Avast plc annual report 2020 Empowering digital citizens for safer online experiences © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Strategic report Governance Financial statements Avast plc annual report 2020 Driving growth and creating value In this report Strategic report Introducing Avast Chair’s letter Markets & threat landscape Company strategy Investment case Business model CEO’s review Our technology CFO’s review Risk management People and culture Social responsibility and sustainability Section 172 statement 1 9 12 20 23 25 30 36 42 58 64 75 82 Governance Board of Directors Corporate governance statement Audit and Risk Committee report Nomination Committee report Directors’ remuneration report Directors’ report Financial statements Independent Auditor’s Report Consolidated financial statements Notes to the consolidated financial statements Company financial statements Notes to the Company financial statements Glossary 88 90 97 103 107 129 136 146 153 193 195 199 © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Financial KPIs Adjusted billings $922.0m +7.1% organic growth +1.2% actual growth Adjusted EBITDA $495.5m +2.6% Adjusted revenue $892.9m +7.9% organic growth +2.3% actual growth Adjusted net income $360.2m +11.8% Unlevered free cash flow Net debt/LTM adjusted EBITDA $451.1m +6.2% Statutory revenue $892.9m +2.5% 1.5x Statutory net income $169.6m -31.8% Operational KPIs Revenue per desktop customer Product per desktop customer $53.34 +4.5% 1.5 +2.8% Number of desktop customers 13.62m +7.9% Strategic report Governance Financial statements Avast plc annual report 2020 01 Our purpose We protect people’s digital lives Avast believes in an open and connected world where people everywhere have the right to access the same information, ideas and experiences. Our role is to make the online world a safer place so that digital citizens are free to enjoy safe and private connected lives. Our primary purpose is to keep people safe and private online, and never has this been more important than in 2020. In a year when cybercriminals exploited the fear and confusion around COVID-19, people, businesses, and frontline healthcare services turned to technology to maintain their lives and their work. Ensuring internet access and usage have been secure and private has become mission-critical. We have been proud to play a meaningful role in supporting our key stakeholders, non-governmental organisations (NGOs), and the scientific community as the world battled COVID-19. Avast safeguards more than 435 million people worldwide, protecting their digital data, identity, and privacy. © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Strategic report Governance Financial statements Avast plc annual report 2020 02 About us Avast is a world leader in consumer cybersecurity 435m+ 1.5bn+ attacks and over 200m new files blocked each month on average in 2020 users1 worldwide Our brands: 33m+ phishing attacks and nearly 3m unique phishing URLs blocked each month on average in 2020 User defined as a unique device that has one of more Avast free or paid products installed and has been in contact with our servers in the last 30 days. 4m+ ransomware attacks blocked each month on average in 2020 ~100,000 organic installs of Avast Antivirus every day © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Strategic report Governance Financial statements Avast plc annual report 2020 03 Our comprehensive offering protects and enhances our users’ online experiences SMB security Consumer security Protection Data breaches Control Smart home Family safety Continuing our growth as a FTSE 100 company Avast was officially admitted to the FTSE 100 index in June 2020. Our promotion marks another milestone in our growth and recognises our success in providing award- winning products that keep people safe and private in a fast-evolving digital world. Attractive investment profile High level of recurring revenues, with strong cash generation and a robust balance sheet. Diversified revenue streams by customer, geography and product. Consistent delivery on financial guidance. See the Investment case section, p23 Privacy Users Software updates Identity protection Online anonymity Performance PC maintenance Speed © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm About us continued Strategic report Governance Financial statements Avast plc annual report 2020 04 Our pandemic response Backing science and technology for a better world Avast’s commitment to keeping people safe reaches far beyond the online world. We have always believed in the power of technology to change the world for the better. In 2020, we provided financial support and resources to a considerable range of scientific, technological, and community- based initiatives to help fight COVID-19 and back the people, businesses, and organisations directly impacted by the pandemic. $25m donated to support global R&D initiatives focused on COVID-19 testing, treatment and vaccines As a tech company, we believe that a rigorous, scientific approach provides the best exit strategy for this crisis. A prudent, systematic and well-funded approach to testing, treatment, and vaccine development will minimise lockdowns and disruptions, and ultimately, save lives. Ondrej Vlcek Chief Executive Officer © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Strategic report Governance Financial statements Avast plc annual report 2020 05 Global support for a global crisis Avast joined the COVID-Zero Coalition, an initiative coordinated by Wellcome, one of the world’s leading independent health research foundations. We fully supported the coalition’s strategic focus on research and development (R&D) projects that are dedicated to developing the best testing, treatment, and vaccines to fight the virus. Supporting employees in a time of change We also moved swiftly to supply all our colleagues with the technology and office equipment for a smooth transition to working from home, ensuring they received all the support they needed and without taking any government aid. We embraced truly asynchronous working to give those suddenly balancing caring responsibilities alongside their work the flexibility they needed. This enabled us to continue providing our services to our users without interruption. © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm $12m to the COVID-19 Therapeutics Accelerator In partnership with the Bill & Melinda Gates Foundation, Mastercard, and Wellcome, this initiative accelerates the development of rapid testing and treatments $8m to the Coalition for Epidemic Preparedness Innovations (CEPI) The Coalition makes efforts to eliminate preventable deaths through the pursuit of testing, treatment, and prevention through vaccine development $5m to community-based scientific efforts Including: $200,000 and computing resources to Folding@home’s supercomputing program to find a cure for the virus. $580,000 to Czech Technical University for the development and production of Corovent, a prototype lung ventilator. OneVoluntary contributions to US food bank schemes. Local activities in Czech Republic included: – $720,000 for one million face masks delivered to care organisations in the Czech Republic. – $44,000 to provide 1,000 hot meals a day to key workers in Prague. – Production of 3D printed face masks with Czech Technical University. Our pandemic response continued Strategic report Governance Financial statements Avast plc annual report 2020 06 Secure connected experiences for everyone, everywhere People are dealing with a lot of problems right now. Digital security doesn’t have to be one of them. The pandemic proved to be an opportunity for bad actors. With people forced online for services and information as restrictions and lockdowns were implemented, we tracked a large number of scams. Fake shops were the most common scam variant, selling discounted medical equipment such as face masks or sanitiser. Some even claimed to sell treatments or self-provisioned COVID-19 tests. Anyone can set up a shop online under almost any name. Anyone placing orders on these sites would never receive the goods. We used a variety of communication channels, such as blogs, social media, and press releases, to raise awareness of these scams with the public. Nick Viney SVP Partner © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm COVID-19 has expanded the cyberattack surface of all these networks, with remote working and schooling increasing our reliance on technology to connect people on an unprecedented scale – one that is increasingly likely to be permanent. The Internet of People We consider security and privacy to be about protecting individuals, moving away from a device-centric approach to embrace what we think of as the ‘Internet of People’ where individuals’ online experiences and identities are secured. Enabling this approach, Internet of Things (IoT) devices are increasingly widely and deeply integrated into our home, business, utilities, and transportation systems. We increasingly no longer separate online and offline experiences as a result. Our pandemic response continued Strategic report Governance Financial statements Avast plc annual report 2020 07 Our impact Helping families in lockdown With global lockdowns forcing families to stay at home and children to connect with teachers and schools digitally, the importance of a safe online experience for parents and their children has never been higher. To help keep families safe during the pandemic, Avast made our parental assistance subscription app, Avast Family Space, available for free. 1/5 More than one in five children under the age of 12 in the UK (21%) have admitted to having bad online experiences during lockdown 72% of these children said they had received unkind messages; the same number had received unsolicited and inappropriate content 71% had received unwanted contact from a stranger 58% had accidentally downloaded a computer virus 67% had received an unkind video call © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Our pandemic response continued Strategic report Governance Financial statements Avast plc annual report 2020 08 Our impact continued Partnering to protect children In 2020, Avast was proud to join the Internet Watch Foundation (IWF), a UK charity set up 24 years ago to tackle the horrific crime of child sexual abuse content online. During the pandemic, the IWF identified that girls aged 11-13 were most at risk in lockdown, being encouraged by online abusers to generate and share their own content. Working with Avast, with their huge experience in the field, will boost this mission and have a very real impact on the safety of children around the world. Susie Hargreaves Chief Executive, IWF Raising awareness of personal safety during lockdown One side-effect of the pandemic lockdowns was the escalation in domestic violence incidents as vulnerable people were trapped with their abusers. Stalkerware refers to apps that are typically installed secretly by a person close to the victim, such as a jealous spouse, to spy on the person by tracking their physical location, monitoring messages and recording phone calls. These apps invade the privacy of the victim, allowing the abuser to take control over their personal identity. Between March and December 2020, we observed an increase of 55% globally in spyware and stalkerware downloads over January and February averages. In July, Google took the step of banning the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorisation; however, this is an ongoing challenge the industry is tackling and many similar apps remain available. Avast is committed to doing all it can to protect our users from these threats. In addition to our security products detecting stalkerware and alerting the user to remove it, we have joined the Coalition Against Stalkerware in the fight against this disturbing covert surveillance technology. Spyware and stalkerware apps in 2020 DEC 2020 NOV 2020 OCT 2020 SEP 2020 AUG 2020 JUL 2020 JUN 2020 MAY 2020 APR 2020 MAR 2020 14,548 11,177 10,607 10,810 9,895 10,833 11,076 11,025 11,234 9,843 FEB 2020 6,861 JAN 2020 7,445 Global apps detected by Avast throughout the year. The IWF has an extremely challenging job in tackling this horrific problem which has become more prevalent as technology and the internet have evolved. We hope that by working with the IWF to block the sharing of this content online, we can also help prevent the re-victimisation of the children featured. We will continue, relentless, in our mission to protect everyone online, especially the most vulnerable. Jaya Baloo Chief Information Security Officer © 2019 Friend Studio Ltd File name: FC_Mission_AboutUs_OurImpact_v77 Modification Date: 2 March 2021 8:19 pm Strategic report Governance Financial statements Avast plc annual report 2020 09 Chair’s letter Avast has evidenced business resilience and financial strength Dear shareholders Before turning to Avast’s business performance, I would like to share my reflections on how we have responded to the COVID-19 pandemic. The last year has been unparalleled in terms of challenge and change for all of us. As the pandemic unfolded, Avast moved quickly to establish key priorities – safeguarding our people, continuing to serve our customers, retaining our financial strength, and supporting our communities. Our focused approach has enabled Avast to deliver not just a resilient financial performance, but, more importantly, to continue to make progress against our longer-term strategy, which is centered on growth and creating value for all our stakeholders. © 2019 Friend Studio Ltd File name: Chairman_s_Statement_v51 Modification Date: 2 March 2021 10:12 am Strategic report Governance Financial statements Avast plc annual report 2020 10 Chair’s letter continued Safeguarding our people and supporting our communities The dedication of our people has played a big role in the Company’s resilient response. I am very proud of the way in which they have risen to the task to keep our customers protected online and our services unaffected. We have worked hard to ensure that our employees receive the support they need, wherever they are. This includes effective tools while working from home, wellbeing and health services, as well as team-building and performance management coaching. The Group’s leadership has recognised the advantages of the flexibility of working remotely and, following employee consultation, has put forward new policies and plans to reinvent Avast’s operational approach and use of office spaces. Working remotely is yet another opportunity to contribute to our sustainability roadmap, by reducing time spent in commuting and minimising the impact on the environment. At Avast, we aim to make the communities in which we operate better places to live and work. We