of diversity and the visibility of women within IT generally and cybersecurity in particular. We work to highlight the achievements of our women engineers and researchers through profiles on our Avast blog, speaking engagements, and participation in events that target women and girls in the tech sector. Unique perspectives. Universal commitment to making the world a safer place. To carry out our mission, we need a diversity of thoughts, backgrounds, and perspectives. These differences trigger bold ideas and collectively make us grow. That’s why we value and nurture each person’s unique talent. At Avast, everyone plays a role in creating an environment where people feel respected and free to be who they are. We embrace our differences to create a workplace as colourful as the world we are protecting. Employee category* Men Women % Men % Women Board gender diversity Executive management** gender diversity 9 11 3 1 Staff gender diversity*** 1,315 477 75% 25% 91% 73% 9% 27% * Numbers as of 31 December, 2019. ** Members of the Executive Management team. (This excludes Board members.) As at the date of this report, executive management has two female members, resulting in women making up 15% of the team. More details in relation to the Group’s efforts to increase diversity can be found on page 54. *** Employees excluding the Executive Management team. “ We are focused on creating the right environment at Avast for everyone to succeed.” Zuzana Janeckova HR Business Partner © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 56 “ Educating school children about how to keep safe online is the best part of my job.” Julia Szymanska Corporate Social Responsibility Specialist 2 Thriving communities Creating social value wherever we do business Our commitment to social responsibility starts with the way we do business, but it doesn’t end there. We create social value through our engagement with communities, support for social causes, and the personal dedication of our employees to making the world a better place. The Executive Management team ultimately bears responsibility for ensuring that all staff have access to and are able to comply with the policies that govern our business practices and our approach to the communities in which we operate and to which we are connected. Our Code of Conduct documents these principles, and ensures that all Avast employees, contractors, and those doing business on our behalf are aware of and follow these commitments. Respect for human rights Avast deeply respects and upholds the principles of human rights in line with international standards, such as the United Nations Guiding Principles on Business and Human Rights (UNGP), the Universal Declaration of Human Rights (UDHR), and the International Labour Organization Declaration on Fundamental Principles and Rights at Work (ILO Declaration). Our commitment to human rights is reflected in our business practices, charitable outreach, and community engagement, and is documented in our Code of Conduct and related corporate policies: Suppliers’ Guidelines; Sanctions, Anti-Money Laundering and Counter Terrorist Financing Policy; Whistleblowing Policy; Avast Grievance Procedure; Avast Recruitment Policy, and Modern Slavery Policy. Transparency and anti-corruption We do not tolerate corruption or bribery in our business operations and have policies in place to disclose and mitigate all potential conflicts of interest. Our commitment to these principles is outlined in our Code of Conduct, Anti-Corruption Policy, Related Party Transactions Policy, and Conflict of Interest Policy. Avast Foundation The Avast Foundation is the primary vehicle for Avast’s charitable outreach, and Avast directly funds the Foundation’s annual operating budget. Working through partner organisations to develop and implement programmes in five strategic categories, the Foundation has been recognised as one of the most innovative and respected charitable foundations in the Czech Republic. Together until the end: focuses on implementing systemic changes in end-of-life care. Start together: empowers disabled children and supports families of disabled children to live full lives and access appropriate resources and services. Learn together: aims to improve educational systems, bringing modern and relevant practices to the classroom, and supporting Avast’s aim to cultivate the next generation of cybersecurity experts. Together with trust: works with local community organisations that are enriching people’s lives in education, sports, the arts, and more. Together with employees: extends the Foundation’s reach globally, by providing grants to charitable projects nominated by employees in any of our global offices. Members of the Avast Foundation Board of Trustees and employee representatives awarded grants totalling $227,000 to 131 organisations in 2019. In addition to these programmes, Avast directly or through the Foundation routinely supports a variety of other causes in the arts, human rights, and humanitarian efforts. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 57 “ In 2019, we expanded the Foundation’s work into new areas aligned with employee interests.” Martina Brenova Director of Programs and Development, Avast Foundation Bud Safe Online Bud Safe Online (Be Safe Online, BSO) is a non-commercial educational outreach programme aimed at children aged 9 to 13. Originally begun by Avast employees as an experimental, voluntary project, BSO has grown into a widely respected and well-recognised educational campaign across the Czech Republic. Combining Avast’s cybersecurity experts, original research into how children engage online, and the social media presence of YouTuber Jirka Kral, a popular gamer/influencer among Czech children, the campaign engaged more than 3,000 children at 22 school-based events in 2019. The BSO Instagram, Facebook, and YouTube channels, all of which publish original content about online threats and safety tips that are relevant to children and parents, have over 34, 000 total followers, while the BSO blog promotes content for parents and teachers. As the campaign has gained traction among students, it’s also been widely recognised for its creativity and impact. In 2019, BSO garnered several awards in the Czech Republic, including the Sustainable Development Goals Main Award in the Business category; third place in the 2019 Internet Effectiveness Awards in the Non-profit/ Community sector; 2019 Bronze Medal at the Czech Effie Awards; and first place at the WebTop100 Awards. Together with employees One of the key ways in which the Foundation directly engages Avast employees is through its ‘Together with employees’ programme, in which Avast employees have the unique opportunity to direct a part of the Foundation’s funding toward a cause that they support. All employees are eligible to nominate an organisation, and organisations based in any country in which Avast has an office are eligible to receive funds, including organisations which support projects overseas in countries where Avast does not operate. In 2019, 139 projects by organisations in the Czech Republic, Germany, Serbia, Slovakia, the UK, and the US were supported. Together with: Leonora Fleming, PR Manager (Redwood City, US) Leonora’s involvement with the She’s the First organisation goes back to her college days. She’s the First is a non-profit fighting gender inequality through education. It supports girls who are the first in their families to graduate high school across 11 low-income countries and trains students across 200+ campuses to be global leaders. “I’ve been involved with She’s the First since my sophomore year of college, when a group of classmates and I established the non-profit’s third college chapter shortly after its founding, holding numerous volunteer roles out of the organisation’s headquarters. “Today, STF is represented on more than 200 college and high school campuses worldwide, a true testament to the drive of its team, the success of its model, and global importance of its mission. I’ve learned so much about gender inequality through my work with this group, which directly translates to the corporate social responsibility initiatives my team is working on here at Avast (i.e. Girls Who Code partnership in Redwood City and volunteer workshops that create pathways for young women entering the male-dominated field of cybersecurity).” © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 58 “ Aligning culture to strategy is a priority at Avast, and the foundation for building high-performing teams.” Paul Yung VP Products, CCleaner Social and community engagement The Board and Executive Management team support and champion employee-led efforts to give back to their local communities. In 2019, this included a long standing tradition to raise money for the Movember Foundation in Czech Republic as well as the beginning of a new cooperation with the Demelza Children’s Hospice in London. Avast has been the most generous donor to the Czech Movember Foundation for the last four years, with 46 employees participating to raise money – including from our Board members and executives – for programmes that support men’s mental and physical health and address the serious issues of suicide and cancer. Our cooperation with Demelza Children’s Hospice began through CEO Ondrej Vlcek’s donation of his director’s fee to the UK charity, and has grown through a volunteering programme with Avast’s London-based employees. Two groups of employees participated in gardening and warehouse organisation activities to support the hospice during the autumn of 2019. Additionally, the London team changed their traditional ‘Secret Santa’ activity around the Christmas tree into a ‘Giving Tree’ opportunity where each employee picked one or more labels of items needed by Demelza for the children from the tree and purchased those items as gifts. Education Cybersecurity awareness and education are clearly critical skills for the future, and the industry needs a strong pipeline of motivated, talented young people who are ready to address the challenges of security, online safety, and privacy – both in their own lives as well as through their careers. Avast supports cybersecurity education and research, introducing young people to the cybersecurity sector through a variety of initiatives. In the UK this year, Avast participated as a principal sponsor of a new exhibition at the Science Museum, London, called ‘Top Secret: From Cyphers to Cyber Security’. This exhibition celebrated 100 years of GCHQ which was founded to establish excellence in security and, today, oversees cybersecurity. Running from 9 July 2019 through to 23 February 2020, visitors learn about the history of code breaking, security today including IoT threats, and the future of cybersecurity through quantum computing and AI enhancements. The goals of the exhibition are to educate the general public on the importance of securing their devices and homes, and to inspire people to consider a career in cybersecurity, which complement Avast’s own activities in the UK. Academic and research collaborations: advancing basic research in malware detection, AI, and IoT technologies is a priority for Avast. To that end, we cooperate closely with research and academic institutions through both direct collaboration and research funding. In 2019, we continued to work with long-time partners at Stanford, the University of California Irvine, Berkeley, and the Czech Technical University (CTU), among others. We continue to advise the University of California Irvine Cybersecurity Policy & Research Institute, and sponsored the UC Irvine high-school cybersecurity curriculum programme, aiming to educate our cybersecurity experts of the future. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 59 Our long-standing collaboration with the CTU has been extended in 2019 through the establishment of a joint laboratory between the institutions. Through the Avast AI and Cybersecurity Lab (AAICL) at CTU, Avast will fund applied research in AI and machine learning in the context of cybersecurity with a $1 million investment over five years. The AAICL is expected to deliver groundbreaking research in AI and cybersecurity, to help advance the technology behind Avast’s threat detection engine, and to serve as a model for further fruitful collaboration between industry and academia in critical research areas. Coding for kids: Avast has continued its partnership with MakeITtoday, a woman-owned Czech organisation providing coding courses for children aged 8 to 12, with subsidised courses for children of Avast employees held in the Prague and Brno offices. We have also provided a donation to subsidise courses at the International School of Prague (ISP), one of which was just for girls. Parents of participants in these ISP courses paid an additional nominal fee to MakeITtoday to support the organisation’s ability to educate students outside of ISP without the ability to pay in full. In the Czech Republic, we have a long-standing partnership with Czechitas, a woman-led non-profit offering courses for children and for women re-educating themselves to enter the IT sector mid-career. We have partnered with them to create courses, provide mentorship to students, and to create a recruitment pipeline. In the US, we run Cyber Pathways workshops in coordination with after-school programmes and clubs such as Girls Who Code, to introduce high school students to careers in cybersecurity. These events include practical challenges and hands-on hacks prepared by Avast threat experts, as well as discussion and presentations by some of Avast’s leading technical women. Our Slovak office in Zilina participated in the national Girl’s Day event, which encourages businesses, especially in the IT sector, to host young women in the offices for a day to help them learn more about what it’s really like to work within the tech industry. 3 Environmental stewardship Avast is committed to operating in an environmentally responsible manner and reducing its overall environmental impact, practice good stewardship, and mitigate any negative environmental effects that may stem from our global business operations. We have appointed Jaya Baloo, CISO, and Michal Pechoucek, CTO, as joint executive sponsors of our ESG (Environmental, Social & Governance) programme to advise us on how we can reduce our carbon footprint and help the planet. Our primary impact on the environment comes from the office facilities in which we house our employees and our data centres. Avast’s two largest offices, located in Prague and Brno, Czech Republic, are both housed within BREEAM Excellent certified buildings. These two offices hold over 50% of Avast’s employee base. Our operations in these offices are PET-free, and the buildings are equipped with waste separation, recycling programmes, light and climate control to reduce energy consumption, and in Prague, chargers for electric vehicles, with dedicated parking allotted to those employees who drive electric vehicles. With respect to our data centres, in 2019, Avast primarily used infrastructure in 12 data centres located in the US and Europe, while using some Amazon Web Services and smaller data centre capacity as needed. Of our 12 primary data centres, seven operate on green energy only. Six of these are Equinix data centres; Equinix is committed to sustainability and is a leading provider of data centre services that are run on renewable energy and green by design. We continue to identify and implement incremental changes to reduce our environmental impact. Greenhouse gas calculation The Avast operations that primarily release greenhouse gases (GHG) include electricity consumption at our leased offices and data centres in which we have owned hardware. Our 2019 data covers our leased office premises worldwide. Calculations for office space were based on known data from our offices in Prague and Brno, Czech Republic; Zilina, Banska Bystrica, Poprad and Bratislava, Slovak Republic; London and Maidenhead, UK; and Emeryville and Charlotte, US, accounting for 95% of known data. The other 5% was extrapolated as an average for each office based on the known data. Calculations for our data centres were based on actual electricity consumption for those data centres in which we have owned hardware and for which we pay directly for energy consumption and on maximum allowable consumption for data centres in which we pay for consumption up to a certain limit. Rented data centre infrastructure is considered out of scope. Calculations were made according to the Greenhouse Gas Protocol Corporate Standard, using the UK Government’s DEFRA conversion factor guidance for 2019. Scope Scope 1 Usage of fuel and operations of buildings Scope 2 2019 tCO2e 2018 tCO2e 14.5 4.0 Emissions from electricity 2,549.4 2,497.5 Total (Scope 1 and 2) Intensity ratio (tCO2e/m$ adjusted revenue) 2,564.0 2,501.5 2.94 3.02 * recalculated base on additional data obtained after reporting day. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm People and corporate social responsibility Strategic report Governance Financial statements Avast annual report 2019 60 Stakeholder engagement Avast operates in a fast-moving, complex industry, which involves engagement with a rich network of stakeholders based all around the world. The Board understands that its relationships with these stakeholders are dynamic, and that its stakeholders’ interests may change over time. In response to this, the Board keeps itself apprised of its key stakeholders’ interests through a combination of both direct and indirect engagement. The Board has regard to these interests when discharging its duties. The Board has identified its key stakeholders as its customers, shareholders, employees, suppliers, and the communities in which it operates. This section describes how the Board engages with its key stakeholders, and how it considers their interests when making its decisions. Further, it demonstrates how the Board takes into consideration the long-term impact of its decisions, and its desire to maintain a reputation for high standards of business conduct. Customers Shareholders The customer comes first Avast is a customer-centric business, which operates on the principle that the customer comes first. Customer loyalty is important to the business, and therefore the Board has particular regard to the long-term impact its decisions have on customers. Frequent feedback The Board receives regular reports from management based on market trends and customer feedback. The Board encourages the business to maintain multiple channels and methods of communication with customers to engender a meaningful and honest dialogue, including customer surveys, customer telephone support, social media, and company-run forums. Reconciling interests The Board is responsible for approving material business transactions and key strategic changes. Prior to making these decisions, the Board considers the potential impact on customers. The Board is mindful of the fact that counterparties to commercial and corporate transactions may have conflicting interests to Avast, some of which may not be beneficial to the Group’s customers. The Board considers if, and how, these divergent interests can be reconciled. If the Board is not comfortable that these issues can be addressed satisfactorily, it will not grant its approval. Equitable treatment The Board’s primary objective in exercising its duties is to promote the success of the Group for the benefit of its shareholders as a whole. The Board is mindful of treating all shareholders fairly, and this involves ensuring that decisions are made for the collective good rather than in the interest of a small number of large shareholders. Open dialogue As described in more detail on page 71, the Board spends a considerable amount of time engaging with shareholders to understand their interests and any concerns they may have. As part of this effort, the Chairman holds meetings with shareholders throughout the year, and the Board solicits feedback from the Company’s major shareholders in advance of making decisions that will materially impact the Group. A more rigorous approach The Board understands that shareholders place great importance on the Group having a robust corporate governance framework in place. The Board has developed its corporate governance practices during the year in response to the evolving needs of shareholders and to build on the framework implemented at the time of the Company’s listing in May 2018. More details of the Group’s corporate governance framework can be found on pages 68 to 73. Equally, shareholders are taking a deeper interest in the social and environmental impact of the businesses in which they invest. As discussed elsewhere in this section, the Board is committed to being a responsible corporate citizen and having a positive impact on the communities in which it operates. The Board listens to the issues that are important to its shareholders when shaping its focus on fulfilling this commitment. © 2019 Friend Studio Ltd © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm Modification Date: 25 February 2020 6:12 pm Stakeholder Engagement (including Section 172 Statement) Strategic report Governance Financial statements Avast annual report 2019 61 Employees Suppliers Communities Key to our strategy Avast’s employees are its biggest asset. Maintaining a happy and engaged workforce is key to the Board’s strategy to attract and retain top talent in the technology industry. More details on the Group’s efforts in relation to this can be found on pages 51 to 55. Taking the pulse Avast’s employees are passionate about protecting customers’ digital lives, and they truly value being consulted on the Group’s decisions. While the Board cannot directly consult with employees on all decisions it makes, it apprises itself of their opinions in a variety of different ways. Page 63 sets out in more detail how the Board engages with employees, including via its dedicated Employee Engagement Director, Pavel Baudis. Careful decision-making The Board understands that any decisions it makes may impact employees’ performance, engagement, and work satisfaction. The Board has made monitoring and developing corporate culture based on certain key values a key initiative. The Board is mindful that any decisions it makes, as well as the manner in which they are made, will inform the culture of the business. The Board seeks to lead by example in order to ensure that high standards of business conduct are maintained by its employees. Our people, page 52 An extensive supply chain Avast’s success is tied to the performance of its suppliers. From providers of software to hardware, from landlords to data centres, Avast’s supply chain plays an important part in its mission to protect the digital lives of its customers. Avast aims to build mutually beneficial and long-term relationships with its material suppliers, and the Executive Directors and other members of the Executive Management team, as appropriate, engage with material suppliers to understand any risks or matters of interest relating to the supplier arrangement. Beyond price The Board approves and implements policies based on ethical and legal minimum standards, which it requires the business to adhere to when engaging suppliers. Suppliers commit to these standards, including in relation to modern slavery, anti-bribery, anti-money laundering, privacy, and information security. More details in relation to these policies can be found on page 56. The Board recognises in implementing these policies that the most economic supplier will not always be engaged by the Group. The Board requires the Group to look beyond price as the sole factor in choosing suppliers. Key considerations also relate to whether suppliers pay their workforce a fair wage, and engage in a lawful and ethical manner. Maintaining standards The failure by a supplier to comply with the Group’s standards may result in the business relationship being terminated. During the year, the Board approved the termination of a material supplier relationship on its belief that the supplier could no longer meet the Group’s minimum standards. The Board takes into consideration the impact that its decisions will have on the wider community, including the example Avast sets as a global leader in the cybersecurity industry. The Board takes into consideration the interests of the communities it impacts through its approach to corporate taxation. The Group operates a transparent and fair tax policy, and avoids using contrived tax structures that are intended for tax avoidance, lack commercial substance, and do not meet the spirit of local or international law. Avast’s commitment to being a responsible corporate citizen was recognised by the Czech government when it was listed as being one of the top tax payers in the country during tax year 2018. It is important to the Board that the Group gives back to the communities in which it operates. The Board considers these communities when deciding how to allocate the Group’s capital, and also in determining the corporate culture it wishes to promote. As part of this, the Company funded the Avast Foundation with CZK100.0m ($4.4m) for the year ended 31 December 2019. More details on the Avast Foundation, and the CSR activities carried out during the year, can be found on page 56. The Board also takes into consideration the impact that its decisions have on the environment. The Board has agreed with Executive Management that plans will be implemented to reduce the Group’s carbon emissions, and that any emissions resulting from the Group’s activities will be offset through tree-planting initiatives. More details in relation to the Group’s carbon emissions can be found on page 59. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm Stakeholder Engagement (including Section 172 Statement) Strategic report Governance Financial statements Avast annual report 2019 62 Lenders (material supplier): the CFO engaged with the Group’s lenders prior to the Group’s decision to voluntarily pre-pay an additional $297.4m of its outstanding loan. The Group maintained a dialogue with lenders in the debt market throughout the year to keep apprised of any potential loan repricing opportunities that may be available. Customers: the Board took into consideration the interests of customers in determining the way in which the Group would seek to achieve its objectives. Listening to customers, and understanding their interests and the trends in the markets, informed the Board when making decisions about the appropriate balance between organic and inorganic growth initiatives. Below are examples of how the Board took into consideration its stakeholders’ interests when making its principal decisions. Disposal of Managed Workplace During the year, Avast sold Managed Workplace, its remote monitoring and management software business, to Barracuda Networks, a leading security, application delivery and data protection solutions provider. In considering whether to approve the transaction, the Board had regard to the interests of the business’s shareholders, customers, and employees. Shareholders: the Board believed that the transaction was in the best interest of its shareholders. The Board determined that the price paid for the business was fair, and that the resulting capital could be allocated more effectively. The Board also believed that exiting the remote monitoring and management market would allow Avast to focus on developing its core security business, something which would be beneficial to shareholders over the long term. Shareholders had shared the view that management should take appropriate action regarding low-yielding assets, and the rationale for this divestment aligned with that sentiment. Customers: the Board knew that its customers would want continuity of service following the disposal, as well as assurances that a high quality of service would be provided under new ownership. The Board was satisfied that the transition services agreement entered into between Avast and Barracuda would ensure continuity of service for a period of time following closing, and it was confident that Barracuda would be an excellent partner for the managed service providers based on discussions with Barracuda’s management about their future plans for the business. Employees: the Board understood that the employees would appreciate transparency in relation to the process, and that they would be apprehensive about the move to a new employer. Given the confidential nature of the transaction, the employees could not be informed in advance of signing a definitive agreement; however, a small number of senior employees in the business were consulted at the early stages of the transaction as a proxy for the wider workforce. Between signing and completion, Avast and Barracuda met with employees to discuss the transaction in more detail, as well as addressing any concerns they had. The Board was satisfied through this process that the employees’ interests were taken into consideration, and adequately addressed. Capital allocation The Board seeks to allocate the Group’s capital in a way which offers significant returns to shareholders in line with the Company’s dividend policy, while also ensuring that the Group retains flexibility to continue to deploy capital towards profitable growth. During the year, the Group allocated $29.9m to capex investments, $360.4m to debt repayment, $14.8m to M&A, and $127m to shareholders through dividends. In determining the appropriate balance, the Board engaged with its significant shareholders, lenders, and customers. Shareholders: members of the Board and Investor Relations met with the Group’s significant shareholders to understand their interests in, and expectations of, Avast, which the Board took into consideration when making decisions about the methods it used to achieve its growth and profitability objectives. Significant shareholders gave support to the Group’s strategy to initially prioritise debt repayment in order to bring its leverage ratio towards 2.0x, while also emphasising the need for the Group to maintain its growth investments, primarily through organic initiatives, but also supported by inorganic opportunities. More information about how the Directors have discharged their duty under Section 172 of the Companies Act 2006 is available in the Strategic report. Strategic report, pages 1 to 64 © 2019 Friend Studio Ltd © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm Modification Date: 25 February 2020 6:12 pm Stakeholder Engagement (including Section 172 Statement) Strategic report Governance Financial statements Avast annual report 2019 63 Employee engagement Employee Engagement Director Pavel Baudis, Avast co-founder and Board member, was this year appointed to the role of Employee Engagement Director. He is now personally involved in the onboarding process of new employees and hosting meetings with employees in many of our offices around the world, to increase interaction and engagement between employees and Avast management. CEO Slack channel Ondrej Vlcek, Avast’s CEO, engages with employees through a number of Slack channels. This internal social network includes dedicated channels for CEO and Company updates, and provides an accessible platform to inform employees about important decisions, events or plans, and to discuss issues or opportunities with the aim of gathering employee opinion. Employees’ voices matter The Board and Executive Management team consider Avast employees to be key stakeholders. The voice of our employees is very important and we provide multiple channels through which employees can share opinions and insights. Engagement survey Engaged employees feel strongly connected to the Company and its mission, customers, and social purpose. They put in effort above and beyond the day-to-day requirements, work diligently to advance the Company’s strategy and goals, and are committed to remaining with the Company and promoting it as an employer and a brand. Avast’s Your Voice survey tracks employee engagement year over year, providing insights into areas for improvement that will help to increase employee connection and commitment to the organisation. At the end of 2018, our engagement was 64%. Across the organisation in 2019 we undertook a number of actions in response to the survey which included refining structures within departments to better support strategic initiatives and goals, instituting reward and recognition programmes, putting in place programmes for high-potential employees, and establishing the Avast Careers programme to encourage and support internal mobility and career growth within the organisation. After a year of change, including notably the appointment of Ondrej Vlcek as CEO, and the addition of new members to the Executive Management team, Avast’s 2019 employee engagement, measured in December 2019, was 73%, a 9% increase over 2018. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm Stakeholder Engagement Strategic report Governance Financial statements Avast annual report 2019 64 This section of the strategic report constitutes the Company’s non-financial information statement. Reporting Requirements Policies & Statements which govern our approach Due Diligence & Outcomes Environmental matters Environmental, Social & Governance (ESG) programme Environmental stewardship, page 58 Employees Social matters Respect for human rights Our Values Cultural & workforce engagement, page 52-54 Social Responsibility Framework Thriving communities, page 56-59 Respect for human rights, page 56 Code of Conduct; Sanctions, Anti-Money Laundering and Counter Terrorist Financing Policy Whistleblowing Policy Avast Grievance Procedure Avast Recruitment Policy Modern Slavery Policy Anti-corruption & bribery Code of Conduct Anti-Corruption Policy, Transparency & anti-corruption, page 56 Related Party Transactions Policy Conflict of Interest Policy Business model How our business is structured Our business model, page 18 Non-financial KPIs Avast measures four non-financial areas of its business: 1. Employee engagement: We track employee engagement year over year using Avast’s Your Voice survey. This providing insights into areas for improvement that will help to raise employees’ sense of connection and commitment to the organisation. 2. Brand awareness: We conduct annual brand awareness surveys using quantitative interviews with a panel of respondents in 12 key regions including the United States and the United Kingdom, measuring prompted and unpromoted awareness. 3. Customer satisfaction: We measure customer satisfaction via net promoter score measures for Avast antivirus, AVG antivirus, Avast Business and customer service. 4. Customer churn: We calculate this by measuring the number of customers at the last year end and measuring how many from those customers are customers by the current year end. © 2019 Friend Studio Ltd File name: PeopleXXampXXCSR_v82 Modification Date: 25 February 2020 6:12 pm Strategic report approval The Strategic report on pages 1 to 64 was approved by the Board on 25 February 2020 and signed on its behalf by: Ondrej Vlcek Chief Executive Officer Non-financial information statement Strategic report Governance Financial statements Avast annual report 2019 65 Governance Board biographies Corporate governance statement Audit and Risk Committee report Nomination Committee report Directors’ remuneration report Directors’ report 66 68 74 80 84 100 © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Strategic report Governance Financial statements Avast annual report 2019 66 1 3 5 7 9 11 2 4 6 8 10 12 1 John Schwarz1 Chairman of the Board 3 Maggie Chan Jones1 Independent Non-Executive Director John Schwarz has been a member of our Board of Directors since 2011 and the Chairman since 2014. He is currently the co-founder, Chairman, and CEO of Visier, Inc., a business analytics software firm. Previously, he served on the executive board of SAP AG from 2008 to 2010, and as CEO of Business Objects S.A. from 2005 through to its acquisition by SAP in 2008. Mr Schwarz has also served as the President and COO of Symantec Corporation from 2001 to 2005. Mr Schwarz previously worked at IBM Corporation for 25 years, ultimately as the General Manager of IBM’s Industry Solutions division. Mr Schwarz has served as a Board Director at Synopsys Corporation since 2007, and at Teradata Corporation since 2010. Mr Schwarz holds degrees or diplomas from the Canadian universities of Manitoba, Toronto, and Dalhousie. 2 Pavel Baudis Non-Executive Director Pavel Baudis is one of our co-founders and has served as one of our Directors from the incorporation of AVAST Software a.s. in 2006 until 2014. In 1988, Mr Baudis wrote the original software program from which our current portfolio of security solutions was developed. Since 1991, Mr Baudis has played a leading role in the development of our business with our predecessor entity, ALWIL Software partnership. Prior to co-founding Avast, Mr Baudis was a graphics specialist at the Czech Computer Research Institute (VUMS). Mr Baudis holds an MS in Information Technology from the Prague School of Chemical Engineering. Maggie Chan Jones joined the Board of Directors in March 2019. She is a widely recognised industry thought leader in marketing and technology. Named one of the world’s most influential CMOs by Forbes, Ms Chan Jones broke new ground as the first woman to be appointed CMO at the world’s largest enterprise application software provider, SAP. She specialised in brand and cloud transformation, and held leadership roles at Level 3 Communications (now CenturyLink) and Microsoft. Ms Chan Jones founded and is currently CEO of Tenshey, a leadership development company with a mission to advance gender diversity through executive coaching. Ms Chan Jones holds an Executive MBA from Cornell University and a BS in Business Management from Binghamton University. 4 Ulf Claesson2 Independent Non-Executive Director Ulf Claesson joined the Board of Directors in October 2012. Since 2009, Mr Claesson has been a Partner at BLR & Partners AG, a private equity and advisory firm. From 2002 to 2006, he was Co-Founder and Chairman of Silverwire Group; on its acquisition by Hewlett-Packard Company, he built and ran one of HP’s product divisions. A serial tech entrepreneur, several of his startups have been acquired by HP, ESRI, Husqvarna and others. Mr Claesson is a board member of the Swiss Federal Commission for Technology and Innovation, and teaches Technology Entrepreneurship at ETH, the Swiss Federal Institute of Technology. He holds an MSc from Chalmers University of Technology. 1 Member of the Remuneration Committee and the Nomination Committee. 2 Member of the Audit and Risk Committee and Chairman of the Remuneration Committee. 3 Member of the Remuneration Committee and Chairman of the Nomination Committee. 4 Member of the Audit and Risk Committee and member of the Nomination Committee. 5 Member of the Audit and Risk Committee. 6 Chairman of the Audit and Risk Committee. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Board of Directors Strategic report Governance Financial statements Avast annual report 2019 67 5 Warren Finegold3 Senior Independent Non-Executive Director 8 Philip Marshall Chief Financial Officer Warren Finegold joined the Board of Directors in February 2015. He was formerly a member of the Vodafone Group Executive Committee where he served as Group Strategy and Business Development Director. Previously, he was a Managing Director of UBS Investment Bank, where he also held several senior positions, most recently as Head of the Technology Team in Europe. Mr Finegold has also served as an independent non-executive Director of UBM plc and Inmarsat PLC. As of 1 March 2020, Mr Finegold will take up a position as an independent non-executive Director on the Board of Ceres Power Holdings plc. He holds an MA in Philosophy, Politics and Economics from Oxford University and an MBA from the London Business School. 6 Erwin Gunst4 Independent Non-Executive Director Erwin Gunst joined the Board of Directors in October 2012. From 2008 to 2010, Mr Gunst served as COO and a member of the Executive Board of SAP AG, where he was responsible for global operations, information technology, human resources, and the management of all SAP Labs worldwide. Mr Gunst started his career in audit, finance, and controlling. He was SAP’s Managing Director in various countries and was its Regional President for EMEA before joining the SAP Board. Mr Gunst holds an MS in Commercial Engineering from the Free University (Solvay) in Brussels, Belgium. 7 Eduard Kucera Non-Executive Director Eduard Kucera, one of our co-founders, served as Chairman of the Avast Board from the incorporation of AVAST Software a.s. in 2006 until 2014. Prior to that, Dr Kucera was responsible for the activities of the predecessor entity, ALWIL Software partnership. He also served as our CEO, directing day-to- day operations that included the transition to a free software distribution model in 2002. Dr Kucera holds a PhD in Experimental Physics from the Charles University, Prague. Philip Marshall has served as the CFO and Director of Avast since February 2018. Prior to Avast, Mr Marshall served as CFO for Exova Group PLC before helping take the company back into private hands. Prior to this, Mr Marshall served as CFO for Wood Mackenzie under private equity ownership, and for General Electric (GE) for 17 years across multiple business units in both a CEO and CFO capacity. He has also served on the boards of several companies, and currently holds a supervisory board membership of Waberer’s International. Mr Marshall holds a BA in Accounting Studies from the University of West London. 9 Tamara Minick-Scokalo5 Independent Non-Executive Director Tamara Minick-Scokalo joined the Board of Directors in March 2019 and is an experienced non-executive director board member. Most recently, she was President of Growth Markets and a member of the Executive Committee at Pearson plc in London. She also co-founded high-tech unicorn Trax Retail and was CEO, then Chairman, of this category-leading, image recognition tool for shelf management. Previously, she served as President of Chocolate Europe, leading change management following the integration of the Kraft/Cadbury business. Her deep experience in consumer brands includes Elizabeth Arden, Proctor & Gamble, E&J Gallo Winery Europe, and Coca-Cola. Ms Minick-Scokalo holds a BS in Chemical Engineering from Lehigh University in Bethlehem, Pennsylvania. 10 Belinda Richards6 Independent Non-Executive Director Belinda Richards joined the Avast Board in June 2018. She is an experienced non-executive director and currently sits on the boards of Wm Morrisons Supermarkets plc, The Phoenix Group plc, The Monks Investment Trust plc, and The Schroder Japan Growth Fund plc. Prior to this, Ms Richards had a 30- year career in finance, M&A, and strategy. She served as a senior Corporate Finance Partner at Deloitte LLP, where she was a Vice Chairman of the Firm and Global Head of Merger Integration and Separation Services. She has a First Class Honours degree from the University of Kent at Canterbury, a PhD from University College London and was a Visiting Scholar at the University of California at Berkeley. 11 Lorne Somerville Independent Non-Executive Director Lorne Somerville, Managing Partner, joined CVC in 2008. Mr Somerville is Co-Head of the Strategic Opportunities Fund and is based in London. Prior to joining CVC, he worked for UBS where he was Joint Global Head of Telecommunications and Head of the European Communications Group, and formerly Swisscom AG as Head of Swisscom International. Mr Somerville serves on the Boards of eTraveli AB and Sebia SA. Mr Somerville holds an MA in Computer Sciences from the University of Cambridge and an MBA from IMD, Lausanne. 12 Ondrej Vlcek Chief Executive Officer Ondrej Vlcek was appointed CEO of Avast in July 2019. Together with his senior management team, he executes on Avast’s vision to deliver people-centric security and spearheads the Company’s product innovation programme for emerging consumer technology categories, including the Internet of Things and 5G security. Previously, Mr Vlcek was President of Avast Consumer, the largest business within the Company, and led Avast’s transformation from a traditional PC antivirus vendor to the leading provider of a full portfolio of protection, privacy, and performance products for consumers, and served as an Executive Director on the Board. Mr Vlcek was also a key member of the executive team that took the company public on the London Stock Exchange in May 2018. Formerly, he held the combined position of Executive Vice- President & General Manager, Consumer, and CTO. Mr Vlcek holds an MS in Mathematics from Czech Technical University in Prague. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Board of Directors Strategic report Governance Financial statements Avast annual report 2019 68 Corporate governance statement “ As a company which serves hundreds of millions of people around the globe, we view governance and social responsibility as key pillars in developing a successful and sustainable business.” John Schwarz Chairman Board composition In respect of the period between 1 January 2019 and the date of this report, the following persons were Directors of the Company: Matters reserved for the Board The Board has collective responsibility to its shareholders and oversees the operational management of the Group. Key areas reserved for the Board include: Name John Schwarz Ondrej VIcek Philip Marshall Warren Finegold Title Appointment Date Independent Chairman 9 May 2018 Chief Executive Officer* 9 May 2018 The Group’s strategy The Group’s corporate structure and capitalisation Approval of financial reports Chief Financial Officer 9 May 2018 Risk management Senior Independent Non-Executive Director 9 May 2018 Approval of expenditures and material transactions including mergers and acquisitions Pavel Baudis Non-Executive Director 9 May 2018 Board composition Eduard Kucera Non-Executive Director 9 May 2018 Lorne Somerville Belinda Richards Maggie Chan Jones Tamara Minick- Scokalo Ulf Claesson Erwin Gunst Independent Non-Executive Director Independent Non-Executive Director Independent Non-Executive Director Independent Non-Executive Director Independent Non-Executive Director Independent Non-Executive Director 9 May 2018 8 June 2018 13 March 2019 13 March 2019 9 May 2018 9 May 2018 Vincent Steckler Chief Executive Officer* 9 May 2018 – 30 June 2019 * Mr Steckler retired as CEO and Executive Director on 30 June 2019. Biographies of the Directors can be found on pages 66 to 67. Determining the remuneration policy for Executive Directors Oversight of governance, including approval of the Group’s applicable corporate policies Approval of equity awards to employees and executive management Board focus during 2019 Reviewed and identified Avast’s principal risks Oversaw and supported Avast’s succession planning for the Executive Management team, including the appointment of its new CEO, Ondrej VIcek Approved material transactions including mergers and acquisitions in support of the Group’s strategy Reviewed and approved the Company’s financial reports, including the payment of interim and final dividends Undertook an evaluation of the performance and effectiveness of the Board, its Committees, and its Directors Reviewed and monitored the Group’s long-term business strategy and objectives © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Strategic report Governance Financial statements Avast annual report 2019 69 UK Corporate Governance Code compliance The Company is subject to the UK Corporate Governance Code 2018 ('the Code') which is available at www.frc.org.uk. The Board is aware of the Code’s new emphasis on businesses engaging effectively with their workforce, building strong stakeholder relationships, and establishing a culture that is aligned with the Company’s purpose, values, and strategy. Throughout this report we describe how we have applied these principles and complied with the provisions of the Code. The Code requires that at least half of the Board of Directors of a UK-listed company, excluding the Chairman, comprise Non-Executive Directors determined by the Board to be independent in character and judgement, and free from relationships or circumstances which may affect, or could appear to affect, the Directors’ judgement. For the period between 1 January 2019 and 12 March 2019, the Company was not compliant with this requirement; however, following the appointment of Ms Chan Jones and Ms Minick-Scokalo on 13 March 2019, the Company is now in compliance. The Code requires companies to develop a formal policy for post-employment shareholding requirements encompassing both unvested and vested shares. We do not currently have in place post-employment guidelines for the reasons set out on page 88 of this report. The Company will continue to keep this approach under review in light of evolving market practices and shareholder sentiment. With these exceptions, the Company complied with all of the provisions of the Code for the period under review. The Code requires a company to state its reasons if it determines that a Director is independent, including where a Director participates in the Company’s share option or performance-related pay scheme. During the year, Warren Finegold, Erwin Gunst and Ulf Claesson held options over shares in the Group which were granted to them prior to the IPO under the Group’s share option plans. Notwithstanding this, the other Directors have concluded that the judgement, experience, and challenging approach of each of them should ensure that they make a significant contribution to the work of the Board and its Committees, and that independence has been maintained. The Directors all exercised their options during the year, with the effect that no Non-Executive Directors in the Company now hold options over shares in the Group. The Group has no intention to award any Non-Executive Director any new equity grants. Lorne Somerville was appointed to the Board in 2014, where he acted as the appointee Director of Sybil Holdings S.