have kept sight of this responsibility during the crisis, stepping up to support major scientific projects to fight the virus, such as the Company’s $20 million donation to research initiatives of the COVID-Zero Coalition programme. An additional $5 million was donated to other scientific initiatives. Evidencing business resilience and financial strength Through the pandemic, Avast’s business model has proved resilient and well positioned to benefit from the accelerated digitalisation of our economy. Working from home trends have presented Avast with an opportunity to attract new users and to convert them to paying customers, as they experience a safer and more private online experience. With continued investment made in our people, marketing programmes, and partnerships, there has been a sustained uplift in customer numbers in both established markets and in targeted underpenetrated regions, as Avast expands its global footprint through a successful localisation programme. In the past year, we added nearly 1 million desktop customers. To address the ever-evolving threat landscape, we continued our expansion into the consumer privacy category, with the launch of BreachGuard. For our business customers, we rolled out next-generation antivirus plus patch management products, as we continued to strengthen the performance of our Small and Mid-sized Business (SMB) unit. We met the financial expectations we set at the start of the year, driving growth while also maintaining high levels of profitability. Our sustained performance, coupled with the effectiveness of our strategy and business model, and the hard work of our people, resulted in the Group’s inclusion in the FTSE 100 index in June. At 31 December 2020, Avast’s net debt/LTM adjusted EBITDA was 1.5x. Our debt reduction is enabled as a result of the favourable cash flow dynamics of our business and our effective capital allocation strategy, which is underpinned by a commitment to balance sheet strength. The prudent management of our capital structure provides the Group with strategic flexibility to further enhance competitiveness and pursue growth. We are in a strong position to take advantage of long-term value creation opportunities, both organic and through acquisitions. Given our successful performance in FY 2020 and our confidence in our business model in the year ahead, the Board proposed a final dividend of 11.2 US cents per share, bringing the total dividend for the year to 16.0 US cents per share (total payment of $164.6 million), a pro-rata increase of 8.8% on the prior year. The final dividend will be paid on 18 June 2021, to shareholders on the register on 14 May 2021. Staying at the forefront of innovation 2020 was a year that forced changes for everyone. In a rapidly developing marketplace, Avast’s technical ingenuity is a substantial competitive advantage, and in the year ahead we will further improve our leading defence from the ever-changing threat landscape. Investment to maintain leadership in our technology will be evident in the enhancement of Avast’s core security engine, as well as enabling innovation- driven growth in both our consumer and SMB businesses. Avast is positioning itself at the forefront of the fast-growing digital privacy market. In parallel with product innovation, we are also committed to driving improvements in the customer experience. Our stated purpose as a business is evolving to protecting individuals’ digital life, going beyond our historical device-centric approach. In 2021, we look forward to the rollout of our new Avast One solution, an all-in-one security, privacy, and performance offering that streamlines the experience and further expands the protection of our customers’ digital lives. Making a positive contribution to all stakeholders Avast has a proud history of giving back to its communities, and this year we are maintaining our commitment to social impact initiatives based on the Pledge 1% model, to share the Company’s success. We’ve also set up a new foundation to administer the funds and to effectively align our social impact initiatives with our mission to making the online world a better, safer place (more details can be found on page 80). ~1m more desktop customers in 2020 Read more on p31 © 2019 Friend Studio Ltd File name: Chairman_s_Statement_v51 Modification Date: 2 March 2021 10:12 am Chair’s letter continued Strategic report Governance Financial statements Avast plc annual report 2020 11 We are committed to making meaningful progress on a holistic environmental, social and governance programme. Engaging with all our stakeholders on a regular basis to understand their expectations, needs, and concerns is part of our ongoing commitment to sustainability. In this regard, we are committed to making meaningful progress on the more holistic environmental, social and governance (ESG) programme, revitalising how we oversee and report on ESG topics for the Company. While it is early days, we intend to implement an enhanced set of internal controls for evaluating and managing ESG risk and opportunity, and a pledge to develop key performance indicators to inform our decisions in a way that is meaningful and transparent. Work on these objectives and key performance indicators (KPIs) is ongoing, and more information on their development can be found in this report. The Group has already identified a number of strategic priorities within its materiality matrix, including protecting personal data privacy and IT security, emissions reductions, and diversity and inclusion. We recognise that diversity of people and perspectives enhances governance. For this reason, we have a focus on improving diversity starting with the Board. We are close to reaching a one third female ratio for Directors. Proportional female representation among the Executive management team has also risen. Under the supervision of a newly appointed diversity and inclusion leader, the Company is actively engaging with employees to identify opportunities for company-wide advancement in multiple diversity categories. Board changes I am very grateful to my fellow Board members for their wisdom and commitment to the Company. This year we say farewell to two long- serving Directors. Erwin Gunst has served on the Board for nearly nine years. His international experience gained over a career in the software and tech industry has been of great value to Avast, as have his contributions as a member of the Audit and Risk Committee and Nomination Committee. Since Ulf Claesson joined the Board in 2012, Avast has benefited from his wealth of expertise in tech innovation and entrepreneurship. Ulf has served as Chair of the Remuneration Committee and as a valued member of the Audit and Risk Committee. Erwin and Ulf will not stand for re-election. On behalf of the Board, I would like to thank them for their commitment, wisdom and collaboration over the years. It is my intention to retire as Chair of the Group before the 2022 Annual General Meeting. This will therefore be the last time I have the pleasure of chairing Avast’s AGM. Having led the Board for seven years, through our successful listing on the LSE, reaching the FTSE 100 benchmark and through the succession of our CEO, we are well positioned to appoint a new Chair. This is an exciting time for Avast. We have a refocused purpose and strategy, a substantially strengthened senior management team, and an experienced Board. While the succession plan for the Chair will begin soon, I remain fully committed to the organisation. Looking ahead The year ahead will likely bring both continued uncertainty and opportunity to capitalise on the pandemic-driven trends which have accelerated during the past year. With the increased digitalisation of the economy, consumers’ and businesses’ appreciation of a safe, private online environment has never been more evident. Therefore, Avast’s purpose is increasingly relevant. The Group’s financial strength and technical excellence means we are well positioned to seize long-term opportunities. Our plans are to continue to invest in skills and innovation to meet our ambitions and further grow both our market share and scope. Learning from the 2020 crisis, I am confident that Avast’s vision, innovation, focus on the customer, and internal agility will be fundamental to our growth and development as we navigate the dynamic potential of the global cybersecurity and privacy market in the years to come. John Schwarz Chair of the Board © 2019 Friend Studio Ltd File name: Chairman_s_Statement_v51 Modification Date: 2 March 2021 10:12 am Chair’s letter continued Strategic report Governance Financial statements Avast plc annual report 2020 12 Markets & threat landscape The world is becoming more digital, more quickly In 2020, a number of trends in digitisation emerged which opened up avenues for growth for the technology industry as a whole Digitisation of consumer services With the closure of many essential and non-essential services, consumers were forced to use technology for everyday activities like food shopping, banking, and socialisation. Working from home Offices closed and employees who could work from home were equipped with hardware and software to enable secure remote working. Home schooling Education systems worldwide rushed to adopt learning platforms, apps, and online courses to serve families, who suddenly became responsible for teaching their children, as lockdown lengthened school closures. © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm Strategic report Governance Financial statements Avast plc annual report 2020 13 Enhancing the need for robust cybersecurity and data privacy Consumer and business concerns around online risks and the acceleration of digital trends from the COVID-19 environment underscore the need for robust cybersecurity and provide structural tailwinds. Data privacy has become a front-of-mind issue. A combination of resorting to more connected devices in the home, more online services, and the birth of ‘track and trace’ apps have raised awareness of privacy concerns. This is evidenced by consumer reaction to the updated privacy terms published by WhatsApp, which caused consumers to rush to download more private platforms such as Telegram and Signal. Security and privacy are areas in which there has been ever-increasing advancement by many of the largest technology providers. We see increased product competition from both major players and startups offering specific solutions to single issues in this sphere. Additionally, the bigger technology players are increasingly developing operating systems and products with built-in native security. There is a risk that users may either seek to have a range of offerings from different providers rather than trust in a single provider; equally, others may feel more comfortable with bundles from a single company. We continue to watch the trends as they develop to ensure that we are able to identify new opportunities to increase our relevance in a rapidly changing marketplace. © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm Cybercrime during a pandemic 2020 was defined by the COVID-19 virus and its impact on the entire world, including the cyberworld. Cybercriminals used the pandemic to their advantage, spreading scams and phishing attacks to exploit people’s weaknesses during trying times. 2020 was a year of fake news and scams. Cybercriminals adapted their attacks to take advantage of the crisis, because people were hungry for information and so were more susceptible to falling victim. And, given the lockdowns and other restrictions, people were spending more time online. Luis Corrons Security Evangelist Markets & threat landscape continued Strategic report Governance Financial statements Avast plc annual report 2020 14 Markets & threat landscape continued Fighting COVID-19 scams and attacks Cybercriminals exploited people’s fears around COVID-19 through a boom in spear phishing emails. Via our mobile threat intelligence platform, apklab.io, Avast has tracked and blocked more than 3,300 malicious apps to date, including mobile banking trojans and spyware posing as apps that offered COVID-19-related services. Taking advantage of people’s desire for new information and data about the threat of COVID-19, a common tactic saw mass circulation of emails with attachments, such as an Excel spreadsheet, seemingly offering statistics on regional or national infection rates. Upon downloading the files, recipients could trigger an executable file that enabled access to the victim’s computer. They also created malicious emails which appear to offer a chance to make money, find new work, or protect personal savings, but that in fact trick the recipient into entering personal details and even make cash payments for ‘access’ to services. In one week in May alone, 17,000 people are believed to have fallen victim to such scams. © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm 3,300 malicious apps were tracked and blocked by Avast via our mobile threat intelligence platform, apklab.io. These malicious apps included mobile banking trojans and spyware, posing as apps that offered Covid-19-related services 17,000 people are believed to have fallen victim to such scams in May Markets & threat landscape continued Strategic report Governance Financial statements Avast plc annual report 2020 15 Keeping hospitals and businesses safe At the start of 2020, Avast monitored an increase in ransomware attacks in the early months of the healthcare crisis. Multiple ransomware attacks targeted hospitals this year, despite threat actors publicly stating they would stop targeting hospitals. The pandemic forced many companies to equip employees to work from home. Employees took their work devices home which broadened the attack surface for companies, as a home network infrastructure usually isn’t as secure as an enterprise network. With millions of workers around the world using Remote Desktop Protocol (RDP) daily to remotely access their business network, Avast monitored a rise in attacks specifically designed to exploit RDP in order to execute widespread ransomware attacks. Avast’s proprietary technology, Remote Access Shield, blocks unwanted remote connections to prevent RDP exploits and brute-force attacks. Critical services protected from ransomware Avast was involved in helping hospitals and other businesses infected with ransomware; this included the Brno University Hospital in the Czech Republic, which is a critical testing centre for COVID-19 and was infected with the Defray777 ransomware strain. 20% growth in ransomware during March and April 2020 compared with January and February of the same year © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm Markets & threat landscape continued Strategic report Governance Financial statements Avast plc annual report 2020 16 Markets & threat landscape continued Seeking the truth in the age of disinformation Deepfakes are on the verge of becoming a significant threat to public debate and political discourse. What’s real and what’s not? Deepfakes escalated in 2020, including explicit deepfakes of TikTok users. In a talk at Avast’s CyberSec&AI Connected virtual conference, Professor Hany Farid of UC Berkeley, noted that technology is evolving quickly, making it easier for deepfakes to be created, and the rate at which deepfakes can spread is also increasing due to social media. The high quality of these tools makes it more likely that people will believe fakes, especially when it comes to political deepfakes. There are four kinds of deepfakes: 1 2 Non-consensual The most frequently found example is where one person’s likeness is integrated into a pornographic video and distributed online. Misinformation campaigns These are designed to deceive and fuel existing (mis)perceptions. Deepfakes will likely reach a quality next year where they can be actively used in disinformation campaigns. Conspiracy theories about the coronavirus, such as its alleged spread via 5G, could be re-emphasised via deepfake videos wrongly showing public figures as conspirators. Petr Somol AI Research Director 3 4 Tampering of legal evidence For example, this could be manufacturing police misconduct that never actually happened. Outright fraud This could also have criminal or national security implications. Phishing attacks Phishing is a lucrative way of stealing people’s money and personal information and is an evergreen technique used by cybercriminals that did not slow down in 2020. COVID-19-related phishing attacks surged in peak lockdown periods, including March, September, and October. While 7.9% of attacks used themes related to the virus in the peak periods, the impact on overall phishing numbers was small, with less than 1% of global phishing attacks using COVID-19 as a theme during the year. 7.9% of attacks used themes related to the virus in the peak periods © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm Markets & threat landscape continued Markets & threat landscape continued Strategic report Governance Financial statements Avast plc annual report 2020 17 Educating children to use apps safely Three years ago, Avast established its ‘Be Safe Online’ (BSO) safety education courses for children which it continues to deliver in the Czech Republic and Slovakia. Aimed at children, teenagers, teachers and parents, BSO educates them for free about online risks and how to handle them via an online platform. It has a reporting function that encourages students to report potential online threats they spot to Avast. In September 2020, one student, a 12-year old girl, reported to Avast a number of Android and iOS adware apps that were promoted via TikTok and Instagram profiles. The Avast team investigated and found a total of seven adware scam apps that were available on both the Google Play Store and the Apple App Store. The apps had been downloaded more than 2.4 million times and are reported to have earned their creators around $500,000. The Avast team found at least three profiles that were aggressively pushing the apps on TikTok, one of which has more than 300,000 followers. They also found an Instagram profile with more than 5,000 followers promoting one of the apps. Avast reported the apps to Apple and Google and the accounts to TikTok and Instagram to ensure that they were removed. Dangerous apps are becoming increasingly common Developers of adware increasingly used social media channels in 2020, like regular marketers would, to increase the number of app downloads. Users reported they were targeted with ads promoting adware apps on YouTube, and in September we saw adware spread via profiles on TikTok. The popularity of these social networks makes them an attractive advertising platform for cybercriminals to target a younger audience. Jakub Vávra Threat Analyst Mobile Adware Out of all Android threats Avast detected in 2020, adware dominated with a share of nearly 50% in Q1, over 27% in Q2 and 29% in Q3 within all malware. The HiddenAds family, a Trojan disguised as a safe and useful application but instead serving intrusive ads, stuck out in a special way, as it continuously found its way back into the Google Play Store over the course of the year. Avast also found scam apps on the Apple App Store. Avast alone found more than 50 scam apps on the Google Play and Apple App Stores in 2020. These were reported to Google’s and Apple’s security teams so they could be removed. Scam track and trace apps A major tool in the fight against COVID-19 by governments around the world has been the use of track and trace apps, built to help monitor and contact people who have been potentially in contact with an infected person. Avast researchers identified several malicious versions of these apps, infecting duped users with banker or spyware applications, putting people’s passwords, log-in credentials, and one-time authentication tokens at risk. © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm Strategic report Governance Financial statements Avast plc annual report 2020 18 Markets & threat landscape continued Looking ahead to 2021 Threat experts at Avast foresee more COVID-19 vaccination scams, more abuse of weak home office infrastructures and enterprise VPN infrastructure and providers, and more ransomware attacks in 2021. We also expect deepfake disinformation campaigns and other malicious campaigns generated by AI to gain more traction; specifically for the Android platform, we predict further adware attacks, fleeceware scams, and stalkerware usage. Health and home at risk In 2021, Avast threat intelligence experts anticipate further ransomware, data exfiltration and espionage attacks on healthcare and pharmaceutical sectors. As many employees will continue to work from home in 2021, there is a high likelihood that cyberattacks on enterprise VPN infrastructure and providers will continue, with the goal of infiltrating business networks with targeted attacks designed to spy on confidential information and steal intellectual property and customer data. We expect to see a continuation of ransomware attacks on healthcare institutions and the exfiltration of sensitive data, with attacks specifically targeting pharmaceutical companies and institutions to harvest sensitive customer information for blackmailing and industry espionage. Individuals, on the other hand, should be wary of scams, specifically around the topic of vaccinations. Jakub Kroustek Threat Labs Team Lead Fake offering: Users of this and other scam websites in 2020 complained they never received their COVID-19-related goods after purchasing them. © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm Markets & threat landscape continued Markets & threat landscape continued Strategic report Governance Financial statements Avast plc annual report 2020 19 Keeping ahead of predicted threat sources The cybersecurity sector has a crucial role to play in fighting threats like malicious artificial intelligence (AI), stalkerware, and deepfakes, and in raising public awareness of them. Deepfakes Deepfakes will play a bigger role in disinformation campaigns as their quality has greatly improved over the last few years, but up until now, they have only been used in isolated cases, or as proof of concept. How advanced the technology is today can be seen in examples of researchers demonstrating ’how to create deepfake videos within five minutes’. Adware On mobile devices, Avast experts anticipate the mobile threat landscape to be dominated by aggressive adware as it is an easy way for cybercriminals to make money. For most of 2020, adware was the strongest Android threat, with about one-third of all threats being adware. Avast experts predict that these will likely remain dominant in 2021. AI threats Datasets and knowledge bases for AI-based threats will grow further. Malicious campaigns, targeted attacks, and Advanced Persistent Threats generated using AI techniques are already viable, but to become effective, very extensive datasets and knowledge bases are needed and Avast AI experts anticipate these to be developed in 2021 and beyond. Stalkerware attacks Following the initial surge of stalkerware during the first wave of the pandemic, the number of global stalkerware attacks has remained high throughout 2020. Avast’s mobile threat intelligence experts expect this trend to continue. © 2019 Friend Studio Ltd File name: Markets_Threats_v45 Modification Date: 2 March 2021 8:23 pm In 2020, the cybersecurity industry and initiatives like Coalition Against Stalkerware have continued to raise awareness to try and prevent further growth in stalkerware attacks. We worry that, after the hype subsides, authors and operators will drive new campaigns. Unfortunately, there will always be a market for stalkerware. Android and iOS adware, on the other hand, is a low-risk, high-gain business model. Adware is usually very hard to detect as ads may not always run immediately after app installation, so a lot more effort needs to go into the field of detecting such unwanted apps. Ondrej David Mobile Malware Analysis Team Leader Strategic report Governance Financial statements Avast plc annual report 2020 20 Company strategy Our world is changing 2020 was a year of change for everyone and it has been a driver for Avast to look at the impact that some of the emerging tech-usage trends will have in the future, with an eye to emerging threat vectors. 4.2 hours a day is the average time spent on mobile devices, up 20% year on year2 275% growth in global time spent in business apps year-over-year in Q4 2020 alone2 82bn hours spent in shopping apps – 30% growth from 20192 45% increase in time spent in finance apps during 2020 worldwide outside of China2 59% of people on the planet were online1 Top 10 most downloaded social apps in 2020 are: TikTok, WhatsApp, Facebook, Instagram, Zoom, Messenger, Snapchat, Telegram, Google Meet, Netflix3 1 Global digital population as of October 2020, Statista, 27 January, 2021. 2 App Annie’s State of Mobile 2021 report: New Records Beckon, App Annie, 21 January, 2021. 3 Worldwide & US Download Leaders 2020, Appptopia, 7 January, 2021. © 2019 Friend Studio Ltd File name: CompanyXStrategy_v37 Modification Date: 2 March 2021 10:44 am Strategic report Governance Financial statements Avast plc annual report 2020 21 Company strategy continued Our platform for innovation Our vision for Avast Avast has a unique opportunity to make a real difference in the world. The world has changed dramatically since we first started out just over thirty years ago. Our passion to help people be safer online has not changed and our purpose to protect individuals, their security and privacy remains our North Star. Now, at the turn of the decade, we are opening a new chapter in the history of our Company as the world becomes more digital than ever before. It was Abraham Lincoln who once said, ‘the best way to predict our future is to create it’ 1 2 3 Identity and authentication People downloaded and used more apps in the last year than ever before. We see a growing need for people to have a simpler way to access all of their accounts across the web. We see this moving beyond using password managers and beyond giving personal details to big tech like Facebook, Apple and Google to a frictionless, secured online experience focused on ease of access rather than authentication. Simple, complete coverage In the next 18-24 months, people will be habituated to increasingly digital experiences and expect brands to deliver a seamless engagement from real-world to online. Supporting this trend is a shift towards protecting the individual rather than their devices or individual services – this will be enabled by subscriptions. Customers will appreciate less marketing and selling with a more intuitive, personalised experience that follows them around. Digital transformation to the cloud Continuing the megatrend of digital transformation, businesses forced rapidly to adapt to required home or out of office working in 2020, will be better positioned to take advantage of powerful cloud technologies. © 2019 Friend Studio Ltd File name: CompanyXStrategy_v37 Modification Date: 2 March 2021 10:44 am Strategic report Governance Financial statements Avast plc annual report 2020 22 Company strategy continued Our five step approach 1 2 Customers We are focusing on our customer experience to ensure that all our users continue to have a consistent and positive interaction with our brand. With the shift to online living and working in 2020, we have been carefully reviewing and refining how we interact with our customers, challenging ourselves to constantly find ways to improve the customer’s experience. We will reduce friction in the customer experience and seek to continually improve our relationship NPS scores over time and customer retention rates. Delivering best-in-class customer experience remains a priority into 2021 and beyond, as more people use online and social channels in particular to make purchasing decisions. SMB We see this as a growing area of our business. Avast already partners with specialist managed security distributors and providers to provide integrated endpoint and cloud solutions. We also work directly with small to mid-size businesses and carriers to provide bespoke security solutions that can be tailored for insights or subscriber purchase. Security and privacy became mission-critical for companies in 2020 and we will continue to invest in producing the best solutions for our partners and customers. © 2019 Friend Studio Ltd File name: CompanyXStrategy_v37 Modification Date: 2 March 2021 10:44 am 3 Innovation Cybersafety continues to be our core focus. Our technical ingenuity in the backend will be enhanced to give us unprecedented visibility into the ever- changing threat landscape. This will help us further understand, analyse and predict threats better and faster. In addition to our dynamic enhancement of our security capabilities, we will be increasing our depth of offerings in online privacy. We will maintain our strong innovation programme to enhance security engine efficacy and future-proof our technology. Additionally, this year, we introduced some key products as part of our roadmap for personalised privacy and identity protection including Avast BreachGuard and Avast Secure Browser for iOS, and we are committed to expanding our portfolio in the future. 