à r.l. ('Sybil') (a company controlled by funds managed by CVC Capital Partners), one of the Group’s major shareholders at the time. In September 2019, Sybil disposed of its entire shareholding in the Company. Notwithstanding this, the Board decided to ask Mr Somerville to remain as a Director of the Company, recognising the value that his deep experience could add. Following the sale of Sybil’s entire shareholding in the Company, the Board has determined that Mr Somerville is now an Independent Non-Executive Director of the Company. In coming to this conclusion, the Board considered the fact that Mr Somerville is a Managing Partner and Co-Head of the Strategic Opportunities fund at CVC Capital Partners, and the fact certain funds managed by the wider CVC group act as lenders in the Group’s debt syndicate ('CVC Debt Funds'). The Board has satisfied itself that Mr Somerville is not involved in the operation of, or otherwise interested in, the CVC Debt Funds. Given the overall size of CVC Capital Partners and its funds, and the lack of substantive nexus between Mr Somerville and the CVC Debt Funds, the Board has determined that Mr Somerville is independent for the purposes of the Code. Division of roles The roles of the Chairman and the CEO are distinct and the division of responsibility between these roles has been agreed by the Chairman, the CEO, and the Board. The Chairman is responsible for the overall effectiveness of the Board and ensuring that it meets its duties. The CEO is responsible for the Group’s day-to-day operations, the management of the Executive Management team, and for establishing the leadership for the Group. The Non-Executive Directors are responsible for scrutinising management’s performance. They constructively challenge and assist in the development of strategy, as well as ensuring that the Group’s financial reporting and it’s systems of risk management are robust, and the Group is meeting its strategic objectives. The Chairman meets with the Non-Executive Directors before or after every Board meeting with the Executive Directors present. The Chairman and CEO meet regularly to discuss operational, reputational, and organisational issues. The Chairman was independent when he became a Director of Avast Holding B.V. in 2014 and also of Avast Plc in 2018. The Chairman was deemed to be independent this year. Conflicts of interest The Company has procedures in place to review and manage any potential or actual conflicts of interests arising from Directors’ current or proposed roles, which Directors may undertake. Internal controls are in place which require Directors to notify the Company and disclose any potential or actual conflicts of interest to the Company for review. The Board has the right under the Company’s Articles of Association to waive such conflicts of interest. If a Director becomes aware that they, or any of their associated parties, have an interest in an existing or proposed transaction with the Company they are required to notify the Board. Note 36 of the Financial statements describes the related party transactions between certain Directors and the Group which have been considered and approved by the Board of Avast Holding B.V., if it was entered into prior to the IPO or the Board of the Company, if it was entered into after the IPO. The Board consider these procedures to be working effectively. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Corporate governance statement Strategic report Governance Financial statements Avast annual report 2019 70 Board operations The Chairman, supported by the Company Secretary and the Senior Independent Director, leads the Board’s functions and ensures its effectiveness. Members of the Executive Management team regularly attend Group Board meetings and support the Board’s engagement on the Group’s strategy, financial results, and business reviews. The governance structure of the Board is set out below and comprises the Board and a number of committees the Board delegates certain of its duties to: Board of Directors The Board is responsible for the long-term success of the Group. In order to deliver this, the Board directs and oversees the implementation of the Group’s strategy and objectives by way of a robust corporate governance framework. The Board discharges some of its responsibilities directly and others it delegates to its committees as described further below. Committees Audit and Risk Belinda Richards (Chair); Tamara Minick-Scokalo; Erwin Gunst*; and Ulf Claesson The Audit and Risk Committee assists the Board in reviewing the Group’s annual and half year financial statements, and internal and external audits and controls. It is also responsible for overseeing the risk management framework; scope of the annual audit and non-audit work undertaken by external auditors; and the effectiveness of the internal controls in place within the Group Nomination Warren Finegold (Chair); John Schwarz; Erwin Gunst; and Maggie Chan Jones The Nomination Committee assists the Board in reviewing the structure, size, performance, and composition of the Board. It is also responsible for reviewing succession plans for the Directors, including the Chairman and CEO, and other senior executives Remuneration Ulf Claesson (Chair); John Schwarz; Maggie Chan Jones; and Warren Finegold The Remuneration Committee recommends the Group’s policy on executive remuneration, recommends the levels of remuneration for Executive Directors, the Chairman and other senior executives, grants awards under the Group’s incentive plans, and prepares an annual remuneration report for approval by the shareholders at the Annual General Meeting * Mr Gunst was Chair of the Audit Committee from 1 January to 22 May 2019 , when Mr Gunst stepped down as Chair, and Ms Richards was appointed as the new Chair. Further details in relation to the: Audit and Risk Committee are set out on pages 74 to 79; Nomination Committee are set out on pages 80 to 83; and Remuneration Committee are set out on pages 98 to 99. The Group also has a Disclosure Committee, which is responsible for managing the disclosure of information by the Group in compliance with its obligations under the Market Abuse Regulations, the Financial Conduct Authority’s Listing Rules, and the Disclosure Guidance and Transparency Rules. The Disclosure Committee comprises the CEO, Ondrej VIcek, the CFO, Phil Marshall, as well as the Group’s Chief of Staff and Company Secretary, Director of Investor Relations, and General Counsel. The Disclosure Committee considered matters when appropriate during 2019. The Executive Management team comprises the CEO, CFO and ten other individuals who are responsible for the key operational planning and management of the Company. A full list of the Executive Management team as well as their biographies can be found on the Company’s website at investors.avast.com. In 2019, the Board held 12 meetings. The Audit and Risk and Nomination Committees held four meetings, and the Remuneration Committee held seven meetings. Meetings are generally held in London. During 2019, the Board’s meetings included reviewing the Group’s latest financial results, business unit execution, principal risks, the Group’s strategy, and its technology. The Board delegates the ordinary day-to-day operational responsibility to the Executive Management team. The Chairman and Non-Executive Directors regularly hold sessions without the attendance of the Executive Directors or other members of the Executive Management team. Additionally, the Chairman ensures that the Directors take independent professional advice where they judge it necessary in order to discharge their responsibilities. The Company Secretary is also available to provide advice for every Director. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Corporate governance statement Strategic report Governance Financial statements Avast annual report 2019 71 Shareholder engagement The Board maintains a dialogue with shareholders to help enable a mutual understanding. The Board’s primary contact with shareholders is through the Executive Directors, but the Chairman and the Non-Executive Directors also engage with and are available to major shareholders periodically and in advance of the Annual General Meeting to understand their views on the Group. Feedback is shared with the Board to help inform the Group’s strategy and governance framework. In addition to this, the Chairman and Senior Independent Director will host an event in February for ESG professionals and fund managers from institutional investment firms and proxy agencies. The purpose of the event is to more deeply engage with stakeholders on ESG matters, provide details on the Company’s position and ESG processes, and hold a Q&A session. The Group has a comprehensive investor relations (IR) programme through which the CEO, CFO, and Director of Investor Relations engage regularly with the Company’s shareholders and potential investors to discuss strategic and other issues. This includes presentations on the Group’s results and participation at various conferences hosted by brokers to ensure that a wide variety of shareholders, including those from different geographies, have access to management. Current and historical financial information, including trading statements, news releases, financial results’ presentations, and a wealth of other information regarding Avast can be found on the Investors section of the website at https://investors.avast.com. The Group makes use of webcast technology for results presentations. Avast offers all its shareholders the opportunity to register to receive shareholder communications – such as the annual report, notice of meeting and related forms of proxy – electronically. Board effectiveness and evaluation Annual Board evaluation The Board undertakes an internal evaluation of its performance and effectiveness annually, in accordance with best practice and the requirements of the Code. In keeping with last year’s process Avast engaged Lintstock, an independent external advisory firm, to assist with the FY 2019 Board evaluation. Lintstock has no other connection with Avast. Evaluation process Lintstock engaged with the Chairman and Company Secretary to set the context for the evaluation and tailor the survey content to the specific circumstances of Avast Board members were invited to complete an online survey addressing the performance of the Board and its Committees The Independent Non-Executive Directors considered, without the Chairman present, the Chairman’s performance, the results of which were discussed between the Senior Independent Director and the Chairman Board members conducted a self-evaluation on their individual performance and contribution to the Board, as well as their training requirements; the results were discussed on an independent basis with the Chairman Lintstock produced reports regarding the performance of the Board, the Committees, and the Chairman which were considered by the Board Focus areas for 2020 Better oversight of strategy that is based on a firm understanding of the markets in which the Company operates and its competitors More insight into risks facing the Company, and especially the extent to which the Company has deployed appropriate mitigations Operational improvements to Board meetings and processes, including well targeted Board materials and the right number of meetings Overall evaluation findings The Board noted improvements from last year’s Board evaluation, including continued engagement and greater interactions between the Board and senior management, as well as increased training opportunities for Board members. The Board recognised improvements can be made in the oversight of succession planning, increased diversity on the Board, and noted that risk must continue to be a primary Board priority. On the whole the performance of the Board, its Committees, and its Chairman was rated highly with progress noted in each of the development areas identified during last year’s Board evaluation. © 2019 Friend Studio Ltd File name: Governance_v101 Modification Date: 26 February 2020 6:07 pm Corporate governance statement Strategic report Governance Financial statements Avast annual report 2019 72 Annual General Meeting The Annual General Meeting (AGM) will be held on 21 May 2020. The notice of AGM will be sent to all shareholders who have requested a physical copy and can also be found on the website at investors.avast.com. The notice of AGM sets out the business to be conducted at the meeting and explanatory notes in relation to proposed resolutions. Separate resolutions are proposed in respect of any other substantive issue, other than ordinary business, which is to be considered at or on the same day as the AGM. The Directors will review specific matters raised by shareholders throughout the year and meet with investors and shareholders. The Chairs of the Committees will be available to discuss any matters which are addressed in the Chairman’s AGM statement. Key evaluation findings and Board actions for 2020 Annual Board evaluation findings Board actions for 2020 Group strategy Ensure continued focus is given to developing and executing a long-term Group strategy, with greater input from the Board to review progress and delivery of the strategy Board composition Appropriateness of the current Board composition Increase diversity on the Board Continue to provide Directors with training opportunities The Board will continue to support the CEO and engage with senior management teams to develop, review, and implement the Group strategy, and agree further developments to the long-term strategy Continued focus will be given to increasing the proportion of women on the Board, further developing relationships between Board members and the Executive Management team, and ensuring Directors receive appropriate training to address any skills gaps Risk management Ensure continued focus on risk identification and risk management The Board will continue to prioritise the identification and assessment of risks facing the Group to ensure all relevant risks are managed effectively in order to meet the Group’s strategic objectives Customer engagement Increase the Board’s engagement with customers The Board will drive the Group’s customer-centric focus and deepen its insights into the Group’s customer base with a view to broadening its understanding of the market and the evolving needs and perspectives of customers © 2019 Friend Studio Ltd File name: Governance_v101 Modification Date: 26 February 2020 6:07 pm Corporate governance statement Strategic report Governance Financial statements Avast annual report 2019 73 Board meeting attendance Board meeting John Schwarz Vincent Steckler* Ondrej VIcek Philip Marshall Pavel Baudis Eduard Kucera Lorne Somerville Warren Finegold Ulf Claesson Erwin Gunst Belinda Richards Tamara Minick-Scokalo** Maggie Chan Jones** 17 Jan 2019 28 Feb 2019 12 Mar 2019 9 April 2019 17 April 2019 22 May 2019 11 July 2019 19 July 2019 13 Aug 2019 3 Oct 2019 17 Oct 2019 20 Nov 2019 X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X * Mr Steckler resigned from the Board on 30 June 2019. ** Ms Minick-Scokalo and Ms Chan Jones were appointed to the Board on 13 March 2019. Refer to page 98 for the Remuneration Committee attendances; page 81 for the Nomination Committee attendances; and page 74 for the Audit and Risk Committee attendances. The Corporate governance statement includes the Audit and Risk Committee report, the Nomination Committee report, certain aspects of the Directors’ remuneration report, and incorporates the Takeover Directive disclosures in the Directors’ report. Stakeholder engagement disclosures can be found in the Strategic report. This Corporate governance statement was approved by the Board on 25 February 2020 and signed by order of the Board. By order of the Board Alan Rassaby Company Secretary 25 February 2020 © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Corporate governance statement Strategic report Governance Financial statements Avast annual report 2019 74 Audit and Risk Committee report “ We are committed to assisting the Board on matters of governance, risk management, and internal control practices of the Group.” Belinda Richards Chairman Introduction Dear Shareholder I am pleased to present to you the Audit and Risk Committee report for the financial year ended 31 December 2019. In this report, we provide you with an overview of the Committee’s priorities and performance during the year, in addition to details regarding the audit and risk management policies approved by the Committee for implementation throughout the Group. The Audit and Risk Committee assists the Board with the discharge of its responsibilities in relation to the Group’s financial reporting, controls, and risk management systems. The Committee reviews the Group’s annual and half-year financial statements, accounting policies and significant reporting judgements; oversees the Group’s risk management framework, evaluates the Group’s key business risks on an annual basis; and reviews the effectiveness of the Group’s internal controls, including cybersecurity controls and readiness, whistleblowing processes and fraud systems. The Committee also reviews and monitors the scope of the annual audit and its effectiveness, including the independence and objectivity of the external auditor, and provides recommendations to the Board on the appointment of external auditors. Throughout the year, the composition of the Committee underwent a number of changes, as part of which Tamara Minick-Scokalo was appointed to the Committee, and I became Chairman. I look forward to working closely together with the other members of the Committee throughout the coming year, and building on the successes we achieved in 2019. Belinda Richards Chairman Committee membership Committee member No. of meetings attended (No. of meetings convened while a member) Date of appointment Belinda Richards* (Chairman) 7 June 2018 Tamara Minick-Scokalo Ulf Claesson Erwin Gunst* 22 May 2019 10 May 2018 10 May 2018 4(4) 3(3) 4(4) 4(4) * With effect from 22 May 2019, Mr Gunst stepped down as Chair, Ms Richards, was appointed as the new Chair, and Ms Minick-Scokalo was appointed as a member of the Committee. Committee composition The Committee is chaired by Ms Richards who has significant financial experience, being a former corporate finance partner at Deloitte LLP. Ms Richards also currently sits as audit committee chair at two other FTSE 350 companies. The Committee comprises four Independent Non-Executive Directors, including the Chairman Ms Richards. As a result, the Company complies with the requirements of the Code that all members of the Audit and Risk Committee be Non-Executive Directors, independent in character and judgement, and free from any relationship or circumstance which may, could, or would be likely to, or appear to, affect their judgement, and that one such member has recent and relevant financial experience. Full biographies of the Committee’s members can be found on pages 66 to 67. From time to time, the Committee may invite others to join their meetings, where it considers their expertise and knowledge to be relevant and necessary to the subject matter under consideration. To date, this has included the CEO, CFO, Chief of Staff & Company Secretary, Vice President of Finance, Director of Internal Audit, and the Group’s General Counsel, who acts as secretary to the Committee. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Strategic report Governance Financial statements Avast annual report 2019 75 Principal activities The Committee sets an annual forward agenda based on the scope of its responsibilities under its terms of reference. In addition, the Committee considers any other relevant ad-hoc matters which require its review. During 2019, the Committee afforded particular focus to the following matters: Assessing and overseeing the Group’s risk management framework Evaluating the Company’s key business risks Reviewing the risk ratings assigned to the individual risks within the Group Assessing the internal controls and risk management of the Group, including reviewing and monitoring the Group’s account reconciliation processes, revenue recognition, and security policies, including plans to further bolster order to cash (OTC) controls and implementing an automated reconciliation and tracking system Reviewing and approving the 2018 and 2019 full-year financial results of the Group for public release Evaluating the external auditor’s independence and objectivity, and the effectiveness of the audit process Reviewing and approving the Group’s external audit and tax advisory fees for 2019 and 2020 Reviewing the 2019 half-year results of the Group, and approving changes to the viability statement of the Group Overseeing the consolidation of the Company’s US tax group Reviewing significant accounting judgements Considering the EU Commission’s proposals on the taxation of the digital economy and reviewing digital tax proposals in EU member states Assessing the potential Brexit impacts and key risks to the Company Reviewing the 2018 and 2019 audit reports, together with the Group’s external auditor Reviewing the Company’s dividend policy and proposed dividend distribution Significant issues relating to the accounts The issues considered by the Committee that are deemed to be significant to the Group’s accounts are set out below: Revenue recognition The Group transitioned to the IFRS 15 revenue recognition standard from 1 January 2018 and consistently applied its revenue recognition policy during 2019. No significant accounting judgements relating to revenue recognition were made in 2019. The revenue recognition policies of the Group are described in Note 2. Having provided appropriate challenge to management and the external auditors, the Committee has concluded that the revenue recognition for the Group is appropriate, and the Group’s revenue recognition policy has been applied consistently. Income and deferred taxes The Group operates in multiple tax jurisdictions and entered into multiple significant transactions pre- and post-IPO. The Group reported deferred tax assets of $167.6m as at 31 December 2019 (Note 13), primarily as a result of transfers of intellectual property within the Group in 2018 and unused tax losses in the US. The deferred tax recognised as a result of the intragroup IP transfer will be recovered as a tax deduction from Avast’s Czech entity, Avast Software s.r.o., over a period of 15 years. The carrying value of the deferred tax asset in relation to the IP transfer as at 31 December 2019 is $122.9m, as described in Note 13. Avast Software s.r.o. has reported substantial taxable income in the Czech Republic in both the preceding and current financial year. From the forecasted results, it is likely that future taxable profits will allow benefits of the recognised deferred tax asset to be fully utilised in the future. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Audit and Risk Committee report Strategic report Governance Financial statements Avast annual report 2019 76 Internal controls The Board is responsible for the Company’s risk management and internal control systems. The Committee is responsible for monitoring and keeping under review the adequacy and effectiveness of these systems. The Group maintains risk management and internal control systems and processes which accord with the FRC's Guidance on Risk Management, Internal Control and Related Financial and Business Reporting, and these remained in place from 1 January 2019 up to the date of this report. The Committee is satisfied that there are no significant weaknesses in these systems and that the Group’s internal controls are operating effectively. Internal controls relating to financial reporting form an integral part of the Group’s corporate governance and enterprise risk management policy. The Group’s internal controls over financial reporting are in line with the COSO framework for internal controls. The internal controls processes of the Group are based on the following five key principles: control environment, risk assessment, control activities, information and communication, and monitoring, each of which is explained in more detail below. It is a process designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. The Group recognised a deferred tax asset of $45.6m as at 31 December 2019, arising from unused tax losses in the US, mainly as a result of deductions from stock option exercises. In accordance with US tax laws, deferred tax assets fully recognised as tax losses and generated after January 2018 can be carried forward indefinitely. As such, the Group assesses that future taxable profits will be sufficient to recover the full amount of allowable tax deductions. The Committee and the Group’s external auditors reviewed the appropriateness of significant decisions made by the Group regarding the recognition and measurement of the deferred tax assets. In addition, the Committee also reviewed the Group’s assessment of the potential impact of the EU Commission’s proposals on the taxation of the digital economy and similar proposals by individual member states, in particular, the Czech Republic and France. Financial Reporting Council feedback on the annual report On 17 September 2019, the Group received a letter from the Financial Reporting Council (FRC) in relation to the independent review of the Group’s annual report for the year ended 31 December 2018, requesting further details on term loans and deferred taxes. The FRC required no changes be made to the accounting treatment, but recommended disclosures on term loans and deferred taxes and other minor areas be improved. The Committee accepted the FRC’s recommendations and these are reflected in this annual report. The FRC performed its review in accordance with Part 2 of the Committee’s operating procedures. The scope of the FRC’s review is based solely on the annual report and the financial statements, and not on the bases of detailed knowledge of a company’s business or an understanding of the underlying transactions entered into by the Company. It is, however, conducted by those who have an understanding of the relevant accounting and reporting requirements. Impairment of goodwill and intangibles At each reporting date, the Group assesses whether there is an indication that an asset may be impaired. Management has provided the Committee with the results of the annual goodwill and intangible assets impairment analysis for 2019. The analysis indicates that the assets were not impaired and no reasonable change in input factors has resulted in an impairment. Having provided appropriate challenge to management and the external auditors, the Committee has concluded that the result of analysis is appropriate and there is no impairment of either goodwill or intangible assets as of 31 December 2019. Leases (IFRS 16) The Group adopted IFRS 16 on 1 January 2019. The Group recognised a right of use (ROU) asset and a corresponding financial liability to the lessor based on the present value of future lease payments. In the consolidated statement of profit or loss, IFRS 16 replaces the straight-line operating lease expense by amortisation of the ROU asset (included within operating costs) and an interest expense on the lease liability (included within finance costs). The Committee and the Group’s external auditors reviewed the adoption of IFRS 16 and subsequent lease accounting, including accounting judgements made by the Group, namely discount rates applied and the treatment of lease extension options, and concluded that lease accounting was appropriately adopted in accordance with IFRS 16. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Audit and Risk Committee report Strategic report Governance Financial statements Avast annual report 2019 77 Internal Audit The primary purpose of the Group’s Internal Audit function is to enhance and protect organisational value by providing an independent, objective assurance and consulting activity designed to add value and improve the Group’s operations, control, and governance processes. In order to ensure independence, the Internal Audit function has a reporting line to the Audit and Risk Committee. The Committee reviewed, and approved the internal audit plan for the year ending 31 December 2019, which was created using a risk-based approach. In 2019, Internal Audit focused on validating the effectiveness of the internal control framework, monitoring activities within the Group, including the account reconciliation process, controls over revenue, payroll, and travel and expense processes, and mitigating identified operational and compliance risks. Whistleblowing Policy The Group has in place a Whistleblowing Policy, which enables employees to report any concerns relating to misconduct and serious breaches of Avast policy or ethical guidelines without fear of retribution. The Group has established a dedicated hotline and email address to handle all such reports. Ethical questions or concerns raised by employees are investigated and all findings and remedial actions are reported in detail in periodic reports prepared for and reviewed by the Committee. COSO framework Control environment The Group’s control environment serves as a foundation for its internal control process. Management at all levels is responsible for ensuring that the Group, and its employees, comply with the Group’s internal policies, including its Code of Conduct and other internal policies relating to, among others, financial processes, human resources, legal, information security, and IT. The financial shared services of the Group support harmonised and standardised financial accounting processes and controls. Risk assessment The Group takes a risk-based approach towards internal controls. During the year, the Committee, on behalf of the Board, carried out an assessment of the principal risks facing the Group, including those that would threaten its business model, future performance, solvency, and liquidity. A description of the principal risks facing the Group and how these were reviewed to assess the Group’s viability can be found on page 50. Control activities Control activities are designed to prevent or detect material misstatements in the financial statements and reporting. To manage these risks, the Group has established control activities. Key processes in relation to control activities, including related risks and key controls, have been implemented and documented in the Group’s internal control framework. Information and communication Internal policies and directions, including requirements relating to the implementation of internal controls as well as accounting and reporting, are communicated to all relevant employees through internal communication channels such as the intranet, training sessions, and email. Monitoring The Group implemented a process for the monitoring of the performance of internal control activities through periodic control self-certification and compliance reviews by the internal audit function. The Group maintains an ongoing and transparent dialogue with its employees regarding internal controls and the performance of control activities. Control owners are encouraged to disclose any issues related to the performance of control activities in order to ensure that any issues in the process can be addressed in their infancy. The Committee receives reports directly from both external and internal auditors. The reports are considered and discussed in detail by the Committee in meetings at which both the external and internal auditors are present. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Audit and Risk Committee report Strategic report Governance Financial statements Avast annual report 2019 78 Financial reporting – internal controls and risk management The Group’s internal controls over financial reporting are designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of published financial statements in accordance with the relevant applicable laws and procedures and pursuant to the requirements of the Code. The key elements of the control environment, in addition to the risk management processes outlined on pages 48 to 50 of this report, are: A clear schedule of matters which require approval at Board level A policy in relation to delegation of authority and the limitations which apply Comprehensive annual budgets prepared for the Group, and individual business units Ongoing monitoring of the performance of the Group, and individual business units, against budgets with reports given to the Board on a regular basis Internal audit assessments, both with respect to financial matters and business matters, discussed with management and the Committee together with corrective actions agreed and monitored A centralised financial reporting system and close process, with controls and reconciliation procedures designed to facilitate the production of the consolidated accounts Assessment of accounting standard changes with both the external auditor and the Committee Documented policies made widely available to employees in relation to anti-bribery and corruption, anti-money laundering, export controls, and whistleblowing An ongoing review of the principal risks which face the Group, in addition to the assessment undertaken by the Committee in preparing the viability statement Regular reports in relation to finance, tax, and treasury given to the Committee Effectiveness of internal control and risk management During the year, the Committee, on behalf of the Board, reviewed the effectiveness of the internal control and risk management systems of the Group, and reported its conclusions to the Board. The Committee believes that the risk management processes and internal controls of the Group are effective. In coming to this conclusion, the Committee considered a number of factors, including: Management’s self-certification of the Group’s internal controls and risk management systems, including against the 2013 COSO Framework, as monitored by the Committee Approved audit plan for the year ended 31 December 2019 relating to financial, control, business, and operational audits Work carried out by the internal and external audit function during the year ended 31 December 2019, including an assessment of the functional personnel and the annual internal audit work plan Reports it received from, and meetings it held with, the Group’s internal and external auditors Business updates provided by management in relation to work carried out by external advisers with respect to security and regulatory matters Detailed assessment of the risk ratings assigned to the individual risks within the business Measures the Group has in place to mitigate the principal risks it faces (more details of which can be found on pages 49 to 50) The Committee is satisfied that there is an ongoing process for identifying, evaluating, and managing the principal risks faced by the Group. The systems in place are regularly reviewed by the Committee. During the year, the Internal Audit Director reported to the Committee on areas where it had carried out key control reviews, including the Group’s account reconciliations and security policies. The Board is satisfied that there are no significant weaknesses in these systems and that the Group’s internal controls are operating effectively. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Audit and Risk Committee report Strategic report Governance Financial statements Avast annual report 2019 79 External auditor The Committee makes recommendations to the Board on the appointment, remuneration, and removal of the Group’s external auditor. In accordance with the mandatory re-tendering rules implemented by the UK Competition and Markets Authority, at least once every ten years the audit services contract will be put out to tender to enable the Committee to compare the quality and effectiveness of the services provided by the incumbent auditor with those of other audit firms. The Committee oversees and supervises any competitive tender process undertaken by the Group for the provision of external audit services. The last tender of audit services was undertaken in 2016, with the next tender due in 2026. Ernst & Young LLP was appointed as external auditor of the Company on 23 May 2019 for the year ended 31 December 2019, following its reappointment at the Company’s 2019 AGM. Prior to this, Ernst & Young s.r.o. acted as external auditor to the underlying group since the year ending 31 December 2007. The Company was in compliance with the Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Processes and Audit Committee Responsibilities) Order 2014 during the year. The Committee safeguards the independence and objectivity of the external auditor in a number of ways, including through an annual review of the auditors’ independence and by monitoring that no conflicting non-audit services are provided. Non-audit services In order to ensure the ongoing independence of the external auditor, the Group maintains a Non-Audit Services Policy which defines the rules under which the Group can use the external auditor for non-audit services. The Group’s procedures for procuring non-audit services from external sources specifically prohibit Ernst & Young LLP from undertaking certain types of services. The external auditors may perform certain non-audit services for the Group which are not prohibited. Any such non-audit services require pre-approval by the Audit and Risk Committee, must be in the best interests of the Company, and are only permitted to the extent allowed by relevant laws and regulations. The Policy complies with the FRC’s guidelines on the 2018 UK Corporate Governance Code and Ethical Standards. During the financial year, with the exception of the half-year review, no non-audit services were provided by the external auditor on behalf of the Group. The ratio of fees for audit:non-audit services provided during 2019 was 10:1. Refer to Note 7 for further details regarding the Group’s audit and non-audit fees. Effectiveness of external auditors The Committee reviewed the effectiveness of the external auditor for the financial year ended 31 December 2019. The Committee considered a number of factors when undertaking this assessment, including: The independence and objectivity of the external auditor The external auditor’s qualifications, expertise, and resources, and the effectiveness of the audit process Its meetings and discussions with the external auditor, including in relation to the auditor’s findings and reports on the annual audit and interim review, and the quality of the auditor’s work in relation to financial judgements made The tenure of the external auditor, and whether it would be appropriate to put the audit services contract out to tender The transparency reports of the external auditor for 2019 Upon completion of its review of the effectiveness of the external auditor, the Committee recommended to the Board that a resolution to reappoint Ernst & Young LLP be proposed at the next AGM. Performance evaluation The Audit and Risk Committee’s effectiveness for 2019 was considered as part of the annual Board evaluation process. The performance of the Committee was evaluated in accordance with the process set out on page 71. The specific areas assessed were: Internal and external audit Internal controls relating to financial reporting Control environment processes Risk management systems Overall, the Committee’s performance was rated highly. It was noted that it would be beneficial for the Board to be updated more regularly on the work carried out by the Committee in relation to its review of the risks facing the Group. The Committee has reflected on the findings of the report, together with the suggestions offered in relation to how the Committee can operate more effectively. By order of the Board Belinda Richards Chairman 25 February 2020 © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Audit and Risk Committee report Strategic report Governance Financial statements Avast annual report 2019 80 Nomination Committee report “ Our mission is to ensure that we have an experienced, diverse and appropriately skilled leadership team at Board and management level.” Warren Finegold Chairman Introduction Dear Shareholder I am pleased to introduce our Nomination Committee report for the financial year ended 31 December 2019. In this report, we provide you with an overview of the Committee’s responsibilities and performance during the year. The Committee is responsible for assisting the Board in evaluating the structure, size, performance, and composition of the Board and its Committees, and more broadly reviewing succession plans at Board Director and senior management level. The Committee is focused on ensuring that the Board comprises individuals with the requisite independence, knowledge, skills, diversity, and experience to discharge its responsibilities effectively. As part of this, the Committee’s decisions relating to the appointment of Directors follows a formal appointment and induction process. During the year, the Committee oversaw a number of changes to the Board, its Committees, and the Executive Management team, details of which are further described in the report below. Looking ahead, the Board is committed to having a diverse and inclusive leadership team and the Committee will continue to appoint on merit while maintaining its focus on succession planning, talent management, and increasing diversity on the Board. Warren Finegold Chairman Principal activities The Committee sets an annual forward agenda based on the scope of its responsibilities under its terms of reference. In addition, the Committee considers any other relevant ad-hoc matters which require its review. During the year, the Committee paid particular attention to the following matters: Recruitment of new Non-Executive Directors to the Board Succession plans for the Board and members of the Executive Management team Tenure of the current Chairman Appointment of a new CEO Reorganisation of the Committees Appointment of a Director responsible for workforce engagement Monitoring compliance with corporate culture Annual Board evaluation © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Strategic report Governance Financial statements Avast annual report 2019 81 Committee membership Committee member Number of meetings attended (No. of meetings convened while a member) Date of appointment Warren Finegold (Chairman) 10 May 2018 John Schwarz Erwin Gunst Maggie Chan Jones* Belinda Richards* 10 May 2018 10 May 2018 22 May 2019 7 June 2018 – 22 May 2019 4(4) 4(4) 4(4) 3(3) 1(1) * With effect from 22 May 2019, Ms Richards, Independent Non-Executive Director of the Company stepped down from the Committee and Ms Chan Jones was appointed as a member of the Committee. Committee composition The Committee is chaired by Warren Finegold, the Senior Independent Non-Executive Director of the Company, and comprises three other Non-Executive Directors. Full biographies of the Committee’s members can be found on pages 66 to 67. The Group’s General Counsel is secretary to the Committee. From time to time, the Committee may invite others to join the meetings, where it considers their expertise and knowledge to be relevant and necessary to the subject matter under consideration. During the year, this included the CEO, and Chief of Staff & Company Secretary. The Company complies with the requirements of the Code that a majority of the Nomination Committee be Non-Executive Directors, independent in character and judgement, and free from any relationship or circumstance which may, could, or would be likely to, or appear to, affect their judgement. Succession planning Succession planning is carried out with a view to strengthening the Company’s organisational capabilities and ensuring our Board and Executive Management team possess the requisite skills, experience, and diversity. As part of our succession planning, the Company reviews the risk rating of the senior executives on an annual basis and discusses the succession plans for each of them. The successors are given a readiness status and their development is discussed. The Company seeks to promote from within the Group, where possible, and recruit externally if required, in order to ensure the best candidates are retained. Throughout the year, the composition of the Executive Management team underwent a number of changes, as further set out below Search and appointment of new CEO Following a succession planning process, with assistance from executive search firm Russell Reynolds (a signatory to the Voluntary Code of Conduct for Executive Search Firms, which also assisted the Company in the appointment of its Independent Non-Executive Directors), the Committee oversaw the search and appointment of Ondrej VIcek as successor to Vince Steckler. Mr VIcek was unanimously elected and appointed by the Board, with effect from 1 July 2019, following an extensive assessment undertaken by the Committee which included the evaluation of both internal and external candidates. Mr VIcek has more than 20 years of experience with the Group leading its technology transformation from a traditional PC antivirus vendor to a leading global provider of AI-based security solutions. Prior to his appointment as CEO, Mr VIcek served as President of the Consumer Business, was an Executive Director on the Board, and was part of the Executive Management team that took the Company public on the London Stock Exchange in May 2018. Appointment of senior executives The Company welcomed a number of senior executives in various roles throughout the latter half of 2019, and the beginning of 2020. Michal Pechoucek joined the Group as CTO in September 2019. Mr Pechoucek leads the core technology and R&D teams. He is also responsible for the Group’s scientific research in the fields of AI, machine learning, and cybersecurity, and brings a wealth of experience and knowledge in those fields to the Group. In October 2019, we welcomed Jaya Baloo as CISO. Ms Baloo is recognised within the list of top 100 CISOs globally and ranks among the top 100 security influencers worldwide. In 2019, she was selected as one of the 50 most inspiring women in the Netherlands by Inspiring Fifty, a non-profit which aims to raise diversity in technology. Ms Baloo has significant experience in the information security industry, with a particular focus on secure network architecture. Ms Baloo sits on a number of advisory boards and is a member of EU Quantum. In January 2020, Julio Bezerra joined the Group as Chief Strategy and Transformation Officer. Mr Bezerra is responsible for developing, communicating, and executing the Company’s strategy, including leading major transformation projects, corporate development, and M&A transactions. Mr Bezerra has significant experience in fast-moving technology, consumer markets, and change management. In February 2020, we welcomed Rebecca Grattan as Chief People and Culture Officer. Ms Grattan is responsible for the human resources and facilities functions within the Group. Ms Grattan brings extensive global HR experience and has a particular interest in creating organisational climates where people thrive and where underrepresented groups can be supported to achieve their potential. Throughout her career, she has championed programmes to highlight and tackle gender, LGBTQ+, mental health, and wellbeing and has been involved in a range of women in tech initiatives. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Nomination Committee report Strategic report Governance Financial statements Avast annual report 2019 82 Appointment of Independent Non-Executive Directors As part of its succession planning, the Board, and specifically the Committee encouraged the emergence and consideration of female appointees to the Board. With assistance from executive search firm Russell Reynolds, we were fortunate to identify two outstanding female Non-Executive Directors, Ms Maggie Chan Jones and Ms Tamara Minick-Scokalo, who were appointed to the Board. Ms Chan Jones brings extensive experience in the US technology sector, while Ms Minick- Scokalo brings deep experience in the consumer sector. Independent Directors The Code recommends that at least half of the board of directors of a UK-listed company, excluding the Chairman, comprise non-executive directors determined by the board to be independent in character and judgement, and free from relationships or circumstances which may affect, or could appear to affect, the directors’ judgement. Eight out of 12 Directors are independent following the appointment of Ms Chan Jones and Ms Minick-Scokalo. Further details on the classification of Directors are included in the Corporate governance statement on page 69. As a result, the Company is compliant with the requirement of the Code. Board appointments Pursuant to the requirements of the Code, prior to being appointed to the Board, the commitments of Non-Executive Directors are assessed. Upon appointment, Directors are required to allocate sufficient time to the Company in order to discharge their responsibilities effectively and meet the expectations of their role. Internal controls are in place which require Directors to notify the Board before accepting any additional commitments which may affect this. Reorganisation of Committees During the year, the Committee oversaw a number of changes to the composition of the Audit and Risk, Remuneration and Nomination Committees, which are further described below. Audit and Risk Committee Ms Belinda Richards was appointed Chair of the Audit and Risk Committee, replacing Mr Erwin Gunst. Ms Richards has significant financial experience being a former senior corporate finance partner at Deloitte LLP. Ms Richards also currently sits as audit committee chair at two FTSE 350 companies. Ms Minick-Scokalo was also appointed as a member of the Audit and Risk Committee and her extensive international experience in fast-moving consumer goods and change management means she is well placed to assist the Committee in monitoring and assessing the effectiveness of the Company’s internal controls and risk management processes. Nomination Committee Ms Chan Jones was appointed as a member of the Nomination Committee. Due to her appointment as Chair of the Audit and Risk Committee, Ms Richards stepped down as a member of the Nomination Committee. Ms Chan Jones brings a fresh and varied perspective to the Committees due to her significant experience in technology, particularly in brand and cloud transformation, and to her professional role in advancing gender diversity through executive coaching. Remuneration Committee Ms Chan Jones was also appointed as a member of the Remuneration Committee. Evaluation of the Board’s structure, size, performance, and composition The performance of the Nomination Committee for 2019 was evaluated in accordance with the process set out on page 71. The specific areas assessed were: Composition of the Board Selection and appointment of new Directors Succession planning for Executives and Non-Executives The performance of the Committee in selecting and appointing new Directors was rated highly, and its review of Board composition and succession planning for Non-Executives were rated positively overall. It was noted that greater visibility around succession planning and Board composition could serve to improve operations of the Committee. The Committee has reflected on the findings of the report, together with the suggestions offered in relation to how the Committee can operate more effectively. Diversity Policy The Board is committed to increasing diversity among gender, race, culture, education, skills, and experience. The Board currently comprises members from six different nationalities, with experience across a diverse range of disciplines and industries. The Board seeks leaders who embrace the Group’s culture and values, and believes that, in order to provide effective strategic leadership, the Board must comprise individuals with a broad and diverse range of perspectives, along with the requisite skills, knowledge, and experience. © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Nomination Committee report Strategic report Governance Financial statements Avast annual report 2019 83 The Board, and specifically the Committee, require that all lists of candidates for new Board positions include a diverse set of candidates. As of the date of this report, the proportion of women on the Board is 25%. The Board is mindful of the recommendations set out in the Hampton-Alexander Review and the Board remains committed to reaching its minimum 33% target for female representation on the Board. The Board's strategy for achieving diversity on the Board during 2020 and beyond includes increasing the proportion of women on the Board through the natural attrition of existing male Directors. In 2019, the representation of women on the combined executive management committee and their direct reports was 26.4%. This decreased to 24.1% following the departure of CMO, Robin Selden from the Group on 29 November 2019; however, it increased back to 26.4% following Rebecca Grattan, the Group’s new Chief HR Officer, joining the Group on 1 February 2020. The Board is committed to increasing the representation of women in executive management and improving diversity in an industry which is traditionally very male dominated. Further details are set out on pages 54 to 55. Company culture The CEO is leading a culture initiative, as further set out in the Strategic report. The culture initiative is still in development and wider employee consultation is currently being undertaken to ensure the Company engages more effectively on culture in 2020. This will include development of the Avast Culture Book, which incorporates the Company’s mission statement, values, and behaviours. The Board has delegated the responsibility of measuring compliance with the Group’s culture initiative to the Nomination Committee. John Schwarz’s tenure as Chairman The Code introduced a new rule, effective as of 1 January 2019, which provides that the Chair of a FTSE 350 company should not remain in the post beyond nine years from the date of their first appointment to the board. The Code allows for a limited extension beyond this period where the Chair has been a Non-Executive Director for a significant amount of time prior to becoming Chair, and their continued appointment supports the company’s succession plan and diversity policy. The Company’s Chairman, John Schwarz, will have been on the Board for nine years as of December 2020. Mr Schwarz was a Non-Executive Director from 2011 prior to his appointment as Chair in 2014. The Company’s preference is that Mr Schwarz remains as Chairman beyond 2020 for a limited time. With the recent change in CEO, and the introduction of new Board members this year, Mr Schwarz’s continuation as Chairman will provide much needed stability and continuity. The Company plans to consult with its largest institutional shareholders in Q1 2020 to explain the rationale for the proposed extension and to obtain their feedback. By order of the Board Warren Finegold Chairman 25 February 2020 © 2019 Friend Studio Ltd File name: Governance_v100 Modification Date: 25 February 2020 6:43 pm Nomination Committee report Strategic report Governance Financial statements Avast annual report 2019 84 Directors’ remuneration report Structure Chair’s letter Annual remuneration report for 2019 Summary of Remuneration Policy and implementation for 2020 Directors’ remuneration for 2019 Directors’ shareholdings Remuneration Committee overview 84 85 85 90 95 98 “ We are pleased that our Directors’ Remuneration Policy was approved by nearly 95% of our shareholders at the AGM during the year.” Mr Ulf Claesson Chair of the Remuneration Committee Remuneration Committee Chair’s letter Dear Shareholder Welcome to our second Directors’ remuneration report published since the Company listed on the London Stock Exchange in May 2018. At our first AGM on 23 May 2019, the Committee put forward our Directors’ remuneration Policy for shareholder vote. I am pleased to report that this Policy was supported by 94.7% of our shareholders. Our Directors’ Remuneration Policy has been designed to incorporate the best practice features of the typical UK pay model while setting reward levels, particularly long-term incentive opportunities, at a level that recognises that we source talent in a global market and in particular from the US where pay models are different to the UK. Remuneration arrangements for the CEO As disclosed in last year’s report, Mr Vincent Steckler stepped down from the board and as CEO on 30 June 2019 and Mr Ondrej Vlcek took over as CEO from 1 July 2019. On 2 July 2019, we announced that Mr Ondrej Vlcek had notified the Board of his intention to indefinitely waive his annual salary and bonus (not including the portion related to his Board fee) for a nominal annual salary of $1. He also notified the Board of his decision to donate 100% of his Board Directors’ fee ($100,000 per annum) to charity. These arrangements are in effect from 1 July 2019. He will continue to receive an annual LTIP award, calculated as a multiple of his (waived) base salary. The Board reviewed and accepted Mr Ondrej Vlcek’s proposal to waive his annual salary and annual bonus, and is satisfied that he continues to be appropriately incentivised through existing long-term equity-based incentive arrangements and through his 2% shareholding in Avast. Implementation of remuneration arrangements for 2020 Other than the changes outlined for the CEO, it is intended that during 2020 remuneration arrangements will continue to be implemented in line with our published remuneration policy. There are no changes to our annual bonus and LTIP award levels. Annual bonuses for 2020 will be based on revenue (35%), unlevered free cash flow (35%), customer satisfaction (15%) and strategic KPIs (15%) with LTIP awards being based on revenue and EPS growth. The Committee reviewed base salaries with effect from 1 April 2020 and decided that no increase would be awarded to the CFO at this time and his salary will remain at $600,000. The CEO’s ‘headline’ salary on which his LTIP award level is based will remain at $700,000. UK Corporate Governance Code The Committee continues to learn from and adopt new developments in corporate governance and best practices, in the UK and globally. Pay outcomes for 2019 2019 was a successful year for Avast as we continue to execute our growth strategy delivering both revenue and profit growth during the year. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Strategic report Governance Financial statements Avast annual report 2019 85 The annual bonus for 2019 was based on adjusted revenue, unlevered free cash flow, and strategic measures. Organic revenue grew by 9.1%. Performance against the adjusted revenue plan was above the target. Unlevered free cash flow grew by 7.9% and was just above target performance. This resulted in a bonus payout of 52.7% of maximum in respect of the adjusted revenue component (37.5% weight), and 54.3% of maximum in respect of the unlevered free cash flow component (37.5% weight). The Committee reviewed individual performance carefully against the strategic KPIs set for each Executive Director, and awarded the Executive Directors as a percentage of target (25% weight) relative to the performance component: i) Mr Philip Marshall as CFO – 26.7% and Mr Ondrej Vlcek as President Consumer – 23.7%. Further details are set out on page 92. The Committee determined that this outcome was appropriate in the context of underlying performance and the experience of shareholders and other stakeholders during the period and no discretion was therefore exercised. Other Board changes During the year Ms Maggie Chan Jones and Ms Tamara Minick-Scokalo joined the Board as non-executive directors. I am pleased to welcome Ms Chan Jones as a member of the Remuneration Committee. This Directors’ remuneration report will be submitted to shareholders for an advisory vote at the AGM on 21 May 2020 and I look forward to our ongoing dialogue on this important topic. By order of the Board Mr Ulf Claesson Chair of the Remuneration Committee Annual remuneration report 2019 The annual remuneration report that follows has been prepared in accordance with the provisions of the 2018 UK Corporate Governance Code (‘the Code’), the Listing Rules, the Large and Medium-sized Companies and Groups (Accounts and Reports) (Amendment) Regulations 2013, and the Companies Act 2006. It will be subject to an advisory shareholder vote at the 2019 AGM on 21 May 2020. Summary of key elements of Remuneration Policy and implementation for 2020 Our Remuneration Policy for Directors (‘the Policy’) was put to shareholders for approval at the AGM on 23 May 2019 and applies to payments made from this date. The following provides a summary of the Policy along with details of how the Policy will be implemented during 2020. No changes to the Policy are being proposed at this point. For full details of the Policy approved by shareholders please refer to the 2018 annual report and accounts which can be found on our website under the investor section (investors.avast.com/investors/ results-reports-and-presentations/). The Group’s overall philosophy on remuneration is based on the approach that remuneration should be simple while being clearly linked to the performance and behaviour of the individual, business results, and shareholder outcomes. This approach to remuneration, which cascades down through the organisation, is designed to: reward achievement of short and long-term financial objectives and support delivery of the business strategy and sustainable long-term returns to shareholders; provide competitive, transparent, and fair rewards; and align the interests of employees and shareholders through appropriate levels of employee share ownership. Reward levels are set to attract, retain, and engage high- calibre talent to support the business strategy while being aligned with our culture, purpose, and values. The Group’s remuneration policy is regularly assessed against market practice in the countries where we compete for talent as well as against internal practice to ensure it remains appropriate. A significant proportion of potential total reward for our Executive Directors is performance-related, aligning pay with business success. Award levels are capped with payout linked to performance against a limited number of measures which are well linked to our strategy. The high performance hurdles that we set ourselves ensure that the reward received by the executives through the incentive plans aligns with shareholder outcomes while taking into account our overall risk appetite. The Committee retains the discretion to adjust payouts where this is considered appropriate. Furthermore, our Remuneration Policy and the long-term nature of our incentive plans promote sustainable financial performance and ensure appropriate safeguards are in place to avoid rewarding failure (such as malus and clawback provisions, shareholding guidelines, and holding periods). © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 86 BASE SALARY Overview Base salary levels are determined by the Committee, taking into account the role, responsibilities, performance, and experience of the individual, market data for comparable roles in the global market, and pay and employment conditions elsewhere in the Group. Salaries are typically reviewed annually, with any changes normally taking effect from 1 April each year. Maximum opportunity While there is no maximum salary level or maximum increase that may be offered, salary increases will normally be in line with typical increases awarded to other employees in the Group. Performance measures n/a BENEFITS Overview Benefits currently include private health cover (for the individual and family members), life insurance, flexible benefit scheme, and car allowance. Maximum opportunity There is no maximum limit on the value of the benefits provided but the Committee monitors the total cost of the benefit provision. Executive Directors can access Avast products and are eligible to participate in any all-employee share plans on the same terms as offered to other employees. Performance measures n/a PENSION Overview Executive Directors do not currently participate in pension arrangements in line with practice for other employees. If the Company were to introduce pension arrangements or similar for other employees in the Group then Executive Directors may be provided with a pension or pension allowance at the same rate as other employees. Maximum opportunity n/a Performance measures n/a © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Implementation for 2020 On 2 July 2019, the CEO (Mr Ondrej Vlcek) waived his salary and annual bonus (excluding his Board fee). He will continue to receive his Board Directors’ fee ($100,000 per annum) which he will donate to charity. From 1 July 2019, Mr Ondrej Vlcek will receive a nominal annual salary of $1 only in addition to his Board fee. This is revocable with 30 days’ notice. His notional salary (for determining LTIP awards) is $700,000 (inclusive of the $100,000 Board director’s fee element). The salary of the CFO (Mr Philip Marshall) will not be increased from 1 April 2020 and therefore will continue at $600,000. Implementation for 2020 The CEO (Mr Ondrej Vlcek) does not receive private health cover or a car allowance. The CFO will continue receiving benefits, including the car allowance. Implementation for 2020 No change. Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 87 The Committee believes that these measures are appropriate as they incentivise executives to drive top-line financial results to deliver our growth strategy while also incentivising them to increase profitability and convert this profit into cash returns. Customer satisfaction has been introduced as a performance measure for 2020 to incentivise and reward executives for delivering a superior customer experience. Strategic KPIs are included to ensure a rounded assessment of performance and to incentivise management to deliver against our strategic milestones so that we continue to lay the foundations for future success. The specific targets for 2020 are considered commercially sensitive. However, the Committee intends to disclose these retrospectively in the 2020 Directors’ remuneration report to the extent that they do not remain commercially sensitive. Implementation for 2020 As noted above, the CEO (Mr Ondrej Vlcek) has waived his annual bonus. The maximum annual bonus opportunity for the CFO (Mr Philip Marshall) will continue to be 200% of salary. ANNUAL BONUS Overview Annual bonuses are based on performance over one financial year. Annual bonuses are normally paid in cash following the year end. Where an executive has not met (or is not on course to meet) the executive shareholding guideline within the timeframe set out, 50% of any bonus earned will normally be deferred into shares. Any deferred shares would normally vest on the second anniversary of grant. The Committee retains the discretion to adjust the bonus award if it does not consider that it reflects underlying Company performance or for any other reason it considers appropriate. Recovery and withholding provisions apply (see below). Maximum opportunity Maximum annual bonus is 200% of salary. Target bonus payout is set at 50% of the maximum. No more than 12.5% of the maximum will pay out for meeting threshold performance. Performance measures The annual bonus for 2020 will be based on the following performance measures: 35.0% on organic revenue performance excluding FX; 35.0% on unlevered free cash flow (as defined on page 172); 15% on customer satisfaction; and 15% on strategic KPIs. LTIP Overview LTIP awards normally vest based on performance over a three-year period. Maximum opportunity The maximum award is normally 500% of salary for the CEO and 450% of salary for the CFO. The Committee retains the discretion to adjust the vesting of LTIP award if it does not consider that it reflects underlying Company performance or for any other reason it considers appropriate. Any shares vesting under the LTIP (net of tax) will be subject to a two-year holding period. Recovery and withholding provisions apply (see below). No more than 7% of maximum opportunity will be paid for meeting threshold levels of performance under each of the performance measures (i.e. 14% of the aggregate award). 55% of the award will normally vest for target performance and 100% of the award will normally vest for maximum performance. There is a straight-line vesting between the performance points. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 88 LTIP (continued) Performance measures 2020 LTIP will be subject to the following performance measures: 50% based on basic (undiluted) EPS growth; and 50% on organic revenue growth. Performance targets for the 2020 awards are set out below this table. SHARE MATCHING PLAN Overview All employees, including the Executive Directors and members of the Executive Management team, are eligible to participate in the SMP. SHAREHOLDING GUIDELINES Overview Executive Directors are normally expected to build a minimum shareholding in the Company. Maximum opportunity In-employment: guideline is 200% of salary. The Committee believes that the combination of organic revenue and profit incentivises management to grow the value of the Group over the long term and is strongly aligned to the execution of the business strategy. The Committee believes that there are sufficient safeguards in place to ensure that incentives do not encourage management to deliver organic revenue which is not in the long-term interests of the Group. The Committee is mindful that organic revenue is used as a measure in both the annual bonus and LTIP; however, it considers that, given that organic revenue growth is a critical part of our long-term strategy, this is appropriate. Implementation for 2020 The CEO will continue to receive an LTIP award of 500% of salary based on his headline salary of $700,000. The CFO will continue to receive an award of 450% of salary. Maximum opportunity Participants can voluntarily invest up to $34,000 per year to acquire shares (via deductions from their base remuneration or quarterly bonus). The Company will award the participant a number of matching shares up to a maximum of one share per one purchased share. The current holding period is two years and the current matching is one share per three purchased shares. Performance measures n/a Implementation for 2020 No changes. The CFO participated in the SMP during 2019. Post-employment: we do not have a formal policy on post- employment shareholding in place at the moment; however, the Committee reviewed the approach during 2019 taking into account market practice and continues to believe that the leaver provisions currently in place along with existing shareholdings ensure the alignment of the interests of our Executive Directors and our shareholders post-cessation of employment. The Committee will continue to keep this approach under review in light of evolving market practice and shareholder sentiment. Performance measures n/a Implementation for 2020 If an individual subject to the guideline does not meet the guideline, or is not on course to meet this guideline, up to 50% of any bonus earned will normally be required to be deferred into shares as a deferred bonus award, and will be expected to retain at least half of the net shares vesting under the Company’s discretionary share-based employee incentive schemes until the guideline is met. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 89 Performance targets for the 2020 LTIP awards The following sets out the Group basic EPS (undiluted) growth and Group organic revenue growth targets over the three-year performance period to 31 December 2022: Threshold 14% vesting Target 55% vesting Maximum 100% vesting Group basic EPS (undiluted) growth 50% weighting Group organic revenue growth 50% weighting 5% p.a. growth 5% p.a. growth 8% p.a. growth 7% p.a. growth 12% p.a. growth 12% p.a. growth There is straight-line vesting between the performance points. Recovery and withholding provisions Annual bonus payments may be recovered for a period of three years from the date of payment. Recovery and withholding provisions apply under the Deferred Bonus Plan (DBP), within three years from the date on which any DBP award is granted. Recovery and withholding provisions apply under the LTIP at any time prior to the third anniversary of the date on which awards vest following the end of performance period. The circumstances in which recovery/withholding provisions may apply are: a) a material misstatement of the Group’s financial results; b) an error in assessing the achievement of any bonus or performance conditions; and Executive Directors’ service agreements Each of the Executive Directors has a service contract, which is available for inspection on request. Details of the notice periods currently included in services contracts of the Executive Directors are summarised in the table below: Ondrej Vlcek Philip Marshall Date of contract Notice period 9 May 2018 6 months 9 May 2018 6 months The details of the policy on payments for loss of office are available in the 2018 annual report and accounts (page 81) which can be found on our website under the investor section (investors.avast.com/investors/results- reports-and-presentations/). Non-Executive Directors’ fees Our Non-Executive Director fees policy is to pay an annual basic fee for membership of the Board and additional fees for the Senior Independent Director (SID), the Chair of each of its Committees, and the members of each of its Committees to take into account the time commitment of these roles. The Chairman is paid a single consolidated fee. There have been no changes to the Non-Executive Director or Chairman’s fees with effect from 1 April 2020. Chair fee $350,000 (inclusive of Committee fees) c) discovery of serious misconduct by the participant prior Non-Executive Director base fee $100,000 An additional allowance of $5,000 per meeting is payable where transatlantic travel is required. Additional fees or other payments may be made to reflect additional responsibilities, roles, and contributions. Non-Executive Directors’ letters of appointment Non-Executive Directors all serve under letters of appointment (effective from 9 May 2018) for periods of three years. The Non-Executive Directors (including the Chairman) have a notice period of one month, although the Company may elect to make a payment in lieu of notice. The terms and conditions of appointment for Non-Executive Directors are available for inspection upon request. Remuneration Policy for other employees and how employees’ views are taken into account The Committee took into account the Company’s approach to remuneration and related policies for the wider workforce when determining the Policy for Executive Directors. The majority of our employees are able to share in the success of the Group through participation in a quarterly bonus plan. Executive Directors, other members of the Executive Management team, and key employees are also eligible for participation in a long-term incentive plan and all employees including the Executive Directors are eligible to participate in a share matching plan. The Committee did not directly consult with employees when setting the Policy but it took into account general feedback on employee engagement provided to the Board. to vesting. Additional fees: Senior Independent Director Audit and Risk Committee Chair Audit and Risk Committee member Remuneration Committee Chair Remuneration Committee member Nomination Committee Chair Nomination Committee member © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm $15,000 $15,000 $7,500 $15,000 $7,500 $15,000 $7,500 How shareholders’ views are taken into account The Committee is committed to an open and ongoing dialogue with shareholders. The Committee will consider any shareholder feedback received throughout the year and at the AGM in shaping the application remuneration policy and when it undertakes the annual remuneration review. It is the Committee’s intention to consult with major shareholders in advance of making any material changes to remuneration arrangements. Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 90 Remuneration received by Directors for the year ended 31 December 2019 (audited) Directors’ remuneration for the year ending 31 December 2019 and for the period from 9 May 2018 (the date Directors were appointed prior to the IPO on 15 May 2018) to 31 December 2018 was as follows: Salary and fees1 Benefits2 Pensions3 Annual bonus Long-term incentives Total Executive Ondrej Vlcek4 Philip Marshall Vincent Steckler5 Non-Executive John Schwarz Erwin Gunst Pavel Baudis Eduard Kucera Lorne Somerville10 Ulf Claesson Warren Finegold Belinda Richards11 Maggie Chan Jones12 Tamara Minick-Scokalo13 Total © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm 2019 (H1) as President Consumer (H2) as CEO 2018 2019 2018 2019 2018 $275,001 $225,000 $50,001 $288,653 $562,500 $336,653 $400,000 $512,653 $350,000 2019 $225,807 2018 $117,913 2019 $79,032 2018 $100,057 2019 $82,732 2018 $100,062 2019 $78,706 2018 $108,103 2019 $55,623 2018 $122,500 2019 $79,032 2018 $137,500 2019 $88,709 2018 $115,000 2019 $64,869 2018 $89,422 2019 – 2018 $84,850 2019 – 2018 2019 $2,562,906 $1,892,469 2018 – – – – – – – $13,700 $7,385 $6,315 $6,923 $62,019 $18,443 $11,285 $18,443 $20,000 $15,000 $12,929 $8,227 $13,004 $8,287 $20,000 $152,937 $75,323 $235,4876 $6,409,2238 $235,4876 $6,933,411 $467,872 $06 $6,409,2238 $6,465,539 $355,7667 $2,376,2459 $3,027,587 $642,0776 $1,266,596 $316,5247 $671,620 $06 $411,285 $632,6277 $6,336,6729 $7,500,395 $08 $370,000 $240,807 $117,913 $79,032 $112,986 $90,959 $113,066 $86,993 $108,103 $55,623 $122,500 $79,032 $137,500 $88,709 $115,000 $64,869 $109,422 – $84,850 – $877,564 $6,409,223 $10,002,630 $8,712,917 $11,985,626 $1,304,917 Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 91 Salary Vincent Steckler was CEO for the period 1 January 2019 to 30 June 2019 and his salary was $800,000 per annum. Ondrej Vlcek was appointed to the role of CEO from 1 July 2019 and his salary was set at $700,000. Mr Vlcek has elected to waive his salary (not including his Board fee) and annual bonus from this date. Mr Vlcek continues to receive his Board Directors’ fee ($50,000 for the period) which he donated to charity. From 1 July 2019, Mr Vlcek received a nominal annual salary of $1 only in addition to his Board fee. For the period 1 January 2019 to 30 June 2019 Mr Vlcek’s salary was $450,000 per annum in his role of President Consumer. For the period 1 January 2019 to 30 June 2019 Philip Marshall’s salary was $525,000 per annum. His salary was increased to $600,000 per annum from 1 July 2019 reflecting his increase in responsibilities following Mr Steckler stepping down from the Board. Notes to the single figure 1 Aggregate salary for Executive directors includes an amount for Board fee and salary. 2 Benefits for Executive Directors include life insurance, health insurance, flexible benefit scheme, and car allowance. Benefits include allowance for Non-Executive Directors who travel intercontinentally. 3 Executive Directors do not receive a pension contribution. 4 Mr Ondrej Vlcek was appointed to the role of CEO from 1 July 2019. His remuneration in 2019 is therefore shown in two lines – for the part of the year when he served as President Consumer (H1) and for the part when he served as CEO (H2). Mr Ondrej Vlcek elected to waive his salary (not including his Board fee) and annual bonus from his appointment as CEO. He continues to receive his Board Director’s fee ($50,000 for the period) which he donated to charity. From 1 July 2019, Mr Ondrej Vlcek received a nominal annual salary of $1 only in addition to his Board fee. 5 Mr Vincent Steckler stepped down from the Board and as CEO on 30 June 2019. He was not eligible to receive an annual bonus for 2019. 6 The bonus for the year ending 31 December 2019 was paid 100% in cash as the Committee judged that all Executive Directors had met their shareholding guideline or were on progress to meet the shareholding guideline in the required time period. Mr Ondrej Vlcek’s annual bonus relates to the period 1 January 2019 to 30 June 2019 when he was President Consumer and was calculated based on the annual salary in effect at the end of H1, i.e. on 30 June 2019 ($450,000). This amount also includes a payment of $1,458 in respect of filing a patent under the Company wider Patent Award programme in which all employees are eligible to participate. As noted above, from 1 July 2019 (i.e. for H2) Mr Ondrej Vlcek elected to waive his annual bonus. Mr Philip Marshall’s annual bonus was calculated based on the annual salary in effect at year end, i.e. on 31 December 2019 ($600,000). 7 Relates to the payment of annual bonus for the year ending 31 December 2018. The amount shown is for the period 9 May 2018 through 31 December 2018. This bonus was paid 100% in cash as the Committee judged that all Executive Directors had met their shareholding guideline or were on progress to meet the shareholding guideline in the required time period. 8 Prior to the IPO in April 2017, Mr Vincent Steckler and Mr Ondrej Vlcek were granted an award of performance based stock options (Mr Ondrej Vlcek received 2,039,042 options and Mr Vincent Steckler received 3,624,969 options at the option price of £1.360, and Mr Ondrej Vlcek received 1,019,396 options and Mr Vincent Steckler received 1,812,264 options at the option price of £0.880). A portion of these options (99% of the target amount) vested on 13 March 2019 based on the achievement of EBIT performance to 31 December 2018 (described in more detail in Note 9 below). The remaining portion of these awards (100% of maximum) vested on 6 September 2019 following the achievement of the performance condition. This performance condition was based on the achievement of a full sell down of CVC’s pre-IPO shareholding (which took place on 4 September 2019) and the price at which this sell down was achieved. For Mr Ondrej Vlcek, 1,366,159 options with the option price of £1.360 and 682,996 options with the option price of £0.88 vested. For Mr Vincent Steckler, 1,830,610 options with the option price of £1.360 and 915,193 options with the option price of £0.88 vested. The awards have been valued based on the share price on the date of vesting of £3.74 and the exchange rate on this date of $1.23/£1. These awards were structured as market value options and therefore the proportion of the value that has been disclosed that is attributable to share price growth is 100%. Awards for Mr Vincent Steckler vested following him stepping down from the Board and therefore are not shown in the single figure above. The value for single figure purposes would have been $8,588,158. 9 As noted above, in April 2017 Mr Vincent Steckler and Mr Ondrej Vlcek were granted an award of performance-based stock options (option price of £1.360 and £0.88) prior to the IPO. A portion of these awards vested in March 2019 based on the achievement of EBIT performance for the year ending 31 December 2018 (the EBIT target was set at $432m and the EBIT achieved for 2018 was $431.6m resulting in 99% of the awards vesting). For Mr Ondrej Vlcek, 672,883 options with the option price of £1.360 and 336,400 options with the option price of £0.88 vested. For Mr Vincent Steckler, 1,794,359 options with the option price of £1.360 and 897,071 options with the option price of £0.88 vested. In the 2018 report these awards were valued based on the average share price for the period 1 October 2018 to 31 December 2018 of £2.786. These shares vested on 13 March 2019 and the value has been updated to reflect the share price on the date of vesting of £2.98 and the exchange rate of that date of $1.32/£1. The values disclosed in 2018 were $5,496,127 for Mr Vincent Steckler and $2,061,041 for Mr Ondrej Vlcek. These awards were structured as market value options and therefore the proportion of the value that has been disclosed that is attributable to share price growth is 100%. 10 Mr Lorne Somerville donated the fee paid to him by the Company (net of national insurance and taxes) to charity. In Q1 2019, he received a correction payment for a post-IPO underpayment in Q2 2018, equal to $8102.71 with FX as of 9 May 2018 (£1 = $1.3577). 11 Ms Belinda Richards was appointed to the Board on 7 June 2018 and remuneration shown is from this date. 12 Ms Maggie Chan Jones was appointed to the Board on 13 March 2019 and remuneration shown is from this date. 13 Ms Tamara Minick-Scokalo was appointed to the Board on 13 March 2019 and remuneration shown is from this date. 14 No discretion has been exercised by the Committee to adjust incentive outcomes in respect of 2018 or 2019. 15 Where relevant figures have been translated from their currency of payment into USD, the exchange rates used by Payroll teams at the times of the payments were applied. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 92 Annual bonus for the year ended 31 December 2019 (audited) The annual bonus for the year under review was based on adjusted revenue, unlevered free cash flow, and strategic KPIs as follows: Weighting Threshold Target Maximum 12.5% payout 50% payout 100% payout Performance achieved Performance at budget FX rate1 The above performance resulted in the following payments: Executive Ondrej Vlcek % of maximum Philip Marshall 2019 bonus payment % of maximum $234,0291 $642,077 52.0 53.5 Adjusted revenue Unlevered free cash flow 37.5% 37.5% $791.7m $375.6m $879.7m $1,055.6m $417.4m $500.9m $873.1m $424.6m $889.3m n/a 52.7 54.3 Notes 1 Actuals at target FX rates exclude currency impact calculated by restating 2019 actuals to 2019 planning rates, and are used for bonus payout calculation purposes. 25% of the bonus was based on performance against individual strategic KPIs as described below. Notes 1 This amount does not include a payment of $1,458 in respect of filing a patent under the Company wider Patent Award programme in which all employees are eligible to participate. The bonus for Mr Ondrej Vlcek relates to the period 1 January 2019 to 30 June 2019 when he was undertaking the role of President Consumer. From 1 July 2019, Mr Ondrej Vlcek has decided to waive his annual bonus. Committee’s assessment of pay out 94.8% of target Mr Vincent Steckler stepped down as CEO and from the Board on 30 June 2019. He was not eligible to receive a bonus in respect of the year. When considering the level of annual bonus payout, the Committee also considered the underlying performance of the Group over the performance period, taking into account performance against key financial and non-financial indicators, the performance of the individual, the share price performance and the experience of shareholders and other stakeholders. The Committee also considered whether there had been a significant negative event (such as an ESG event) which would warrant an adjustment. The Committee concluded the proposed pay-out outcomes detailed above to be appropriate. Executive Performance achieved Ondrej Vlcek H1 (1 January 2019 – 30 June 2019) – as President Consumer Successfully launched Smart Home Improved Consumer Division organizational effectiveness Achieved budgeted numbers of PC and Mobile users H2 (1 July 2019 – 31 December 2019) – as CEO 125.0% of target1 Successfully managed transition from previous CEO Filled key vacancies in the Executive Management team Achieved high employee engagement levels Philip Marshall Successfully managed public investors and diversification of shareholding base 106.8% of target Effectively partnered with leaders of Consumer and Corporate Division Ensured smooth functioning of the Executive Management team and assumed increasing responsibility for operating decisions Notes 1 No bonus will be paid to Mr Ondrej Vlcek for H2 (1 July 2019 to 31 December 2019), as Mr Ondrej Vlcek had decided to waive his annual bonus following his appointment as CEO. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 93 Total pension entitlements (audited) During the year under review, the Executive Directors did not receive any pension contribution or pension allowance. LTIP awards made during the year (audited) On 14 March 2019, the following awards were granted to Executive Directors: Executive Type of award Basis of award granted (maximum) Details of award granted Face value of award (£000) Face value of award ($000)2 % of face value that would vest at threshold performance3 Share price (£)1 Number of shares granted Vesting determined by performance over Ondrej Vlcek Philip Marshall Conditional share Conditional share 350% of salary of $450,000 £2.959 401,602 £1,188.1 $1,575.0 350% of salary of $525,000 £2.959 468,535 £1,386.2 $1,837.5 Three financial years to 31 December 2021 Three financial years to 31 December 2021 14% 14% Notes 1 The share price used to determine the number of shares awarded based on the share price at date of grant. 2 Exchange rate used to present the face value of the award in USD is the rate on the day of the grant of £1/$1.3256. 3 No more than 7% of maximum opportunity will be paid for meeting threshold levels of performance under each of the financial measures (i.e. 14% of the aggregate award). As disclosed in last year Directors’ remuneration report, on 3 July 2019, the following additional awards were granted to Executive Directors to reflect increases in salaries and LTIP award levels on 1 July 2019, consistent with Mr Ondrej Vlcek’s promotion to CEO and the expansion in the scope and responsibilities of Mr Philip Marshall’s role following the retirement of Mr Vincent Steckler and the reduction in the number of Executive Directors from three to two. LTIP vesting for the year ended 31 December 2019 (audited) Mr Vincent Steckler and Mr Ondrej Vlcek were granted stock options prior to the IPO in April 2017 with exercise prices of £1.36 and £0.88 per share. A portion of these awards (99% of target) vested in March 2019 based on the achievement of EBIT performance for the year ending 31 December 2018. This gave rise to 2,691,430 vested options for Mr Vincent Steckler (1,794,359 options with an exercise price of £1.36 and 897,071 options with an exercise price of £0.88 per share) and 1,009,283 vested options for Mr Ondrej Vlcek (672,883 options with an exercise price of £1.36 and 336,400 options with an exercise price of £0.88 per share). The remaining portion of these options (100% of maximum)vested in September 2019 following the achievement of the performance condition. This performance condition was based on the achievement of a full sell down of CVC’s pre-IPO shareholding (which took place on 4 September 2019) and the price at which this sell down was achieved. This gave rise to a further 2,745,803 vested options for Mr Vincent Steckler (1,830,610 options with an exercise price of £1.36 and 915,193 options with an exercise price of £0.88 per share) and 2,049,155 vested options for Mr Ondrej Vlcek (1,366,159 options with an exercise price of £1.36 and 682,996 options with an exercise price of £0.88 per share). These options are now fully vested. Overall, the Committee considers that the Remuneration Policy has operated as it intended during 2019. Share matching plan During the year Mr Philip Marshall participated in the Company’s Share Matching Plan. Under this plan, participants are able to invest up to $34,000 per annum in the purchase of company shares. If the participant continues to retain these shares at the end of the two year holding period, then they will receive one matching share for every three shares purchased. The value of these matching shares will be included in the single figure on the date of award at the end of the two year holding period. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 94 Executive Type of award Basis of award granted (maximum) Ondrej Vlcek Conditional share Additional award such that aggregate award for the period 1 July to 31 December 2019 is 500% of a salary of $700,000 Philip Marshall Conditional share Additional award such that the aggregate award for the period 1 July to 31 December 2019 is 450% of a salary of $600,000 Details of award granted Face value of award (£000) Face value of award ($000)2 % of face value that would vest at threshold performance3 Share price (£)1 Number of shares granted £3.136 406,309 £1,274.2 $1,604.2 14% £3.136 182,048 £570.9 $718.8 14% Vesting determined by performance over Three financial years to 31 December 2021 Three financial years to 31 December 2021 Notes 1 The share price used to determine the number of shares awarded based on the share price at date of grant. 2 Exchange rate used to present the face value of the award in USD is rate on the day of the grant of £1/$1.2590. 3 No more than 7% of maximum opportunity will be paid for meeting threshold levels of performance under each of the financial measures (i.e. 14% of the aggregate award). Mr Vincent Steckler was not granted an LTIP award in respect of 2019. The performance condition for these awards is set out below: Group basic EPS (undiluted) growth (50% weighting) Group adjusted revenue growth (50% weighting) Threshold 14% vesting Target 55% vesting Maximum 100% vesting 5% CAGR 8% CAGR 12% CAGR 5% CAGR 7% CAGR 12% CAGR 7% of the award for each of the two financial criteria will vest for threshold performance (i.e. 14% of the total award), 55% shall vest for target performance, and 100% of the award shall vest for maximum performance. There’s a straight-line vesting between the performance points. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 95 Directors’ shareholding and share interests (audited) Share ownership plays a key role in the alignment of our executives with the interests of shareholders. Our Executive Directors are expected to build up and maintain a 200% of salary shareholding in the Company. The table below sets out the number of shares held or potentially held by Executive Directors (including their connected persons where relevant) as at 31 December 2019. Beneficially owned shares at 31 December 20191 % shareholding guideline achieved2 Award description Number of unvested options/ awards as at 31/12/2018 Number of vested options/awards as at 31/12/2018 Option price Granted Exercised Lapsed Number of unvested options/ awards as at 31/12/2019 Number of vested options/awards as at 31/12/2019 Ondrej Vlcek 19,345,987 more than 200% Performance Options Apr 2017 Performance Options Apr 2017 Time Based Options Apr 2017 Time Based Options Apr 2017 Performance Stock Units 2018 Performance Stock Units 2019 Performance Stock Units 2019 Philip Marshall 315,364 more than 200% Time Based Options Feb 2018 Time Based Options Mar 2018 Performance Stock Units 2018 Performance Stock Units 2019 Performance Stock Units 2019 Vincent Steckler4 31,329,910 more than 200% Performance Options Apr 2017 Performance Options Apr 2017 Time Based Options Apr 2017 Time Based Options Apr 2017 Share Options April 2017 Share Options April 2017 Performance Stock Units 2018 Replacement Options £0.88 £1.36 £0.88 £1.36 n/a n/a n/a £2.13 £2.37 £– n/a n/a £1.36 £0.88 £1.36 £0.88 £1.36 £0.88 n/a £0.15 1,019,396 2,039,042 436,884 873,875 538,707 n/a n/a 4,907,904 1,942,325 1,165,471 627,960 n/a n/a 3,735,756 3,624,969 1,812,264 1,553,558 776,684 0 0 0 0 0 n/a n/a 0 0 0 0 n/a n/a 0 0 0 0 0 0 0 2,589,260 1,294,466 1,366,120 0 0 9,382,872 9,133,595 13,266,598 n/a n/a n/a n/a n/a 401,602 406,309 807,911 n/a n/a n/a 468,535 182,048 650,583 n/a n/a n/a n/a n/a n/a n/a n/a 0 0 0 0 0 0 n/a n/a 0 485,581 0 0 n/a n/a 485,581 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 18,125 9,061 0 0 0 0 0 0 0 0 0 0 1,019,396 2,039,042 436,884 873,875 538,707 401,602 406,309 1,346,618 1,456,744 1,165,471 627,960 468,535 182,048 3,900,758 0 0 0 4,369,197 0 0 0 0 0 0 1,812,485 1,794,359 906,132 776,779 388,342 0 0 1,366,120 0 897,071 776,779 388,342 2,589,260 1,294,466 0 17,123.149 17,123,149 27,186 5,249,858 Includes shares owned by connected parties. Notes 1 2 Calculated based on the share price on 31 December 2019 of £4.53. 3 On IPO, share options were rolled over to equivalent share options of Avast Plc and have been included in share holdings and share interests. 4 Mr Vincent Steckler stepped down from the Board and as CEO on 30 June 2019 and his shareholding are shown as that date. Between 1 July 2019 and 31 December 2019, he exercised 15,001,000 options. Between 1 January 2020 and 25 February 2020, he exercised a further 3,000,000 options. 5 Between 31 December 2019 and 25 February 2020, Mr Philip Marshall purchased 4,511 shares through the company share matching plan. Furthermore, 485,581 time based options from the February 2018 grant (with option price of £ 2.13) vested on 1 February 2020 for Mr Philip Marshall. There were no other changes in share interests between 31 December 2019 and 25 February 2020. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 96 The table below sets out the number of shares held or potentially held by Non-Executive Directors (including their connected persons where relevant) as at 31 December 2019. John Schwarz Erwin Gunst Pavel Baudis Eduard Kucera Lorne Somerville Ulf Claesson Warren Finegold Beneficially owned shares at 31 December 20191 Award description 0 Number of unvested options/ awards as at 31/12/2018 Number of vested options/awards as at 31/12/2018 Option price Granted Exercised Lapsed Number of unvested options/ awards as at 31/12/2019 Number of vested options/awards as at 31/12/2019 0 Share Options Mar 2016 Share Options May 2015 £0.65 £0.69 257,182,165 99,793,912 0 1,710,098 108,132 Share Options April 2015 Share Options Mar 2016 Share Options April 2017 £0.65 £0.69 £1.36 0 0 0 0 0 0 302,371 388,318 690,689 51,224 388,318 233,034 672,576 n/a n/a n/a n/a n/a n/a n/a 302,371 388,318 690,689 51,224 388,318 233,034 672,576 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Belinda Richards Maggie Chan Jones Tamara Minick-Scokalo 0 0 0 Includes shares owned by connected persons. Notes 1 2 The interests in shares are a result of the vested options owned by the Non-Executive Directors. 3 There were no changes in share interests between 31 December 2019 and 25 February 2020. 4 Ms Maggie Chan Jones and Ms Tamara Minick-Scokalo were appointed to the board on 13 March 2019 On 13 November 2015, Mr Ulf Claesson was granted 75,000 options over ordinary shares in Jumpshot, Inc. under the Company’s option plan at an exercise price of $0.30 each in connection with his role as Director of Jumpshot, Inc. Mr Claesson has exercised these options in full (the remaining tranche of 18,750 options was exercised on 18 December 2019 at the share price of $4.53, and sold on 30 December 2019). On 30 January 2020, it was announced that Jumpshot, Inc. would be closed down. Mr Erwin Gunst and Mr Warren Finegold were granted options prior to the Company’s IPO. All of these options had vested before 2019 and Mr Erwin Gunst and Mr Warren Finegold exercised all of their outstanding pre-IPO options during 2019, as shown in the shareholding table above. The Company’s policy is that Non-Executive Directors will not be granted share options in the future. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 97 Leaving arrangements for Vincent Steckler (audited) As set out in last years’ Directors’ remuneration report, Mr Vincent Steckler stepped down from the board and as CEO on 30 June 2019. He was paid his salary for this period but was not eligible for an annual bonus for 2019. Mr Vincent Steckler remains available to the business in an advisory capacity until 30 June 2020 to ensure a smooth transition process. During the period, he will receive a fee of $400,000 per annum to reflect the expected time commitment of the role. Mr Vincent Steckler receives, in line with his employment agreement, health benefits for a period of 24 months. The cost of the health benefits for the period from 1 July 2019 to 31 December 2019 amounted to $17,043. The LTIP award granted in 2018 will continue on a pro-rata basis for the period he served as CEO and will remain subject to the performance targets over the normal vesting period to 31 December 2020. Awards will continue to remain subject to a post-vesting holding period for two years until April 2023. The final portion of performance option awards granted prior to IPO in April 2017 vested in September 2019. Further details are provided on page 93. Time-based options granted in April 2017 vested in April 2019 and in September 2019. Mr Vincent Steckler did not receive any payment in lieu of notice under his contract. Mr Vincent Steckler was also paid for reasonable expenses arising from his relocation back to his home in Singapore. Total expenses related to the relocation amounted to $5,632. Given Mr Vincent Steckler’s significant shareholding in the business and the interest in incentive awards following his retirement, the Committee did not consider that it was necessary to apply a formal post-employment shareholding guideline. No payments were made to any other Directors in respect of loss of office during the year. Payments to past directors (audited) There were no payments to past directors during the year. External appointments Executive Directors are permitted to hold Non-Executive Director positions in other companies where it is considered appropriate and subject to approval by the Board. Disclosure of any associated income is required to be made to the Board, to shareholders, and in the annual report and financial statements. For the year ended 31 December 2019, none of the Executive Directors held or received payment for any external directorship. TSR based to 100 at 10 May 2018 Performance graph The graph below illustrates the Company’s total shareholder return (TSR) performance relative to the constituents of the FTSE 250 index excluding investment companies from the admission date on 15 May 2018 to 31 December 2019. This index has been selected as it is a broad market index of which the Company is a constituent. The graph shows performance of a hypothetical £100 invested and its performance over that period. Avast FTSE 250 250 200 150 100 50 0 Source: Datastream. 10 May 2018 31 December 2018 31 December 2019 © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 98 The total remuneration for the CEO in 2019, since the Company became the holding company of the Group, is shown below, along with the value of bonuses paid and long-term incentive awards vesting, as a percentage of the maximum opportunity. 2018 20192 CEO total remuneration $6,659,850 VS – $411,285 OV – $6,465,539 Annual bonus (% of maximum) Share award (% of maximum) 61.8% n/a1 n/a3 n/a4 Notes 1 No LTIP share awards vested based on performance to 31 December 2018. Pre-IPO options vested in March and September 2019 as described on page 93. 2 Mr Vincent Steckler served as CEO from admission to 30 June 2019. Mr Ondrej Vlcek was appointed as CEO from 1 July 2019. From this date, Mr Ondrej Vlcek waived his salary (not including Board fee) and annual bonus and opted to receive a nominal amount of $1 in addition to his Board fee which he donated to charity. 3 Mr Vincent Steckler was not eligible to receive a bonus in respect of 2019. Mr Vlcek has decided to waive his annual bonus from his appointment as CEO on 1 July 2019. 4 No LTIP share awards vested based on performance to 31 December 2019. Pre-IPO options granted in April 2017 vested during 2018 and 2019, see Notes 8 and 9 to the single figure table on page 91. CEO to all employee pay ratio Avast Plc has fewer than 250 employees in the UK and therefore is not required to disclose the CEO to all employee pay ratio. Relative importance of the spend on pay The following table shows the Company’s actual spend on pay for all employees compared with distributions to shareholders for 2019 compared with 2018. Percentage change in CEO’s remuneration The table below shows the percentage change in the remuneration of the CEO from the prior year compared with the average percentage change in remuneration for a comparator group of other employees. Total employee remuneration in the Group (including Executive Directors) increased by 7.5% in 2019 (from $184.5m to $198.3m1). Total spend on pay $184.5m1 $198.3m1 7.5% 2018 2019 Change Distributions to shareholders by way of dividend and share buyback $0m $127.0m n/a Notes 1 Personnel expenses as described on page 136. Salary Benefits Bonus Comparator group of employees3 11.0% 0% 13.0% CEO2 -12.2% -4.6% -100% Notes 1 Personnel expenses as described on page 136. 2 Aggregate of what was paid to Mr Vincent Steckler for 1 January 2019 to 30 June 2019 and to Mr Ondrej Vlcek for 1 July 2019 to 31 December 2019 compared with what was paid to Mr Vincent Steckler for 2018, as shown in the single total figure table. The negative change in the CEO remuneration is also influenced by Mr Ondrej Vlcek’s waiver of a part of his salary and of his cash bonus, as outlined in the earlier part of this report. 3 Defined as employees of Avast Software s.r.o. (Czech Republic) between January 2018 and December 2019. This comparator group has been chosen based on the location of the CEO. Membership of the Remuneration Committee The Remuneration Committee comprises four independent Non-Executive Directors and is chaired by Mr Ulf Claesson. Each director was appointed to the Committee on 9 May 2018 apart from Mrs Maggie Chan Jones who was appointed to the Committee on 22 May 2019. There were seven meetings during the year. Members’ attendance in the year is set out in the table below. Ulf Claesson John Schwarz Warren Finegold Maggie Chan Jones1 Attendance 7/7 7/7 7/7 4/4 Notes 1 Mrs Maggie Chan Jones attended all meetings since her appointment to the Committee. © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 99 The Committee’s principal role is to determine Remuneration Policy for Executive Directors and to set remuneration for the Chair, Non-Executive Directors, and other senior executives. In determining Remuneration Policy, the Committee takes into account pay and reward for the wider workforce to ensure policy is appropriate in the context of this and our culture. In 2019, the meetings of the Committee covered the following key areas: finalising our Directors’ Remuneration Policy and Directors’ remuneration report for shareholder approval at the 2019 AGM; agreeing retirement arrangements for Mr Vincent Steckler and agreeing remuneration arrangements for Mr Ondrej Vlcek and Mr Philip Marshall from 1 July 2019; review of remuneration outcomes for 2019; consideration of remuneration arrangements for 2020; and review of corporate governance developments and shareholder guidance. The Remuneration Committee terms of reference are available on the Company’s website at investors.avast.com/investors/ corporate-governance/. These have been updated to reflect the provisions of the 2018 Code. External advisers The Remuneration Committee has access to independent advice where it considers it appropriate. The Committee received advice from Deloitte LLP. The fee paid to Deloitte LLP for providing advice in relation to executive remuneration was £21,550. Fees charged were on a time and expenses basis. Note – the 2018 fees paid to Deloitte LLP of $497,000 were incorrectly disclosed. Fees for advice in relation to directors’ remuneration policy in respect of 2018 were £11,500. The Committee reviewed the potential for conflicts of interest and judged that there were appropriate safeguards against such conflicts. The Committee consider that the advice received from the advisers is independent, straightforward, relevant, and appropriate, and that it has an appropriate level of access to them and has confidence in their advice. Deloitte LLP is one of the founding members of the Remuneration Consulting Group. The Committee ha been fully briefed on their compliance with the voluntary code of conduct in respect of the provision of remuneration consulting services. Separate teams within Deloitte LLP also provided advisory services in respect of share schemes and corporate employment. The CEO, the CFO, the Chief of Staff, and the CHRO have attended certain Committee meetings and provided advice to the Committee during the year. They were not in attendance when matters relating to their own compensation or contracts are discussed. Statement of shareholder voting The remuneration policy and the remuneration report were last approved by shareholders at our AGM on 23 May 2019. Details of voting are shown below. Number of votes % Number of votes % Number of votes For Against Withheld Approval of the Directors’ remuneration report – AGM 2019 Approval of the Directors’ Remuneration Policy – AGM 2019 707,039,929 85.36% 121,297,987 14.64% 3,181,635 787,114,401 94.66% 44,405,150 5.34% 0 Approval This Directors’ remuneration report, including both the Policy and annual remuneration report has been approved by the Board of Directors. Signed on behalf of the Board of Directors. Mr Ulf Claesson Chairman of the Remuneration Committee Date: 25 February 2020 © 2019 Friend Studio Ltd File name: Remuneration_v47 Modification Date: 25 February 2020 6:10 pm Directors’ remuneration report Strategic report Governance Financial statements Avast annual report 2019 100 1. Corporate details The Company was incorporated under the Companies Act 2006 (as amended) on 7 January 2010 as a private company limited by shares under the name Avast Limited under the registered number 07118170. On 3 May 2018, the Company re-registered as a public company under the name Avast Plc. 2. Directors and Directors’ interests In respect of the period between 1 January 2019 and the date of this report, the following persons were Directors of the Company: Name Role John Schwarz Non-Executive Director and Chairman Appointment date 9 May 2018 Warren Finegold Non-Executive Director and Senior Independent Director 9 May 2018 Ondrej VIcek Chief Executive Officer* Philip Marshall Chief Financial Officer Pavel Baudis Non-Executive Director Eduard Kucera Non-Executive Director Lorne Somerville Non-Executive Director Ulf Claesson Non-Executive Director Erwin Gunst Non-Executive Director 9 May 2018 9 May 2018 9 May 2018 9 May 2018 9 May 2018 9 May 2018 9 May 2018 Belinda Richards Non-Executive Director 8 June 2018 Tamara Minick-Scokalo Maggie Chan Jones Non-Executive Director Non-Executive Director Vincent Steckler Chief Executive Officer* 13 March 2019 13 March 2019 9 May 2018 – 30 June 2019 * Mr VIcek was appointed Chief Executive Officer of the Company on 1 July 2019, following Mr Steckler’s retirement on 30 June 2019. The Directors have the benefit of a qualifying third-party indemnity from the Company (the terms of which are in accordance with the Companies Act 2006) each of which was in force throughout the year and remains in force at the date of this report. The Company has not provided an indemnity to any person acting as a director of an associated undertaking. In addition, the Company has in place appropriate directors’ and officers’ liability insurance. This cover also extends to employees of the Group who serve on the boards of the Company’s subsidiaries. Related party transactions relating to the Directors are detailed in Note 36 of the financial statements. Details of Directors’ interests in shares, options, and LTIPs are set out on pages 95 and 96 of the Directors’ remuneration report. The only changes in Directors’ interests since year-end related to the purchase of shares through the company’s share matching plan and the vesting of time-based options in February 2020, in each case as further described in Note 5 on page 95. 3. Dividend The Group’s dividend policy focuses on providing significant returns to shareholders, while also ensuring that the Group retains the flexibility to continue to deploy capital towards profitable growth. There can be no guarantees that the Company will pay future dividends. The determination of the level of future dividends, if any, will depend upon the Group’s results of operations, financial condition, capital requirements, contractual restrictions, business prospects, and any other factors the Board may deem relevant. The Group currently expects to maintain dividend payments of approximately 40% of levered free cash flow in the short to medium term. Dividend payments will be made on an approximate one-third:two-thirds split for interim and final dividends, respectively. 2018 final dividend During the year, the Board recommended a final dividend in the amount of 8.6 US cents in respect of financial year ended 31 December 2018, which was approved by its shareholders at the Company’s AGM on 23 May 2019. The dividend was paid to shareholders on 17 June 2019. 2019 interim dividend On 14 August 2019, the Board declared an interim dividend in the amount of 4.4 US cents per share. The dividend was paid to shareholders on 11 October 2019. Proposed 2019 final dividend The Directors propose to pay a final dividend of 10.3 US cents per share in respect of the year ending 31 December 2019 (total payment of $105.0m). Combined with the interim dividend of 4.4 US cents per share paid in October 2019 (total payment of $43.2m), this represents a total dividend for the financial year of 14.7 US cents (total payment of $148.3m), which represents 40% of the Group’s levered free cash flow for the period in accordance with the Company’s dividend policy. Subject to shareholder approval, the final dividend will be paid in US dollars on 24 June 2020 to shareholders on the register on 22 May 2020. There will be an option for shareholders to elect to receive the dividend in pounds sterling and such an election should be made no later than 8 June 2020. The foreign exchange rate at which dividends declared in US dollars will be converted into pounds sterling will be calculated based on the average exchange rate over the five business days prior to 11 June 2020 and announced shortly thereafter. © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Strategic report Governance Financial statements Avast annual report 2019 101 7. Share capital Share capital structure As at 31 December 2019, the entire issued share capital of the Company comprised 1,008,020,035 ordinary shares of £0.10 each. Significant holdings As at 31 December 2019, the following persons held interests in shares carrying 3% or more in voting rights: Name PaBa Software s.r.o Pratincole Investments Limited % of total voting rights 25.51% 9.9% Google Distribution Agreement Promotion and Distribution Agreement dated 1 July 2012, entered into between Avast Software s.r.o. and Google Ireland Limited. Under this agreement, Avast Software s.r.o. agrees to bundle the Google Chrome and Google Toolbar products with distributions of its consumer antivirus products under the Avast and AVG brand names, and certain utility applications as approved by Google from time to time. Google Ireland Limited in turn agrees to pay Avast Software s.r.o. monthly fees in connection with offering users the Google Chrome browser and Google Toolbar. A takeover of the Company may trigger a change of control under the Google Distribution Agreement which would permit Google to immediately terminate the contract upon written notice. In addition, in the event of a takeover of the Company, the Board may, at its discretion, elect to accelerate unvested awards under the Company’s long-term incentive plan. More details in relation to this are set out in the Remuneration Policy approved by the shareholders at the AGM in 2019. 4. Political donations The Group did not make any political donations, or incur any political expenditure, in the year ended 31 December 2019. 5. Research and development Avast places a substantial focus on the continuous development and improvement of technology, with over 50% of its employees working in research and development (R&D). We believe this focus on R&D strongly contributes to the fact that the Group’s products are consistently ranked among the highest-rated antivirus solutions by both users and editors on leading download and review websites, as well as in popular media globally. 6. Significant agreements Below are the only significant agreements that would take effect, alter, or terminate on change of control of the Company following a takeover: Credit Agreement Credit Agreement dated 30 September 2016, entered into between Avast Software B.V., Sybil Software LLC, Avast Software s.r.o., Avast Holding B.V., and Credit Suisse International. A takeover of the Company may trigger a change of control under the Credit Agreement which is an event of default thereunder and would permit Credit Suisse International as administrative agent under the Credit Agreement (with the consent or at the request of the ‘Required Lenders’ under Credit Agreement) to immediately accelerate full repayment of the outstanding debt. © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Strategic report Governance Financial statements Avast annual report 2019 102 Relationship agreements The Company has entered into relationship agreements with its most significant shareholders to help ensure that the Company will be capable of operating and making decisions independently for the benefit of shareholders as a whole. On 10 May 2018, the Company entered into a relationship agreement (Founder Relationship Agreement) with each of Pavel Baudis and Eduard Kucera and their respective investment vehicles, PaBa Software s.r.o. and Pratincole Investments Ltd (collectively, ‘the Founders’) pursuant to which, among other things, the Founders are jointly entitled to appoint: (i) one natural person to be a Non-Executive Director of the Company for so long as the Founders and/or their associates hold in aggregate 10% or more (but less than 20%) of the voting rights attaching to the issued share capital of the Company; and (ii) two natural persons to be Non-Executive Directors for so long as the Founders and/or their associates hold 20% or more of the voting rights attaching to the issued share capital of the Company. During the year, the Company was also party to a relationship agreement with Sybil Holdings S.à.r.l. (‘Sybil’), an entity owned by funds advised by affiliates of CVC Capital Partners Advisory Company (Luxembourg) S.à.r.l.; however, this agreement terminated upon Sybil disposing of its entire shareholding in the Company on 4 September 2019. During the period this agreement was in force, the following terms applied: Sybil was entitled to appoint one natural person to be a Non-Executive Director of the Company for so long as Sybil and/or certain of its affiliates held in aggregate 10% or more of the voting rights attaching to the issued share capital of the Company. The Board confirms that through the applicable periods: the Company has complied with the independence provisions of the Founder Relationship Agreement and the Sybil Relationship Agreement; as far as the Company is aware, each of the Founders and Sybil, and their respective associates have complied with the agreement’s independence provisions; and as far as the Company is aware, each of the Founders and Sybil has procured the compliance of non-signing controlling shareholders with the agreement’s independence provisions. Restriction on transfer of shares The Board may refuse to register any transfer of any share which is not a fully paid share, provided that such discretion may not be exercised in a way which the Financial Conduct Authority or the London Stock Exchange regards as preventing dealings in the shares of the relevant class or classes from taking place on an open and proper basis. The Board may also refuse to register a share where the instrument of transfer is: in favour of more than four persons jointly; not left at the registered office of the Company, or at such other place as the Board may from time to time determine, accompanied by the certificate(s) of the shares to which the instrument relates and such other evidence as the Directors may reasonably require to show the right of the transferor to make the transfer; and the instrument of transfer is in respect of more than one class of share. In addition, pursuant to the Listing Rules of the Financial Conduct Authority, Directors of the Company and persons discharging managerial responsibility are required to obtain prior approval from the Company to deal in the company’s securities, and are prohibited from dealing during close periods. © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Strategic report Governance Financial statements Avast annual report 2019 103 Voting rights On a poll, votes may be given personally or by proxy. Subject to any rights or restrictions attached to any class or classes of shares and to any other provisions of the Articles of Association: if a vote is taken on a show of hands, every member or proxy present in person shall have one vote; and if a vote is taken on a poll, every member present in person or by proxy shall have one vote for each share held by him. All resolutions put to the members at electronic general meetings will be voted on by a poll. All resolutions put to the members at a physical general meeting will be voted on a show of hands unless a poll is demanded: by the Chairman of the meeting; or by at least five members present in person or by proxy and having the right to vote on the resolution; or by any member or members present in person or by proxy and representing not less than one-tenth of the total voting rights of all the members having the right to vote on the resolution; or by a member or members present in person or by proxy holding shares in the Company conferring a right to vote on the resolution being shares on which an aggregate sum has been paid up equal to not less than one-tenth of the total sum paid up on all shares conferring that right. As far as the Board is aware, there are no agreements between shareholders that may restrict transfer of securities or voting rights. The below are the only special control rights attaching to any of the Company’s issued share capital: Pursuant to the Founder Relationship Agreement: (i) the Founders are jointly entitled to appoint: (a) one natural person to be a Non-Executive Director of the Company for so long as the Founders and/or their associates hold in aggregate 10% or more (but less than 20%) of the voting rights attaching to the issued share capital of the Company; and (ii) two natural persons to be Non-Executive Directors for so long as the Founders and/or their associates hold 20% or more of the voting rights attaching to the issued share capital of the Company; and (ii) for so long as the Founders hold in aggregate 10% or more of the voting rights attaching to the issued share capital of the Company, one of the Directors appointed by the Founders is permitted to attend as an observer at the Board’s Nomination Committee, Audit and Risk Committee, and Remuneration Committee. Appointment and replacement of Directors There is no maximum number of Directors who can serve on the Board, but the number of Directors cannot be less than two. Directors may be appointed by ordinary resolution of shareholders or by the Board. No person other than a Director retiring at a general meeting will, unless recommended by the Directors, be eligible for appointment to the office of Director at any general meeting unless a member notifies the Company in advance in accordance with the Articles of Association of his or her intention to propose such person for appointment, and also notice in writing signed by that person of his willingness to be appointed. Under the Articles of Association, a Director is required to retire at an AGM if he or she was a Director at each of the preceding two AGMs and was not appointed or reappointed by the Company in a general meeting at, or since, either such meeting. Notwithstanding this, and in compliance with the Code, each Director is subject to election at the first AGM following their appointment, and re-election at each subsequent AGM. The Company may by ordinary resolution remove any Director before the expiration of his period of office provided special notice has been given in accordance with the Companies Act 2006. Articles of Association The Articles of Association of the Company were adopted by special resolution on 9 May 2018. Any amendment to the Articles of Association of the Company may be made in accordance with the provisions of the Companies Act 2006, by way of special resolution. Power of the Company’s Directors The business of the Company is managed by the Directors, who may exercise all the powers of the Company subject to the provisions of the Articles of Association, the Companies Act 2006, and such directions as may be given by the Company at a general meeting by special resolution. © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Strategic report Governance Financial statements Avast annual report 2019 104 8. Authority to purchase its own shares The Company is permitted – pursuant to the terms of its Articles of Association – to purchase its own shares subject to shareholder approval. At its AGM held on 23 May 2019, the Company was given authority to make market purchases (within the meaning of section 693(4) of the Companies Act 2006) up to a limit of 95,451,252 of its ordinary shares. The minimum price that must be paid for each ordinary share is its nominal value, and the maximum price is the higher of (i) 105% of the average middle market quotations for an ordinary share as derived from the London Stock Exchange for the five (5) business days immediately before the purchase is made, and (ii) an amount equal to the higher of the price of the last independent trade of an ordinary share and the highest current independent bid for an ordinary share on the trading venues where the purchase is carried out. This authority will expire at the earlier of, the conclusion of the Company’s 2020 AGM, and 30 June 2020. The Company did not repurchase any of its shares during the 2019 financial year. 9. Authority to issue shares The Company is permitted – pursuant to the terms of its Articles of Association – to allot, grant options over, offer, or otherwise deal with or dispose of shares in the Company to such persons at such times, and generally on such terms and conditions as they may determine. At its AGM held on 23 May 2019, the Company was given authority to allot shares and grant rights to subscribe for, or convert any security into, shares in the Company, up to: (i) an aggregate nominal amount of £31,813,902.32 (less the nominal amount of any shares or rights to subscribe for or convert any security into shares in the Company granted under sub-paragraph (ii) below in excess of £31,813,902.32); and (ii) comprising equity securities (as defined in section 560 of the Companies Act 2006) up to an aggregate nominal amount of £63,637,349.78 (less any allotments or grants made under sub-paragraph (i) above) in connection with or pursuant to an offer by way of a rights issue, in each case subject to the conditions set out in the AGM notice. This authority will expire at the earlier of, the conclusion of the Company’s 2020 AGM, and 30 June 2020. The Company did not allot any new shares, other than those shares allotted pursuant to the Group’s share option and long-term incentive plans. 10. Going concern As described on page 168, the Directors have reviewed the projected cash flow and other relevant information and have a reasonable expectation that the Group has adequate resources to continue in operational existence for the foreseeable future. For this reason, the Directors continue to adopt the going concern assumption in preparing the consolidated financial statements. 11. Financial risk management Details of financial risk management and financial instruments are disclosed in Note 31 of the Group financial statements. © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Strategic report Governance Financial statements Avast annual report 2019 105 12. Additional disclosures The Strategic report is a requirement of the UK Companies Act 2006 and can be found on pages 1 to 60 of this report. The Company has chosen, in accordance with section 414 C(11) of the Act, to include the following matters in its Strategic report that would otherwise be disclosed in this Directors’ report: Section Likely future developments Greenhouse gas emissions, energy consumption, and energy efficiency Post balance sheet events Stakeholder and employee engagement disclosures Page 25 59 163 52 to 64 Information required by the Financial Conduct Authority’s Listing Rules can be located as follows: Listing Rule Section LR 9.8.4(2) Publication of unaudited financial information LR 9.8.4(5) and (6) Details of waived Director emoluments Page 35 to 47 84 LR 9.8.4R(10) and (11) LR 9.8.4(14) Related party contracts 162 and 163 Independence of controlling shareholders 102 13. Disclosure of information to auditors The Directors confirm that: (i) so far as the Directors are aware, there is no relevant audit information of which the Company’s auditor is unaware; and (ii) the Directors have taken all the steps that they ought to have taken as directors to make themselves aware of any relevant audit information and to establish that the Company’s auditor is aware of that information. 14. Statement of Directors’ responsibilities in respect of the annual report and the financial statements The Directors are responsible for preparing the annual report and the financial statements in accordance with applicable law and regulations. The UK Companies Act 2006 requires the Directors to prepare financial statements for each financial period that give a true and fair view of the financial position of the Group and the Parent Company and the financial performance and cash flows of the Group for that period. Under that law, the Directors have prepared the Group financial statements in accordance with International Financial Reporting Standards (IFRSs) as adopted by the European Union and in accordance with applicable law, and have elected to prepare the Parent Company financial statements in accordance with UK Generally Accepted Accounting Practice (UK Accounting Standards and applicable law), including Financial Reporting Standard 102 (FRS 102). In preparing these financial statements, the Directors are required to: select suitable accounting policies and then apply them consistently; make judgements and estimates that are reasonable and prudent; present information, including accounting policies, in a manner that provides relevant, reliable, comparable, and understandable information; in respect of the Group financial statements, state whether IFRSs as adopted by the European Union have been followed, subject to any material departures disclosed and explained in the financial statements; provide additional disclosures when compliance with the specific requirements in IFRSs are insufficient to enable users to understand the impact of particular transactions, other events, and conditions on the Group’s financial position and financial performance; in respect of the Parent Company financial statements, state whether applicable UK Accounting Standards, including FRS 102, have been followed, subject to any material departures disclosed and explained in the financial statements; and prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Company and/ or the Group will continue in business. © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Strategic report Governance Financial statements Avast annual report 2019 106 The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s and Group’s transactions and disclose with reasonable accuracy at any time the financial position of the Company and the Group, and enable them to ensure that the financial statements comply with the Companies Act 2006 and, with respect to the Group financial statements, Article 4 of the IAS Regulation. They are also responsible for safeguarding the assets of the Company and Group and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. Under applicable law and regulations, the Directors are also responsible for preparing a strategic report, Directors’ report, Directors’ remuneration report, and corporate governance statement that comply with that law and those regulations. The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the Company’s website. Legislation in the UK governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions. 15. Responsibility statement of the Directors in respect of the annual financial report The Directors confirm, to the best of their knowledge, that: the Group financial statements, prepared in accordance with IFRS as adopted by the European Union and in accordance with applicable law, give a true and fair view of the assets, liabilities, financial position, and profit of the Company and the undertakings included in the consolidation taken as a whole; and the Strategic report and Directors’ report include a fair review of the development and performance of the business and the position of the Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face. The annual report and the financial statements, taken as a whole is fair, balanced, and understandable, and provides the information necessary for shareholders to assess the Group’s position and performance, business model, and strategy. The Directors’ report on pages 100 to 106 was approved by the Board on 25 February 2020 and signed by order of the Board. By order of the Board: Alan Rassaby Company Secretary 25 February 2020 © 2019 Friend Studio Ltd File name: DirectorsXReport_v35 Modification Date: 25 February 2020 6:09 pm Directors’ report Avast annual report 2019 107 Financial statements Independent Auditor’s Report Consolidated financial statements Notes to the consolidated financial statements Company financial statements Notes to the company financial statements Glossary 108 116 123 166 168 171 © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 108 Independent Auditor’s Report to the members of Avast Plc Opinion In our opinion: Avast Plc’s Group financial statements and Parent Company financial statements (the “financial statements”) give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 December 2019 and of the Group’s profit for the year then ended; the Group financial statements have been properly prepared in accordance with IFRSs as adopted by the European Union; the Parent Company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and the financial statements have been prepared in accordance with the requirements of the Companies Act 2006, and, as regards the Group financial statements, Article 4 of the IAS Regulation. We have audited the financial statements of Avast Plc which comprise: Group Consolidated statement of financial position as at 31 December 2019 Consolidated statement of profit and loss for the year then ended Consolidated statement of comprehensive income for the year then ended Parent company Company statement of financial position as at 31 December 2019 Company statement of changes in equity for the year then ended Related notes 1 to 12 to the financial statements, including a summary of significant accounting policies Consolidated statement of changes in shareholders’ equity for the year then ended Consolidated statement of cash flows for the year then ended Related notes 1 to 40 to the financial statements, including a summary of significant accounting policies The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and International Financial Reporting Standards (IFRSs) as adopted by the European Union. The financial reporting framework that has been applied in the preparation of the Parent Company financial statements is applicable law and United Kingdom Accounting Standards, including FRS 102 “The Financial Reporting Standard applicable in the UK and Republic of Ireland” (United Kingdom Generally Accepted Accounting Practice). Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report below. We are independent of the Group and Parent Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed public interest entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 109 Overview of our audit approach Key audit matters Revenue recognition, including risk of management override, in particular: – Licence revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manipulation of the licence term – Cut-off risk. – Licence, platform, and other revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manual manipulation of the timing of revenues or due to an error. Complexity of income and deferred tax: The Group operates in multiple tax jurisdictions and has a complex process for consolidating the group tax position. There is a risk that income tax accounts, including deferred tax, in both the consolidated statement of financial position and the consolidated statement of profit and loss will contain misstatements. Audit scope We performed an audit of the complete financial information of two components and audit procedures on specific balances for a further seven components. The components where we performed full or specific audit procedures accounted for 97% of PBT adjusted for exceptional items and deferred revenue haircut measure used to calculate materiality, 92% of Revenue, and 96% of Total assets. Materiality Overall Group materiality of $15.0m which represents 5% of PBT adjusted for exceptional items and deferred revenue haircut. Conclusions relating to principal risks, going concern and viability statement We have nothing to report in respect of the following information in the annual report, in relation to which the ISAs (UK) require us to report to you whether we have anything material to add or draw attention to: the disclosures in the annual report set out on page 49 that describe the principal risks and explain how they are being managed or mitigated; the directors’ confirmation set out on page 50 in the annual report that they have carried out a robust assessment of the principal risks facing the entity, including those that would threaten its business model, future performance, solvency or liquidity; the directors’ statement set out on page 104 in the financial statements about whether they considered it appropriate to adopt the going concern basis of accounting in preparing them, and their identification of any material uncertainties to the entity’s ability to continue to do so over a period of at least 12 months from the date of approval of the financial statements; whether the directors’ statement in relation to going concern required under the Listing Rules in accordance with Listing Rule 9.8.6R(3) is materially inconsistent with our knowledge obtained in the audit; or the directors’ explanation set out on page 50 in the annual report as to how they have assessed the prospects of the entity, over what period they have done so and why they consider that period to be appropriate, and their statement as to whether they have a reasonable expectation that the entity will be able to continue in operation and meet its liabilities as they fall due over the period of their assessment, including any related disclosures drawing attention to any necessary qualifications or assumptions. © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 110 Key audit matters Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified. These matters included those which had the greatest effect on: the overall audit strategy, the allocation of resources in the audit; and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in our opinion thereon, and we do not provide a separate opinion on these matters. Key observations communicated to the Audit Committee We conclude that the revenue recognised during the year and deferred revenue as at 31 December 2019 are materially correct. Risk Our response to the risk Risk of inappropriate revenue recognition $871.1m (2018: $808.3m) In particular, the risks are: 1) Licence revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manipulation of the licence term – Cut-off risk. 2) Licence, platform, and other revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manual manipulation of the timing of revenues or due to an error. Misstatements that occur in relation to this risk would impact the revenue recognised in the income statement as well as deferred revenue. Revenue recognition is a key driver for the group’s profitability which impacts management and employee bonuses and has an indirect impact on the value of share-based compensation paid to key management personnel. Therefore, we assess that overstatement of revenue presents a higher risk and key audit matter. The overall risk of revenue recognition has remained consistent compared to the prior year. Refer to the Audit Committee Report (pages 74 to 79); Accounting policies (pages 123 to 130); and Note 5 of the Consolidated financial statements (pages 133 to 135). We have reviewed and walked through the process over the approval and recognition of revenue across the group. We have walked through and assessed the design effectiveness of key management controls over data input and IT. We have performed revenue transaction testing in order to ensure that revenue is recognised in line with the group’s revenue recognition policy and IFRS 15 and has been appropriately recorded in the current year income statement and the balance sheet as appropriate. This was achieved by selecting a sample of transactions and: performing testing to validate delivery of individual licences and correct cut-off through application of correct licence term; obtaining evidence that the licence has been delivered to customers prior to revenue recognition; reviewing contract terms for any conditions that would impact timing of revenue recognition and deferred revenue; agreeing revenue transactions to customer reports to validate occurrence; and tracing a sample of billings to cash received. We selected a risk-based sample of manual revenue journals and assessed the appropriateness of the journal by checking to supporting evidence and ensuring compliance with IFRS 15 and the group’s revenue recognition policy. The sample was selected on a risk-based criteria, including but not limited to manual journals, those close to period end and, postings made by people where the nature of the journal is inconsistent with their roles and responsibilities. We performed an overall recalculation of deferred revenue with specific focus on the split of sales in a one, two and three-year period for appropriateness based upon contract terms. We obtained customer confirmation of a selected sample of accounts receivable and unbilled revenue. We sampled significant resellers to confirm contract terms and conditions. We performed disaggregated analytical procedures over revenue on a monthly basis at a segment level. We performed full and specific scope audit procedures over this risk area in four locations, which covered 92% of the risk amount. We also performed specified procedures over the revenues in one location, which covered 3% of the risk amount. For the remaining items we performed other analytical procedures. © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 111 Risk Our response to the risk Complexity of income and deferred tax Income tax expense: -$65.7m (2018: $58.7m) Deferred tax assets (net): $167.6m (2018: $149.4m) We obtained the Group’s tax consolidation and focused our detailed testing of the current and deferred income tax positions for four regions, including verification of completeness and accuracy of tax effects of significant one-off transactions, consolidation, and IFRS adjustments recorded by the Group. Our specific risk areas include: In addition, in order to respond to our risk, we: 1. Management uses judgement to determine recoverability of deferred tax assets and has recovery periods in excess of 20 years. engaged tax specialists for the Czech Republic, Netherlands, USA, and the United Kingdom to support the audit teams audit of complex areas, including accounting for tax on share options. Further, our specialists were consulted to independently assess the assumptions in management’s DTA assessment; 2. The Group operates in multiple tax jurisdictions which may require specialist knowledge. obtained and audited management’s prospective financial information (PFI) to support the recoverability of the significant deferred tax assets. We challenged the underlying assumptions, including: 3. Further, management makes use of manual calculations in order to arrive at the consolidated tax provision for the Group, which gives rise to a higher risk of error. Refer to the Audit Committee Report (pages 74 to 79); Accounting policies (pages 123 to 130); and Note 13 of the Consolidated financial statements (pages 137 to 139). – applicability of local tax laws to deferred tax recoverability; – assessing against the groups historic forecasting accuracy; and – recoverability period by comparison to historic performance, group and industry-wide performance; recalculated and reconciled management’s manual tax tools for computing consolidated tax figures; used tax specialists to challenge management’s technical merits relating to uncertain tax positions (including the impact of IFRIC 23) and transfer pricing arrangements. Key observations communicated to the Audit Committee We highlight the recoverability of deferred tax assets for a period in excess of 20 years, requires significant judgement, however, conclude this is supportable and appropriately disclosed. We conclude that the current and deferred tax amounts reported as at 31 December 2019 and for the year then ended are materially correct. For regions outside of those we have classified as significant, we have performed analytical review procedures and tested consolidation adjustments to mitigate the risk of material misstatement. We also evaluated the adequacy and completeness of the disclosures provided by the Group in relation to tax balances and activity. In the prior year, our auditor’s report included the same Key Audit Matters as noted above. An overview of the scope of our audit Tailoring the scope Our assessment of audit risk, our evaluation of materiality and our allocation of performance materiality determine our audit scope for each entity within the Group. Taken together, this enables us to form an opinion on the consolidated financial statements. We take into account size, risk profile, the organisation of the Group and presence of Group-wide controls, and changes in the business environment when assessing the level of work to be performed at each entity. In assessing the risk of material misstatement to the Group financial statements, and to ensure we had adequate quantitative coverage of significant accounts in the financial statements, of the 33 reporting components of the Group, we selected nine components covering entities within the Czech Republic, Netherlands, United Kingdom and USA, which represent the principal business units within the Group. Of the nine components selected, we performed an audit of the complete financial information of two components (“full scope components”) which were selected based on their size or risk characteristics. For the remaining seven components (“specific scope components”), we performed audit procedures on specific accounts within that component that we considered had the potential for the greatest impact on the significant accounts in the financial statements, either because of the size of these accounts or their risk profile. © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 112 Changes from the prior year The Group has been undergoing a group simplification exercise, including merging and liquidating entities and transfers of trade to centralised entities. As such, our total number of full scope components is reduced from the prior year. However, we believe our overall coverage is comparable and continues to be appropriate for the risk of the business. Integrated team structure and involvement with component teams The overall audit strategy is determined by the senior statutory auditor. The senior statutory auditor is based in the UK, however, since group management and many operations reside in the Czech Republic, the Group audit team (“integrated audit team”) includes members from both the UK and Czech Republic, including tax, IT, and valuations professionals in both countries, as well as tax professionals in the Netherlands. Members of the audit team in both jurisdictions work together as an integrated team throughout the audit process. All audit work performed for the purposes of the 2019 annual report and accounts was undertaken by the integrated audit team. The senior statutory auditor visited the Czech Republic six times during the current year’s audit. While in the Czech Republic, the senior statutory auditor focused his time on the significant risk and judgemental areas of the audit, interactions with management and the integrated audit team. He reviewed key working papers and met with key representatives of the integrated audit team physically located in the Czech Republic to direct and supervise the audit approach and resolve issues arising from the integrated audit team’s work. This, together with the additional procedures performed at Group level, gave us appropriate evidence for our opinion on the Group and stand-alone financial statements. The reporting components where we performed audit procedures accounted for 97% (2018: 100%) of the Group’s PBT adjusted for exceptional items and deferred revenue haircut measure used to calculate materiality, 92% (2018: 94%) of the Group’s revenue and 95% (2018: 97%) of the Group’s total assets. For the current year, the full scope components contributed 98% (2018: 97%) of the Group’s PBT adjusted for exceptional items and deferred revenue haircut measure used to calculate materiality, 83% (2018: 76%) of the Group’s revenue and 35% (2018: 37%) of the Group’s total assets. The specific scope components contributed -1% (2018: 3%) of the Group’s PBT adjusted for exceptional items and deferred revenue haircut measure used to calculate materiality, 9% (2018: 18%) of the Group’s revenue and 60% (2018: 60%) of the Group’s total assets. The audit scope of these components may not have included testing of all significant accounts of the component but will have contributed to the coverage of significant accounts tested for the consolidated financial statements. We also performed specified procedures over certain aspects of revenue and additions of assets for two components. Of the remaining 24 components that together represent 2% of the Group’s PBT adjusted for exceptional items and deferred revenue haircut, none are individually greater than 5% of the Group’s PBT adjusted for exceptional items and deferred revenue haircut. For these components, we performed other procedures, including analytical review, testing of consolidation journals, intercompany eliminations, and foreign currency translation recalculations to respond to any potential risks of material misstatement to the Group financial statements. The charts below illustrate the coverage obtained from the work performed by our audit teams. Adjusted PBT 98% Full scope components (1%) Specific scope components 3% Other procedures Revenue Total assets 83% Full scope components 9% Specific scope components 8% Other procedures 35% Full scope components 60% Specific scope components 5% Other procedures © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Our application of materiality We apply the concept of materiality in planning and performing the audit, in evaluating the effect of identified misstatements on the audit and in forming our audit opinion. Materiality The magnitude of an omission or misstatement that, individually or in the aggregate, could reasonably be expected to influence the economic decisions of the users of the financial statements. Materiality provides a basis for determining the nature and extent of our audit procedures. We determined materiality for the Group to be $15.0m (2018: $11.2m), which is 5% (2018: 5%) of PBT adjusted for exceptional items and deferred revenue haircut. We believe that PBT adjusted for exceptional items and deferred revenue haircut provides us with the most relevant measure of underlying performance of the Group. We determined materiality for the Parent Company to be $32m (2018: $32m), which is 1% (2018: 1%) of total equity, which is greater than that of the Group as a result of its investment in Avast Holdings B.V. Performance materiality The application of materiality at the individual account or balance level. It is set at an amount to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality. On the basis of our risk assessments, together with our assessment of the overall control environment, our judgement was that performance materiality should be set at 50% (2018: 50%) of our planning materiality, namely $7.5m (2018: $5.6m). We have set performance materiality at this percentage to ensure that the total uncorrected and undetected audit differences in all accounts did not exceed our materiality. Audit work at component locations for the purpose of obtaining audit coverage over significant financial statement accounts is undertaken based on a percentage of total performance materiality. The performance materiality set for each component is based on the relative scale and risk of the component to the Group as a whole and our assessment of the risk of misstatement at that component. In the current year, the range of performance materiality allocated to components was $1.5m to $6.7m (2018: $1.1m to $4.2m). Starting basis Adjustments Materiality Profit before tax $314.6m Add back $1.8m exceptional items (as disclosed in note 6 to the financial statements) and deferred revenue haircut of $1.8m Deduct $17.5m relating to the gain on disposal of business operation (as disclosed in note 6 to the financial statements) Totals $300.7m of PBT adjusted for exceptional items and deferred revenue haircut Materiality of $15.0m (5% of PBT adjusted for exceptional items and deferred revenue haircut) © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Avast annual report 2019 113 Reporting threshold An amount below which identified misstatements are considered as being clearly trivial. We agreed with the Audit Committee that we would report to them all uncorrected audit differences in excess of $0.75m (2018: $0.56m), which is set at 5% of planning materiality, as well as differences below that threshold that, in our view, warranted reporting on qualitative grounds. We evaluate any uncorrected misstatements against both the quantitative measures of materiality discussed above and in light of other relevant qualitative considerations in forming our opinion. Other information The other information comprises the information included in the annual report set out on pages 1 to 106, including Strategic Report and Governance Report, other than the financial statements and our auditor’s report thereon. The directors are responsible for the other information. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in this report, we do not express any form of assurance conclusion thereon. In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of the other information, we are required to report that fact. We have nothing to report in this regard. Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 114 In this context, we also have nothing to report in regard to our responsibility to specifically address the following items in the other information and to report as uncorrected material misstatements of the other information where we conclude that those items meet the following conditions: Fair, balanced and understandable set out on page 106 – the statement given by the directors that they consider the annual report and financial statements taken as a whole is fair, balanced, and understandable, and provides the information necessary for shareholders to assess the Group’s performance, business model, and strategy, is materially inconsistent with our knowledge obtained in the audit; or the information about internal control and risk management systems in relation to financial reporting processes and about share capital structures, given in compliance with rules 7.2.5 and 7.2.6 in the Disclosure Rules and Transparency Rules sourcebook made by the Financial Conduct Authority (the “FCA Rules”), is consistent with the financial statements and has been prepared in accordance with applicable legal requirements; and the information about the company’s corporate governance code and practices and about its administrative, management and supervisory bodies and their committees complies with rules 7.2.2, 7.2.3 and 7.2.7 of the FCA Rules. Audit committee reporting set out on pages 74 to 79 – the section describing the work of the Audit Committee does not appropriately address matters communicated by us to the Audit Committee; or Directors’ statement of compliance with the UK Corporate Governance Code set out on page 69 – the parts of the directors’ statement required under the Listing Rules relating to the company’s compliance with the UK Corporate Governance Code containing provisions specified for review by the auditor in accordance with Listing Rule 9.8.10R(2) do not properly disclose a departure from a relevant provision of the UK Corporate Governance Code. Opinions on other matters prescribed by the Companies Act 2006 In our opinion, the part of the directors’ remuneration report to be audited has been properly prepared in accordance with the Companies Act 2006. In our opinion, based on the work undertaken in the course of the audit: the information given in the strategic report and the directors’ report for the financial year for which the financial statements, are prepared is consistent with the financial statements and those reports have been prepared in accordance with applicable legal requirements; Matters on which we are required to report by exception In the light of the knowledge and understanding of the Group and the Parent Company and its environment obtained in the course of the audit, we have not identified material misstatements in: the strategic report or the directors’ report; or the information about internal control and risk management systems in relation to financial reporting processes and about share capital structures, given in compliance with rules 7.2.5 and 7.2.6 of the FCA Rules. We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: adequate accounting records have not been kept by the Parent Company, or returns adequate for our audit have not been received from branches not visited by us; or the Parent Company financial statements and the part of the Directors’ Remuneration Report to be audited are not in agreement with the accounting records and returns; or certain disclosures of directors’ remuneration specified by law are not made; or we have not received all the information and explanations we require for our audit; or a Corporate Governance Statement has not been prepared by the company. Responsibilities of directors As explained more fully in the directors’ responsibilities statement set out on pages 105 and 106, the directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the directors are responsible for assessing the Group and Parent Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so. Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Avast annual report 2019 115 Explanation as to what extent the audit was considered capable of detecting irregularities, including fraud The objectives of our audit, in respect to fraud, are: to identify and assess the risks of material misstatement of the financial statements due to fraud; to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and to respond appropriately to fraud or suspected fraud identified during the audit. However, the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. Our approach was as follows: We obtained an understanding of the legal and regulatory frameworks that are applicable to the Group and determined that the most significant are those that relate to the reporting framework (IFRS, FRS 102, Companies Act 2006, the UK Corporate Governance Code, and the relevant tax compliance regulations in the jurisdictions in which Avast Plc operates). In addition, we concluded that there are certain significant laws and regulations which may have an effect on the determination of the amounts and disclosures in the financial statements, being the Listing Rules of the UK Listing Authority, and those laws and regulations relating to occupational health and safety and data protection. We understood how Avast Plc is complying with those frameworks by making enquiries of management and legal counsel, and those charged with governance (i.e. considering the potential for override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts as to the entity’s performance and profitability). We assessed the susceptibility of the Group’s financial statements to material misstatement, including how fraud might occur by meeting with management from various parts of the business to understand where it considered there was susceptibility to fraud. We also considered performance targets and their influence on efforts made by management to manage earnings or influence the perceptions of analysts. We considered the programmes and controls that the Group has established to address risks identified, or that otherwise prevent, deter and detect fraud; and how senior management monitors those programmes and controls. Where the risk was considered to be higher, we performed audit procedures to address each identified fraud risk. These procedures included testing manual journals and review of accounting estimates and judgements and were designed to provide reasonable assurance that the financial statements were free from fraud or error. Based on this understanding, we designed our audit procedures to identify non-compliance with such laws and regulations. Our procedures involved management enquiries, review of legal correspondence and journal entry testing. A further description of our responsibilities for the audit of the financial statements is located on the FRC’s website at https://www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. Other matters we are required to address We were appointed by the company on 29 July 2019 to audit the financial statements for the year ending 31 December 2019 and subsequent financial periods. The period of total uninterrupted engagement, including previous renewals and reappointments, is two years, covering the years ending 31 December 2018 to 31 December 2019. The non-audit services prohibited by the FRC’s Ethical Standard were not provided to the Group or the Parent Company and we remain independent of the Group and the Parent Company in conducting the audit. The audit opinion is consistent with the additional report to the Audit Committee. Use of our report This report is made solely to the company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone, other than the company and the company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Marcus Butler (Senior statutory auditor) for and on behalf of Ernst & Young LLP, Statutory Auditor London 25 February 2020 Notes: 1 The maintenance and integrity of the Avast Plc web site is the responsibility of the directors; the work carried out by the auditors does not involve consideration of these matters and, accordingly, the auditors accept no responsibility for any changes that may have occurred to the financial statements since they were initially presented on the web site. 2 Legislation in the United Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions. © 2019 Friend Studio Ltd File name: 12_Avast_AR19_AuditorsReport_200225 Modification Date: 25 February 2020 2:16 pm Independent Auditor’s ReportStrategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2019 116 Consolidated statement of profit and loss For the year-ended 31 December 2019 REVENUE Cost of revenues GROSS PROFIT Sales and marketing Research and development General and administrative Total operating costs OPERATING PROFIT Net gain on disposal of a business operation Interest income Interest expense Other finance income and expense (net) PROFIT BEFORE TAX Income tax PROFIT FOR THE FINANCIAL YEAR Attributable to: Equity holders of the parent Non-controlling interest (“NCI”) Earnings per share (in $ per share): Basic EPS Diluted EPS The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Note 5 8 9 16 11 11 11 13 34 14 14 Year-ended 31 December 2019 $M Year-ended 31 December 2018 $M 871.1 (210.7) 660.4 (132.0) (82.5) (101.3) (315.8) 344.6 17.5 1.5 (58.7) 9.7 314.6 (65.7) 248.9 248.7 0.2 0.26 0.24 808.3 (241.4) 566.9 (124.5) (68.9) (125.2) (318.6) 248.3 – 0.3 (85.8) 19.7 182.5 58.7 241.2 241.2 – 0.26 0.25 Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 117 Consolidated statement of comprehensive income For the year-ended 31 December 2019 Profit for the financial year Other comprehensive gains/(losses): Items that will not be reclassified subsequently to profit or loss: – Translation differences Total other comprehensive gains/(losses) Comprehensive income for the year Attributable to: Equity holders of the parent Non-controlling interest The accompanying notes form an integral part of these financial statements. Year-ended 31 December 2019 $M Year-ended 31 December 2018 $M 248.9 0.3 0.3 249.2 249.0 0.2 241.2 (1.6) (1.6) 239.6 239.6 – © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 118 Consolidated statement of financial position As at 31 December 2019 Company registered number: 07118170 ASSETS Current assets Cash and cash equivalents Trade and other receivables Capitalised contract costs Prepaid expenses Inventory Tax receivables Other financial assets Non-current assets Property, plant and equipment Right-of-use assets Intangible assets Deferred tax assets Other financial assets Capitalised contract costs Prepaid expenses Goodwill TOTAL ASSETS © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Note 31 December 2019 $M 31 December 2018 $M 17 18 19 13 20 21 22 13 19 23 216.6 78.9 33.3 13.6 0.4 22.0 1.2 366.0 42.9 62.6 193.3 203.8 0.8 4.4 0.8 1,991.3 2,499.9 2,865.9 272.3 82.9 31.2 8.5 0.5 7.3 0.4 403.1 29.3 – 267.3 204.1 0.7 4.6 2.0 1,993.7 2,501.7 2,904.8 Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 119 Consolidated statement of financial position (continued) As at 31 December 2019 Company registered number: 07118170 SHAREHOLDERS’ EQUITY AND LIABILITIES Current liabilities Trade payables and other liabilities Lease liability Provisions Income tax liability Deferred revenue Term loan Non-current liabilities Lease liability Provisions Deferred revenues Term loan Financial liability Other non-current liabilities Redemption obligation Deferred tax liabilities Shareholders’ equity Share capital Share premium, statutory and other reserves Translation differences Retained earnings Equity attributable to equity holders of the parent Non-controlling interest TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES These financial statements were approved by the Board of Directors on 25 February 2020 and signed on its behalf by: © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Note 31 December 2019 $M 31 December 2018 $M 24 21 25 13 26 27 21 25 26 27 29 13 31 31,32 33 65.1 7.3 11.6 0.3 420.5 58.2 563.0 57.5 0.9 54.3 969.5 2.1 1.7 56.3 36.2 1,178.5 136.0 280.7 1.3 698.9 1,116.9 7.5 1,124.4 2,865.9 64.0 0.4 9.1 40.4 384.3 73.4 571.6 2.6 0.9 51.2 1,318.1 1.0 4.3 – 54.7 1,432.8 129.0 275.9 (0.3) 494.8 899.4 1.0 900.4 2,904.8 Philip Marshall Chief Financial Officer The accompanying notes form an integral part of these financial statements. Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 120 Consolidated statement of changes in shareholders’ equity For the year-ended 31 December 2019 At 31 December 2017 Result of the year Other comprehensive income Comprehensive income for the year Primary proceeds Group re-organisation Capital reduction Other movements Share issue expense Share-based payments deferred tax Share-based payments Exercise of options At 31 December 2018 Result of the year Other comprehensive income Comprehensive income for the year Transactions with NCI – Sale of interest Transactions with NCI – Recognition of put liability Share-based payments deferred tax Other movements Share-based payments Exercise of options Cash dividends At 31 December 2019 Note 31 31 31 31 13 35 31 34 29 35 31 33 Share Capital $M 371.7 – – – 8.0 (250.8) – – – – – 0.1 129.0 – – – – – – – – 7.0 – 136.0 Share premium, statutory and other reserves $M Translation differences $M Retained earnings $M Equity attributable to equity holders of the parent $M 3.3 – – – 191.8 250.8 (180.6) – (4.0) – 13.8 0.8 275.9 – – – – (55.7) – 0.2 20.1 40.2 – 280.7 1.3 – (1.6) (1.6) – – – – – – – – (0.3) – 0.3 0.3 – – – 1.3 – – – 1.3 57.9 241.2 – 241.2 – – 180.6 0.3 – 14.8 – – 494.8 248.7 – 248.7 48.6 – 34.9 (1.1) – – (127.0) 698.9 434.2 241.2 (1.6) 239.6 199.8 – – 0.3 (4.0) 14.8 13.8 0.9 899.4 248.7 0.3 249.0 48.6 (55.7) 34.9 0.4 20.1 47.2 (127.0) 1,116.9 Non-controlling interests $M 0.9 – – – – – – – – – 0.1 – 1.0 0.2 – 0.2 5.7 – – – 0.6 – – 7.5 Total equity $M 435.1 241.2 (1.6) 239.6 199.8 – – 0.3 (4.0) 14.8 13.9 0.9 900.4 248.9 0.3 249.2 54.3 (55.7) 34.9 0.4 20.7 47.2 (127.0) 1,124.4 The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 121 Consolidated statement of cash flows For the year-ended 31 December 2019 Cash flows from operating activities Profit for the financial year Non-cash adj. to reconcile profit to net cash flows: Income tax Depreciation Amortisation Gain on disposal of a business operation Gain on disposal of property, plant and equipment Movement of provisions and allowances Interest income Interest expense, changes of fair values of derivatives and other non-cash financial expense Shares granted to employees Effect of exchange rate changes on cash and cash equivalents held in foreign currencies Unrealised foreign exchange gains and losses and other non-cash transactions Working capital adjustments: (Increase)/decrease in trade and other receivables and inventories Increase/(decrease) in trade and other payables Increase in deferred revenues Income tax paid Net cash flows from operating activities Note Year ended 31 December 2019 $M Year ended 31 December 2018 $M 13 12 12 16 11 11 34 26 248.9 65.7 18.9 91.1 (17.5) (0.2) 5.9 (1.5) 59.6 20.7 (2.8) (13.8) (10.4) (1.2) 39.9 (104.2) 399.1 241.2 (58.7) 13.4 130.3 – (0.2) 3.5 (0.3) 85.5 13.9 (2.8) (32.0) 4.1 1.0 56.9 (79.8) 376.0 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 122 Consolidated statement of cash flows (continued) For the year-ended 31 December 2019 Cash flows from investing activities Acquisition of property and equipment Acquisition of intangible assets Investment in subsidiary, net of cash acquired Settlement of contingent consideration Proceeds from sale of a business operation, net of cash disposed Interest received Net cash used in investing activities Cash flows from financing activities Proceeds from issue shares Transaction costs related to the issue shares Transaction with NCI, net of fees Exercise of options Dividend paid Repayment of borrowings Proceeds from borrowings Transaction costs related to borrowings Interest paid Lease payments interest Lease payments principal Net cash used from financing activities Net increase/(decrease) in cash and cash equivalents Effect of exchange rate changes on cash and cash equivalents held in foreign currencies Cash and cash equivalents at beginning of period Cash and cash equivalents at end of period The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Note 20 22 15 16 31 31 34 31 33 27 27 27 27 21 21 17 Year ended 31 December 2019 $M Year ended 31 December 2018 $M (26.3) (3.6) (14.8) (0.2) 26.7 1.5 (16.7) – – 54.3 47.2 (127.0) (562.9) 202.6 (0.9) (45.1) (2.3) (6.8) (440.9) (58.5) 2.8 272.3 216.6 (13.5) (3.4) (4.2) (8.0) – 0.3 (28.8) 199.8 (4.0) – 0.9 – (378.5) – (3.1) (67.6) (1.5) (254.0) 93.2 2.8 176.3 272.3 Consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 123 Notes to the consolidated financial statements 1. General information Avast Plc, together with its subsidiaries (collectively, “Avast”, “the Group” or “the Company”), is a leading global cybersecurity provider. Avast Plc is a public limited company incorporated and domiciled in the UK, and registered under the laws of England and Wales under company number 07118170 with its registered address at 110 High Holborn, London WC1V 6JS. The ordinary shares of Avast Plc are admitted to the premium listing segment of the Official List of the UK Financial Conduct Authority and trade on the London Stock Exchange plc’s main market for listed securities. 2. Significant accounting policies The accounting policies used in preparing the historical financial information are set out below. These accounting policies have been consistently applied in all material respects to all periods presented except for the changes described in Note 4. Basis of preparation The audited consolidated financial statements of the Group have been prepared in accordance with International Financial Reporting Standards as adopted by the European Union (IFRS). The consolidated financial statements have been prepared on a historical cost basis and are presented in US dollars. All values are rounded to the nearest 0.1m ($m), except where otherwise indicated. Under section 408 of the Companies Act 2006, the Parent Company is exempt from the requirement to present its own profit and loss account. The Group uses the direct method of consolidation, under which the financial statements are translated directly into the presentation currency of the Group, the US Dollar (USD). The consolidation of a subsidiary begins when the Group obtains control over the subsidiary, and continues to be consolidated until the date when such control ceases. All intra-group balances, transactions, unrealised gains and losses resulting from intra-group transactions and dividends are eliminated in full on consolidation. The directors have reviewed the projected cash flow and other relevant information and have a reasonable expectation that the Group has adequate resources to continue in operational existence for the foreseeable future. For this reason, the directors continue to adopt the going concern assumption in preparing the consolidated financial statements. Revenue recognition Revenue is measured based on the fair value of consideration specified in the contract with a customer and excludes taxes and duty. The Group recognises the revenue when it transfers control over a product and service to a customer. Each contract is evaluated to determine whether the Group is the principal in the revenue arrangements. Revenues from individual products and services are aggregated into the following categories: Consumer Direct The principal revenue stream of the Group is derived from the sale of its software and related services for desktop and mobile which protect users’ security, online privacy, and device performance. Licence agreements with customers include a pre-defined subscription period during which the customer is entitled to the usage of the products, including updates of the software. The typical length of a subscription period is 1, 12, 24, or 36 months. Antivirus software requires frequent updates to keep the software current in order for it to be beneficial to the customer and the customer is therefore required to use the updated software during the licence period. This provides evidence that the licence grants the right to access the software over time and therefore revenue is recognised evenly over the term of the licence. The software licence, together with the unspecified updates, forms a single distinct performance obligation. The Group mainly sells software licences through direct sales (mainly through e-commerce services providers, including Digital River and the Group’s e-shop) to customers. However, the Group also sells a small portion through indirect sales via the Group’s retailers and resellers. Deferred revenue represents the contract liability arising from contracts with customers. The portion of deferred revenues that will be recognised as revenue in the 12 months following the balance sheet date is classified as current, and the remaining balance is classified as non-current. Deferred revenue also materially represents the transaction price relating to sales of software licences that is allocated to future performance obligations. Some of the Group’s products can be used on a one-time basis (VPN and Utilities), in which case sales are recognised immediately as revenue. The Group uses a practical expedient not to adjust the promised amount of consideration for the effects of a significant financing component if the Group expects, at contract inception, that the period between when the Group transfers a promised good or service to a customer and when the customer pays for that good or service will be one year or less. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 124 2. Significant accounting policies (continued) When the Group concludes that it has control over the provided product or service before that product or service is transferred to the customer, the Group acts as principal and revenues for satisfying the performance obligations are recognised on a gross basis (before deduction of resellers’ commissions, payment provider fees, and the third party costs). Otherwise, revenues are recognised on a net basis. The Group accounts for sales of products through e-commerce partners on a gross basis before the deduction of the e-commerce partner’s commissions and fees. The Group’s e-commerce service providers fulfil administrative functions, such as collecting payment and remitting any required sales tax. The Group’s e-commerce service providers collect the fees and transfer cash payments to the Group on a monthly basis within 30 days after the end of the month with respect to which payment is being made. The Group sets the retail list prices and has control over the licences before transferring them to the customer. The Group also sells subscription software licences through an e-shop directly to end customers in cooperation with certain payment gateways providers. Revenue from sales through the e-shop is accounted for on a gross basis before the deduction of payment gateways fees. The Group sets the final retail prices and fully controls the revenue arrangement with the end customers. Location Labs, Inc. (Location Labs) provides mobile security solutions that partner with Mobile Network Operators (MNOs) providing locator, phone controls and drive safe products to their customers. Once the product is developed by Avast based on the MNO’s requirements, the product is then sold to the end customer via the MNO’s subscription plans. The revenues generated by these arrangements are based on revenue share percentages as stated in the MNO agreements. Revenue is recognised on a net basis, after deduction of partners` commissions, based on the delivery of monthly services to the end customers of the MNOs. Avast has no control of the product and no discretion to set the final prices. The Group also sells a limited amount of physical CDs through its distributors which then sell the Group’s products (Internet Security and Antivirus Software) to retail stores. The retail revenue is recognised on a gross basis, before the deduction of distributors commissions, ratably over the subscription period. The Group reduces revenue for estimated sales returns. End users may return the Group’s products, subject to varying limitations, through resellers or to the Group directly for refund within a reasonably short period from the date of purchase. The Group estimates and records provisions for sales returns based on historical experience. The amount of such provisions is not material. Indirect Consumer indirect revenues arise from several products and distribution arrangements that represent the monetisation of the user base. These arrangements are accounted for on a net basis in an amount corresponding to the fee the Group receives from the monetisation arrangement. The contracted partner in the arrangement is the customer rather than the end customer. The most significant sources of revenues are: Google – The Group has two distribution arrangements with Google Ireland Limited (“Google”) pursuant to which the Group is paid fees in connection with the Group’s offers to users of Google Chrome or Google Toolbar. The Group recognises revenue from Google in full in the month they are earned as the Group has no subsequent performance obligations after the date of sale. Secure Browsing – The Group’s Secure browser earns the Group a share of advertising revenue generated by end user search activity. Revenue is recognised immediately as the Group has no performance obligation after the date of sale. Advertising – Other Consumer Indirect derived revenues are comprised of advertising fees and product fees. Advertising fees are earned through advertising arrangements the Group has with third parties whereby the third party is obligated to pay the Group a portion of the revenue they earn from advertisements to the Group’s end users. Amounts earned are reflected as revenue in the month the advertisement is delivered to the end user. The Group also receives product fees earned through arrangements with third parties, whereby the Group incorporates the content and functionality of the third party into the Group’s product offerings. Fees earned during a period are based on the number of active clients with the installed third-party content or functionality multiplied by the applicable client fee. Analytics – The Group offered big data and marketing analytics through its entity, Jumpshot Inc. (“Jumpshot”), generating mostly recurring subscription revenue. Subscriptions were recognised ratably over the subscription period covered by the contract. Subsequent to year end, the Group decided to wind down the Jumpshot business as further described in Note 39. Small and Medium-sized business (SMB’) SMB includes subscription revenue targeted at small and medium-sized businesses. Revenue is generated through the sale of security software and other IT managed solutions (including CloudCare). CloudCare is a cloud-based security suite designed for SMBs and third party managed service providers who can use this tool to manage security on behalf of their clients. Licences are provided in conjunction with hosting services as the customers have no control over the software independently. The licence is not distinct and would be combined with the hosting service as a single performance obligation. The performance obligation is typically satisfied over the subscription term, beginning on the date that service is made available to the customer. Revenues from sales of CloudCare are recognised on a gross basis, before deduction of the payment gateways fees. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 125 2. Significant accounting policies (continued) Cost of revenues Expenses directly connected with the sale of products and the provision of services, e.g. commissions, payments, and other fees and third party licence costs related to the subscription software licences, are recognised as cost of revenues. Capitalised contract costs The Group pays commissions, third party licence, costs and payment fees to resellers and payment providers for selling the subscription software licences to end customers. Capitalised contract costs are amortised over the licence period and recognised in the cost of revenues. Capitalised contract costs are subject to an impairment assessment at the end of each reporting period. Impairment losses are recognised in profit or loss. Taxes Current income tax assets and liabilities recognised are the amount expected to be recovered from or paid to the taxation authorities. The tax rates and tax laws used to compute the amount are those that are enacted or substantively enacted at the reporting date in the country where the Group operates and generates taxable income. Deferred tax is recognised for all temporary differences, except: where the deferred tax arises from the initial recognition of goodwill or of an asset or liability in a transaction that is not a business combination and, at the time of the transaction, affects neither the accounting profit nor taxable profit or loss; and in respect of taxable temporary differences associated with investments in subsidiaries, associates and interests in joint ventures, where the timing of the reversal of the temporary differences can be controlled and it is probable that the temporary differences will not reverse in the foreseeable future. Deferred tax assets are recognised to the extent that it is probable that taxable profits will be available, whereby the deductible temporary differences and the carry forward of unused tax credits and unused tax losses can be utilised. rates prevailing at the balance sheet date and the income statements are translated at the average exchange rate for each month of the relevant year. The resulting net translation difference is recorded in other comprehensive income. The carrying amount of deferred tax assets is reviewed at each reporting date and reduced to the extent that it is no longer probable that sufficient taxable profit will be available to allow all or part of the deferred tax asset to be utilised. Unrecognised deferred tax assets are reassessed at each reporting date and are recognised to the extent that it has become probable that future taxable profits will allow the deferred tax asset to be recovered. Deferred tax assets and liabilities are measured at the tax rates that are expected to apply in the year when the asset is realised or the liability is settled, based on tax rates (and tax laws) that have been enacted or substantively enacted at the reporting date for the respective tax jurisdiction. Deferred tax items are recognised with respect to the related underlying transaction either in other comprehensive income or directly in equity. Deferred tax assets and deferred tax liabilities are offset if a legally enforceable right exists to set off current tax assets against current income tax liabilities and the deferred taxes relate to the same taxable entity and the same taxation authority. Foreign currency translation The Group’s historical financial information is presented in US dollars (USD or $). The functional currencies of all Group entities are presented in the table opposite. Each entity in the Group (including branch offices not representing incorporated entities) determines its own functional currency, and items included in the financial statements of each entity are measured using that functional currency. For the purposes of inclusion in the historical financial information, the statement of financial position of entities with non-USD functional currencies are translated into USD at the exchange The functional currencies of the Group’s main entities are as follows: Company or branch Avast plc Avast Holding B.V. Avast Operations B.V. Avast Software B.V. Avast Software s.r.o. Avast Software, Inc. Avast Corporate Services B.V. Avast Deutschland GmbH AVG Technologies UK Limited AVG Technologies USA, Inc. FileHippo s.r.o. InloopX s.r.o. Location Labs, Inc. Piriform Group Limited Piriform Limited Piriform Software Limited Piriform, Inc. Privax Limited TrackOFF, Inc. Jumpshot s.r.o. Jumpshot, Inc. Functional currency USD USD USD USD USD USD USD EUR GBP USD CZK EUR USD GBP GBP GBP USD USD USD CZK USD © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 126 2. Significant accounting policies (continued) Transactions in foreign currencies are initially recorded by the Group entities at their respective functional currency rates prevailing at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies are recalculated at the functional currency spot rate of exchange valid at the reporting date. All differences are recorded in the statement of profit and loss as finance income and expenses. Non-monetary items that are measured in terms of historical cost in a foreign currency are translated using the exchange rates at the dates of the initial transactions. Business combinations and goodwill Business combinations are accounted for using the acquisition method. The cost of an acquisition is measured as the aggregate of the consideration transferred measured at acquisition date fair value and the amount of any non-controlling interests in the acquiree. For each business combination, the Group elects whether to measure the non-controlling interests in the acquiree at fair value or at the proportionate share of the acquiree’s identifiable net assets. Acquisition-related costs are expensed as incurred and included in administrative expenses. When the Group acquires a business, it assesses the financial assets and liabilities assumed for appropriate classification and designation in accordance with the contractual terms, economic circumstances, and pertinent conditions as at the acquisition date. If the business combination is achieved in stages, any previously held equity interest is re-measured at its acquisition date fair value and any resulting gain or loss is recognised in profit or loss. It is then considered in the determination of goodwill. Any contingent consideration to be transferred will be recognised at fair value at the acquisition date. Contingent consideration is measured at fair value with changes in fair value recognised in profit or loss. Contingent consideration that is classified as equity is not re-measured and subsequent settlement is accounted for within equity. Goodwill is initially measured at cost, being the excess of the aggregate of the consideration transferred and the amount recognised for non-controlling interests, and any previous interest held, over the net identifiable assets acquired and liabilities assumed. If the fair value of the net assets acquired is in excess of the aggregate consideration transferred, the Group reassesses whether it has correctly identified all of the assets acquired and all of the liabilities assumed, and reviews the procedures used to measure the amounts to be recognised at the acquisition date. During the measurement period, which may be up to one year from the acquisition date, the Group may record adjustments to the assets acquired and liabilities assumed with the corresponding offset to goodwill. Upon the conclusion of the measurement period or final determination of the values of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are recorded to the Consolidated statement of profit and loss. After initial recognition, goodwill is measured at cost less any accumulated impairment losses. For the purpose of impairment testing, goodwill acquired in a business combination is, from the acquisition date, allocated to each of the Group’s cash-generating units that are expected to benefit from the combination, irrespective of whether other assets or liabilities of the acquiree are assigned to those units. Intangible assets Intangible assets acquired separately are measured on initial recognition at cost. The cost of intangible assets acquired in a business combination is their fair value as at the date of acquisition. Intangible assets are carried at cost less accumulated amortisation and accumulated impairment losses. Intangible assets with finite lives are amortised over their useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period for an intangible asset with a finite useful life is reviewed at least at the end of each reporting period. The amortisation expense on intangible assets with finite lives is recognised in the Consolidated statement of profit and loss in the expense category consistent with the function of the intangible assets. Indefinite lived intangibles are not amortised but are tested for impairment annually and for impairment indicators on a quarterly basis. The assessment of indefinite life is reviewed annually to determine whether the indefinite life assumption continues to be appropriate. The useful economic lives of intangible assets are as follows: Developed technology Avast Trademark Piriform Trademark AVG Trademark Customer relationships and user base Other licensed intangible assets Years 4–5 Indefinite 10 6 4 3–5 Research and development costs Research costs are expensed when incurred when the criteria for capitalisation are not met. Development expenditures are recognised as an intangible asset when the Group can demonstrate: the technical feasibility of completing the intangible asset so that the asset will be available for use or sale; its intention to complete and its ability and intention to use or sell the asset; how the asset will generate future economic benefits; the availability of resources to complete the asset; and the ability to measure reliably the expenditure during development. Development expenditure incurred on minor or major upgrades, or other changes in software functionalities does not satisfy the criteria, as the product is not substantially new in its design or functional characteristics. Such expenditure is therefore recognised as an expense in the Consolidated statement of profit or loss as incurred. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 127 2. Significant accounting policies (continued) Goodwill Goodwill is assessed as having an indefinite useful life and is tested for impairment annually. Property, plant and equipment Property, plant and equipment are carried at cost less accumulated depreciation and accumulated impairment losses. Cost comprises the aggregate amount paid and the fair value of any other consideration given to acquire the asset and includes costs directly attributable to making the asset capable of operating as intended. Repairs and maintenance costs are charged to the Consolidated statement of profit and loss during the accounting period during which they are incurred. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset, as follows: Leasehold improvements Machinery and equipment Years Over the lease term 2–5 Gains or losses arising from the de-recognition of property, plant and equipment are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the Consolidated statement of profit and loss when the asset is de-recognised. Impairment The Group assesses at each reporting date whether there is an indication that an asset may be impaired. If any indication exists, or when annual impairment testing for an asset is required, the Group estimates the asset’s recoverable amount. An asset’s recoverable amount is the higher of an asset’s or cash-generating unit’s (CGU) fair value less costs of disposal or its value in use and is determined for an individual asset, unless the asset does not generate cash inflows that are largely independent of those from other assets or groups of assets. Where the carrying amount of an asset or CGU exceeds its recoverable amount, the asset is considered impaired and is written down to its recoverable amount. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset. In determining fair value less costs of disposal, recent market transactions are taken into account, if available. If no such transactions can be identified, an appropriate valuation model is used. Impairment losses of continuing operations are recognised in the Consolidated statement of profit and loss in those expense categories consistent with the function of the impaired asset. For assets excluding goodwill, an assessment is made at each reporting date as to whether there is any indication that previously recognised impairment losses may no longer exist or may have decreased. Any reversal of previously recognised impairment is limited so that the carrying amount of the asset does not exceed the lower of its recoverable amount or the carrying amount that would have been determined, net of depreciation, had no impairment loss been recognised for the asset in prior years. Such reversal is recognised in the Consolidated statement of profit and loss. Goodwill and intangible assets with indefinite useful lives are tested for impairment annually as at 31 December at the operating segment level, which is the smallest group of CGUs to which the goodwill and intangible assets with indefinite useful life can be allocated. Goodwill is allocated to the groups of CGUs that correspond with operating segments (Consumer and SMB) according to the allocation from past business combinations – see Note 23. Intangible assets with indefinite useful lives are all allocated to the Group of CGUs that corresponds to the Consumer operating segment. Leases For any new contracts entered into on or after 1 January 2019, the Group considers whether a contract is, or contains, a lease. That is, if the contract conveys the right to control the use of an identified asset for a period of time in exchange for consideration. On transition to IFRS 16, the Group elected to apply the practical expedient to grandfather the assessment of which transactions are leases. The Group applied IFRS 16 only to contracts that were previously identified as leases. Therefore, the definition of a lease under IFRS 16 was applied only to contracts entered into on or after 1 January 2019. The Group applies a recognition exemption for lease contracts that, at the commencement date, have a lease term of 12 months or less and do not contain a purchase option (‘short-term leases’), and lease contracts for which the underlying asset is of low value (‘low-value assets’). Short-term lease payments are recognised as operating expenses in the Consolidated statement of profit and loss on a straight-line basis over the lease term. Right-of-use assets The Group recognises right-of-use assets at the commencement date of the lease. Right-of-use assets are measured at cost, less any accumulated depreciation and impairment losses, and are subsequently adjusted (where appropriate) for any re-measurement of lease liabilities. The cost of right-of-use assets includes the amount of lease liabilities recognised, initial direct costs incurred, and lease payments made at or before the commencement date less any lease incentives received. The right-of-use asset is depreciated on a straight-line basis over the lease term or, if it is shorter, over the useful life of the leased asset. The Group currently applies the lease term for depreciation of all right-of-use assets (see Note 21). Related expense is presented within depreciation, allocated to general and administrative expenses. The Group also assesses the right-of-use asset for impairment when such indicators exist. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 128 2. Significant accounting policies (continued) Lease liabilities At the commencement date of the lease, the Group recognises lease liabilities measured at the present value of lease payments to be made over the lease term. The lease payments include fixed payments less any lease incentives receivable, variable lease payments that depend on an index or a rate and lease payments within extension option periods for which the Group considers it likely that the extension option will be utilised. In calculating the present value of lease payments, the Group uses the incremental borrowing rate at the lease commencement date because the interest rate implicit in the lease is not readily determinable. The amount of lease liabilities is increased to reflect the accretion of interest and reduced for the lease payments made. Lease interest is presented within interest expenses. In addition, the carrying amount of lease liabilities is re-measured if there is a reassessment of the lease term (using a revised discount rate at the date of the reassessment) or a change in the variable lease payments that depend on an index or rate (using the original discount rate). In such cases, there is a corresponding adjustment to the right-of-use asset. Operating leases (accounting policy applied prior to 1 January 2019) Under IAS 17 (prior to transition to IFRS 16), leases where the lessee did not obtain substantially all the risks and rewards of ownership of the asset were classified as operating leases. Operating lease payments, other than contingent rentals, were recognised as an expense in the Consolidated statement of profit and loss on a straight-line basis over the lease term. Employee stock option plans Employees of the Group receive remuneration in the form of share-based payment transactions whereby employees render services as consideration for equity instruments (equity-settled transactions). Equity-settled transactions The cost of equity-settled transactions is determined based on the fair value of the share-based payment award at the date when the grant is made, taking into account the market and non-vesting conditions, using an appropriate valuation model. Non-market vesting conditions are not taken into account in determining the fair value of the award. The cost is recognised, together with a corresponding increase in other capital reserves in equity, over the period in which the performance or service conditions are fulfilled. The cumulative expense recognised for equity-settled transactions at each reporting date until the vesting date reflects the extent to which the vesting period has expired and the Group’s best estimate of the number of equity instruments that will ultimately vest. The Consolidated statement of profit and loss expense or credit for a period represents the movement in cumulative expense recognised as at the beginning and end of that period and is recognised in compensation expense. No expense is recognised for awards that do not ultimately vest, except for equity-settled transactions where vesting is conditional upon a market or non-vesting condition, which are treated as vesting irrespective of whether or not the market or non-vesting condition is satisfied, provided that all other performance and/or service conditions are satisfied. When the terms of an equity-settled transaction are modified, where the modification increases the total fair value of the share-based payment transaction, or is otherwise beneficial to the employee as measured at the date of modification, additional expense is recognised. When an equity-settled award is cancelled other than by forfeiture, it is treated as if it vested on the date of cancellation, and any expense not yet recognised for the award is recognised immediately. This includes any award where non-vesting conditions within the control of either the entity or the employee are not met. However, if a new award is substituted for the cancelled award, and designated as a replacement award on the date that it is granted, the cancelled and new awards are treated as if they were a modification of the original award. The dilutive effect of outstanding options is reflected in the computation of diluted earnings per share. Payments for settlement of equity-settled awards are taken to equity up to the fair value of the award at the time of settlement (with any excess recognised in profit or loss). Deferred tax assets are recognised in connection with granted stock option in the amount of the expected tax deduction available on exercise, measured using the share price at the end of the period and multiplied by the expired portion of the vesting period. The cumulative related tax benefit is recognised in profit and loss to the extent of the tax rate applied to the cumulative recognised share-based payments expense, with the excess (if any) recognised directly through equity. Employee benefits Pension obligations Contributions are made to the government health, retirement benefit and unemployment plans at statutory rates applicable during the period and are based on gross salary payments. The arrangements of the government health, retirement benefit and unemployment plans qualify as defined contribution plans. The Group has no further payment obligations once the contributions have been paid. The expense for the contributions is charged to profit and loss in the same period as the related salary expense. As a benefit for employees, the Group also makes contributions to defined contribution schemes operated by external (third-party) pension companies. These contributions are charged to profit and loss in the period to which the contributions relate. Defined contribution plans The Group maintains a defined contribution 401(k) retirement savings plan for its US employees. Each participant in the 401(k) retirement savings plan may elect to contribute a percentage of his or her annual compensation up to a specified maximum amount allowed under US Internal Revenue Service regulations. The Group matches employee contributions to a maximum of 4% of the participant annual compensation. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 129 2. Significant accounting policies (continued) Redundancy and termination benefits Redundancy and termination benefits are payable when employment is terminated before the normal retirement or contract expiry date. The Group recognises redundancy and termination benefits when it is demonstrably committed to have terminated the employment of current employees according to a detailed formal plan without possibility of withdrawal. Benefits falling due more than 12 months after the balance sheet date are discounted to present value. There are currently no redundancy and termination benefits falling due more than 12 months after the balance sheet date. Key management personnel The Group discloses the total remuneration of key management personnel (KMP) as required by IAS 24 Related party disclosures. The Group includes within KMP all individuals who have authority and responsibility for planning, directing, and controlling the activities of the Group. KMP include all members of the Board and the Executive Management team of the Group. Other related parties include family members if applicable. See Note 36 for more details. Financial instruments Financial assets and liabilities are recognised on the Group’s Consolidated statement of financial position when the Group becomes a contractual party to the instrument. When financial instruments are recognised initially, they are measured at fair value, which is the transaction price plus, in the case of financial assets and financial liabilities not measured at fair value through profit and loss, directly attributable transaction costs. All assets and liabilities for which fair value is measured or disclosed in the financial statements are categorised within the fair value hierarchy, described as follows, based on the lowest level input that is significant to the fair value measurement as a whole: Level 1 – Quoted (unadjusted) market prices in active markets for identical assets or liabilities; Level 2 – Valuation techniques for which the lowest level input that is significant to the fair value measurement is directly or indirectly observable; and Level 3 – Valuation techniques for which the lowest level input that is significant to the fair value measurement is unobservable. Trade and other receivables Trade receivables are at initial recognition recorded at the original invoice amount, including value-added tax and other sales taxes. At subsequent reporting dates, the carrying amount is decreased by the expected lifetime loss allowance attributable to the receivable or group of receivables based on a credit assessment of the counterparty or estimate for relevant group of receivables respectively. The Group uses the expected credit loss model for impairment of receivables. The Group applies practical expedients when measuring the expected credit loss. The Group applies a simplified approach and recognises expected lifetime loss allowances for trade receivables and contract assets. The expected lifetime loss is calculated using the provision matrix, which assigns provision rates to classes of receivables based on number of days they are overdue, based on the Group’s historical credit loss experience adjusted for forward- looking development. The classes of receivables are stratified by types of customer and by operating segments between the Consumer and SMB receivables. Bad debts are written off in the period in which they are determined to be completely irrecoverable. Cash and cash equivalents For the purpose of the Consolidated statement of cash flows, cash and cash equivalents consist of cash at bank, cash in hand and short-term deposits with an original maturity of three months or less. The Group´s Consolidated statement of cash flows is prepared based on the indirect method from the Consolidated statement of financial position and Consolidated statement of profit and loss. Pledged or restricted assets Financial assets transferred to third parties as collateral, assets that are pledged and assets as to which the Group has otherwise restricted dispositions are classified as other long-term receivables, if the period until which the restriction ends or return of the assets in question will take place is more than 12 months from the balance sheet date. Trade payables and other liabilities Trade payables and other liabilities are recognised at their amortised cost which is deemed to be materially the same as the fair value. Loans Loans are initially recognised at their fair value net of transaction costs and subsequently measured at amortised cost using the effective interest method. The effective interest rate is the rate that exactly discounts the estimated future cash payments or receipts over the expected life of the financial instrument or a shorter period, where appropriate, to the net carrying amount of the financial liability. Derivative financial instruments Derivatives are initially recognised at fair value at the date a derivative contract is entered into and are subsequently re-measured at fair value at the end of each reporting period. The resulting gain or loss is recognised in profit and loss immediately. A derivative embedded within a host contract containing a financial asset host is not accounted for separately. The financial asset host together with the embedded derivative is required to be classified in its entirety as a financial asset at fair value through profit or loss. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 130 2. Significant accounting policies (continued) De-recognition of financial instruments A financial asset or liability is generally de-recognised when the contract that gives right to it is settled, sold, cancelled or expires. When an existing financial liability is replaced by another from the same lender on substantially different terms, or the terms of an existing liability are substantially modified, such an exchange or modification is treated as a de-recognition of the original liability and the recognition of a new liability, and the difference in the respective carrying amounts is recognised in the Consolidated statement of profit and loss. Provisions Provisions are recognised when the Group has a present obligation (legal or constructive) as a result of a past event, it is probable that an outflow of resources embodying economic benefits will be required to settle the obligation and a reliable estimate can be made of the amount of the obligation. Onerous contracts If the Group has a contract that is onerous, the present obligation under the contract is recognised and measured as a provision. However, before a separate provision for an onerous contract is established, the Group recognises any impairment loss that has occurred on assets dedicated to that contract. An onerous contract is a contract under which the unavoidable costs (i.e. the costs that the Group cannot avoid because it has the contract) of meeting the obligations under the contract exceed the economic benefits expected to be received under it. The unavoidable costs under a contract reflect the least net cost of exiting from the contract, which is the lower of the cost of fulfilling it and any compensation or penalties arising from failure to fulfil it. Interest income and expense Interest income consists of interest income on deposits. Interest expense consists of interest expense on term loans including amortisation of arrangement fees, and interest expense on leases. Other finance income and expense Other financial income and expenses consist of realised and unrealised foreign exchange gains and losses, changes in fair value of derivatives, unwinding of discounts on non-current provisions, and other liabilities discounted to net present value and other financial expense. Exceptional items Exceptional items are material or non-recurring items of income and expense which the Group believes should be separately disclosed to show the business performance of the Group more accurately. Such items are separately disclosed in the Notes to the Consolidated financial statements. Examples of such items include legal and advisory costs related to acquisition, disposals, integration, strategic restructuring program costs, and cost of impairment. 3. Significant accounting judgements, estimates, and assumptions Significant judgements Leases – Extension options When the Group has the option to extend a lease, management uses its judgement to determine whether or not an option would be reasonably certain to be exercised. The Group has the option, under some of its leases, to lease the assets for additional terms of up to ten years. The Group applies judgement in evaluating whether it is reasonably certain to exercise the option to renew and therefore considers all relevant factors including long-term business strategy, conditions of the lease, availability of alternative options, and potential relocation costs for it to exercise the renewal. Potential future cash outflows of $7.4m have not been included in the lease liability because it is not reasonably certain that the lease will be extended (or not terminated). Impairment testing Significant management judgement and estimates are required to determine the individual cash-generating units (CGUs) of the Group, the allocation of assets to these CGUs and the determination of the value in use or fair value less cost to sell of these individual assets. Management has concluded that the operating segments used for segment reporting represent the lowest level within the Group at which the goodwill is monitored. Therefore, the operating segments correspond to groups of CGUs at which goodwill is tested for impairment. Loans The terms of the Credit Agreement offer the Company significant flexibility, allowing it to prepay, reprice, refinance, substitute or replace any drawn loans without penalty (except within a six-month period following issue or a repricing, a term intended to provide a degree of protection to the lenders’ income). The terms also provide for the Company to be able to request a reduction in the interest rate margin payable. Although any such reduction would, as a matter of form, be made through renegotiation, the agreement was drawn up on the understanding by both the Company and the lenders that the Company would routinely make such requests where it was supported by appropriate evidence (that market perception of the credit risk of the company had improved) and that such requests would generally be granted (as has been the experience in 2017 to 2019 – see Note 27). If not granted, the Company would be able to obtain replacement financing at the reduced market price, repay the original loan at par and the lenders would lose their income stream. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 131 3. Significant accounting judgements, estimates, and assumptions (continued) Consequently, management’s judgement is that the term loan is in substance a floating rate loan for which the interest margin is reset every six months to the market rate, provided it is favourable to the Company. The reduction in margin is accounted for as a change in effective interest rate prospectively from the moment the change in estimate takes place rather than by treating it as a modification of terms. Significant estimates Deferred tax Deferred tax assets are recognised for unused tax losses to the extent that it is probable that taxable profit will be available against which the losses can be utilised. Significant management judgement is required to determine the amount of deferred tax assets that can be recognised, based upon the likely timing and the level of future taxable profits. The Group recognises substantial deferred tax assets from unused tax losses in its US-based subsidiaries, excluding Jumpshot, Inc. The management assesses that these deferred tax assets are recoverable, with key elements of judgement being the fact that US tax losses carry over indefinitely, and the significant business presence of the Group in the US market gives the Group the ability to generate sufficient taxable profit for the foreseeable future. Based on expectations of future profitability, management expects to recover the deferred tax asset over a 20-year time frame. The recovery period is sensitive to the level of profitability of the underlying business; however, there are no significant assumptions which would impact our expectation of recovery. The Group also recognises substantial deferred tax assets from the 2018 transfer of intellectual property to the Czech Republic, which is being recovered linearly over a 15-year period. The management assesses that this deferred tax asset is recoverable, with key elements of judgement being that the major portion of the Group’s profit is generated in the Group’s Czech entity and this structure is expected to remain for the foreseeable future. Share-based payments Estimating fair value for share-based payment transactions requires determination of the most appropriate valuation model, which depends on the terms and conditions of the grant. This estimate also requires determination of the most appropriate inputs to the valuation model including the volatility and dividend yield and making assumptions about them. The Group initially measures the cost of equity- settled transactions with employees using a Black-Scholes model. In addition, at each reporting date before vesting, management uses the best estimate of the performance achievement of the number of equity instruments that will ultimately vest. The vesting of these awards is conditioned upon the achievement of the Group’s basic EPS and adjusted revenue growth targets over the three-year period. The movements resulting from the estimates are recognised in the Consolidated statement of profit or loss, with a corresponding entry in equity. Redemption liability The management believed that the estimated exercise value of the redemption liability described in Note 29, as at the end of the period, was best estimated by the original transaction price. The exercise price was at the higher of the original cost and market value. The redemption liability was remeasured to the present value of the estimated exercise price at each period end until expiry or exercise. Due to the subsequent closure of the Jumpshot business in January 2020, as described in Note 39, the redemption obligation is void and will be reversed in 2020. 4. Application of new and revised IFRS standards Newly adopted standards IFRS 16 Leases IFRS 16 Leases supersedes IAS 17 Leases, IFRIC 4 Determining whether an arrangement contains a lease, SIC-15 Operating leases-incentives and SIC-27 Evaluating the substance of transactions involving the legal form of a lease. The standard sets out the principles for the recognition, measurement, presentation and disclosure of leases and requires lessees to account for all leases under a single, on-balance sheet model. The Group acts mainly as a lessee and the only significant lease contracts are leased office buildings. The Group adopted IFRS 16 using the modified retrospective method of adoption with the date of initial application of 1 January 2019. Under this method, the standard is applied retrospectively with the cumulative effect of initially applying the standard recognised at the date of initial application, without any restatement to comparatives. The Group elected to use the transition practical expedient allowing the standard to be applied only to contracts that were previously identified as leases applying IAS 17 and IFRIC 4 at the date of initial application. The Group also elected to use the recognition exemptions for lease contracts that, at the commencement date, have a lease term of 12 months or less and do not contain a purchase option (‘short-term leases’), and lease contracts for which the underlying asset is of low value (‘low-value assets’). The Group does not have any significant short-term or low- value assets. Right-of-use assets were measured at the amount of the lease liability on adoption using the incremental borrowing rate at the date of initial application (adjusted for any prepaid or accrued lease expenses and assessed for impairment). © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 132 4. Application of new and revised IFRS standards (continued) The impact of the initial recognition on 1 January 2019 is as follows: The lease liabilities as at 1 January 2019 are reconciled to the operating lease commitments as of 31 December 2018 as follows: ($’m) Right-of-use assets Prepaid expenses Accrued leased payments Lease liabilities Net assets impact Application of IFRS 16 does not have any material impact on the Group’s net profit or EPS comparability with the prior period. The impact is limited to differences in presentation – lease expenses are replaced by right-of-use asset amortisation and lease interest expense. The Group also uses the following practical expedients permitted by the standard: the use of a single discount rate to a portfolio of leases with reasonably similar characteristics the adjustment of the right-of-use asset for any recognised onerous lease provisions, instead of performing an impairment review applied the short-term leases exemptions to leases with lease term that ends within 12 months at the date of initial application the exclusion of initial direct costs for the measurement of the right-of-use asset at the date of initial application the use of hindsight in determining the lease term where the contract contains options to extend or terminate the lease 1 January 2019 Operating lease commitments as at 31 December 2018 69.7 (2.0) 4.0 (71.7) – Recognition exemption: Commitments relating to short-term leases Other commitments Net operating lease commitments as at 31 December 2018 Effect from discounting at the incremental borrowing rate as of 1 January 2019 Lease liabilities as at 1 January 2019 ($m) 87.6 (0.5) (0.3) 86.8 (15.1) 71.7 The lease liabilities were discounted at the incremental borrowing rates as at 1 January 2019. The weighted average discount rate was 3.3%. IFRIC Interpretation 23 Uncertainty over income tax treatment The Interpretation addresses the accounting for income taxes when tax treatments involve uncertainty that affects the application of IAS 12 Income taxes. It does not apply to taxes or levies outside the scope of IAS 12, nor does it specifically include requirements relating to interest and penalties associated with uncertain tax treatments. The Interpretation specifically addresses the following: whether an entity considers uncertain tax treatments separately the assumptions an entity makes about the examination of tax treatments by taxation authorities how an entity determines taxable profit (tax loss), tax bases, unused tax losses, unused tax credits, and tax rates how an entity considers changes in facts and circumstances Upon adoption of the Interpretation, the Group considered whether it had any uncertain tax positions, particularly those relating to transfer pricing. The Company’s and the subsidiaries’ tax filings in different jurisdictions include deductions related to transfer pricing, and the taxation authorities may challenge those tax treatments. The Group determined, based on its tax compliance and transfer pricing study, that it is probable that its tax treatments (including those for the subsidiaries) will be accepted by the taxation authorities. The Interpretation did not have an impact on the Consolidated financial statements of the Group. Standards issued but not yet effective and not early adopted IFRS 3 Business combinations (Amendments) The IASB issued amendments in Definition of a business (Amendments to IFRS 3) aimed at resolving the difficulties that arise when an entity determines whether it has acquired a business or a group of assets. The Amendments are effective for business combinations for which the acquisition date is in the first annual reporting period beginning on or after 1 January 2020 and to asset acquisitions that occur on or after the beginning of that period, with earlier application permitted. IAS 1 Presentation of financial statements and IAS 8 Accounting policies, changes in accounting estimates and errors: Definition of ‘material’ (Amendments) The Amendments are effective for annual periods beginning on or after 1 January 2020 with earlier application permitted. The Amendments clarify the definition of material and how it should be applied. The new definition states that, “Information is material if omitting, misstating or obscuring it could reasonably be expected to influence decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity”. In addition, the explanations accompanying the definition have been improved. Management has assessed no significant impact from the implementation of this amendment is expected by the Group. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 133 5. Segment information and other disclosures Management monitors operating results in two customer segments: consumer products (which generate direct and indirect revenue streams) and products for the SMB market. For management reporting purposes, the operating and reportable segments are determined to be Consumer and Small to Mid-sized Business (SMB). This is the level on which the Chief Operating Decision Maker decides about the allocation of the Group’s resources. The principal products and services offered by each segment are summarised below: Consumer –the Group’s consumer products include direct revenue streams through its offerings for desktop security and mobile device protection, and consist of free and premium paid products for the individual consumer market. The Group also has several value-added solutions for performance, privacy, and other tools. The Group also focuses on monetising the user base indirectly, via dynamic secure search solution, including the browser toolbar, which gives users a convenient way to access a search engine at any time. SMB – The Group’s SMB segment focuses on delivering high-level security and protection solutions for small and medium-sized business customers. Billings is one of the important metrics used to evaluate and manage operating segments. Billings represent the full value of products and services being delivered under subscription and other agreements, and include sales to new end customers plus renewals and additional sales to existing end customers. Under the subscription model, end customers pay the Group for the entire amount of the subscription in cash upfront upon initial delivery of the applicable products. Although the cash is paid upfront, under IFRS, subscription revenue is deferred and recognised rateably over the life of the subscription agreement, whereas non-subscription revenue is typically recognised immediately. The Group evaluates the performance of its segments based primarily on billing, revenue and operating profit. Billings are not defined or recognised under IFRS and considered as a non-IFRS financial measure used to evaluate current business performance. Certain costs that are not directly applicable to the segments are identified as corporate overhead costs and represent general corporate costs that are applicable to the consolidated group. In addition, costs relating to share-based payments and exceptional items are not allocated to the segments since these costs are not directly applicable to the segments, and therefore not included in the evaluation of performance of the segments. The following tables present summarised information by segment: For the year ended 31 December 2019 ($’m) Billings Deferral of revenue Revenues Deferred revenue haircut reversal Segment revenue Segment cost of revenues Segment sales and marketing costs Segment research and development costs Segment general and administrative costs Total segment operating profit Corporate overhead Deferred revenue haircut reversal Depreciation and amortisation Exceptional items Share-based payments Employer’s taxes on share-based payments Consolidated operating profit Consumer 865.1 (42.2) 822.9 0.8 823.7 (84.7) (78.7) (57.7) (5.4) 597.2 SMB 45.9 2.3 48.2 1.0 49.2 (5.3) (18.9) (4.7) 3.1 23.4 Total 911.0 (39.9) 871.1 1.8 872.9 (90.0) (97.6) (62.4) (2.3) 620.6 (137.5) (1.8) (110.0) (1.8) (20.7) (4.2) 344.6 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 134 5. Segment information and other disclosures (continued) For the year ended 31 December 2018 ($’m) Billings Deferral of revenue Revenues Deferred revenue haircut reversal Segment revenue Segment cost of revenues Segment sales and marketing costs Segment research and development costs Segment general and administrative costs Total segment operating profit Corporate overhead Deferred revenue haircut reversal Depreciation and amortisation Exceptional items Share-based payments Consolidated operating profit Consumer 801.6 (50.7) 750.9 10.0 760.9 (74.0) (70.6) (44.0) (4.7) 567.6 SMB 60.5 (3.1) 57.4 5.5 62.9 (7.2) (23.5) (6.6) – 25.6 Total 862.1 (53.8) 808.3 15.5 823.8 (81.2) (94.1) (50.6) (4.7) 593.2 (146.2) (15.5) (143.7) (25.6) (13.9) 248.3 Corporate overhead costs primarily include the costs of the Group’s IT, Technology (R&D), HR, Finance and Central Marketing functions, legal and office related costs, which are not allocated to the individual segments. The following table presents depreciation and amortisation by segment: ($’m) Consumer SMB Corporate overhead Total depreciation and amortisation Year ended 31 December 2019 Year ended 31 December 2018 91.6 0.2 18.2 110.0 130.5 0.4 12.8 143.7 The following table presents revenue of subsegments: ($’m) Consumer Direct Desktop Consumer Direct Mobile Consumer Indirect SMB Other Total Year ended 31 December 2019 Year ended 31 December 2018 631.1 75.4 106.7 49.2 8.7 871.1 568.4 81.2 85.8 57.4 15.5 808.3 The following table presents the Group’s non-current assets, net of accumulated depreciation and amortisation, by country. Non-current assets for this purpose consist of property and equipment, right-of-use assets, and intangible assets. 31 December 2019 31 December 2018 Czech Republic UK USA Other countries* ($’m) 257.7 20.9 16.1 4.1 (in %) 86.2% 7.0% 5.4% 1.4% ($’m) 263.5 22.2 8.6 2.3 Total 298.8 100% 296.6 (in %) 88.9% 7.5% 2.9% 0.8% 100% * No individual country represented more than 5% of the respective totals. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 135 5. Segment information and other disclosures (continued) The following table presents revenue attributed to countries based on the location of the end user: Year ended 31 December 2019 Year ended 31 December 2018 ($’m) 358.9 75.8 66.2 56.6 313.6 871.1 (in %) 41.2% 8.7% 7.6% 6.5% 36.0% 100% ($’m) 349.6 68.6 61.1 50.7 278.3 808.3 (in %) 43.3% 8.5% 7.6% 6.3% 34.3% 100% United States United Kingdom France Germany Other countries* Total * No individual country represented more than 5% of the respective totals. Revenues from relationships with certain third parties exceeding 10% of the Group’s total revenues were as follows: Year ended 31 December 2019 Year ended 31 December 2018 ($’m) (in %) ($’m) (in %) Revenues realised through online resellers: Digital River 521.8 59.9% 370.1 45.8% In 2019, revenues realised through Digital River significantly increased by $151.7m due to the transfer of part of the business from in-house payment processing to the external vendor. The majority of revenues from Digital River were reported in the Consumer segment, while the remaining $12.0m of revenues were reported in the SMB segment. 7. Auditor’s remuneration The Group paid the following amounts to its auditors in respect of the audit of the financial statements and for other non-audit services provided to the Group. Audit of the financial statements Audit of the financial statements of subsidiaries Total audit fees Other assurance services Corporate finance services Tax services Total non-audit fees Total fees Year ended 31 December 2019 Year ended 31 December 2018 0.9 0.2 1.1 0.1 – – 0.1 1.2 1.1 0.2 1.3 2.5 2.2 0.2 4.9 6.2 The majority of other services in 2018 related to the Company’s IPO, including work as reporting accountant, and related tax and other advisory work, which is an exceptional cost. See Note 6. 6. Exceptional items The following table presents the exceptional items by activity: ($’m) Exceptional items in the operating profit Net gain on disposal of business operation Year ended 31 December 2019 Year ended 31 December 2018 1.8 25.6 ($’m) 17.5 – Exceptional items in operating profit The Group incurred $1.8m of legal and professional fees related to the various acquisitions and a disposal of a subsidiary and related business operation that incurred during 2019. The tax impact on these exceptional items amounted to $0.2m (2018: $1.5m). During 2018, the Group incurred costs in the amount of $18.8m related to one-time advisory, legal and other professional service fees of the IPO that occurred in May 2018. The majority of these costs were tax non-deductible. Total IPO costs comprise $18.8m recorded to the Consolidated statement of profit and loss in 2018, $4.1m already accrued in trade payables in 2017, and an additional $4.0m of direct share issue expenses recorded to equity, which gives total IPO costs of $26.8m. The full cash impact of the IPO costs was recorded in 2018 showing $(4.0)m under the cash flows from financing activities as directly linked to the share issue and the remaining $(22.8)m is included in the cash flows from operating activities. The remaining portion of 2018 exceptional costs of $6.8m related to the AVG integration and other programmes implemented in prior years that were completed in 2018. Net gain on disposal of a business operation On 30 January 2019, the Group sold all activities of Managed Workplace business, recognising a gain of $17.5m as an exceptional item (Note 16), with a tax impact of $2.3m. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 136 8. Cost of revenues Cost of revenues consist of the following: 10. Personnel expenses Personnel expenses consist of the following: ($’m) Amortisation Depreciation Personnel costs of product support and virus updates Digital content distribution costs Third-party licence costs Other product support and virus update costs Commissions, payment and other fees Total Year ended 31 December 2019 Year ended 31 December 2018 89.9 7.2 19.1 16.4 5.3 13.2 59.6 210.7 129.4 7.4 17.3 15.4 5.2 13.9 52.8 241.4 9. Operating costs Operating costs are internally monitored by function; their allocation by nature is as follows: ($’m) Wages and salaries Social security and health insurance* Pension costs Social costs Severance payments and termination benefits Share-based payments (including employer’s costs) Total personnel expense Employees 135.1 27.2 0.2 8.0 2.9 24.9 198.3 Year ended 31 December 2019 Year ended 31 December 2018 Employees Non- Executive Directors Non- Executive Directors 0.9 – – – – – 135.2 23.5 0.5 6.7 4.9 13.7 0.9 184.5 0.8 0.1 – – – 0.2 1.1 * State and government pension costs of Czech employees are also included in the social security and health insurance costs. The average number of employees by category during the period was as follows: Year ended 31 December 2019 Year ended 31 December 2018 635 911 246 1,792 559 807 215 1,581 ($’m) Depreciation Amortisation Personnel expenses Purchases of services from third-party vendors (legal, advisory and other services) Gifts and charities Other operating expenses Total Year ended 31 December 2019 Year ended 31 December 2018 11.7 1.2 6.0 0.9 180.1 168.3 Sales and marketing Research and development General and administrative Total average number of employees 116.5 135.8 5.0 1.3 5.0 2.6 315.8 318.6 Purchases of services from third-party vendors decreased to due adoption of IFRS 16, according to which office costs are now being capitalised. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 137 11. Finance income and expenses Interest income: 12. Depreciation and amortisation Amortisation by function: ($’m) Interest on bank deposits Total finance income Interest expense: ($’m) Term loan interest expense Lease interest expense Total interest expense Other finance income and expense (net): ($’m) Changes of fair values of derivatives Revolving loan – commitment fee Foreign currency gains/(losses) Unrealised foreign exchange gains/ (losses) on borrowings Other financial expense Total other finance income and expense (net) Year ended 31 December 2019 Year ended 31 December 2018 ($’m) 1.5 1.5 0.3 0.3 Cost of revenues Total amortisation of acquisition intangible assets Year ended 31 December 2019 Year ended 31 December 2018 (56.4) (2.3) (58.7) (85.8) – (85.8) Year ended 31 December 2019 Year ended 31 December 2018 Cost of revenues Sales and marketing Research and development General and administration Total amortisation of non-acquisition intangible assets Total amortisation Depreciation by function: (0.8) (0.8) (3.3) 13.9 0.7 1.9 (1.3) (7.1) 26.4 (0.2) ($’m) Cost of revenues Sales and marketing Research and development General and administration* Total depreciation Year ended 31 December 2019 Year ended 31 December 2018 88.3 127.5 88.3 127.5 1.6 0.2 0.1 0.9 2.8 91.1 1.9 0.1 0.1 0.7 2.8 130.3 Year ended 31 December 2019 Year ended 31 December 2018 7.2 0.1 0.6 11.0 18.9 7.4 0.3 1.1 4.6 13.4 9.7 19.7 * $7.7 million is attributable to the depreciation of right-of-use assets (see Note 22). Tangible and intangible assets are allocated to each department of the Group. The depreciation and amortisation of these assets is reported as part of operating costs and cost of revenues. 13. Income tax In the Consolidated statement of financial position, the corporate income tax receivable of $17.2m (2018: $5.8m) is part of the caption tax receivables. The major components of the income tax in the consolidated statement of comprehensive income are: ($’m) Current income tax Related to current year Related to prior year Current income tax total Deferred tax Related to current year Related to prior year Deferred tax total Year ended 31 December 2019 Year ended 31 December 2018 (54.8) (0.9) (55.7) (4.8) (5.2) (10.0) (86.7) (0.6) (87.3) 145.9 0.1 146.0 Total income tax (expense)/income through P&L (65.7) 58.7 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 138 13. Income tax (continued) On 1 May 2018, AVG E-comm web shop was transferred to Avast Software B.V. (‘Avast BV’) and, subsequently, the former Dutch AVG business (including the web shop) from Avast B.V. was sold to Avast Software s.r.o. As a result, the deferred tax asset was increased by $143.8m. In addition, an exit charge of $49.4m was agreed upon with the Dutch tax authorities. The net tax effect of the transaction in the year ended 31 December 2018 was a tax benefit of $94.4m. On 1 August 2018, intangible assets of Piriform IP were sold to Piriform UK. As a result, a deferred tax asset of $5.6m was recognised by the Group. The current tax expense related to the transaction was $0.7m. The net tax effect of the transaction in the year ended 31 December 2018 was a tax benefit of $4.8m. The Group generates a temporary difference relating to an intra-Group loan denominated in USD received by Avast Software s.r.o., a subsidiary with a USD functional currency (but with a tax currency of CZK). This loan is subject to hedging in its local statutory books (with the effect that current tax relief does not cover the full period exchange differences). The tax impact related to the loan is a deferred tax benefit of $0.4m (2018: $9.8m) and the Group reports a deferred tax asset of $10.1m (2018: $9.8m) related to the loan. The reconciliation of income tax (expense)/benefit applicable to accounting profit before income tax at the statutory income tax rate to income tax expenses at the Group’s effective income tax rate is as follows: ($’m) Profit/(loss) before tax Group effective income tax rate (20%* in 2019 and 2018) Recurring adjustments Non-deductible expenses Share-based payments FX effect on intercompany loans Non-recurring adjustments Non-deductible expenses (IPO related) AVG IP transfer net tax benefit Piriform IP transfer net tax benefit Current year deferred tax assets not recognised Derecognition of previously recognised deferred tax assets Usage of previously not recognised deferred tax assets Effect of prior year taxes Effect of enacted changes in tax rates on deferred taxes Year ended 31 December 2019 Year ended 31 December 2018 314.6 182.5 The deferred tax relates to the following temporary differences: ($’m) Temporary differences 31 December 2019 31 December 2018 Asset/ (Liability) Asset/ (Liability) (62.9) (36.5) Fixed assets (3.7) (1.6) 0.4 – – – (3.2) (2.8) 9.8 (3.8) 94.4 4.8 IP transfer tax benefit Deferred revenue and unbilled receivables Tax loss carryforward Tax credits carryforward Loans and derivatives Carryforward of unutilised interest Share-based payments transactions Provisions Tax impact from FX difference on intercompany loans (0.1) (4.9) – (8.9) Other Net 4.7 (6.1) 1.6 (0.5) 0.2 (2.5) (38.2) 122.9 3.5 45.8 4.2 2.1 2.7 5.7 0.8 10.1 8.0 (53.1) 142.9 15.9 16.6 3.7 11.0 – – 1.8 9.8 0.8 167.6 149.4 Remaining impact of tax rate variance and other effects Total income tax 3.4 (65.7) 11.2 58.7 * Estimated as a Group’s blended rate across the jurisdictions where the Group operates. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 139 13. Income tax (continued) Tax losses carried forward as at 31 December 2019 are recorded by the following subsidiaries: ($’m) Avast Software Inc. (tax group incl. Location Labs and AVG Technologies USA) Avast plc Other Total deferred tax from tax losses carryforward Deferred tax from tax losses carryforward 44.6 0.9 0.3 45.8 Tax jurisdiction United States United Kingdom – – Tax losses carried forward in United States and United Kingdom are related mainly to share-based payments exercises. As a result of share-based payments exercises there was a $147.6m (2018: $70.0m) tax deduction in Avast Software, Inc., Location Labs LLC, Jumpshot, Inc., Avast plc and AVG UK that created a tax benefit of $34.2m (2018: $14.8m). A tax benefit of $31.8m (2018: $14.8m) exceeding related cumulative remuneration expenses is recognized directly in equity, of which the current tax benefit is $3.4m (2018: nil) and deferred tax benefit is $28.4m (2018: $14.8m). Tax losses reported by Avast Software, Inc. can be utilised by all subsidiaries incorporated in the United States (Note 40) excluding Jumpshot, Inc. Tax credit of $4.5m from federal and state tax losses generated during the years 2011–2017 can be utilised over 20 years. Tax credit of $40.1m from federal and state tax losses can be carried forward for an indefinite period of time. The tax deduction for share-based payments is not received until the instruments are exercised. Therefore, a temporary difference of $5.7m (2018: nil) arises between the tax deduction (pro rated for the period to vesting) and the tax effect of the related cumulative remuneration expense. The deferred tax asset is measured as an estimated tax deduction at the date of exercise (pro rated for the period to vesting), based on the year end share price. As the amount of the deferred tax asset exceeded the tax effect of the related cumulative remuneration expense, the excess of the associated deferred tax of $3.1m was recognised directly in equity. Following the transactions of IP transfer in 2018, described above, the Group reports a deferred tax asset of $122.9m (2018: $142.9m), of which the major part of $119.5m relates to the transfer of the former Dutch AVG business from Avast B.V. to Avast Software s.r.o. The temporary difference is amortised and deducted from the tax base of Avast Software s.r.o. registered in the Czech Republic linearly over 15 years. The Group does not recognise the following potential deferred tax asset of $21.1m (2018: $13.8m), mostly related to Jumpshot tax losses for which the Group considers future recoverability to be uncertain. ($’m) Tax losses carried forward – expiration 20 years Tax losses carried forward – indefinite Tax losses carried forward – expiration 1–6 years Temporary differences related to loans and interests – indefinite Other temporary differences – expiration n/a Total deferred tax asset not recognised The movement in deferred tax balances: ($’m) Deferred tax as at 1 January Effect of business combination (Note 15) Deferred tax recognised in the profit & loss Deferred tax recognised in equity Translation difference 31 December 2019 31 December 2018 Asset/ (Liability) Asset/ (Liability) 7.2 1.8 4.5 5.2 2.4 21.1 5.6 1.9 – 6.3 – 13.8 31 December 2019 31 December 2018 Asset/ (Liability) Asset/ (Liability) 149.4 (12.0) (3.3) – (10.0) 31.5 – 146.0 14.8 0.6 Deferred tax as at 31 December 167.6 149.4 The deferred tax asset increased significantly due to tax losses realised in 2018 and 2019 from significant share-based payments’ exercises. Such significant share-based payments’ transactions are not expected to repeat in future periods and management expects the underlying business to remain profitable for the foreseeable future. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 140 14. Earnings per share Basic earnings per share (EPS) is calculated by dividing the net profit for the period attributable to equity holders of the Group by the weighted average number of shares of ordinary shares outstanding during the year. Diluted EPS is calculated by dividing the net profit for the period attributable to equity holders of the Group by the weighted average number of ordinary shares outstanding during the period plus the weighted average number of shares that would be issued if all dilutive potential ordinary shares were converted into ordinary shares. Adjusted EPS is calculated by dividing the adjusted net profit for the period attributable to equity holders by the weighted average number of ordinary shares outstanding during the period. The following reflects the income and share data used in calculating EPS: Net profit attributable to equity holders ($’m) Basic weighted average number of shares Effects of dilution from share options, performance and restricted share units Total number of shares used in computing dilutive earnings per share Basic earnings per share ($/share) Diluted earnings per share ($/share) Year ended 31 December 2019 Year ended 31 December 2018 248.7 241.2 973,788,157 914,567,949 44,313,005 62,120,397 1,018,101,162 976,688,346 0.26 0.24 0.26 0.25 Adjusted earnings per share measures: Year ended 31 December 2019 Year ended 31 December 2018 Management regards the above adjustments necessary to give a fair picture of the adjusted results of the Group for the period. Net profit attributable to equity holders ($’m) Deferred revenue haircut reversal/Other Share-based payments (including employer’s costs) Exceptional items Amortisation of acquisition intangible assets Unrealised FX gain/(loss) on EUR tranche of bank loan Tax impact from FX difference on intercompany loans COGS deferral adjustments Tax impact of COGS deferral adjustment Tax impact on adjusted items Tax impact of IP transfer Gain on disposal of business operation Tax impact from disposal of business operation Adjusted net profit attributable to equity holders ($’m) Basic weighted average number of shares Adjusted basic earnings per share ($/share) Diluted weighted average number of shares Adjusted diluted earnings per share ($/share) 248.7 241.2 15. Business combinations 2019 acquisitions Acquisition of Emerald Cactus Ventures Inc. (‘Tenta’) On 6 November 2019, Avast Software, Inc. purchased a 100% stake in the American company Emerald Cactus Ventures, Inc. that has been offering the Tenta Browser providing a privacy-first mobile web browser to hundreds of thousands of Android users worldwide. Tenta Browser will be paired with the current desktop-based Avast Secure Browser with its tens of millions of active users, resulting in a true multi-platform, people-centric solution for private and secure web browsing. The transaction represents a business combination with Avast Software, Inc. being the acquirer. The fair value of the consideration at the acquisition date was determined by the Group to be $5.3m and comprised the following components: Initial payment – $3.3m was paid to the owners of Tenta on the acquisition date Holdback amount – $0.6m will be paid in 12 months Earn-out payment – four milestone payments of $0.4m represents a contingent consideration payable within the next 20 months after the acquisition date to the extent that specific milestones of Tenta are met. As of the acquisition date, the probability weighted value of the earn-out was determined to be $1.4m 1.8 24.9 1.8 88.4 17.2 13.9 25.6 127.5 (13.9) (26.4) (0.4) (0.1) – (20.3) 6.3 (17.5) 2.3 (9.8) (1.1) 0.3 (18.5) (99.2) – – 322.1 270.8 973,788,157 914,567,949 0.33 0.30 1,018,101,162 976,688,346 0.32 0.28 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 141 15. Business combinations (continued) The fair value of assets acquired and liabilities incurred on the acquisition date was determined on final basis as follows: ($’m) Intangible assets Total assets Deferred tax liability Total liabilities Net assets acquired Consideration paid Goodwill Fair value at 6 November 2019 2.3 2.3 0.5 0.5 1.8 5.3 3.5 The business combination resulted in the recognition of goodwill of $3.5m, which is allocated to the Consumer CGU and is tested for impairment at least annually. The goodwill of $3.5m comprises the workforce in place and the value of expected synergies arising from the acquisition. The carrying value of goodwill is not expected to be tax deductible. The business combination resulted in the recognition of intangible assets in the amount of $2.3m that represents the intellectual property of Tenta, and will be amortised over the estimated useful life of five years. Analysis of cash flows on acquisition: ($’m) Cash consideration Holdback consideration payable in 12 months Earn-out Net cash flow on acquisition 31 December 2019 (5.3) 0.6 1.4 (3.3) Transaction costs of $0.2m have been expensed and are included in general and administrative expenses in the Consolidated statement of profit or loss and are part of operating cash flows in the Consolidated statement of cash flows. The revenues and net profit of the Group for the year ended 31 December 2019 would not have been significantly different had the acquisition occurred at the beginning of the reporting period (1 January 2019). Acquisition of TrackOFF, Inc. (‘TrackOFF’) On 24 May 2019, Avast Software, Inc. purchased a 100% stake in the American company TrackOFF, a developer of tools to protect users’ identities and personal lives. The Group has acquired TrackOFF to strengthen further the development of Avast’s anti-tracking products and other products that help users maintain their privacy online. The transaction represents a business combination with Avast Software, Inc. being the acquirer. The fair value of the consideration at the acquisition date was determined by the Group to be $13.1m for 100% ownership. The consideration given was paid in cash. The fair value of assets acquired and liabilities incurred on the acquisition date was determined on final basis as follows: ($’m) ASSETS Current assets Cash and cash equivalents Trade and other receivables Total current assets Non-current assets Intangible assets Deferred tax assets Total non-current assets TOTAL ASSETS LIABILITIES Trade payables Deferred revenues Other current liabilities Total current liabilities Deferred tax liability Total non-current liabilities TOTAL LIABILITIES Net assets acquired Consideration paid Goodwill Fair value at 24 May 2019 0.6 0.2 0.8 11.2 0.4 11.6 12.4 0.2 1.7 0.2 2.1 2.3 2.3 4.4 8.0 13.1 5.1 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 142 15. Business combinations (continued) The business combination resulted in the recognition of goodwill of $5.1m, which is allocated to the Consumer CGU and is tested for impairment at least annually. The goodwill of $5.1m comprises the workforce in place and the value of expected synergies arising from the acquisition. The carrying value of goodwill is not expected to be tax deductible. The business combination resulted in the recognition of intangible assets in the amount of $11.2m that represents intellectual property of TrackOFF, and will be amortised over the estimated useful life of five years. Analysis of cash flows on acquisition: ($’m) Cash consideration Net cash acquired with the business (included in cash flow from investing activities) Holdback consideration payable in 12 months Net cash flow on acquisition 31 December 2019 (13.1) 0.6 1.0 (11.5) Transaction costs of $0.2m have been expensed and are included in general and administrative expenses in the Consolidated statement of profit or loss and are part of operating cash flows in the Consolidated statement of cash flows. Revenues and net profit of the Group for the 12 month period ended 31 December 2019 would not have been significantly different had the acquisition occurred at the beginning of the reporting period (1 January 2019). 2018 acquisitions Acquisition of Inloop s.r.o. (‘Inloop’) On 1 August 2018, Avast Software s.r.o. acquired a 100% stake in Inloop s.r.o. (‘Inloop’) on behalf of INLOOPX s.r.o. (‘INLOOPX’), a mobile engineering services firm based in Slovakia. The reason for the acquisition was to obtain the skilled team of engineers to strengthen Avast’s Mobile business. The transaction represented a business combination with Avast Software s.r.o. being the acquirer. The acquisition date was determined to be 1 August 2018. The former shareholders of Inloop do not have ongoing involvement in the business or with the Avast Group, following the acquisition. The fair value of the consideration including contingent payment at the acquisition date was determined by the Group to be €7.3m ($8.6m). The fair value of assets acquired and liabilities incurred on the acquisition date was determined on final basis as follows: ($’m) Cash Personal property Trade and other receivables Total assets Total liabilities Net assets acquired Consideration paid Goodwill Fair value at 1 August 2018 0.4 0.2 1.5 2.1 0.5 1.6 8.6 7.0 The business combination results in the recognition of goodwill of $7.0m which is allocated to the Consumer CGU and is tested for impairment at least annually. The large proportion of goodwill to other identified assets is due to Inloop not having any significant identifiable assets other than the skilled workforce (the obtaining of which was the main purpose of the acquisition). The carrying value of goodwill is not expected to be tax deductible. The revenues and net profit of the Group for the year ended 31 December 2018 would not have been significantly different had the acquisition occurred at the beginning of the reporting period (1 January 2018). 16. Disposal of a business operation On 30 January 2019, the Avast Group sold all activities of Managed Workplace business, its remote monitoring and management product, to Barracuda Networks, Inc. (‘Barracuda’). The transaction consisted of the sale of a subsidiary AVG Technologies Canada, Inc. (‘AVG CAN’) owned by Avast Software B.V., the sale of intellectual property (‘IP’) owned by Avast Software s.r.o. and the sale of other assets, notably receivables, by Avast Deutschland GmbH, Avast Switzerland AG, AVG Technologies Norway A/S and AVG Distribuidora de Tecnologias do Brasil LTDA. The total selling price for the transaction was $30.0m, on a cash-free, debt-free basis, of which $3.0m was withheld in escrow for a 12-month period to satisfy any potential indemnity claims against the Group under the applicable share and asset purchase agreement entered into between the parties. As a result, the Group de-recognised all assets and liabilities of the sold subsidiary AVG CAN. Because the sale of the subsidiary is part of a single transaction of the sale of a part of the business, the Group presents the result of the whole transaction (except for tax impacts) within a single line in the statement of comprehensive income, including the sale of IP and other assets. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 143 16. Disposal of a business operation (continued) The carrying amounts of assets and liabilities as of the date of sale were as follows: The resulting gain on disposal of a business operation is shown in the table below: ($’m) Cash and cash equivalents Trade and other receivables Prepaid expenses Current assets Tangible assets Deferred tax assets Non-current assets Total assets Trade and other payables Lease liability Deferred revenues Other current liabilities Current liabilities Lease liabilities Non-current liabilities Total liabilities Net assets ($’m) 30 January 2019 Consideration received or receivable: Cash Receivable – holdback Total disposal consideration Carrying amount of net assets sold Gain on disposal of a business operation Other adjustments: Goodwill write-off Net gain on disposal of a business operation Analysis of cash flows on disposal: ($’m) Cash received Net cash sold of the business (included in cash flow from investing activities) Transaction costs paid Net cash flow on disposal 6.0 1.3 0.2 7.5 1.4 0.8 2.2 9.7 0.2 0.2 0.9 0.2 1.5 0.7 0.7 2.2 7.5 Because the sold business was part of the group of CGUs to which goodwill was allocated, a portion of the goodwill has to be disposed as part of the transaction. The Group has determined that the appropriate amount of goodwill disposed of is $11.0m which was part of the SMB CGU. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm 30 January 2019 33.0 3.0 36.0 (7.5) 28.5 (11.0) 17.5 31 December 2019 33.0 (6.0) (0.3) 26.7 17. Cash and cash equivalents For purposes of the statement of cash flows, cash and cash equivalents comprise the following: ($’m) Cash on hand and cash equivalents Cash in bank Total 31 December 2019 31 December 2018 1.4 215.2 216.6 2.0 270.3 272.3 18. Trade and other receivables ($’m) Trade receivables Unbilled revenues Other receivables Trade receivables, gross Less: Expected loss allowance on trade receivables, unbilled revenues and other receivables Trade receivables, net 31 December 2019 31 December 2018 30.4 48.9 6.4 85.7 35.7 49.2 4.0 88.9 (6.8) 78.9 (6.0) 82.9 Trade receivables are non-interest bearing and are generally payable on 30-day terms. The fair value of receivables approximates their carrying value due to their short-term maturities. The expected loss allowance relates to trade receivables (with only insignificant amounts relating to other classes of receivable). Unbilled revenues represent sold products (for which the revenue has been deferred over the term of the product licence) but for which an invoice has not yet been issued. Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 144 18. Trade and other receivables (continued) Other receivables represent mainly advances to, and receivables from, employees. 19. Capitalised contract costs ($’m) 31 December 2019 31 December 2018 Amount Capitalised contract costs at 1 January 5.3 2.7 (2.2) 0.2 6.0 1.1 (0.3) – 6.8 Additions Sales commissions and fees Licence fees Amortisation Sales commissions and fees Licence fees Capitalised contract costs at 31 December Total current Total non-current 35.8 65.6 60.6 5.0 (63.7) (58.4) (5.3) 37.7 33.3 4.4 27.2 66.1 59.8 6.3 (57.5) (52.1) (5.4) 35.8 31.2 4.6 Capitalised contract costs include commissions and fees and third-party licence costs related to the subscription software licences that are amortised on a straight-line basis over the licence period, consistent with the pattern of recognition of the associated revenue. Capitalised contract costs are reviewed for impairment annually. All costs are expected to be recovered. ($’m) Allowances at 31 December 2017 Additions Write-offs Reversals Allowances at 31 December 2018 Additions Write-offs Reversals Allowances at 31 December 2019 Movements in the allowances described above relate mainly to trade receivables. As of 31 December 2018 and 2019, the nominal value of receivables overdue for more than 360 days are $2.0m (carrying value: $0.1m) and $4.5m (carrying value: nil), respectively. The ageing analysis of trade receivables, unbilled receivables and other receivables was as follows (carrying amounts after valuation allowance): ($’m) Not past due Past due 1–90 days Past due more than 90 days Past due more than 180 days Past due more than 360 days Total 31 December 2018 74.6 31 December 2019 72.5 7.2 5.9 0.9 0.4 0.1 0.1 0.1 82.9 – 78.9 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 145 20. Property, plant, and equipment ($’m) Cost at 31 December 2017 Additions Transfers Net foreign currency exchange difference Disposals Cost at 31 December 2018 Additions Transfers Net foreign currency exchange difference Disposals Cost at 31 December 2019 ($’m) Acc. depreciation at 31 December 2017 Depreciation Disposals Acc. depreciation at 31 December 2018 Depreciation Disposals Acc. depreciation at 31 December 2019 NBV at 31 December 2018 NBV at 31 December 2019 Equipment, furniture, and fixtures Vehicles Leasehold improvements In progress 36.5 11.5 2.0 (0.8) (3.3) 45.9 17.8 2.5 0.3 (4.9) 61.6 0.3 0.1 – 0.1 (0.1) 0.4 0.1 – (0.2) (0.2) 0.1 12.0 0.6 – 0.4 (2.7) 10.3 0.9 – (0.2) (1.5) 9.5 3.2 1.3 (2.0) – – 2.5 7.5 (2.5) 0.4 (0.2) 7.7 Equipment, furniture, and fixtures Vehicles Leasehold improvements In progress (19.9) (11.6) 3.3 (28.2) (9.7) 4.4 (33.5) 17.7 28.1 (0.2) (0.1) 0.1 (0.2) (0.1) 0.2 (0.1) 0.2 – (2.4) (1.7) 2.7 (1.4) (1.4) 0.4 (2.4) 8.9 7.1 – – – – – – – 2.5 7.7 Total 52.0 13.5 – (0.3) (6.1) 59.1 26.3 – 0.3 (6.8) 78.9 Total (22.5) (13.4) 6.1 (29.8) (11.2) 5.0 (36.0) 29.3 42.9 There has been no impairment to the property, plant, and equipment held by the Group during the year. There has been no individually significant addition to the property, plant, and equipment during the year. For the information about items of property, plant, and equipment pledged as security refer to Note 27. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm 21. Leases Right-of-use assets Set out below are the carrying amounts of the Group’s right-of- use assets and the movements during the period. The Group has lease contracts related primarily to office buildings. ($’m) At 1 January 2019 Additions Re-measurements Impairment Depreciation of right-of-use assets At 31 December 2019 69.7 0.9 (0.1) (0.2) (7.7) 62.6 Lease liabilities Lease liabilities are presented in the statement of financial position as follows: ($’m) At 1 January 2019 Additions Re-measurements Lease interest expense Payments of lease liabilities Foreign currency exchange difference At 31 December 2019 Current Non-current Total 71.7 0.9 (0.1) 2.3 (9.2) (0.8) 64.8 7.3 57.5 64.8 Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 146 21. Leases (continued) Below are the terms of significant lease contracts as of 31 December 2019: 22. Intangible assets ($’m) Significant lease contracts Carrying amount ($’m) End date Option to extend Option to be used Cost at 31 December 2017 Enterprise Building in Prague, Czech Republic* Vlnena Office in Brno, Czech Republic Office in Emeryville, California, USA 26.6 August 2024 24 months two times January 2026 60 months two times 23.9 Yes – in full Yes – in full Additions Transfers Net foreign currency exchange difference Cost at 31 December 2018 Business combination Additions Transfers Net foreign currency exchange difference Developed Technology Trademarks Software Customer relationship and user base 250.5 164.1 40.0 246.6 – – – – – – – – – – – – 250.5 164.1 40.0 246.6 – – – – – – – – – – – – – – – – Other In progress 15.0 2.4 1.5 (0.1) 18.8 13.5 2.3 – – 2.0 1.0 (1.5) – 1.5 – 1.3 – – Total 718.2 3.4 – (0.1) 721.5 13.5 3.6 – – 3.5 June 2024 60 months No Cost at 31 December 2019 250.5 164.1 40.0 246.6 34.6 2.8 738.6 * Lease payments are subject to indexation based on changes of consumer price index. A 1% increase in the index would not substantially increase total lease payments. ($’m) The following table shows the breakdown of the lease expense between amount charged to operating profit and amounts charge to finance costs: ($’m) Depreciation of right-of-use assets Short-term lease expense Impairment Leases of low-value lease expense Charge to operating profit Lease interest expense Charge to profit before taxation for leases For maturity of the leases, refer to Note 30. 2019 7.7 1.2 0.2 – 9.1 2.3 11.4 Acc. amortisation at 31 December 2017 Amortisation Acc. amortisation at 31 December 2018 Amortisation Acc. amortisation at 31 December 2019 NBV at 31 December 2018 NBV at 31 December 2019 Developed Technology Trademarks Software Customer relationship and user base Other In progress Total (177.2) (51.5) (228.7) (16.7) (245.4) 21.8 5.1 (18.7) (15.0) (33.7) (15.2) (48.9) 130.4 115.2 (14.2) (8.1) (105.7) (52.6) (22.3) (158.3) (5.0) (27.3) (50.1) (208.4) 17.7 12.7 88.3 38.2 (8.1) (3.1) (11.2) (4.1) (15.3) 7.6 19.3 – – – – – (323.9) (130.3) (454.2) (91.1) (545.3) 1.5 2.8 267.3 193.3 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 147 22. Intangible assets (continued) The Group assesses that the Avast trademark, with a carrying value of $70.3m, has an indefinite useful life, as it is a well-established brand. Avast is a core brand and is expected to be a core brand for the foreseeable future, as the Group constantly invests into brand development and brand awareness. The AVG trademark, with a carrying value of $40.9m, has a remaining useful life of 2.7 years as of 31 December 2019. The Piriform trademark, with a carrying value of $2.8m, has a remaining useful life of 7.5 years as of 31 December 2019. AVG developed technology, with a carrying value of $5.1m, has a remaining useful life of 0.7 years as of 31 December 2019. AVG customer relationship, with a carrying value of $37.0m, has a remaining useful life of 0.7 years as of 31 December 2019. Piriform and FileHippo software, with a gross value of $12.7m, has a remaining useful life of 2.5 years as of 31 December 2019. For information about intangible assets pledged as securities, refer to Note 27. The Group has not capitalised development costs in the year ended 31 December 2019 (2018: nil) as the Company believes the criteria set out in IAS 38 has not been met. See Note 2. 23. Goodwill and impairment ($’m) 1 January Acquisitions (Note 15) Disposals (Note 16) 31 December 31 December 2019 31 December 2018 1,993.7 1,986.7 8.6 (11.0) 7.0 – 1,991.3 1,993.7 Goodwill was calculated as the difference between the acquisition date fair value of consideration transferred less the fair value of acquired net assets. See Notes 15 and 16 for further details of the allocation to individual business segments. Goodwill and intangible assets impairment tests Goodwill and intangible assets with an indefinite useful life are tested annually for impairment. The impairment test as of 31 December 2019 is performed on the basis of two groups of cash-generating units that correspond to the two operating segments as below: In determining the value in use as of 31 December 2019, the Group used the following parameters: Projected 2020–2022 free cash flows which are based on the most current financial plan of the Group The perpetuity growth rate of 2% per annum after 2022 is allocated to individual operating segments based on the management’s expectation of the operating segments’ performance An after-tax discount interest rate of 11.2% representing the WACC of the Group (pre-tax discount interest rate of 12.9%). The WACC was calculated from the cost of equity and cost of debt at a ratio typical for an industry of 70% equity and 30% debt The recoverable amount of tested assets exceeds their carrying value. As the Group’s management is not aware of any other indications of impairment and given the results of the impairment tests, no impairment was recorded. No reasonable possible change in the calculation assumptions would lead to an impairment. ($’m) Consumer SMB Total goodwill 31 December 2019 31 December 2018 1,978.4 1,969.8 12.9 23.9 1,991.3 1,993.7 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 148 24. Trade payables and other liabilities ($’m) Trade payables Accruals Amounts owed to employees Social security and other taxes Other payables and liabilities Total trade payables and other liabilities 31 December 2019 31 December 2018 2.6 28.5 22.0 2.0 10.0 8.5 30.5 19.3 1.5 4.2 65.1 64.0 25. Provisions The movements in the provision accounts were as follows: ($’m) As at 31 December 2017 Additions Utilisation As at 31 December 2018 Additions Utilisation As at 31 December 2019 As at 31 December 2018 Total current Total non-current As at 31 December 2019 Total current Total non-current Accrued vacation provision Provision for restructuring Other Total 2.0 1.4 (2.0) 1.4 1.7 (1.4) 1.7 1.4 – 1.7 – 4.2 5.6 (4.2) 5.6 – (3.0) 2.6 4.9 0.7 1.9 0.7 1.2 2.8 (1.0) 3.0 7.8 (2.6) 8.2 2.8 0.2 8.0 0.2 7.4 9.8 (7.2) 10.0 9.5 (7.0) 12.5 9.1 0.9 11.6 0.9 26. Deferred revenue The Group sells consumer and corporate antivirus products for periods of 12, 24 or 36 months with payment received at the beginning of the licence term. Revenues are recognised ratably over the subscription period covered by the agreement. Deferred revenue materially represents the transaction price relating to sales of software licences that is allocated to future performance obligations. The movements in the deferred revenue were as follows: ($’m) 1 January Additions – billings Business combination Deductions – revenue Disposal of a business operation Translation and other adjustments 31 December Current Non-current Total 31 December 2019 31 December 2018 435.5 911.0 0.3 378.8 862.2 – (871.1) (808.3) (0.9) – – 2.8 474.8 435.5 420.5 54.3 474.8 384.3 51.2 435.5 Prior year current deferred revenue is recognised as revenue in the current period. 27. Term loan Term loan balance is as follows: ($’m) Current term loan Long-term loan Total term loans ($’m) USD tranche principal EUR tranche principal Total principal 31 December 2019 31 December 2018 58.2 969.5 1,027.7 73.4 1,318.1 1,391.5 31 December 2019 31 December 2018 336.5 699.8 864.7 545.8 1,036.3 1,410.5 In March 2019, the Group upsized the EUR tranche by €177.5m ($202.6m) and paid down the USD tranche by $400m. This resulted in the partial de-recognition of arrangement fees of $8.7m through interest expense. In April 2019, the Group applied for the margin reduction of 0.25% per annum on both tranches due to favourable leverage ratio results. The repricing of the margin to market terms, which is allowed for in the terms of the loan, was a change in contractual variable payments to be accounted for by altering prospectively the effective interest rate, consistent with the requirements for floating rate loans (see Note 3). In October 2019, the Group paid down the USD tranche by an additional $100m. Repayment resulted in the partial de-recognition of arrangement fees of $2.7m. Further, the Group reduced the margin on the EUR tranche by 0.25% per annum. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 149 27. Term loan (continued) The Group re-financed its bank loan from the primary proceeds arising from the IPO on 16 May 2018, reducing the USD tranche by $300m and reducing the margin on both the USD and EUR tranche by 0.25% per annum. The fees for the reduction and repricing were $3.1m. The Group allocated the drawing fees as of the repricing date between the $300m repaid amount and the balance of the loan. The portion of unamortised issue costs allocated to the repaid loan of $6.9m was released into the Consolidated statement of profit and loss as a non-cash interest expenses. Avast Software B.V. may voluntarily prepay term loans in whole or in part without premium or penalty. Under the repricing agreement, the following terms apply to the bank loans: Facility Interest Floor Margin 31 December 2019 Margin 31 December 2018 3-month USD USD tranche LIBOR 1.00% p.a. 2.25% p.a. 2.50% p.a. EUR tranche 3-month EURIBOR 0.00% p.a. 2.25% p.a. 2.75% p.a. Both facilities are repayable in full at the end of the 84-month term on 30 September 2023. The margin payable on both facilities is dependent upon the ratio of the Group’s net debt to adjusted EBITDA as defined in the facility agreement. The Credit Agreement (‘CA’) requires the following mandatory repayments in addition to the quarterly amortisation payments: Excess Cash Flow Payment Amount (‘ECF Payment Amount’, defined in the CA as the consolidated net increase in cash and cash equivalents of Avast plc for the period adjusted for potential future business combinations and the results of Jumpshot, Inc., Jumpshot s.r.o. and Avast plc and other adjustments) – 50% of Excess Cash Flow (as defined, and subject to certain reductions and to the extent where ECF Payment Amount exceeds $40m), with a reduction to 25% and elimination based upon the achievement of Total Net First Lien Leverage Ratios (‘Net debt ratio’) not exceeding 3.5:1 and 3.0:1, respectively. The Net debt ratio is defined as the nominal value of debt less cash on hand as of the relevant date divided by adjusted operating profit for the preceding four calendar quarters. The operating profit is adjusted for amortisation and depreciation, non-cash expenses such as share-based payments, the effects of business combination accounting, and other non-cash items. The Net debt ratio was 1.9:1 as of 31 December 2019 so no mandatory repayment was required. The following pledge agreements existed as of the date of issuance of these Consolidated financial statements: Avast Software B.V. pledged its 100% share in Avast Software s.r.o. and 100% share in Avast Operations B.V. Avast Software B.V. pledged its receivables Avast Software B.V. pledged its securities Avast Holding B.V. pledged its 100% share in Avast Software B.V. Avast Operations B.V. pledged its receivables from intra-Group loan agreements Avast Software s.r.o. pledged its receivables from bank accounts, trade receivables, receivables from insurance policies, trademarks, receivables from intra-Group loan agreements, its movable assets, domain names, source codes, and virus databases. Since Avast Software s.r.o. forms a substantial portion of the Group, the estimated value of the pledged assets exceeds the total value of the term loan. Term loan balance reconciliation The table below reconciles the movements of the balance of the term loan with the information on above and the statement of cash flows. ($’m) Term loan balance at the beginning of period Additional loan drawn (gross of fees) Drawing fees Interest expense Interest paid Loan repayment 31 December 2019 31 December 2018 1,391.5 202.6 (0.9) 56.4 (45.1) 1,781.3 – (3.1) 85.8 (67.6) (562.9) (378.5) Unrealised foreign exchange loss/(gain) (13.9) (26.4) Total 1,027.7 1,391.5 Revolving facility Avast Software B.V. also obtained a revolving credit facility of $85.0m for operational purposes which has not been drawn as of the date of these consolidated financial statements. It is valid up to 30 September 2022. The Credit Agreement includes a financial covenant that is triggered if at any time $35.0m or more is outstanding under the revolving credit agreement as of 31 December 2019. If the revolving credit facility exceeds this threshold, then the Group must maintain, on a consolidated basis, a leverage ratio of less than 6.5:1. This covenant is tested quarterly at such time as it is in effect. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 150 28. Derivatives The carrying amount of derivative financial instruments held by the Group was as follows: ($’m) Type of derivative Interest rate Cap Total Classified as Non-current financial liability Total 31 December 2019 31 December 2018 Type Assets Liabilities Assets Liabilities Level 3 – – – – 2.0 2.0 2.1 2.1 – – – – 1.0 1.0 1.0 1.0 The Group has not designated the derivatives as hedging instruments, and therefore changes in the fair value during the period are recorded in the Consolidated statement of profit and loss. Interest rate cap On 20 February 2017, Avast Software B.V. entered into an interest rate cap with an effective date from 31 March 2017 until 31 March 2021 (‘Cap’). As of 31 December 2019, the three-month USD LIBOR is capped at 2.75% per annum for a notional amount of $753.8m. The capped notional amount will gradually decrease to $709.0m by 31 March 2021. The fee for the cap is $1.6m annually paid in quarterly instalments. During the reporting period ended 31 December 2019 there were no transfers between the Level 2 and Level 3 fair value measurements. The movement in fair value of the derivatives was as follows: ($’m) 31 December 2017 Change in fair value through profit and loss 31 December 2018 Change in fair value through profit and loss 31 December 2019 Interest rate cap 3.2 (2.2) 1.0 1.1 2.1 29. Redemption obligation In connection with the sale of 35% fully diluted shares of Jumpshot, Inc. to Ascential Investor (see Note 34), the stockholders’ agreement dated 30 August 2019 gave Ascential Investor the right (the put option) to sell back the shares. Due to the subsequent decision to close the Jumpshot business in January 2020, as described in Note 39, the put option is rendered void subsequent to the year end. However, at the end of the period, conditions below existed. The put option can be exercised after 30 June 2022 (end of lock-up period), only if the following events happen: Jumpshot fails to reach a certain growth target by January 2022 (and Ascential do not deem it to be met) Avast and Ascential Investor pursuant to negotiations fail to agree on an extension of the lock-up period for reaching the growth target With respect to above, Avast recognised a redemption obligation at the present value of the exercise price ($61.6m) discounted by the estimated Avast annual borrowing rate of 3.6%, with a corresponding entry in equity. The exercise price was the higher of original cost and fair value of the shares at the time of exercise. Below was the estimate of the present value of the redemption liability: ($’m) At 1 January 2019 Initial recognition of redemption obligation Unwinding of discount At 31 December 2019 – 55.7 0.6 56.3 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 151 30. Financial risk management The Group’s classes of financial instruments correspond with the line items presented in the Consolidated statement of financial position. The management of the Group identifies the financial risks that may have an adverse impact on the business objectives and through active risk management mitigates these risks to an acceptable level. The specific risks related to the Group’s financial assets and liabilities and sales and expenses are interest rate risk, credit risk, and exposure to the fluctuations of foreign currency. Credit risk The outstanding balances of trade and other receivables are monitored on a regular basis, and the aim of management is to minimise exposure to credit risk to any single counterparty or group of similar counterparties. The credit quality of larger customers is assessed based on the credit rating and individual credit limits are defined in accordance with the assessment. The Group did not issue any guarantees or credit derivatives. The ageing of receivables is regularly monitored by Group management. The Group does not consider the credit risk related to cash balances held with banks to be material. A significant portion of sales is realised through the Group’s online resellers, mainly Digital River. From 2018, the Group manages its credit exposure by receiving advance payments from Digital River. The Group evaluates the concentration of risk with respect to accounts receivable as medium, due to the relatively low balance of trade receivables that is past due. The risk is reduced by the fact that its customers are located in several jurisdictions and operate in largely independent markets, and the exposure to its largest individual distributors is also medium. Sales to customers are required to be settled upfront by credit card or cash, thus further mitigating the risk. Foreign currency risk Foreign currency risk is the risk that the fair value of future cash flows of an exposure will fluctuate because of changes in foreign exchange rates. The Group’s exposure to the risk of changes in foreign exchange rates relates primarily to the Group’s operating activities (when revenue or expense is denominated in foreign currency). At the Parent Company level, the functional and presentation currency is the US dollar and the Group’s revenue and costs are reported in US dollars. The Group is exposed to translation risk resulting from the international sales and costs denominated in currencies other than US dollars and the resulting foreign currency balances held on the balance sheet. The Group is exposed to material transaction and translation currency risk from fluctuations in currency rates between USD, GBP, CZK, and EUR. The following table shows payments for the Group’s products and services by end users (either directly to Group or paid to an e-commerce service provider) in individual currencies. Based on agreements with the Group, e-commerce service providers may convert billings collected on behalf of the Group in specific currencies to a remittance currency (usually USD and EUR) at the existing market rates, which does not remove the underlying foreign exchange risk. The table below shows the original currency composition of payments made by end users to illustrate the foreign exchange risk to billings. USD EUR GBP Other Total Year ended 31 December 2019 Year ended 31 December 2018 49% 22% 8% 21% 49% 22% 9% 20% 100% 100% As the majority of revenues represent sales of software licences, the revenues are recognised over the duration of the licence period, despite payment being received at the start of the licence period. Because the release of deferred revenues is performed using the exchange rates valid at the start of the licence term, they are not subject to foreign currency risk. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 152 30. Financial risk management (continued) The following table shows financial assets and liabilities in individual currencies, net: ($’m) USD* EUR* CZK GBP Other Total 31 December 2019 31 December 2018 (290.1) (714.4) (34.3) 89.9 25.6 (644.0) (518.8) (32.6) 53.3 44.0 (923.3) (1,098.1) * The fluctuation in the currencies is mainly caused by the term loan restructuring as further described in Note 27. Financial assets and liabilities include cash and cash equivalents, trade and other receivables and trade and other payables, term loan, lease liabilities, other current liabilities, and non-current financial assets and liabilities. The table below presents the sensitivity of the profit before tax to a hypothetical change in EUR, CZK, and other currencies, and the impact on financial assets and liabilities of the Group. The sensitivity analysis is prepared under the assumption that the other variables are constant. The analysis against USD is based solely on the net balance of cash and cash equivalents, trade and other receivables, trade and other payables and term loan. ($’m) EUR CZK GBP Other % change 31 December 2019 31 December 2018 +/-10% (71.4)/71.4 (51.9)/51.9 +/-10% (3.4)/3.4 (3.3)/3.3 +/-10% 9.0/(9.0) 5.3/(5.3) +/-10% 2.6/(2.6) 4.4/(4.4) The sensitivity analysis above is based on the consolidated assets and liabilities, i.e. excluding intercompany receivables and payables. However, Avast Software s.r.o. has a significant intercompany loan from Avast Operations B.V. denominated in USD. As the functional currency of Avast Software s.r.o. is USD but the tax basis of Avast Software s.r.o. is denominated in CZK the income tax gains or losses of Avast Software s.r.o. are exposed to significant foreign exchange volatility. If CZK depreciates against USD, the corporate income tax expense would decrease. Avast Operations B.V. is not exposed to any similar volatilities as its functional and tax currency is the USD. Interest rate risk Cash held by the Group is not subject to any material interest. The only liabilities held by the Group subject to interest rate risk are the loan and derivatives described in Note 27 and 28. Other liabilities and provisions themselves are not subject to interest rate risk. The Group keeps all its available cash in current bank accounts or term deposit contracts (see Note 17) with a fixed interest rate and original maturity not exceeding three months. As at 31 December 2019, the Group has a term loan with an interest rate of three-month USD LIBOR plus a 2.25% per annum mark-up for USD tranche and three-month EURIBOR plus a 2.25% per annum mark-up for EUR tranche. The three-month USD LIBOR and three-month EURIBOR is subject to a 1% interest rate floor and 0% interest rate floor, respectively. As of 31 December 2019, the three-month USD LIBOR was 2.10% per annum and three-months EURIBOR was -0.41%. To reduce the interest rate risk, Avast Software B.V. entered into an interest rate cap (‘Cap’) with certain counterparties on 20 February 2017 effective from 31 March 2017. Under the cap, three-month USD LIBOR is limited to 2.75% per annum for a notional amount of $844m at the beginning to $709m through 31 March 2021. Interest rate sensitivity A change of 100 basis points in market interest rates would have increased/(decreased) equity and profit and loss before tax by the amounts shown below: Increase in interest rates Decrease in interest rates Year ended 31 December 2019 Year ended 31 December 2018 (10.4) 10.4 (14.1) 14.1 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 153 30. Financial risk management (continued) The following table shows the ageing structure of financial liabilities as of 31 December 2019: Liquidity risk The Group performs regular monitoring of its liquidity position to maintain sufficient financial sources to settle its liabilities and commitments. The Group is dependent on a long-term credit facility and so it must ensure that it is compliant with its terms. As it generates positive cash flow from operating activities, the Group is able to cover the normal operating expenditures, pay outstanding short-term liabilities as they fall due without requiring additional financing and has sufficient funds to meet the capital expenditure requirement. The Group considers the impact on liquidity each time it makes an acquisition in order to ensure that it does not adversely affect its ability to meet the financial obligation as they fall due. As at 31 December 2019 and 2018, the Group’s current ratio (current assets divided by current liabilities including the current portion of deferred revenue) was 0.65 and 0.71. The ratio is significantly impacted by the high current deferred revenue balance due to the sales model, where subscription revenue is collected in advance from end users and deferred over the licence period. The Group’s current ratio excluding deferred revenue was 2.57 and 2.15 as at 31 December 2019 and 2018, respectively. In 2019, Avast’s credit ratings were upgraded to Ba2 from Ba3 with Moody’s and to BB from BB- with Standard & Poor’s driven mainly by the voluntary debt repayment. The credit ratings are subject to regular review by the credit rating agencies and may change in response to economic and commercial developments. ($’m) Term loan Interest payment Trade payables and other liabilities Derivative financial instruments Other non-current liabilities Lease liability Redemption obligation Total Due within 3 months Due between 3 and 12 months Due between 1 and 5 years Due in more than 5 years 14.5 7.5 54.4 0.4 – 2.4 – 43.6 21.5 8.7 1.6 – 6.9 – 978.2 69.7 – – 1.6 32.7 61.6 79.2 82.3 1,143.8 – – – – – 42.1 – 42.1 Total 1,036.3 98.7 63.1 2.0 1.6 84.1 61.6 1,347.4 While the redemption liability as per Note 29 is correctly treated as a non-current liability at the year end, the original transaction was reversed subsequent to the year end because of the repayment to Ascential described further in Note 39. This impacts the overall liquidity position after the year end. The following table shows the ageing structure of financial liabilities as of 31 December 2018: ($’m) Term loan Interest payment Trade payables and other liabilities Derivative financial instruments Other non-current liabilities Lease liability Total Due within 3 months Due between 3 and 12 months Due between 1 and 5 years Due in more than 5 years 18.3 14.9 53.1 0.4 – 0.1 86.8 55.0 44.8 9.4 0.6 – 0.3 110.1 1,337.2 195.3 – – 4.1 2.2 1,538.8 – – – – 0.2 0.3 0.5 Total 1,410.5 255.0 62.5 1.0 4.3 2.9 1,736.2 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 154 30. Financial risk management (continued) Fair values The fair values of financial assets and liabilities are included at the price that would be received to sell an asset, or paid to transfer a liability, in an orderly transaction between market participants at the end of the reporting period. The following methods and assumptions are used to estimate the fair values: Cash and cash equivalents – approximates to the carrying amount Term loans – approximates to the carrying amount Receivables and payables – approximates to the carrying amount Lease liabilities – approximates to the carrying amount Financial assets and liabilities that are recognised at fair value subsequent to initial recognition are grouped into Levels 1 to 3 based on the degree to which the fair value is observable. The three levels are defined in Note 2. In connection with the 2nd put/call option (further described in Note 34), the Group recognised redemption obligation of $61.6m measured at the present value of the redemption exercise price through profit or loss. The Group classifies the redemption liability as Level 3 liability. The fair value of the 2nd put/call option itself (as opposed to the gross exercise price) is immaterial. Similarly, the fair value of the 1st put/call and 3rd call options are immaterial (see Note 34). At 31 December 2019, the Group had forward foreign exchange contracts which were measured at Level 2 fair value subsequent to initial recognition. The fair value of the liability in respect of foreign exchange contracts was $0.1m at 31 December 2019 (2018: liability of $0.2m). The Group monitors capital using the net liability position and gearing ratio (the net liability position divided by the sum of the net liability position and equity). The Group includes within the net liability position all current and non-current liabilities, less cash and cash equivalents. In addition, the Group had derivatives which were measured at Level 3 fair value. See Note 28 for further information. ($’m) 31 December 2019 31 December 2018 Capital management For the purpose of the Group’s capital management, capital includes issued capital, share premium and all other equity reserves attributable to the equity holders of parent. The primary objective of the Group’s capital management is to maximise the shareholder value. The Group manages its capital structure and makes adjustments to it in the light of changes in circumstances, including economic conditions. To maintain or adjust the capital structure, the Group may adjust the dividend payment to shareholders, return capital to shareholders, or issue new shares. The Group currently expects to maintain dividend payments of approximately 40% of Group’s levered free cash flow in the short to medium term. Current and non-current liabilities* 1,685.2 2,004.4 Less: cash and short-term deposits (216.6) (272.3) Net liability position Equity* Gearing ratio 1,468.6 1,172.6 1,732.1 900.4 55.6% 65.8% * The Group excluded redemption obligation of $56.3m from current and non-current liabilities in line with debt covenant calculation and corresponding recognition of put liability of $55.7m from equity. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 155 32. Other reserves The movements in the other reserves were as follows: ($’m) Other reserves at 1 January Group reorganisation (see Note 31) Net exercise of options (see Note 31) Redemption obligation reserve (see Note 29) Share-based payments1 Other movements 2019 260.5 – – (55.7) 20.1 0.2 2018 2.4 251.7 (7.4) – 13.8 Other reserves at 31 December 225.1 260.5 1 The fair value of share awards granted to employees is recorded over the vesting periods of individual options granted as a personnel expense with a corresponding entry to other reserves. Refer to Note 35 for further details of share-based payments. 31. Share capital and share premium Shares issued and fully paid: Share capital at 31 December 20171 Issuance of shares under share-based payment plans Share capital immediately prior to IPO Converted at IPO2 Net exercise of options at IPO2 Initial public offering3 Share issue expenses3 Group reorganisation4 Capital reduction5 Number of shares 95,514,902 5,345 95,520,247 844,058,216 49,603,491 58,977,478 – – – Issuance of shares under share-based payment plans 799,114 Share capital at 31 December 2018 (ordinary shares of £0.10 each) Issuance of shares under share-based payment plans Share capital at 31 December 2019 (ordinary shares of £0.10 each) 953,438,299 54,581,736 1,008,020,035 Share capital ($’m) Share premium ($’m) 371.7 – 371.7 371.7 – 8.0 – (250.8) – 0.1 129.0 7.0 136.0 0.9 – 0.9 0.9 7.4 191.8 (4.0) (0.9) (180.6) 0.8 15.4 40.2 55.6 1 Share capital at 31 December 2017 represented 52,377,659 common and 43,137,243 preferred shares. The nominal value of the 51,264,275 class A common shares is $6.24 per share with a share premium of $0.044, and the nominal value of the 1,113,384 class B common shares is $1.57 with a nil share premium. The nominal value of the 43,136,243 preferred shares is $1.16 with a share premium of $0.044, and the nominal value of the 1,000 management preferred shares is $6.24 per share with a share premium of $104.76 per share. 2 Avast plc listed its shares on the London Stock Exchange on 10 May 2018. As part of the IPO, holders of equity instruments in Avast Holding received 844,058,216 shares in Avast plc. In addition, holders of options in Avast Holding net-exercised at the IPO 49,603,491 shares in Avast plc and 58,977,478 new shares were issued, bringing the total amount of shares outstanding on Admission to 952,639,185. The net exercise of options resulted in the Group recording a share premium of $7.4m. 3 The increase in share capital and share premium of $195.8m represents the net proceeds from the IPO, less direct share issue expenses of $4m. 4 $250.8m was reclassified from share capital and $0.9m from share premium into other reserves to reflect the nominal value of 10 pence per outstanding share. 5 On 6 November 2018, the High Court of Justice in England and Wales made an order confirming the reduction of the share premium account by £138m ($180.6m) and the cancellation of the subscriber share of the company under section 648 Companies Act 2006. The Company now will be able to apply the distributable reserves arising from the capital reduction and the subscriber share cancellation towards the payment of dividends in line with the Company’s dividend policy and for the purposes of future share buybacks. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 156 2nd put/call option: Provided certain conditions are met, at the earliest after 30 June 2022, Ascential Investors had a right to sell and Avast had a right to buy back the original 35% of fully diluted share capital of Jumpshot. This option gave rise to a redemption obligation described in detail in Note 29 3rd call option: At the earliest of 30 June 2022 (or two years after the 1st put/call was exercised), Avast could at its discretion give Ascential a right to buy (a call option) all remaining Avast’s shares in Jumpshot, Inc. at fair value No asset or liability was recognised in connection with the 1st put/call option, as the Group considered that the defined transaction price would represent fair value of the shares at the time of transaction. No asset or liability was recognised in connection with the 3rd call option, as no option rights were currently granted. 33. Dividends made and proposed ($’m) 2019 2018 Final dividend for the period 15 May 2018 to 31 December 2018 at $8.6 cents per share Interim dividend for the period ended 30 June 2019 at $4.4 cents per share Total cash dividend paid 83.7 43.2 127.0 – – – Dividend proposed The Directors propose to pay a final dividend of 10.3 cents per share in respect of the year ending 31 December 2019 (total payment of $104.6m). Combined with the interim dividend of 4.4 cents per share paid in October 2019 (total payment of $43.2m), this gives a total dividend for the financial year of 14.7 cents (total payment of $147.8m), which represents 40% of the Group’s levered free cash flow for the period in accordance with the Company’s dividend policy. Subject to shareholder approval, the final dividend will be paid in US dollars on 24 June 2020 to shareholders on the register on 22 May 2020. There will be an option for shareholders to elect to receive the dividend in pounds sterling and such an election should be made no later than 8 June 2020. The foreign exchange rate at which dividends declared in US dollars will be converted into pounds sterling will be calculated based on the average exchange rate over the five business days prior to 11 June 2020 and announced shortly thereafter. 