4 Brand Who Avast is and what we stand for is our North Star, guiding all of our action. Our brand expresses our true purpose and values, and our purpose and values express our brand. We will continue efforts to bring to life through our brand how we live and breathe digital security and privacy in all that we do. We are building a culture that is flexible in today’s uncertain world, one that uses values, culture and expertise as its foundation. In 2020, we laid the foundations for deepening meaningful brand engagement including through M&A and Public Affairs strategies, highlighting our commitment to be a principled corporate citizen in an increasingly digital-first world. Additionally, we are committed to growing our employees through performance-focused development, identifying skills-based training requirements and ensuing satisfaction at work. We believe this will make us more resilient for the future. 5 Optimisation New issues in cybersecurity are a huge challenge, as our field evolves from protecting individual devices to protecting entire digital lives and digital experiences. To ensure we continue to deliver on our mission, we are reinventing ourselves to meet the changing needs of our customers. We have simplified our organisational structure, establishing multi-disciplinary, autonomous teams that are focused on specific areas and deliverables such as commercial and product, which are driven by performance and measured by clear metrics. In this way, we will build momentum for the future and enable growth across our consumer, SMB and carrier business through a focus on increasing organic installs and meeting sales targets. We are also focusing on managing tightly cyber, compliance and regulatory risk within our business. Strategic report Governance Financial statements Avast plc annual report 2020 23 Investment case In an era of heightened cyber risks, Avast’s strategy provides multiple avenues for long-term growth Long-term growth potential Favourable structural trends from the acceleration of the digital economy. Diversified revenue streams by customer, geography and product. Expansion into strong growth markets, privacy and identity. High level of recurring revenues, with strong cash generation. © 2019 Friend Studio Ltd File name: InvestmentXcase_v35 Modification Date: 2 March 2021 3:03 pm Strategic report Governance Financial statements Avast plc annual report 2020 24 Large, attractive, and expanding global market opportunity... Avast is well positioned to capitalise on global trends affecting the industry and consumer, opening multiple avenues for growth. The Company is driving a sustained increase in its number of customers and revenue per customer, achieved through intelligent monetisation and a focus on innovation. Consumer concerns around online risks and the acceleration of digital trends from the COVID-19 environment underscore the need for robust cybersecurity and provide structural tailwinds. $53.34 average revenue per desktop customer …with growth augmented by expansion into adjacencies such as privacy and IoT… Data privacy has become a top-of-mind issue for consumers, particularly in light of high-profile breaches, making this an attractive and high-growth segment in the medium to long term. Further, growth in smart home devices combined with high levels of vulnerability make IoT cyber protection the next must-have. Avast’s penetration into these segments with launches such as Avast BreachGuard (privacy) and Avast Omni (IoT) further broadens the product offering and cross-selling potential. …and an expanding geographical footprint Through its localisation programme, which drives customisation of Avast’s product and customer experience based on local needs and preferences, the Company is successfully deepening its presence in existing markets and increasing its penetration in underserved regions to diversify revenues worldwide. Leading global consumer platform underpinned by distinctive ability to market software to consumers Avast benefits from strong levels of brand awareness, driven by its freemium strategy, new product launches, and subsequent monetisation. Its brands are widely recognised and respected by consumers, as well as the influential online security community, which enables it to scale new launches more quickly. The Company has built a massive network of global users, into which is sold popular solutions. This differentiated platform model is underpinned by a highly effective and efficient direct sales approach. Differentiated cybersecurity technology supported by three decades of innovation Avast’s best marketing tool is the quality of its products, enabled by its cybersecurity talent and big data. An experienced team of engineers, data scientists, and threat researchers work around the clock to assess, protect, and respond to cyberattacks and new threats. The Company’s next- generation antivirus uses AI and employs machine-learning algorithms to continually improve performance. Consistent growth, high revenue visibility, strong profitability, and cash flow Avast has delivered consistent good growth at scale. Through the pandemic, the Company evidenced business resilience and financial strength. Avast’s subscription- based business model provides a high degree of cash and revenue visibility, while a highly cost-effective go-to-market approach results in superior profitability. Cash generation has been used to rapidly deleverage, and has been a driver for ongoing organic growth, complemented by disciplined M&A. © 2019 Friend Studio Ltd File name: InvestmentXcase_v35 Modification Date: 2 March 2021 3:03 pm Investment case continued Strategic report Governance Financial statements Avast plc annual report 2020 25 Business model Our purpose is clear and actionable We provide digital security and privacy to everyone by being people-powered and science-driven. Our markets and structure Headquartered in the Czech Republic, Avast has users in almost every country in the world. Our largest markets are the US and Canada, Brazil, France, the UK, Russia, and Germany. Avast offers products in two segments: consumer products, which generate direct and indirect revenue streams; and products for the corporate market. © 2019 Friend Studio Ltd File name: BusinessXModel_v42 Modification Date: 2 March 2021 11:43 am Strategic report Governance Financial statements Avast plc annual report 2020 26 Technology and innovation Powerful technology, together with the large collections of online data, drives our business. Avast’s security engine provides for industry-leading detection rates and scanning speeds while using minimal resources, and it contains components that run both locally on the device as well as in the Group’s bespoke internet cloud. This results in constant updates of new detections and continuous protection against the latest threats. What sets us apart People-centric security Avast protects users’ digital lives, not just their devices. As modern-day users consume digital services and content in more ways than ever, protection needs to keep up with their online behaviour. At Avast, we deliver an accessible, user-centric experience that secures comprehensively, no matter the type of connection or device. What is more, the wide and complex range of threats means that it’s critical to stay tuned to who needs to be protected and why. Avast’s over 435 million active users enable an immensely rich view of online behaviour and vulnerabilities, enhancing the quality of our threat detection and product development. Advanced next-generation security engine We have developed a next-generation security engine which uses a combination of behavioural detection, cloud-based machine-learning capabilities, and signature-based detection to drive best-in-class protection. Our proprietary scanning engine scans for previously unknown viruses and malware, as well as new variants of known viruses, and malware undetectable with normal definitions and virus signatures. To stay ahead of the cyberthreats of tomorrow, Avast continues to invest in ground-breaking technologies like AI, differential privacy, and post-quantum encryption. Sophisticated consumer monetisation platform Avast’s platform uses contextual messaging to convert, up-sell, and cross-sell to the user base, efficiently targeting users at the most appropriate moment to provide quality products. Marketing campaigns are shaped through predictive modelling to optimise price, maximise the effectiveness of messages, and predict churn. These levers significantly enhance the Company’s ability to continue growing the paying customer base and overall revenue per customer. The Group also benefits from indirect monetisation through third-party product distribution. Attractive financial profile Avast’s cost-effective, go-to-market approach results in superior profitability, while the subscription-based business model provides a high degree of cash and revenue visibility. This allows us to invest in innovation and technology, and seize growth opportunities. Through the COVID-19 pandemic, Avast’s business resilience and financial strength enabled it to continue to build its capabilities and skills for the long term, while remaining committed to its dividend payout to shareholders. Our resources and relationships Data security and privacy From research and policy to product portfolio expansion, Avast has taken important steps in 2020 to strengthen its commitment to privacy and data protection. In October, we welcomed a new Chief Privacy Officer to drive the Company’s privacy-by-design approach (see pages 33 and 39). Through partnership with the Future of Privacy Forum (see page 33), we promote transparency, user control, and the advancement of responsible data practices. Avast takes seriously the responsibility to balance user privacy with the necessary use of data for services: as a technology company, we are focused on further enhancing our accountability, security, and ability to ensure that we process as little data as necessary. We continually protect data no matter what form it takes, what technology is used to process it, who handles it, and in what stage of its life cycle it may be. People and culture Our investment in people begins within the organisation. Avast fosters innovation and inclusivity. We focus on creating a high- performance environment that empowers employees and boosts performance and productivity. The Company’s innovative approach comes from some of the most talented and experienced security engineers on the planet. We attract the best and the brightest, with 49% of our employees in R&D. © 2019 Friend Studio Ltd File name: BusinessXModel_v42 Modification Date: 2 March 2021 11:43 am Business model continued Strategic report Governance Financial statements Avast plc annual report 2020 27 Driving value for all stakeholders through ESG Avast recognises the importance of business sustainability to create value for all stakeholders. How the Company manages ESG factors is critical to driving sustainability and generating benefits for our employees, customers, communities, business partners, and shareholders. This year, Avast has initiated a programme to introduce new controls and processes that will build on our capability to consistently evaluate and report ESG-related risks and opportunities. For information on the actions that Avast is taking to develop ESG initiatives, see p76 Our people As cybersecurity pioneers, we take great pride in our innovation. We invest in our employees’ creativity by encouraging a healthy amount of autonomy and boundaries to be pushed. We recognise great performance in order to foster the kind of confidence and creativity that a business needs to grow and truly compete in its industry. Like many this year, Avast employees had to quickly transition to a work-from-home model in response to COVID-19. Recognising the opportunity for empowering its people to work where they are personally most productive, the Company has introduced a permanent Work from Anywhere option. See the People section, p64 Our shareholders Avast generates shareholder value through a combination of consistent growth, high profitability, and strong cash flow. See the CFO’s review, p42 Value created for our stakeholders We understand the importance of what we’re protecting. Our customers At any time, cybercrime can have serious consequences for its victims: individuals, families, and organisations alike. From online banking and shopping, to email and social media, Avast takes important steps to prevent cybercriminals getting hold of people’s accounts, data, and devices. During the pandemic, Avast worked harder than ever as the effects of new online behaviours increased the risk of data breaches, scams, and abusive practices. Our communities One of our fundamental values is to give back to the community. Avast has a history of delivering programmes that support the elderly, those living with disabilities, and the terminally ill, as well as furthering education on human rights. This year, we have made the commitment to base our social impact initiatives on the Pledge 1% movement (pledging 1% of our profit, time, and products) to share the Company’s success. We have also set up a brand-new foundation to help us effectively channel our giving and expertise to make the greatest difference to the greatest number. This involves focusing many of our social impact initiatives directly in alignment with the Company mission: digital safety and privacy. See the Social responsibility and sustainability section, p75 © 2019 Friend Studio Ltd File name: BusinessXModel_v42 Modification Date: 2 March 2021 11:43 am Business model continued Strategic report Governance Financial statements Avast plc annual report 2020 28 How our business is presented The Group presents its business under three main units: Consumer Direct, Consumer Indirect and SMB. Consumer Direct has been further divided into Desktop and Mobile. Presentation of the Group’s historical FY 2020 operating and financial performance adheres to this format. For comparison, the Group’s billings and revenue performance in the revised presentation format are disclosed later in this document for the year ended 31 December 2020 and the comparative reporting periods for FY 2019 and FY 2018. The reporting change has no impact on the overall Group result. There is no change to the operating segments, which are reported as Consumer and SMB. Reporting change For the period beginning FY 2021, Avast has adjusted billings and revenue reporting within existing segments to reflect the de facto convergence in desktop and mobile platform use by consumers as reflected in the rise of Avast’s multi-device subscriptions. Consequently, the direct- to-consumer mobile subscription business will be reported together with the desktop business within Consumer Direct. The carrier channel is renamed Partner, as we emphasise the relationship aspect of this business and seek to both develop the product proposition and expand the scope of future partnership opportunities. Partner will sit within Consumer Indirect