34. Non-controlling interest In July 2019, Avast entered into an agreement with WGSN, Inc., a wholly owned subsidiary of Ascential plc (‘Ascential’), based on which on 30 August 2019 Avast sold 35% of fully diluted shares of Jumpshot Inc. to Ascential for a consideration of $58.8m (net of $2.8m Avast transaction fees), while retaining control of Jumpshot. Pursuant to the agreement, both Avast and Ascential also made capital contributions to Jumpshot, Inc. of $4.8m and $3.2m, respectively. In addition, as part of the agreement, Avast made a capital contribution to Jumpshot, Inc. of $6.8m which was used by Jumpshot, Inc. to repurchase a portion of the vested share options held by employees. Due to the decision to wind down Jumpshot in January 2020, as described in Note 39, the below listed arrangement from the stockholder’s agreement were rendered void and cash was repaid to Ascential plc to fulfil the redemption obligation subsequent to the year end. However, at the end of the period, the following rights and obligations existed: The stockholder’s agreement states that Ascential Investors intended to obtain majority control over Jumpshot, Inc. The agreement gives the following rights to Ascential Investors and Avast: 1st put/call option: From 1 January 2021 until 30 June 2021, Avast had a right to sell and Ascential Investors had a right to buy an additional 16% of fully diluted share capital of Jumpshot, provided that certain growth targets were reached (or Ascential Investors deem that the target was reached). The agreement specifies how the transaction prices will be determined, and is deemed to approximate the fair value of the shares at that time © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 157 34. Non-controlling interest (continued) Changes in the shareholding of Jumpshot, Inc. as a result of the agreement and the transaction close are shown in the table below: Avast Ascential – non-controlling interest Other – non-controlling interest Option holders Total Below is the shareholding of Jumpshot, Inc. as of 31 December 2019: Avast Ascential – non-controlling interest Other – non-controlling interest Option holders Total Pre-close Undiluted Pre-close Diluted Post-close Undiluted Post-close Diluted 97.0% 82.8% – 3.0% – – 2.6% 14.6% 58.0% 39.3% 2.7% – 52.2% 35.3% 2.5% 10.0% 100.0% 100.0% 100.0% 100.0% Undiluted Diluted 58.2% 39.3% 2.5% – 52.5% 35.4% 2.3% 9.8% 100.0% 100.0% The Group accounted for this transaction as a transaction with non-controlling interest while retaining control, with net proceeds from the transaction as increase in total equity. The Group initially measured the non-controlling interest as proportionate amount of net assets. As a result, the impact on Group’s equity is as follows: The change in the non-controlling interest is as follows: ($’m) At 1 January 2019 Sale of 35% of Jumpshot, Inc. Share-based payments Net profit allocated to non-controlling interest At 31 December 2019 2019 1.0 5.7 0.6 0.2 7.5 2018 0.8 – 0.2 – 1.0 ($’m) Equity consideration Less: Transaction fees Consideration received Ascential contribution Option repurchase Other transaction fees Net proceeds from the transaction Change in the non-controlling interest Increase in shareholder’s equity © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm 31 December 2019 61.6 (2.8) 58.8 3.2 (6.8) (0.9) 54.3 (5.7) 48.6 Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 158 35. Share-based payments Existing Employee Share plan (formerly known as Avast Holding 2014 Share Option Plan ‘Avast Option Plan’) The Avast Option Plan was the primary share option plan of the Group prior to the IPO under which certain employees and Directors were granted options over A-ordinary and/or B-ordinary shares of Avast Holding. Following the IPO, the Avast Option Plan was adjusted such that the options granted under the plan ceased to be options over shares of Avast Holdings and, instead, became options over shares of the Company of equivalent value. No new options have been granted under the Avast Option Plan since the IPO. Furthermore, the Company does not intend to grant any further options under the Avast Option Plan. Options generally vest over a four-year period in four equal instalments. Some of the options granted to the key management personnel are performance based. The contractual life of all options is ten years. Avast plc, 2018 Long Term Incentive Plan (LTIP) Following the IPO, the Company has adopted the LTIP for employees and Executive Directors. The purpose of the LTIP is to incentivise employees and Executive Directors whose contributions are essential to the continued growth and success of the business of the Company, in order to strengthen their commitment to the Company and, in turn, further the growth, development and success of the Company. The following types of awards can be granted: Performance Stock Units (PSUs) PSUs will be granted to Executive Directors and members of the Executive Management team. Each PSU entitles a participant to receive a share in the Company upon the attainment, over a three-year performance period, of challenging performance conditions determined by the Remuneration Committee. Restricted Stock Units (RSUs) RSUs will be granted to key employees of the Group who are not Executive Directors or members of the Executive Management team. Each RSU entitles a participant to receive a share in the Company upon vesting of the RSU. Each award of RSUs will ordinarily vest either in three equal proportions over a three-year period or on the third anniversary of grant or over such other period as the Committee may determine, provided the participant remains in service. Stock Options (‘Options’) Options may be granted to key employees of the Group who are not Executive Directors or members of the Executive Management team. Each option entitles a participant to the right to acquire a share of the Company upon vesting of the option. Each option will ordinarily become exercisable either in three equal proportions over a three-year period or on the third anniversary of the grant, or over such other period as the Remuneration Committee may determine. Share Matching Plan (SMP) The Company has adopted the Avast Share Matching Plan (SMP) for employees and Executive Directors of the Group. The purpose of the SMP is to encourage and enable employees and Executive Directors to acquire a significant stake in the Company so that they can share in the future growth, development and success of the Company. Under this plan, the employees will be granted one matched share for every three purchased shares after a two-year period. Deferred Bonus Plan (DBP) The Company has adopted the Deferred Bonus Plan for only Executive Directors. Where a participant is required to defer a portion of their annual bonus into shares under the terms of the Company’s annual bonus arrangements, the Remuneration Committee may grant an award to acquire shares under the DBP in order to facilitate such deferral. Awards will ordinarily vest on the second anniversary of the date of grant. No award under DBP was granted in 2019. Jumpshot, Inc., 2015 Share Option Plan (‘Jumpshot Option Plan’) The Jumpshot Option Plan was designed in order to grant options to purchase shares of common stock of Jumpshot, Inc. to certain employees and directors of Jumpshot, Inc. The purpose of the Jumpshot Option Plan is to provide employees with an opportunity to participate directly in the growth of the value of Jumpshot by receiving options for shares. Each option converts into one ordinary share of Jumpshot, Inc. on exercise. Options that are forfeited are available to be granted again. Options generally vest over a four-year period in four equal instalments. Some of the options granted to the key management are performance based. The contractual life of all options is ten years. Share-based payment expense The total expense that relates to the equity-settled share- based payment transactions during the year is as follows: ($’m) Avast Option Plan LTIP Jumpshot Option Plan SMP Total share-based payment expense Year ended 31 December 2019 Year ended 31 December 2018 5.8 14.2 0.6 0.1 20.7 8.5 5.3 0.1 – 13.9 The Group also recognised additional $4.2m of employer’s costs related to the share-based payments exercise included in operating costs. Total costs related to share-based payments adjusted out from the operating profit amounted to $24.9m. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 159 35. Share-based payments (continued) Share options The fair value of equity-settled share options granted is determined, based on the several assumptions, on the date of the grant award using the Black-Scholes option valuation model. The following table illustrates the weighted average inputs into the Black-Scholes model in the year: Avast Option Plan Number granted in year Weighted average grant date fair value (in $/per share) Weighted average exercise price (in $) Expected volatility Weighted average expected lives (years) Risk free interest rate Expected dividends Year ended 31 December 2019 Year ended 31 December 2018 – 1,810,000 – – – – – – 6.77 26.98 31.58% 6.25 2.67% Nil Jumpshot Option Plan Number granted in year Weighted average grant date fair value (in $/per share) Weighted average exercise price (in $) Expected volatility Weighted average expected lives (years) Risk free interest rate Expected dividends Year ended 31 December 2019 Year ended 31 December 2018 1,864,061 1,049,289 1.80 4.19 0.35 0.86 42.18% 44.88% 7.34 1.54% Nil 6.92 2.71% Nil Expected volatility was determined by calculating the historical share price volatility of comparable listed companies over the expected life of the options. The expected volatility reflects the assumption that the historical volatility is indicative of future trends, which may not necessarily be the actual outcome. An increase in the expected volatility will increase the estimated fair value. The expected life is the average expected period to exercise. The number and weighted average exercise prices of, and movements in, share options of Avast Option Plan in the year is set out below: Year ended 31 December 2019 Year ended 31 December 2018 Outstanding – 1 January Granted Forfeited Exercised Outstanding on Admission Converted on Admission Forfeited Exercised Outstanding – 31 December Vested and exercisable – 31 December Number of shares 68,941,832 – – – – – (3,055,422) (41,129,176) 24,757,234 13,968,428 Weighted average exercise ($) Number of shares Weighted average exercise ($) 1.60 3.24 1.07 2.27 1.52 9,383,398 1,810,000 (74,750) – 11,118,648 69,905,909 (234,963) (729,114) 68,941,832 26,685,849 8.99 26.98 9.32 – 12.13 1.69 1.23 1.14 1.60 0.98 The weighted average share price for options exercised during the year was £ pence 367.94 (2018: £ pence 225.88). Options outstanding at the end of the year had the following range of exercise prices and weighted average remaining contractual life: Exercise price: $0.77 – $0.88 $1.12 – $1.84 $2.72 – $3.39 Outstanding – 31 December 31 December 2019 31 December 2018 Number of shares outstanding Weighted average remaining life (years) Number of shares outstanding Weighted average remaining life (years) 2,171,117 12,006,156 10,579,961 24,757,234 4.70 7.34 8.22 7.49 23,736,711 31,141,544 14,063,577 68,941,832 6.14 8.21 9.22 7.61 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 160 35. Share-based payments (continued) Replacement options Outstanding – 1 January Exercised Outstanding on Admission Converted on Admission Exercised Outstanding – 31 December Vested and exercisable – 31 December The following table summarises share option activity of Jumpshot Option Plan: Outstanding – 1 January Granted Repurchased Forfeited Exercised Outstanding – 31 December Vested and exercisable – 31 December Year ended 31 December 2019 Year ended 31 December 2018 Number of shares 12,266,682 – – – (11,683,247) 583,435 583,435 Weighted average exercise ($) Number of shares Weighted average exercise ($) 0.19 – – 0.19 0.18 0.18 7,717,640 (1,118,729) 6,598,911 12,336,682 (70,000) 12,266,682 12,266,682 1.57 1.57 1.57 0.20 0.18 0.19 0.19 Year ended 31 December 2019 Year ended 31 December 2018 Number of shares Weighted average exercise ($) Number of shares Weighted average exercise ($) 6,572,291 1,864,061 (1,615,513) (290,001) (962,113) 5,568,725 2,125,858 0.40 4.19 0.33 0.68 0.31 1.70 0.37 6,815,525 1,049,289 – (1,154,152) (138,371) 6,572,291 3,766,538 0.34 0.86 – 0.50 0.35 0.40 0.31 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 161 35. Share-based payments (continued) Options outstanding of Jumpshot Option Plan at the end of the year had the following range of exercise prices and weighted average remaining contractual life: Exercise price: $0.30 $0.36 $0.56 $0.86 $1.79 $4.53 Outstanding – 31 December 31 December 2019 31 December 2018 Number of shares outstanding Weighted average remaining life (years) Number of shares outstanding Weighted average remaining life (years) 2,383,225 301,525 187,813 831,476 232,709 1,631,977 5,568,725 5.18 6.45 7.58 8.54 9.20 9.77 7.35 4,653,252 583,500 358,750 976,789 – – 6,572,291 6.18 7.45 8.45 9.55 – – 6.92 Restricted share units The following table illustrates the number and weighted average share price on date of award, and movements in, restricted share units granted under the LTIP: Outstanding – 1 January Granted Forfeited Vested Outstanding – 31 December Year ended 31 December 2019 Year ended 31 December 2018 Number of shares Weighted average share price (£ pence) Number of shares Weighted average share price (£ pence) 4,927,332 6,130,302 (1,329,900) (1,567,385) 8,160,349 234.97 354.05 260.99 237.21 319.76 – 5,188,917 (261,585) – 4,927,332 – 234.94 234.29 – 234.97 The fair value of RSUs granted is measured as at date of grant using Black-Scholes model, the outcome of which is a weighted average fair value of RSUs granted during the year; which was £ pence 324.93 (2018: £ pence 219.07). Future dividends have been taken into account based on expected cash flow and dividend policy. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 162 35. Share-based payments (continued) Performance Share Units The following table illustrates the number and weighted average share price on date of award, and movements in, performance share units granted under the LTIP: Outstanding – 1 January Granted Forfeited Vested Outstanding – 31 December Year ended 31 December 2019 Year ended 31 December 2018 Number of shares Weighted average share price (£ pence) 6,309,881 1,458,494 (2,410,338) – 5,358,037 219.60 303.01 219.60 – 242.30 Number of shares – 6,309,881 – – Weighted average share price (£ pence) – 219.60 – – 6,309,881 219.60 The vesting of the awards under LTIP is subject to the attainment of performance conditions as described in the Directors’ remuneration report. The fair value of PSUs granted is measured as at date of grant using Black-Scholes model, the outcome of which is a weighted average fair value of PSUs granted during the year; which was £ pence 303.01 (2018: £ pence 219.60). Share Matching Plan During 2019, the Group has issued 201,928 shares to the employees under the Share Matching Plan and an additional 66,914 will be issued after the matching period (which is two years). The cost of the additional 66,914 shares is to be recognised against the other reserves over the matching period and amounted to $0.2m in total for all tranches as of 31 December 2019. The weighted average fair value of additional shares was £ pence 289.78 for the year ended 31 December 2019. 36. Related party disclosures Transactions between the Company and its subsidiaries, which are related parties, have been eliminated on consolidation and are not disclosed in this Note. Compensation of key management personnel (including Directors) ($’m) Short-term employee benefits (including salaries) Termination benefits Share-based payments Total Key management personnel Other related parties Key management personnel Other related parties Year ended 31 December 2019 Year ended 31 December 2018 11.9 1.2 10.0 23.1 0.1 – – 0.1 12.7 0.5 9.3 22.5 0.1 – – 0.1 The amounts in the table above includes, in addition to the compensation of key management personnel of the Group, the remuneration of employees of the Group that are considered related parties under IAS 24 Related party disclosures. © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 163 39. Subsequent events On 30 January 2020, the Group decided to wind down the operation of its subsidiary Jumpshot, Inc. The Group expects to incur a one-time exceptional cash cost in the range of $15m–$25m in the current financial year to cover closure costs, asset writedowns and employee restructuring. As part of the termination arrangements, Avast has returned the investments made by Ascential plc into the business, along with associated exit costs, in the amount of $73.0m. Because of the repayment, the original transaction was reversed subsequent to the year end. In light of recent press speculation and as part of the process to effect an orderly wind-down of Jumpshot, Avast is in communication with relevant regulators and authorities in respect of certain data protection matters and is cooperating fully in respect of all regulatory enquiries. Avast expects further communications with the regulators from time to time and recognises that there may be possible future investigations, disputes, claims and liabilities associated with the wind-down of the business which at this time cannot be quantified. This represents a non-adjusting subsequent event, therefore it is disclosed but otherwise without impact on financial results for the year ended 31 December 2019. Specifically, the redemption obligation (Note 29) and non-controlling interest (Note 34) are accounted in line with conditions and information that existed as of the year end. 36. Related party disclosures (continued) As a part of the IPO and Reorganisation in 2018, share transactions occurred between Avast plc and key management personnel and significant shareholders, including Sybil Holdings S.a r.l. The aggregate amount of gains made by Directors on the exercise of share options during the year was approximately $6.4m (£5.0m) (2018: $100m (£75m)). The aggregate amount of gains made by the highest paid Director on the exercise of share options during the year was $2.6m (£2.1m) (2018: $54.9m (£40.7m)). Statutory directors’ remuneration amounted to $3.6m (2018: $3.3m) for qualifying services to the Company during the year. Further details about the Directors’ remuneration is set out on pages 84 to 99. Other related parties Nadacni fond AVAST (‘AVAST Foundation’) The foundation was established by Avast Software s.r.o. and it distributes the gifts to other charities and foundations in the Czech Republic. The foundation is considered to be a related party as the spouses of Messrs. Kucera and Baudis are members of the management board of the foundation. On 13 March 2018, the Board approved that the donation for 2018 will be CZK100m ($5.0m). The donation is paid in quarterly installments during the year. During the 12 months ended 31 December 2019, Avast Software s.r.o. made donations of CZK100.0m ($4.4m) (2018: CZK68.4m ($3.1m)) to the Foundation. As of 31 December 2019, the Company recorded an accrual of CZK56.6m ($2.5m) (2018: CZK41.8m ($1.9m)). Enterprise Office Center On 15 November 2016, Enterprise Office Center (owned by Erste Group Immorent), where Avast Software s.r.o. resides, was sold by a third party to a group of investors including co-founders of Avast Group, Eduard Kucera and Pavel Baudis for $119.5m (ca. €110m). The term of lease ends in August 2024 and offers two options to extend for another 24 months under the same conditions. The annual rent is €3.3m ($3.7m). 37. Commitments There were no significant commitments in 2019. Operating lease commitments – 2018 The Group leased office space which incurred $12.4m of the lease expense for the year ended 31 December 2018. The minimum future rentals on operating leases are as follows as of 31 December 2018: ($’m) Lease Sublease income Net lease Less than 1 year 9.5 (0.9) 8.6 1 to 5 years 33.6 (2.2) 31.4 > 5 years 44.6 – Total 87.7 (3.1) 44.6 84.6 38. Principal exchange rates Translation of Czech crown into US dollar ($:CZK1.00) Average Closing Translation of sterling into US dollar ($:£1.00) Average Closing Translation of euro into US dollar ($:€1.00) Average Closing Year ended 31 December 2019 Year ended 31 December 2018 0.0437 0.0461 0.0442 0.0445 1.2757 1.3203 1.3357 1.2882 1.1212 1.1233 1.1814 1.1451 © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 164 40. Full list of subsidiaries as of 31 December 2019 Country of incorporation Registered office Registered address Netherlands Avast Holding B.V. Schiphol Boulevard 369, Tower F, 7th floor, 1118BJ Schiphol, the Netherlands Avast Software B.V. Avast Operations B.V.*** Schiphol Boulevard 369, Tower F, 7th floor, 1118BJ Schiphol, the Netherlands Schiphol Boulevard 369, Tower F, 7th floor, 1118BJ Schiphol, the Netherlands Avast Corporate Services B.V.*** Schiphol Boulevard 369, Tower F, 7th floor, 1118BJ Schiphol, the Netherlands Norman Data Defense Systems B.V.*** Schiphol Boulevard 369, Tower F, 7th floor, 1118BJ Schiphol, the Netherlands AVG Ecommerce CY B.V. Schiphol Boulevard 369, Tower F, 7th floor, 1118BJ Schiphol, the Netherlands Czech Republic Avast Software s.r.o. Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic Jumpshot s.r.o. FileHippo s.r.o. Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic Germany Avast Deutschland GmbH Otto-Lilienthal-Strasse 6, 88046 Friedrichshafen, Germany United Kingdom AVG Technologies UK Limited** 7th Floor, 110 High Holborn, London, England, WC1V 6JS Privax Limited 7th Floor, 110 High Holborn, London, England, WC1V 6JS Piriform Software Limited** 7th Floor, 110 High Holborn, London, England, WC1V 6JS USA AVAST Software, Inc. 2625 Broadway Street, Redwood City, County of San Mateo, CA 94063, USA Remotium, Inc. TrackOFF, Inc. 2625 Broadway Street, Redwood City, County of San Mateo, CA 94063, USA 3700 O’Donnell St, Baltimore, MD 21224, USA Emerald Cactus Ventures, Inc. 1700 7th Ave STE 116 #212 Seattle, WA 98101, USA Sybil Software LLC Jumpshot, Inc. Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808, USA 329 Bryant Street, Suite 3C San Francisco, CA 94107, USA AVG Technologies USA LLC 1313 N. Market Street, Suite 1500 Wilmington, DE 19801, USA Location Labs LLC Piriform, Inc. 2100 Powell St, Emeryville, CA 94608, USA Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808, USA Class of shares held Percentage of share held Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary 100% 100% 100% 100% 100% 100% 100% 58% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 58% 100% 100% 100% © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 165 40. Full list of subsidiaries as of 31 December 2019 Country of incorporation Registered office Registered address Hong Kong AVAST Software (Asia) Limited 10/F, Guangdong Investment Tower, 148 Connaught Road Central, Hong Kong Israel Cyprus Australia Brazil AVG Mobile Technologies Limited* 2 HaShlosha Street, Tel Aviv Yaffo 6706054, Israel (PO BOX 9244) Piriform Group Limited 1 Constantinou Skokou St, Capital Chambers, 5th Floor, Agios Antonios, 1061 Nicosia, Cyprus Piriform Limited 1 Constantinou Skokou St, Capital Chambers, 5th Floor, Agios Antonios, 1061 Nicosia, Cyprus AVG Technologies AU Pty Limited Level 7, 122 Arthur Street, 2060 Sydney – North Sydney, New South Wales, Australia AVG Distribuidora de Tecnologias do Brasil Ltda. Conj 38, R. Amazonas, 669 – Santa Paula, Sao Caetano do Sul – SP, 09520-070, Brazil Norway AVG Technologies Norway AS Lysaker Torg 5, 1366 Lysaker, Bærum, Norway Slovak Republic INLOOPX s.r.o. Veľka Okruzna 26A, 010 01 Zilina, Slovakia Switzerland Avast Switzerland AG Munchensteinerstr. 43, 4052 Basel, Switzerland Serbia Japan Privax d.o.o. Beograd Bulevar Mihaila Pupina 6, 11070 Belgrade-Novi Beograd, Serbia Avast Software Japan Godo Kaisha 1F and 2F Otemachi Building, 1-6-1 Otemachi, Chiyoda-ku, Tokyo, Japan In liquidation. * ** AVG Technologies UK Limited and Piriform Software Limited will take advantage of the audit exemption set out within section 479A of the Companies Act 2006 for the year ended 31 December 2019. *** As of 1 January 2020, Avast Operations B.V., Avast Corporate Services B.V., and Norman Data Defense Systems B.V. merged into Avast Software B.V. The Company’s directly held subsidiary is Avast Holding B.V. All other subsidiaries are indirectly held. Class of shares held Percentage of share held Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% © 2019 Friend Studio Ltd File name: FinancialXStatements_v50 Modification Date: 25 February 2020 4:18 pm Notes to the consolidated financial statements Strategic report Governance Financial statements Avast annual report 2019 166 Company statement of financial position As at 31 December 2019 Non-current assets Investments in subsidiary Deferred tax assets Total non-current assets Current assets Current tax receivables Trade and other receivables: Amounts due from related party Prepayments Other accounts receivable Cash and cash equivalents Total current assets Total assets Current liabilities Trade payables and other liabilities: Trade payables Corporate income tax Amounts due to related party Total current liabilities Net assets Capital and reserves Share capital Share premium Merger reserve Other reserve Retained earnings Total equity Notes 4 5 6 7 8 8 9 9 31 December 2019 $M 31 December 2018 $M 3,231.1 1.4 3,232.5 0.4 126.5 0.5 0.2 127.2 16.5 144.1 3,376.6 1.3 0.1 – 1.4 1.4 3,217.5 – 3,217.5 0.1 5.1 0.6 – 5.7 1.3 7.1 3,224.6 1.9 12.2 14.1 14.1 3,375.2 3,210.5 136.0 55.6 2,893.9 30.8 258.9 3,375.2 129.0 15.4 2,893.9 10.6 161.6 3,210.5 The Company has taken advantage of the exemption in section 408 of the Companies Act 2006 not to present its individual profit and loss account. The profit of the company was $223.0m (2018 – 11 months to 31 December 2018, loss was $19.0m). These financial statements were approved by the Board of Directors on 25 February 2020 and signed on its behalf by: Philip Marshall Chief Financial Officer The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Company financial statements Strategic report Governance Financial statements Avast annual report 2019 167 Company statement of changes in equity For the year ended 31 December 2019 Share capital $M Share premium $M Merger reserve $M Other reserve $M Retained earnings $M Notes – – – – 8.0 6.7 114.2 – – 0.1 129.0 – – – – 7.0 – – – – (180.6) 191.8 7.4 – (4.0) – 0.8 15.4 – – – – 40.2 – – – – – – 153.6 2,740.3 – – – 2,893.9 – – – – – – – – – – – – – – 10.6 – 10.6 – – – 20.2 – – 8 8 8, 9 8, 9 9 9 Total equity $M – (19.0) (19.0) – 199.8 167.7 2,854.5 (4.0) 10.6 0.9 – (19.0) (19.0) 180.6 – – – – – – 161.6 3,210.5 223.0 223.0 1.3 – – 223.0 223.0 1.3 20.2 47.2 (127.0) (127.0) 136.0 55.6 2,893.9 30.8 258.9 3,375.2 At 31 January 2018 Loss for the period Total comprehensive loss for the period Capital reduction Primary proceeds Net exercise of options Contribution of shares Share issue expense Share-based payments Exercise of options At 31 December 2018 Profit for the year Total comprehensive profit for the year Share-based payments deferred tax Share-based payments Exercise of options Cash dividend At 31 December 2019 The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Company financial statements Strategic report Governance Financial statements Avast annual report 2019 168 1. General Avast plc (the ‘Company’) is a public limited company incorporated in the UK and registered under the laws of England & Wales. The Company’s registered address is at 110 High Holborn, London WC1V 6JS. The Company’s registered number is 07118170. The Company was incorporated on 7 January 2010 as a private company limited by shares under the Companies Act 2006 (as amended) with the name Avast Limited. On 3 May 2018, the Company re-registered as a public company under the name Avast plc. Prior to this date, the Company was dormant. The share capital of Avast Limited was £1 for the accounting period ended 31 January 2018. On 8 May 2018, the Company changed its accounting period from 31 January to 31 December. Therefore, the 2018 comparative period is for the 11 months from 1 February to 31 December 2018. 2. Summary of significant accounting policies Basis of preparation The financial statements have been prepared in accordance with Financial Reporting Standard 102 (FRS 102) and under the historical cost accounting rules. The Company has adopted the version of FRS 102 (March 2018) incorporating the Triennial review 2017 amendments. Adoption of the Triennial review 2017 amendments had no effect on the Company’s financial statements. The Company is a qualifying entity as it prepares consolidated financial statements. In its individual financial statements, the Company has applied the disclosure exemptions available under the FRS 102 The Financial Reporting Standard Applicable in the UK and Republic of Ireland in respect of preparation of a cash flow statement and disclosure of key management personnel compensation. As the Consolidated financial statements of the Company include the equivalent disclosures, the Company has also taken the exemptions available under FRS 102 in respect of disclosures in respect of share-based payments and financial instruments. The Company has taken the exemption not to disclose intra-Group transactions with wholly owned subsidiary undertakings. The Company’s receivables qualify as basic financial instruments under Section 11 of FRS 102 and are included at amortised cost. Going concern The Company and its subsidiaries have considerable financial resources and a large number of customer contracts across different geographic areas and industries. The Directors have reviewed the projected cash flows for the Group and have a reasonable expectation that the Company is well placed to manage its business risk successfully and has adequate resources to continue in operational existence for the foreseeable future, and a period of at least 12 months from the signing of the accounts. For this reason, the Directors have adopted the going concern assumption in preparing the financial statements. Investment in subsidiary The investment in subsidiary is stated in the Company’s separate financial statements at cost less impairment losses. The carrying value of the investment in subsidiary is reviewed for impairment if events or changes in circumstances indicate that the carrying value may not be recoverable. Cash and cash equivalents Cash and short-term deposits in the statement of financial position comprise cash at bank and on hand and short-term deposits with a maturity of three months or less. Financial instruments Financial assets and liabilities are recognised on the Company statement of financial position when the Company becomes a contractual party to the instrument. When financial instruments are recognised initially, they are measured at fair value, which is the transaction price plus, in the case of financial assets and financial liabilities not measured at fair value through profit and loss, directly attributable transaction costs. Capitalisation of share-based payments Where the Company grants share-based awards over its own shares in exchange for employee services rendered to its subsidiaries, it recognises an increase to the cost of investment equivalent to the share-based payment expense recognised in the Consolidated financial statements and a corresponding credit in other reserves in equity. The Company recharges the expenses for share-based awards relating to employees employed in US and UK subsidiaries to the subsidiary which employs the respective employee at an amount equivalent to the respective share-based payment expense recognised in the consolidated financial statements relating to those subsidiary employees. The company recognises in its individual financial statements an increase to amounts due from related parties and a corresponding decrease in the cost of investment. Therefore, the cost of investment increases by the share-based payment expense recognised in the consolidated financial statements net of any recharges and amounts relating to services supplied to the company. Refer to Note 2 of the consolidated financial statements for the accounting policy in respect of share-based payments. Foreign currencies Transactions in foreign currencies are recorded using the rate of exchange ruling at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies are translated using the rate of exchange valid at the balance sheet date and the gains or losses on translation are included in profit or loss as finance income and expenses. Non-monetary assets and liabilities denominated in foreign currencies are stated at historical foreign exchange rates. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Notes to the company financial statements Strategic report Governance Financial statements Avast annual report 2019 169 2. Summary of significant accounting policies (continued) Functional currency The Company’s functional currency is US dollars. Employee Benefit Trust The Group has established an employee benefit trust (‘Avast plc Employee Benefit Trust; EBT’) in 2019. The trust is treated as an extension of the Company. During the year, 1,567,385 RSUs were issued to the EBT for the amount of the nominal value of $0.2m and then transferred to employees. At 31 December 2019, no shares were held by the trust. 3. Auditor’s remuneration The figures for auditor’s remuneration for the Company, required by regulation 5(1)(b) of the Companies (Disclosure of Auditor Remuneration and Liability Limitation Agreements) Regulations 2008, are not presented as the Consolidated financial statements comply with this regulation on a consolidated basis. 4. Investment in subsidiary The investment in subsidiary represents the investment in Avast Holding B.V. (‘Avast Holding’), a wholly owned subsidiary of the Company. A full list of the Company’s direct and indirect subsidiaries is included in Note 40 of the Consolidated financial statements. Investment in Avast Holding B.V. Prior to the Company‘s Initial Public Offering (IPO), Avast Holding B.V. (‘Avast Holding’) was the Parent Company of the Avast Group. On 10 May 2018, as part of a reorganisation related to the IPO (‘Reorganisation’), the shareholders of Avast Holding contributed their shares in the capital of Avast Holding to the Company in exchange for which the Company issued ordinary shares of equivalent value to each shareholder. This resulted in the Company issuing in aggregate 844,058,216 ordinary shares at a value of 250 pence per share. In connection with the Reorganisation, the option plan of Avast Holding (‘Avast Option Plan’) was adjusted in accordance with their terms such that the options granted under the plan ceased to be options over shares of Avast Holding and, instead, became options over shares of the Company of equivalent value (with an appropriate adjustment to the per share exercise price so that there was no change in overall value). On 10 May 2018, holders of options under the Avast Option Plan net-exercised certain of their options which resulted in the Company issuing 49,603,491 shares. The Reorganisation resulted in the Company recording an investment in Avast Holding of £2,234.2m ($3,022.2m). In addition, on 16 May 2018, Avast Holding issued one share to the Company at an issue price of $186.2m, which the Company paid for in cash. At 31 January 2018 Investment in Avast Holding B.V. Capitalisation of share-based payments Cost at 31 December 2018 Capitalisation of share-based payments Cost at 31 December 2019 $M – 3,208.4 9.1 3,217.5 13.6 3,231.1 5. Trade and other receivables ($’m) Amounts due from related party Prepayments Other accounts receivable Total 31 December 2019 31 December 2018 126.5 0.5 0.2 127.2 5.1 0.6 – 5.7 As of 15 May 2018, the Company entered into a cash management agreement with Avast Corporate Services B.V., its indirect subsidiary, which operates a cash pooling arrangement for the Group. Under this agreement, the Company has a short-term loan receivable of $122.8m (2018: short-term loan payable of $12.2m), repayable on demand, with a variable interest rate based on three-month USD LIBOR -0.5% (2018: +5.25%) assessed quarterly. The interest income for the period ended 31 December 2019 was $0.3m (2018: interest expense $0.4m). Included under amounts due from related party are recharges of management services provided by the Company to Group subsidiaries for $3.7m (2017: $5.1m). 6. Cash and cash equivalents ($’m) Cash in bank Total 31 December 2019 31 December 2018 16.5 16.5 1.3 1.3 7. Trade payables and other liabilities ($’m) Trade payables Corporate income tax Amounts due to related party Total 31 December 2019 31 December 2018 1.3 0.1 – 1.4 1.9 – 12.2 14.1 © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Notes to the company financial statements Strategic report Governance Financial statements Avast annual report 2019 170 8. Share capital Shares issued and fully paid: Share capital at 31 January 2018 (ordinary share of £1 each)1 Initial public offering2 Share issue expense2 Contribution of shares (see Note 4) Net exercise of options3 Capital reduction4 Exercise of options Share capital on 31 December 2018 (ordinary share of £0.10 each) Issuance of shares under share-based payments plans Share capital on 31 December 2019 (ordinary share of £0.10 each) Number of shares Share Capital ($ ‘m) Share Premium ($ ‘m) 1 58,977,478 – 844,058,216 49,603,491 – 799,114 953,438,299 54,581,736 1,008,020,035 – 8.0 – 114.2 6.7 – 0.1 129.0 7.0 136.0 – 191.8 (4.0) – 7.4 (180.6) 0.8 15.4 40.2 55.6 For proposed dividends, see Note 33 of the Consolidated financial statements. For details of options and other share awards over the Company’s shares, see Note 35 of the Consolidated financial statements of the Company. 1 As of 31 January 2018 and 31 January 2017, nominal value of the Company was £1 and no transactions occurred between the periods since the Company was dormant. 2 The ordinary shares of the Company were admitted to trading on the London Stock Exchange’s main market for securities on 15 May 2018. As part of the Company’s primary offer, it issued 58,977,478 new shares in the Company with a nominal value of 10 pence and a premium of 240 pence which resulted in the increase in share capital of $8.0m and share premium of $191.8m. Expenses incurred in relation to the direct share issue amounted to $4.0m. 3 As described in Note 4, the net exercise resulted in the Company recording $6.7m into share capital and $7.4m into share premium, equal to the exercise price paid by employees and remaining $153.6m into merger reserve (see Note 10). 4 On 6 November 2018, the High Court of Justice in England & Wales made an order confirming the reduction of the share premium account of the Company by £138m ($180.6m). 9. Reserves Merger reserve The share-for-share exchange transaction described in Note 4 and Note 8 qualified for merger relief in accordance with section 612 and the Company elected to record a merger reserve. This reserve also includes the value of the options over PLC shares that were subsequently net exercised on the IPO, in excess of the share capital and premium arising on exercise. The merger reserve is non-distributable. Other reserve The increase in other reserves of $20.2m (2018: $10.6m) represents the expense from the share awards from the date of the IPO. The fair value of share awards granted to employees is recorded over the vesting periods of individual options granted as a personnel expense (or where appropriate, capitalised as investment in subsidiary) with a corresponding entry to other reserves. 10. Dividend The dividend income for the year ended 31 December 2019 was $225.0m (2018: $nil). 11. Personal expenses Personnel expenses of the Company consist of following: ($’m) Wages and salaries Social security and health insurance Social costs Share-based payments (including employer’s costs) Total personnel expense 2019 4.9 0.7 0.1 4.8 10.5 2018 3.1 0.2 0.1 1.5 4.9 The average number of employees by category during the period was as follows: 2019 2018 Sales and marketing General and administrative Total average number of employees 5 6 11 12. Share-based payments The total expense that relates to the equity-settled share-based payment transactions of employees of the Company during the period is as follows: ($’m) Avast Option Plan LTIP Total share-based payment expense 2019 0.9 0.4 1.3 6 4 10 2018 1.2 0.3 1.5 The cost of equity-settled transactions with employees is measured by reference to the fair value at the date at which they are granted, further details of which are given in Note 35 of the Consolidated financial statements. As denoted in Note 40 of the Consolidated financial statements, the Company will guarantee the debts and liabilities of certain of its UK subsidiaries at the balance sheet date in accordance with section 479C of the Companies Act 2006. The Company has assessed the probability of loss under these guarantees as remote. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Notes to the company financial statements Strategic report Governance Financial statements Avast annual report 2019 171 Glossary Adjusted Billings Adjusted Billings represents the Group’s reported billings. Adjusted Revenue Adjusted Billings/ Revenue excluding FX Adjusted Cash EBITDA Adjusted Cost of Revenues/Operating costs Adjusted EBITDA Adjusted Revenue represents the Group’s reported revenue adjusted for the deferred revenue haircut reversal, the gross-up adjustment. These adjustments are expected to be zero after 2019. A reconciliation is included in the “PRESENTATION OF RESULTS AND DEFINITIONS”. Growth rate excluding exchange rate impact calculated by restating 2019 actuals to 2018 FX rates. Deferred revenue is translated to USD at date of invoice and is therefore excluded when calculating the impact of FX on revenue. For the FX rates applied, see ‘Principal exchange rates applied’. Adjusted earnings before interest, taxation, depreciation, and amortisation (‘Adjusted EBITDA’) is defined as the Group’s operating profit/loss before depreciation, amortisation of non- acquisition intangible assets, share-based payments, exceptional items, amortisation of acquisition intangible assets, the deferred revenue haircut reversal, and the COGS deferral adjustments. A full reconciliation is included in the “PRESENTATION OF RESULTS AND DEFINITIONS”. Adjusted Cost of Revenues/Operating costs represent the Group’s cost of revenues/operating costs adjusted for depreciation and amortisation charges, share-based payments charges, exceptional items, COGS deferral adjustment, and the gross-up adjustment. A full reconciliation is included in the Costs section of the CFO’s Review. Adjusted earnings before interest, taxation, depreciation, and amortisation (Adjusted EBITDA) is defined as the Group’s operating profit/loss before depreciation, amortisation of non-acquisition acquisition intangible assets, share-based payments, exceptional items, amortisation of acquisition intangible assets, the deferred revenue haircut reversal and the COGS deferral adjustments. A full reconciliation is included in the “PRESENTATION OF RESULTS AND DEFINITIONS”. Adjusted EBITDA margin Adjusted EBITDA as a percentage of adjusted revenue. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Adjusted effective tax rate Adjusted EPS Adjusted Net Income Amortisation of acquisition intangibles Average Products Per Customer (APPC) Adjusted income tax as a percentage of adjusted profit before tax (defined as adjusted net income before deduction of adjusted income tax). For the adjusted income tax reconciliation see Income Tax section of the CFO’s Review. Basic adjusted earnings per share amounts are calculated by dividing the adjusted net income for the period by the weighted average number of shares of common stock outstanding during the year. The diluted adjusted earnings per share amounts consider the weighted average number of shares of common stock outstanding during the year adjusted for the effect of dilutive options. For the reconciliation see Earnings per share in the CFO’s Review section. Adjusted Net Income represents statutory net income plus the deferred revenue haircut reversal, share-based payments, exceptional items, amortisation of acquisition intangible assets, unrealised foreign exchange gain/loss on the EUR tranche of the bank loan, the COGS deferral adjustments, the tax impact from the unrealised exchange differences on intercompany loans, and the tax impact of the foregoing adjusting items and IP transfers. For the reconciliation see “PRESENTATION OF RESULTS AND DEFINITIONS” section. Represents the amortisation of intangible assets acquired through business combinations which does not reflect the ongoing normal level of amortisation in the business. APPC defined as the Consumer Direct Desktop simple average valid licences or subscriptions for the financial period presented divided by the simple average number of customers during the same period. See Consumer Direct Desktop Operational KPIs. Average Revenue Per Customer (ARPC) ARPC defined as the Consumer Direct Desktop revenue for the financial period divided by the average number of customers during the same period. See Consumer Direct Desktop Operational KPIs. Glossary Strategic report Governance Financial statements Avast annual report 2019 172 Cash conversion COGS Deferral Adjustments Deferred Revenue Haircut Reversal Discontinued Business Exceptional items Unlevered free cash flow as a percentage of adjusted cash EBITDA. See Cash flow section of the CFO’s Review. Gross debt There was no deferred cost of goods sold (COGS) balance consolidated by the Group in the acquisition balance sheet of AVG in 2016 and thus no subsequent expense was recorded as the revenue in respect of pre-acquisition date billings was recognised. The COGS deferral adjustments refers to an adjustment to reflect the recognition of deferred cost of goods sold expenses that would have been recorded in 2016 and 2017 in respect of pre-acquisition date AVG billings, had the AVG and the Group’s businesses always been combined and had AVG always been deferring cost of goods sold. See “PRESENTATION OF RESULTS AND DEFINITIONS”. Under IFRS 3 Business combinations, an acquirer must recognise assets acquired and liabilities assumed at fair value as of the acquisition date. The process of determining the fair value of deferred revenues acquired often results in a significant downward adjustment to the target’s book value of deferred revenues. The reversal of the downward adjustment to the book value of deferred revenues of companies the Group has acquired during the periods under review is referred to as the deferred revenue haircut reversal. See “PRESENTATION OF RESULTS AND DEFINITIONS”. As the Company is exiting its toolbar-related search distribution business, which had previously been an important contributor to AVG’s revenues (referred throughout the Full Year Report, with the Group’s browser clean-up business, as Discontinued Business), the growth figures for adjusted revenues and adjusted billings exclude Discontinued Business, which is negligible from 2020. The Discontinued Business does not represent a discontinued operation as defined by IFRS 5 since it has not been disposed of but rather it is being continuously scaled down and is considered to be neither a separate major line of business, nor geographical area of operations. Exceptional items are material and non-recurring items of income and expense which the Group believes should be separately disclosed to show the underlying business performance of the Group more accurately. For details see Exceptional items of the CFO’s Review and Note 6. Gross-Up Adjustment Levered Free Cash Flow Net debt Number of customers Organic growth Unlevered Free Cash Flow Unrealised FX on EUR tranche of bank loan Represents the sum of the total book value of the Group’s loan obligations (i.e. sum of loan principals). A reconciliation is included in the Financing section of the CFO’s Review. The Gross-Up Adjustment refers to the estimated impact of the additional amount of 2015 and 2016 revenue and expenses and their deferral that would have been recognised by Avast had the contractual arrangements with certain customers qualified to have been recognised on a gross rather than a net basis prior to 2017 (AVG had historically recognised billings and revenues on a gross basis, whereas Avast recognised them on a net basis). See “PRESENTATION OF RESULTS AND DEFINITIONS”. Represents amounts of incremental cash flows the Group has after it has met its financial obligations (after interest and lease repayments) and is defined as Unlevered Free Cash Flow less cash interest and lease repayments. See Cash flow section of the CFO’s Review for reconciliation. Net debt indicates gross debt netted by the Company’s cash and cash equivalents. A reconciliation is included in the Financing section of the CFO’s Review. Users who have at least one valid paid Consumer Direct Desktop subscription (or licence) at the end of the period. Organic growth represents growth figures excluding the impact of FX, acquisitions, business disposals, and discontinued business. Excludes current period revenue of acquisitions until the first anniversary of their consolidation. Represents adjusted cash EBITDA less capex, plus cash flows in relation to changes in working capital (excluding change in deferred revenue and change in deferred cost of goods sold as these are already included in adjusted cash EBITDA) and taxation. Changes in working capital and taxation are as per the cash flow statement on an unadjusted historical basis and unadjusted for exceptional items. See Cash flow section of the CFO’s Review for reconciliation. In the reported financials, the Group retranslates into USD at each balance sheet date the euro value of the EUR tranche of the bank debt, with the unrealised FX movement going to the income statement. This adjustment reverses this unrealised element of the FX gain/loss. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v27 Modification Date: 25 February 2020 2:14 pm Glossary Printed on Galerie Satin, and FSC® Mixed Sources paper manufactured using pulp from well managed forests at a mill accredited with EMAS and ISO 14001 environmental standards. Printed by CPI Colour. CPI Colour are ISO 14001 certified, CarbonNeutral® and FSC® chain of Custody certified. Designed and produced by Friend www.friendstudio.com © 2019 Friend Studio Ltd File name: BackXCover_v5 Modification Date: 24 February 2020 5:59 pm Contact Brokers Morgan Stanley & Co International plc Ben Grindley Alex Smart +44 (0)207 425 8000 UBS Investment Bank Rahul Luthra Thomas Raynsford +44 (0)207 567 800 Independent Auditors Ernst & Young 1 More London Place London SE1 2AF Registrar Equiniti Aspect House Spencer Road Lancing West Sussex BN99 6DA UK callers: 0371 384 2030 International callers: +44 121 415 7047 Investor Relations IR@avast.com Public Relations mediarelations@avast.com © 2019 Friend Studio Ltd File name: BackXCover_v5 Modification Date: 24 February 2020 5:59 pm
Continue reading text version or see original annual report in PDF format above