alongside the Group’s other B2B2C businesses: Avast Secure Browser and Chrome distribution. To retain an equivalent level of information disclosure, the revenue line for Partner will also be reported. Consumer Direct Customers pay us directly for a product. What we do Our products secure not just the PC and mobile devices of users, but also their data, networks, homes, and families. The rapid growth of connected devices has created new security and privacy threats, which we have developed products to address. We offer security software under the Avast and AVG brands, in the form of both free and paid-for products. Privacy has become one of the biggest social challenges of our time, and Avast’s growing privacy portfolio includes Avast SecureLine VPN, Avast AntiTrack and Avast BreachGuard solutions, which prevent online information gathering and monitor for breaches. We also provide popular applications that enhance performance, such as CCleaner. How we do it Avast’s antivirus solutions use AI and machine learning to conduct behavioural analysis and improve detection abilities. With both local and cloud-based deep learning capabilities, Avast’s security engine is powered by a continuous data loop of inputs from our users, who act as a geographically dispersed global threat detection system. How we make money Avast monetises its user base by up-selling users of its free antivirus software to paid antivirus software with advanced features, and cross-selling adjacent, non-antivirus paid products such as privacy enhancement and PC optimisation tools. Our strengths Avast runs a highly efficient, low-cost distribution platform that directly engages hundreds of millions of users. Sales are primarily subscription-based, enhancing the predictability and visibility of revenue streams. Our focus on R&D means our malware detection capability is among best in class. It also means that we are well positioned to solve the cybersecurity problems of tomorrow. © 2019 Friend Studio Ltd File name: BusinessXModel_v42 Modification Date: 2 March 2021 11:43 am Business model continued Strategic report Governance Financial statements Avast plc annual report 2020 29 Consumer Indirect Partners pay us for distribution and access to our user base. What we do Avast leverages its user base to partner with third-party vendors. Products and services include secure web browsing, distribution of third-party software, an e-commerce tool, and mobile advertising. Avast also partners with organisations, Internet Service Providers (ISPs), and mobile carriers to offer IoT protection, on-device security and parenting solutions. How we do it Avast Secure Browser helps users to stay safe online and achieve better control of their personal online footprint. Through our partnership with Google, we distribute the Chrome browser to our user base. How we make money Avast Secure Browser typically earns a share of ad revenue based on user search. Google Chrome is distributed into Avast’s user base in exchange for a fee. We co-brand or white label our security and privacy solutions for carriers and ISPs. In return for delivering traffic to e-commerce partners, Avast earns revenues reflecting value received from sales and user acquisition. Advertisers pay Avast for innovative ad formats served up to its mobile users. Our strengths As with our other revenue streams, the key is our broad reach, based on a massive global user base that trusts Avast to keep them secure. Access to this user base is an attractive proposition for our carefully vetted partners. SMB Business customers either pay us directly for a product, or buy from one of our partners. What we do We offer endpoint and network security solutions to protect SMBs, from the single office to global companies, against the most advanced threats. How we do it We have moved towards a unified, cloud-based solution for our security services. This means we can meet increasingly complex security demands, in a cost-effective way. Avast Business cybersecurity services are easily managed and delivered through our cloud-based security platform, Avast Business CloudCare. We work with different types of partners, including licence resellers, distributors, and value-added resellers (VARs). How we make money We sell to businesses directly online, and via our channel partner networks. Business customers either pay us directly for a product, or buy from one of our partners. There is a growth opportunity inherent in the large-scale transition of network security from on-premise equipment to more convenient and flexible Software-as-a-Service (SaaS), cloud-based solutions. Our strengths Our antivirus endpoint platform is well known and respected in the security industry. By introducing tailored applications and our unified endpoint and network security solution, we can offer enhanced security and target larger firms, increasing our total addressable market. © 2019 Friend Studio Ltd File name: BusinessXModel_v42 Modification Date: 2 March 2021 11:43 am Business model continued Strategic report Governance Financial statements Avast plc annual report 2020 30 CEO’s review Securing and empowering people online in a locked-down world 2020 was a year in which we demonstrated business resilience during the unprecedented COVID-19 pandemic. Ensuring the safety of our colleagues while continuing to serve our customers and communities was uniquely challenging. Our mission to keep people safe and private online became more vital than ever as cybercriminals looked to exploit the chaos and confusion generated by COVID-19. Despite the continuing uncertainty ahead, Avast remains well positioned. The business is robust, strongly cash-generative, and is already pivoting to harness valuable growth opportunities as they emerge. In my first full year as CEO of Avast, I feel immensely proud of the way our business responded to the many challenges of 2020, maintaining service to our customers while undertaking significant voluntary relief efforts and making financial contributions to help beat COVID-19. Ondrej Vlcek Chief Executive Officer © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v52 Modification Date: 2 March 2021 8:30 pm Strategic report Governance Financial statements Avast plc annual report 2020 31 2020 milestones Avast continues to be one of the largest cybersecurity businesses in the world, with over 435 million active users in 200 markets. In 2020, we grew average revenue per desktop customer by 4.5% and average number of products per desktop customer by 2.8%. Consumer Direct In the US we launched Avast BreachGuard, which gives people control over their personal data that resides on the internet and who has access to it. Avast BreachGuard detects and notifies users of data breaches affecting their credentials, assists in the removal of personal information from unwanted third-party databases, and analyses online accounts for privacy vulnerabilities. 1.5 average products per desktop customer $53.34 average revenue per desktop customer 13.62m paying desktop customers © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v52 Modification Date: 2 March 2021 8:30 pm Consumer Indirect With the launch of an iOS version of our free Avast Secure Browser (ASB), we achieved our ambition to become a multi-platform browser, which already includes support for Windows, Mac and Android. ASB’s ongoing focus is to converge security and privacy services to enable a safer, more private and faster browsing experience across devices and operating systems. Our carrier partner team launched Avast Smart Life for 5G, our first smart home security solution for 5G, delivered as a virtualised network function (VNF). Avast Smart Life for 5G enables operators to protect their subscribers’ smart home and all connected devices at the virtual router level, based on Avast’s AI-driven threat detection technology. The solution scans traffic and immediately blocks security risks on every customer device, both inside the home and on the go. We have also partnered with Scottish Premier League football club, Hibernian FC, to provide supporters with offers on our flagship security products. This allows fans and their families to get protection from cyberthreats as they use the internet to stream football matches during lockdowns and ongoing pandemic restrictions. CEO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 32 CEO’s review continued Avast Business With many small businesses forced by the pandemic to adopt remote working for the first time, securing their network has become mission-critical. Meeting the needs of customers, we launched our new Avast Business Secure Private Access (SPA) product, providing zero trust network access to medium- and large-sized companies via managed security service providers (MSSPs) and managed service providers (MSPs). The new Avast Business Small Office Protection was also released in 2020, which provides robust, real-time cyber protection for small businesses and entrepreneurs that is easy to install and cost-effective. We also partnered with BCN Telecom to protect its customers with Avast Business Secure Internet Gateway (SIG) full-protocol managed firewall services. BCN serves thousands of business customers throughout North America with enterprise-wide communication technology solutions. We have incorporated the Ivanti Security Controls Advanced SDK into Avast Business CloudCare to offer patch management functionality to Managed Solution Providers to automate and simplify the patch remediation process. Industry engagement Avast joined Intel and Borsetta, an AI software-defined secure computing hardware services company, in founding the Private AI Collaborative Research Institute. The collaboration’s sole purpose will be to advance and develop technologies that strengthen privacy and trust for decentralised AI. It will encourage and support fundamental research which will result in solving real-world challenges for society, and will be dedicated to taking an ethical approach to AI development. For more than a decade, Avast has partnered with the Shadowserver Foundation, a non-profit security organisation working behind the scenes to make the internet more secure for everyone. In September, we answered their call for financial support, with a $500,000 donation to continue their necessary work. The partnership is based on the belief that combining forces is paramount in fighting against bad actors, cybergangs, and nation-states from spreading their malware. $500,000 donation to Shadowserver to make the internet more secure for everyone To support the mission of non-profit browser Tor – that internet users should have private access to an uncensored web – Avast joined the Tor Project Membership Program as a Founding Member. This has been created by the Tor Project, the nonprofit developers of the Tor network and Tor Browser, to allow non-profit and private sector organisations supportive of Tor’s mission to financially support Tor’s work. This support will increase Tor’s ability to grow their development processes to allow for more innovation and solve issues in existing products at a faster rate. Avast is also proud to have joined the Internet Watch Foundation (IWF) as a supporter of the valuable work they do globally to take down child abuse content and helping raise awareness with parents and children at risk from exploitation online. In this increasingly digitally enabled world, the IWF identified that young girls aged 11–13 were most targeted by abusers to develop and share their own explicit content during the pandemic. Extending our support to this initiative further supports our goal to keep everyone safe online. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v52 Modification Date: 2 March 2021 8:30 pm CEO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 33 Our commitment to privacy Consumer awareness of privacy issues has significantly heightened as people downloaded track and trace apps to help manage the spread of COVID-19, handing over more detailed and sensitive data than ever before to the government. 435m users worldwide are our priority when designing best practice in privacy Additionally, we have taken proactive measures which include partnering with industry-leading privacy advisers to ensure that we are both learning from and contributing to best practices in privacy across the tech industry. This includes working with TrustArc, through which we have earned the TRUSTe privacy certification for our Privacy Policy. We have also worked closely with OneTrust, the Future of Privacy Forum, and the Tor Project – whose co-founder Roger Dingledine spoke at our CyberSec&AI Connected event on the topic of privacy. Through our partnership with the Future of Privacy Forum (FPF), we engage with academics, advocacy groups, and industry players who are serious about promoting a privacy-centric approach. Our Chief Privacy Officer represents Avast on the FPF advisory board, which provides input in support of transparency, user control, and the advancement of responsible data practices. Avast looks at privacy from the European perspective, which is that privacy is a fundamental human right. Our products currently give people the means to make decisions on what they share online and help them keep control of their personal data. We see great potential in the growing understanding among wider audiences that being cyber safe increasingly means privacy as well as security. We invested heavily in privacy in 2020. We made the promise when we closed Jumpshot that we would reaffirm our existing commitment to keep our users’ data safe and private. As such, we welcomed on board Shane McNamee as our Chief Privacy Officer, a new role which is in addition to and complements the existing Data Protection Officer, Jakub Hruska, and Chief Data Officer, Miroslav Umlauf. We launched a new privacy microsite (www.avast.com/privacy) with the goal of providing the public with further information on Avast’s privacy values and how they are applied in the work we do. We’re also in the process of redesigning our data governance approach to ensure that we have an even clearer picture of how we use data, and to further enhance our accountability, security, and ability to ensure that we process as little data as necessary. On an ongoing basis, we will review and redesign any policies, information, or resources that are aimed at providing users with this transparency, to ensure that they remain up to date, clear, and honest, and in a format that is concise, easily accessible, easy to understand, and presented in clear and plain language. We’ve also reached out to policymakers in the EU and US, offering our support and experience on cybersecurity, privacy, and data protection. We’ve had discussions about privacy and security frameworks, international data transfers, encryption, and the responsible regulation of emerging technologies such as AI – as well as how these technologies can be utilised to enhance privacy and security – with representatives from the European Commission, the European Parliament, and the US government. We’ve also promoted, and will continue to promote, the development of robust and consistent privacy law across the world, and tackled issues like surveillance and systemic privacy risks. These actions are part of enhancing our privacy-by-design approach focused on our core mission of making the online world a better, safer place. See our approach to privacy, p39 © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v52 Modification Date: 2 March 2021 8:30 pm CEO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 34 CEO’s review continued The future of the workplace When we shut our offices down back in March 2020, few of us imagined that we wouldn’t be returning before the year’s end. It gave us the opportunity to consider what could we do differently to offer colleagues more agility, greater flexibility, and more options to choose from when it comes to when, where, and how they work in the future, however unpredictable it may be. Although we managed to switch to a fully remote mode of working very quickly, it hasn’t always been easy. We focused on supplying necessary equipment to all new home workers, and providing training courses on remote team management. We also provided mental health support, and dedicated help for families juggling full-time jobs with critical caring responsibilities. Even with the most up-to-date tools for online meetings, it was clear all of us were missing live interactions with our colleagues, and more broadly, our friends and families. This provided us with a unique opportunity to rethink our overall approach to how we work. Our ambition is to provide the best possible experience for our people, striving to make Avast the best place to work. The result is a complete overhaul of how we will work at Avast, starting in 2021. Introducing the new Avast Whole Life Flexibility framework The increasing convergence of our online and offline lives has shown us the need for simpler, more agile, working arrangements. Our colleagues are dedicated and deserve our trust – they have repeatedly proven that they do the right thing by our Company. This guided our decision to allow them to integrate work into their lifestyle in a way that meets their whole-life needs and aspirations. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v52 Modification Date: 2 March 2021 8:30 pm Setting the right context will be crucial to make it work – we’re committed to working with our people to ensure that there are no unwanted side effects, as we’re confident it will lead to a more productive environment and ultimately, happier customers. It is our belief that by providing flexibility across all areas of our team members’ lives, they will lead more fulfilling lives, provide better service to our customers, and improve business results. Whole Life Flexibility means empowering our people to choose where, when and how they work. We will measure the contribution of all our people based on the achievements and outcomes they deliver against a set of agreed goals rather than the hours they work or the location in which they are accomplished. CEO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 35 Our new Whole Life Flexibility framework rolls out early in 2021 and is an approach designed to allow people to bring their best selves to work and grow their careers in harmony with their personal lives, ambitions, and dreams – and I can’t wait to see it in action. Ondrej Vlcek Chief Executive Officer Our new framework There are four kinds of deep fakes: Unlimited Personal Time Off (PTO) This is for employees to relax or make personal arrangements while still being paid, with manager approval. This concept goes beyond the established leave policies defined by local laws and regulations. Choosing between Work from Office (WFO) and Work from Anywhere (WFA) This is available to all Avastians. This flexible arrangement supports colleagues who anticipate spending the majority of their time either in the office or away from the office, and receiving the appropriate equipment and support for their choice. Working from Another Country This is now an option we enable, although at present, due to complex tax, immigration and labour code implications there are still some limitations to our long-term vision. A Stake in the Company This new scheme begins in 2021 and provides eligible employees with a one-time Restricted Stock Unit (RSU) grant, equivalent in value to 40% of their annual base salary and capped at 10,000 units. I strongly believe it is the right thing to do for us; at its core, this is all about aligning the interests of all our stakeholders and ensuring that everyone has ’skin in the game’. This new program is incremental to our long-term incentive program (LTIP) RSU grants and cash bonuses. The future of the workplace When it comes to employee experience, Avast has never shied away from pioneering new ways of working. This year’s health pandemic has uprooted our long-held beliefs and forced us to rethink the entire proposition. We realised that what matters more is whether people believe in what they do, are surrounded by great colleagues, and have the freedom to unleash their passions and potential. Additionally, it’s our customers who will benefit the most. The 5A Principle Our new working arrangements provide a lot of freedom but these, understandably, need to be accompanied by personal responsibility to make it work. We have created a new ’5A’ principle that talks about how we all work together, cementing elements that were already in our culture pre-COVID-19: Adult relationships based on mutual trust, transparency and maturity. Accountability. Achievement-focused. Autonomy. Asynchronous working. © 2019 Friend Studio Ltd File name: CEOsXStrategicXReview_v52 Modification Date: 2 March 2021 8:30 pm CEO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 36 Our technology Committed to excellence in innovation The difficulty of defending half a billion users from cyberthreats has dramatically increased in recent years. But, as the threats have evolved in complexity and in volume, our expert teams at Avast have responded. Intellectual diversity, both within our organisation and from our cooperation and partnership with world-leading academic institutions, is critical to maintaining our ability to adapt to the ever-changing threat landscape and strengthening Avast’s reputation as an innovation powerhouse. Our 2021 technology aspirations and objectives focus on: Security We are continuing to build on our threat defence capabilities. In addition to developing faster scanning capabilities, we are also extending APKLab.io., our very successful open platform for mobile threats. Privacy We are investing in research in privacy threat identification and management. We plan major research projects in differential privacy in 2021 and will also explore the concept of identity, in particular the expansion of user privacy beyond individual services and devices to develop a holistic approach for the future. AI Having been a founding partner of the Intel Private AI Consortium, through this initiative we will explore research concepts such as federated learning and private AI. © 2019 Friend Studio Ltd File name: Technology_v51 Modification Date: 2 March 2021 8:38 pm Committed to excellence in innovation Strategic report Governance Financial statements Avast plc annual report 2020 37 Our platform for innovation Rising threats Number of new malware samples processed in Avast’s virus lab by year: 192m 2017 203m 2018 (+6% YoY) 379m 2019 (+86% YoY) 503m 2020 (+32% YoY) Our global user base provides immense quantities of real-time security data shared by hundreds of millions of devices across the globe, allowing us to detect and defend against varied and highly sophisticated cyberattacks. A large operational cloud infrastructure provides our world-class threat labs operation with the scale, speed, and accuracy to quickly discover, classify, and protect against any new threat. A robust protection engine with six layers of defence ensures that our users remain protected at all times. AI and machine learning technologies operating at scale process the security data from our user base to eliminate known threats and identify unknown threats. Sweet success Avast’s ‘honeypot email networks’ attracted and intercepted: 42m malicious emails 313,000 unique malicious attachments A dedicated team of data scientists, threat researchers, and machine learning experts focused on delivering market-leading security for homes and businesses. © 2019 Friend Studio Ltd File name: Technology_v51 Modification Date: 2 March 2021 8:38 pm Our technology continued Strategic report Governance Financial statements Avast plc annual report 2020 38 Our global scale and leading technology ensures that we stay one step ahead of the competition A global network A look inside our security engine 11,759 servers serving as a global threat detection network 56.4 petabytes of data transmitted monthly 302 Gbps peak download speed 463,000 simultaneous VPN connections 3.97 trillion URLs analysed per year Machine learning Cloud Machine learning and cloud 1 2 3 Web Shield embedded in our security products, analyses URLs to protect against phishing, malware, and other web-based threats. Static Scanner uses algorithms and a host of other techniques to check all executable code to classify files as benign or malicious. Emulators replicate the real PC environment to test for any previously unknown zero-day malware or new variants of known exploits and stop malicious execution. 4 5 6 DeepScreen uses machine learning within a safe sandbox clone of the operating system to identify any similarities with known malware families. CyberCapture sends unusual and potentially harmful files to a cloud-based clean room for analysis with advanced algorithms. Over 20,000 such files are processed every day. Behaviour Shield identifies any unusual behaviour or suspicious activities on a device and prevents them doing any harm. This shield was instrumental in stopping WannaCry in 2017. © 2019 Friend Studio Ltd File name: Technology_v51 Modification Date: 2 March 2021 8:38 pm Our technology continued Strategic report Governance Financial statements Avast plc annual report 2020 39 Putting privacy values into practice Avast considers privacy from the European perspective: privacy is a fundamental human right. Online interactions which involve people’s personal data aren’t just economic transactions, but instead are inextricably linked to digital identity or personality, and the freedom of the individual to have control (self-determination) over their own (digital) life and identity. This is a key component of Avast’s approach to privacy, and one of the many reasons why the user is at the centre of Avast’s whole business philosophy. One of the key ingredients to respecting users’ fundamental rights and ensuring that they remain aware and in control of how their personal data is used is to ensure that the processing of that data is done in a lawful, fair, and transparent manner. This transparent approach should permeate everything that’s done with personal data. It’s particularly important for ensuring we take a data-protection-by-design-and-by- default approach. Privacy rule of THUMB We have defined our ’privacy rule of THUMB’ as follows: T H U M B Transparency If we need to collect personal data (and we try to avoid it where we can), we’ll explain clearly why and how it will be used. High security Any data we do need to process will be protected by the highest security standards. We’ll also give you the tools to keep your files, data, and browsing habits secure anywhere. User control We want to put you in control of how your data is used, via easy-to-use tools. This goes for your interactions with Avast, as well as with anyone else in the digital world. Minimisation We’ll only use the minimum amount of data needed for a specific purpose. We won’t collect or store your personal data ’just in case’ it comes in handy later. Benefit When we do collect data, we will use it to benefit you by making your online experience better, such as by improving our online threat detection and prevention capabilities. By focusing on each of these areas when we design a new product, or evaluate a new internal procedure, we can ensure that our privacy values are reflected in our work. Asking these questions regularly and making choices based on how they might impact user privacy is a key way we can demonstrate what a belief in privacy as a fundamental right or the importance of user control looks like in practice. We have worked hard in 2020 to define how to embed our fundamental privacy values into our business. We work to both respect these rights in our own work, as well as giving users the tools to vindicate their rights in practice in the online world. These are rights, not privileges. Shane McNamee Chief Privacy Officer © 2019 Friend Studio Ltd File name: Technology_v51 Modification Date: 2 March 2021 8:38 pm Our technology continuedOur technology continued Strategic report Governance Financial statements Avast plc annual report 2020 40 Advancing research in artificial intelligence and machine learning From the pandemic to elections, recent global events have thrust the issues of AI, privacy, and cybersecurity firmly to the front of the news and political agenda. The topics of privacy, AI, and security are increasingly becoming a key part of mainstream news, business, and politics. As the reach of technology expands further into people’s daily lives, and becomes more critical to the functioning of government and business, issues that were once primarily the topic of discussion among academics and professionals have shifted to the front page of newspapers and the top stories on the evening news. AI is the biggest opportunity and the biggest threat for cybersecurity. The dangerous part is the data that algorithms predict. The whole segment of tech that makes our lives more convenient can also lock us into online echo chambers that make us easier to manipulate. It’s dangerous to be insulated within our own world of ideas and preferences calibrated to suit us. Those predictions seem so right and can be very convenient, but they can also cut us off from opposing ideas and hurt our ability to think critically. In cybersecurity, AI doesn’t show us what we want to see. Rather, it seeks out and finds vulnerabilities and ways to make our systems stronger. We can use AI to make us better, not just to suit our preferences and make life more convenient. © 2019 Friend Studio Ltd File name: Technology_v51 Modification Date: 2 March 2021 8:38 pm We are building and testing new training networks and predictors to help us explore and run different attack scenarios to improve threat detection and mitigation. Michal Pechoucek Chief Technology Officer Our technology continued Strategic report Governance Financial statements Avast plc annual report 2020 41 Tackling bias in AI The topic of bias in AI was the subject at the second CyberSec&AI Connected conference, organised with our partner Czech Technical University in Prague (CTU), which took place in October 2020. With COVID-19 restricting global travel, the event was redesigned as a virtual event, with the overall theme of exploring and debating AI application for enhanced privacy and security. During conference panel discussions, there was an agreement that complexity arises in this area as bias isn’t a simple parameter. There are two main categories – societal and technological – and they feed into social mores. Organisations, governments and people need to be cautious of algorithmic injustice which can lead to violations of human dignity such as predictive policing or airport security random checks on people. The conference debates also examined how technological biases are simpler to fix, for example, by using a wider dataset for a category to introduce more diversity. Algorithms can mask racist and sexist behaviour unintentionally and can exclude certain groups without any obvious effect, an unintended consequence. The conference speakers and panellists concluded that there is a need to clearly define training and test sets to provide the most appropriate context for ethical decision-making. AI is going to be increasingly involved in our daily lives. That means whoever is behind it will have great influence on our lives, whether we want it or not. Fabrizio Biondi AI Scientist © 2019 Friend Studio Ltd File name: Technology_v51 Modification Date: 2 March 2021 8:38 pm Our technology continuedOur technology continued Strategic report Governance Financial statements Avast plc annual report 2020 42 CFO’s review Another year of strong topline organic growth, profitability and cash flow generation Group overview The Group’s adjusted billings increased by $11.0m to $922.0m in the year ended 31 December 2020, mostly driven by the core Consumer Direct business. This represented a 1.2% increase at actual rates and organic growth1 of 7.1%. Subscription billings represented 87.8% of the Group’s total adjusted billings in FY 2020 (87.2% in FY 2019, excluding Jumpshot). Avast continues to build on its track record of delivering results and creating value. Phil Marshall Chief Financial Officer © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm Strategic report Governance Financial statements Avast plc annual report 2020 43 The table below presents the Group’s adjusted billings and adjusted revenue for the periods indicated: The Group’s adjusted revenue increased by $19.8m to $892.9m in the year ended 31 December 2020, which represents a 2.3% increase at actual rates and organic growth of 7.9%. Adjusted revenue included $413.6m from the release of prior-period deferred revenue. The deferred revenue balance at the end of the period was $496.5m, comprising $458.8m that will be recognised within 12 months of the balance sheet date. This compares with $466.3m, of which $412.0m was to be recognised within 12 months, at the same time last year, excluding Jumpshot’s deferred revenue. The average subscription length in the year ended 31 December 2020 was 14 months, flat versus FY 2019. The Group’s billings increased by $11.0m to $922.0m in the year ended 31 December 2020, which represents a 1.2% increase. The Group’s reported revenue increased by $21.7m to $892.9m, which represents a 2.5% increase. It should be noted that there is no difference between the Group’s reported revenue and Group’s adjusted revenue or between the Group’s billings and Group’s adjusted billings in FY 2020 as the non-cash historical adjustments arising from the AVG acquisition have come to an end (for the reconciliations of comparatives, please refer to ‘Presentation of Results and Definitions’). ($’m) Adjusted billings Consumer Acquisitions Direct (excl. acquisitions) Discontinued Business4 Indirect (excl. Discontinued Business) SMB Disposal Managed Workplace5 SMB excl. disposal Adjusted billings excl. acquisitions, disposals, and Discontinued Business Adjusted revenue Consumer Acquisitions Direct (excl. acquisitions) Discontinued Business Indirect (excl. Discontinued Business) Profitability was driven by the Group’s scale and operating leverage. Adjusted EBITDA increased 2.6% to $495.5m, 3.9% excluding FX, resulting in adjusted EBITDA margin2 of 55.5%. This is in line with full-year guidance of broadly flat. SMB Disposal Managed Workplace SMB excl. disposal Adjusted revenue excl. acquisitions, disposals, and Discontinued Business The reported operating profit decreased by $(9.2)m to $335.4m. The decrease was driven by higher costs of $(30.9)m partially offset by higher reported revenue of $21.7m. Increase in costs was driven by increase in exceptional items of $(48.1)m, including Jumpshot wind-down costs of $(25.4)m and donations on research and development initiatives related to COVID-19 of $(25)m, partially offset by lower amortisation of acquisition intangibles of $22.6m and lower share-based payment costs of $2.2m. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm FY 2020 FY 2019 Change % 922.0 873.6 0.1 911.0 865.0 0.0 801.4 745.6 1.2 1.0 n/a 7.5 Change % (excluding FX)3 1.8 1.6 n/a 8.1 4.2 67.9 48.4 0.0 48.4 917.7 892.9 844.8 0.2 48.9 70.6 45.9 1.0 45.0 861.1 873.1 823.9 0.0 771.7 708.3 5.1 67.9 48.0 0.0 48.0 887.6 45.0 70.6 49.2 1.0 48.3 827.2 (91.4) (3.8) (91.4) (3.6) 5.4 n/a 7.7 6.6 2.3 2.5 n/a 8.9 5.3 n/a 7.6 7.1 2.8 3.2 n/a 9.6 (88.6) (88.6) (3.8) (2.4) n/a (0.5) 7.3 (3.7) (2.2) n/a (0.3) 7.9 CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 44 CFO’s review continued Business unit performance Consumer Direct Desktop Adjusted billings $m Adjusted revenue $m 668.3 727.4 699.7 632.9 2019 2020 2019 2020 Growth Growth Actual rates Actual rates +8.8% +10.6% Organic Organic +9.5% +11.3% Number of customers m +7.9% Average products per customer Average revenue per customer $ +2.8% +4.5% 12.62 13.62 1.45 1.50 51.02 53.34 2019 2020 2019 2020 2019 2020 Trading performance The core Consumer Desktop business continued to perform strongly. Adjusted billings of $727.4m were up 9.5% on an organic basis and up 8.8% at actual rates. Adjusted revenue of $699.7m grew 11.3% on an organic basis, with actual rates up 10.6%, ahead of guidance of high single-digit organic revenue growth. End of Period Customers6 increased strongly by 7.9%. Average Products per Customer7 and Average Revenue Per Customer8 tracked in line with growth guidance of low single-digit and mid-single-digit respectively. As anticipated, after a spike in installations and transactions in the first half of FY 2020 owing to the initial lockdown, trends normalised to pre-COVID levels early in the second half of the year. The temporary uplift and sequentially lower H2 growth in product demand was most evident in the Company’s antivirus solutions. In the latter part of the year, there was downward pressure on billings as the Group intentionally started transitioning away from heavily discounted multi-year subscriptions to single-year subscriptions in order to drive an increase in customer lifetime value. Quality of installed users In response to sustained lower value returns from users generated via PPI, the business is focused on consolidating its user base around higher quality organically installed users, effecting a reduction in the total number of desktop users. The Group has deepened its investment and activity to further improve direct customer acquisition, driving traffic flow to Avast’s customer site. Promotional strategies and search engine optimisation have increased discoverability, while further refinement of the online store experience through improved navigation and product recommendation has helped monetisation. We also integrated an account creation step in the checkout flow, allowing personal and payment information to be pre-populated for subsequent purchase, reducing friction. Customer retention strategies Avast also maintained its focus on customer retention strategies. The continued expansion of the product portfolio has offered more choice, facilitating an increase in multi-product customers with associated higher levels of retention. Up-sell and cross-sell performance has been supported by higher levels of intelligent contextual targeting to reach the most relevant customers and create a more seamless experience. During the year, implementation started on a more comprehensive programme of customer lifecycle communications, including subscription renewal messaging to reinforce customer loyalty and retain the most profitable renewal business. As part of Avast’s customer-centric approach, a new Customer Success team was launched during the year to provide higher-touch guidance to customers. Through in-product communications and other digital channels, the team educates on product value to maximise product use and help drive retention. This has been complemented by initiatives to further raise levels of customer responsiveness and embed Net Promoter Scores in more customer touchpoints. Localisation Through our localisation programme, we have continued to promote and scale the business in markets identified as priorities. We’ve sharpened our focus with more region- dedicated resource. To deepen relationships with local partners and influencers, we’ve expanded the Company’s on-the-ground presence, now locally active in key target markets, including Mexico, Russia, Japan, and South East Asia. Overall, there has been an aggregate 16% increase in customer numbers in 2020 from target underpenetrated markets. In both developed and developing markets, a step up in in-country content marketing campaigns has been used to educate, increase share of voice, and strengthen local brand awareness. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 45 Product development Avast enhanced and expanded its product set to combat increased threats arising from a surge in pandemic-related attacks and new ways of working. The Company added Ransomware Shield, previously only available on Avast Premium Security, to its popular Avast Free Antivirus, and introduced the brand new Remote Access Shield to Avast Premium Security to mitigate remote desktop vulnerabilities. Additional augmented features for Avast Free Antivirus include USB drive protection and botnet protection. Avast continued to invest significantly in privacy at a time when consumer awareness of privacy issues markedly increased as track and trace apps were downloaded to manage the spread of COVID-19. Further to the launch of AntiTrack in 2019 and as part of our roadmap for personalised privacy and identity protection, Avast released BreachGuard in the US in the second quarter with rollout into Europe and expansion onto the Mac platform during the second half. Consumer Direct Mobile Adjusted billings $m Adjusted revenue $m 77.3 74.1 75.4 72.1 2019 2020 2019 2020 Growth Growth Actual rates Actual rates -4.1% Organic -3.8% -4.4% Organic -4.4% In the Consumer Direct Mobile business, adjusted billings of $74.1m were down 3.8% on an organic basis, and down 4.1% at actual rates. Adjusted revenue of $72.1m was down 4.4% on an organic basis, with actual rates also down 4.4%, ahead of the guidance of high single-digit organic revenue decline. There has been continued good growth in the mobile direct-to-consumer subscription business, despite the cross-platform nature of a large portion of desktop- transacted subscriptions. Our acquisition, monetisation, and retention were buoyed by further development of the experience on both Android and iOS platforms. This included a particular focus on enhancing app usability and evidencing value in the initial lifecycle phase. Avast Mobile Security for iOS has benefited from enriched features such as Web Protection that blocks malicious websites to prevent intrusions and VPN auto-connect for unsecured Wi-Fi networks. The carrier channel remained challenging through the course of the year. There is a continued structural shift in the US of worsening commercial terms for the provision of apps such as family safety apps. Carriers have additionally sought to offset the adverse impact of pandemic disruption. The new contractual terms that reflect this tougher environment were not yet in full effect for Avast in FY 2020, contrary to the Group’s expectations at the half-year interval. Consequently, this created a temporary financial benefit in the second half of the year relative to guidance. The impact of new commercial terms will become more apparent in the current year to act as a drag on performance. The Company launched Avast Smart Life for 5G, as the next of its iteration of its smart home offering, securing devices both inside the home and on the go. The solution enables operators to protect their subscribers’ smart home and all connected devices at the virtual router level, based on Avast’s AI-driven threat detection technology. Mobile partnerships remain one part of Avast’s go-to- market strategy. The Company has continued to pursue a number of opportunities with major operator groups worldwide to sell its converged smart home solutions. More work has been done internally to position the business for related sales and marketing activity. This included renewed focus and resource optimisation in account planning to enable better market responsiveness and swifter alignment with customer demand. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 46 CFO’s review continued Consumer Indirect In FY 2020, this business unit included Avast Secure Browser (ASB), the distribution of third-party software, and advertising within mobile applications. The data analytics business Jumpshot was discontinued in January 2020. Adjusted billings $m Adjusted revenue $m 48.9 70.6 4.2 67.9 45.0 70.6 5.1 67.9 2019 2020 2019 2020 Excluding Discontinued Business Discontinued Business Growth Growth Actual rates Actual rates -3.8% Organic -3.6% -3.8% Organic -3.7% * excluding Discontinued Business. In the Consumer Indirect unit, adjusted billings excluding Discontinued Business of $67.9m were down 3.6% on an organic basis and down 3.8% at actual rates. Adjusted revenue excluding Discontinued Business of $67.9m declined 3.7% on an organic basis, with actual rates down 3.8%, behind guidance of mid-single-digit organic revenue growth. The pandemic’s impact on global advertising reverberated throughout the year on Avast Secure Browser’s financial performance, which monetises through search advertising. Advertising spend, which similarly underlies Avast’s mobile app business, has been slower to recover in the second half of the year than anticipated, and created an increased drag on growth expectations. While revenue of these businesses weakened, user engagement with Avast Secure Browser in particular remained robust, with search volumes by the browser’s 35 million monthly active users up by 29% in the year. In addition to the market release of the iOS version for Avast Secure Browser, the Company enabled real-time synchronisation between platforms (PC, Android, and iOS), allowing users to seamlessly switch between devices, while securely retaining such personal assets as bookmarks and browsing history. After a temporary increase in Chrome distribution revenue associated with new user installations during the first wave of the pandemic, there was a reversion from early in the second half of the year to the previous trend of decline. During the year, the Company also made the decision to change the way Chrome is offered and moved to a revised Accept/Decline offer layout when it’s promoted with our products. While there was an unavoidable trade-off for volume of Chrome installations, the move exemplifies the Group-wide emphasis on more transparency and improved customer choice. The current Avast contract to distribute Chrome extends to March 2021, and renewal is presently under consideration. SMB Adjusted billings $m Adjusted revenue $m 45.9 48.4 49.2 48.0 2019 2020 2019 2020 Growth Growth Actual rates Actual rates +5.4% Organic +7.6% -2.4% Organic -0.3% * excluding Disposals. SMB adjusted billings of $48.4m were up 7.6% on an organic basis and up 5.4% at actual rates. Adjusted revenue of $48.0m declined slightly 0.3% on an organic basis, with actual rates down 2.4%, ahead of guidance of low single-digit organic revenue decline. After a return to positive billings growth in the second quarter of FY 2020, SMB delivered a double-digit billings increase in the second half of the year, driven in particular by strong demand in the direct to business online channel. The widespread adoption of remote working has served as a tailwind to performance. Avast’s overall competitiveness was strongly advanced in FY 2020 with scheduled new product launches and features, further improvements to the user experience, and effective implementation of revised sales strategy. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 47 The new Avast Business Small Office Protection was released in 2020, providing robust, real-time cyber protection for small businesses that’s easy to install and cost-effective. Securing up to 10 business devices, the product is targeted at entrepreneurs and home offices. As businesses were forced to secure networks for increased levels of remote access, a timely addition to the Avast business suite was the Business Secure Private Access (SPA) product, providing zero trust network access to medium-sized and larger companies via managed security service providers (MSSPs) and managed service providers (MSPs). Built with both the end user and MSSP/MSP in mind, the solution takes both a user and application-centred security approach in which authorised users are granted access to applications, but never the network. Our cloud-based platform was enhanced with the integration of Premium Remote Control. The feature empowers IT admins to quickly and securely connect to a user’s device anywhere and troubleshoot issues. Avast significantly upscaled its distribution network for SMB products and services, with a partner agreement (finalised in January 2021) with the leading UK distributor Westcoast to reach thousands of active resellers, the majority of which represent brand-new trading opportunities. Near-term business priorities In the year ahead, we will continue to invest in the business for growth. Building on the progress achieved this year, Avast will focus on further improving the customer experience as we seek to delight customers with the product proposition and strengthen customer trust. Our objective is that these initiatives, in addition to those to effectively demonstrate product value and maximise product use, will help drive an increase in retention. The favourable impact on first purchases from the lockdown has provided additional impetus and opportunity to foster loyalty in the Avast brand. We are committed to the ongoing modernisation of our products and services across the categories of security, privacy, and performance. In particular, privacy protection will be evolved to provide customers with more choice (enhanced privacy settings on third-party sites), automation (VPN auto-activation during sensitive activity), and information (a data inventory to understand where information sits and how to remove it). Product development will be underpinned by continued tech innovation and investment in Avast’s security engine, moving threat defence capabilities further into privacy and identity. In December 2020, we introduced the new Avast One concept, a single integrated solution with predefined broad functionality. Avast One eliminates existing functional overlaps and the need for multiple subscriptions. It increases the number and depth of touch points and over time is expected to help drive lifetime customer value. Currently being trialled in Australia, we anticipate rollout in selected markets in the second half of the year. Existing products will continue to be offered on a stand-alone basis. Last year, Avast continued to make strong gains as a result of our localisation programme. This approach will remain central to our strategy with incremental investments being made in people, marketing programmes, and partnerships. As we continue to enrich the product offering, we are also broadening the scope of our partnerships, notably within the Consumer Indirect business. Currently these are concentrated in the carrier and ISP market with the provision of family safety and parental control solutions. However, Avast is actively pursuing opportunities to additionally leverage its competencies, including in IoT, for businesses in other industry sectors with a line of sight to consumers who can benefit from enhanced digital security. Post period end, we’ve signed several small initial partnerships. This includes a framework agreement with Green Marbles, a US B2B tech supplier, to offer our Omni solution to their customer base that includes retailers and appliance distributors, as well as OEMs. We’ve also reached agreement with Pmovil, a LatAm billings integrator, to help secure its direct carrier billings, a remote payment method allowing users to pay for online and quasi physical goods. In SMB we will complete the work on streamlining the product portfolio and balance maintenance of the existing channel base with building more strategic channel partnerships. Finally, one of our operational goals this year is to start migrating our systems and infrastructure from on-premises to the public cloud. With cloud migration, Avast will have the ability to reshape its infrastructure and workloads to accommodate the needs of tomorrow without being chained to the equipment and assets that made sense in the past. The improved agility will allow us to focus on our commercial strengths and reduce the amount of capital tied up in data centre facilities. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 48 While tailwinds are favourable overall, there remains near-term uncertainty affecting certain parts of the business. The Indirect segment, which now includes the Partner business (previously Carriers), has been most adversely affected by the pandemic. Advertising spend, affecting both Avast Secure Browser and mobile apps, remains slower to recover than previously anticipated. Also, as stated above, the commercial environment for certain existing carrier partnerships has become tougher. Yet, the most significant adverse impact on FY 2021 performance, particularly in the first half, will result from the change in the way that Chrome is offered. These factors mean that, in the current year, we expect a mid-single-digit decrease in organic revenue. Owing to the success of restructuring initiatives and focused investment, last year the SMB business built good early momentum, in particular in the direct online channel. While this gives us optimism, we are also conscious that the prolonged nature of the pandemic increases the risk to many small businesses in the near term. In FY 2021, we expect SMB to deliver a mid-single-digit increase in organic revenue. CFO’s review continued Reporting change For the period beginning FY 2021, Avast has adjusted billings and revenue reporting within existing segments to reflect the de facto convergence in desktop and mobile platform use by consumers as reflected in the rise of Avast’s multi-device subscriptions. Consequently, the direct-to- consumer mobile subscription business will be reported together with the desktop business within Consumer Direct. The carrier channel is renamed Partner, as we emphasise the relationship aspect of this business and seek to both develop the product proposition and expand the scope of future partnership opportunities. Partner will sit within Consumer Indirect alongside the Group’s other B2B2C businesses: Avast Secure Browser and Chrome distribution. To retain an equivalent level of information disclosure, the revenue line for Partner will also be reported. For comparison, the Group’s billings and revenue performance in the revised presentation format are disclosed later in this document for the year ended 31 December 2020 and the comparative reporting periods for FY 2019 and FY 2018. The reporting change has no impact on the overall Group result. There is no change to the operating segments, which are reported as Consumer and SMB. FY 2021 financial outlook The COVID-19 pandemic continues to create uncertainty; however, we believe that the performance of the business through the pandemic to date demonstrates the resilience of our business model and relevance of our company purpose. We anticipate that Avast is in a good position to withstand any ongoing challenges presented by the crisis. Furthermore, the global PC market backdrop is robust, with the pandemic not only fuelling demand but also creating opportunities that have resulted in market expansion. At Group level, we remain confident that the fundamental strengths of the business model and culture of driving performance will sustain our track record of delivering good growth and profitability. Underpinned by a strong prior-year billings performance that will be supportive of revenue in the first half of the current year, we expect to deliver FY 2021 organic revenue growth in the range of 6% to 8%. Organic billings growth for the year is expected to be at the lower end of this range and heavily weighted towards the second half, due in part to the strong baseline comparison in the second quarter of last year. The Group’s transition to one-year subscriptions to increase customer lifetime value will also exert downward pressure on billings, particularly in the first half. The Group has started to experience higher wage inflation in some of its geographies, notably the Czech Republic, which we expect to continue through 2021. There will also be an increase to operating costs from the Company’s planned on-premises to cloud migration. Despite these additional costs and continued R&D investment, the Group’s inherent operating leverage means that Adjusted Group EBITDA margin is expected to remain broadly flat versus FY 2020. The Group will sustain strong organic cash generation, with benefits to cash flow anticipated from reduced capex requirements on data centres, and lower interest costs following additional loan repayment last year. In the Consumer segment, we anticipate continued strong execution on the localisation programme to drive customer penetration in both established markets and new target countries. Growth will be supported by more up-sells and cross-sells, enabled in part by recent additions to the product portfolio that will gain traction as the year progresses, and by enhancements to the overall customer experience. The gradual rollout of the new Avast One product anticipated later in the year is expected to make only a modest contribution to the segment’s financial performance in the current year. On the whole, in FY 2021 we expect Consumer Direct to deliver high single-digit organic revenue growth. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 49 The table below presents the Group’s adjusted billings and adjusted revenue for the periods indicated in the new structure: ($’m) Adjusted billings Consumer Direct Consumer Indirect Discontinued Business SMB Adjusted revenue Consumer Direct Consumer Indirect out of this Partner/Carriers Discontinued Business SMB FY 2020 FY 2019 FY 2018 Organic growth % FY 2020 Organic growth % FY 20199 922.0 759.3 110.1 4.2 48.4 892.9 730.1 109.6 41.8 5.1 48.0 911.0 698.2 117.9 48.9 45.9 873.1 661.6 117.3 46.7 45.0 49.2 862.1 641.4 122.6 37.7 60.5 827.0 605.5 122.7 57.0 35.5 63.3 7.1 9.4 (6.5) n/a 7.6 7.9 11.1 (6.5) (10.7) n/a (0.3) 8.3 11.7 (4.1) n/a (6.0) 7.3 10.9 (4.6) (19.9) n/a (5.8) FY 2020 892.9 730.1 109.6 5.1 48.0 Costs ($’m) FY 2020 FY 2019 Change Change % Cost of revenues (196.0) (210.7) 14.8 7.0 Share-based payments (incl. employer’s costs) Amortisation of acquisition intangible assets Depreciation and amortisation (excl. amortisation of acquisition intangible assets) Gross-up and other adjustments Exceptional items Adjusted cost of revenues (excluding D&A) 0.8 0.5 0.3 Fav10 65.3 88.3 (23.0) (26.1) 9.0 8.9 (0.0) 3.4 (0.3) 0.1 0.1 0.2 3.3 1.2 Fav Fav (117.5) (113.2) (4.3) (3.8) The increase in the Group’s adjusted cost of revenues reflects higher sales commissions, licence fees, and distribution of digital content costs of $(5.3)m related to the increase in adjusted revenue and investment into personnel costs of $(1.2)m, negative FX impact, and other costs of $(0.5)m, partially offset by lower Jumpshot’s cost of revenues of $2.7m. Adjusted cost of revenues represents the Group’s cost of revenues adjusted for depreciation and amortisation charges, share-based payments charges, exceptional items, and other adjustments. The table below presents reconciliation between current and new reporting structure: Current structure ($’m) Adjusted revenue Consumer Desktop Consumer Mobile Consumer Indirect Discontinued Business SMB FY 2020 892.9 699.7 72.1 67.9 5.1 48.0 Partner/ carriers Mobile subscription New structure ($’m) Adjusted revenue 30.3 Consumer Direct (30.3) (41.8) 41.8 Consumer Indirect Discontinued Business SMB The table below presents the Consumer Direct operational KPIs adjusted for change in reporting structure: ($’m) Number of customers Average Products Per Customer Average Revenue Per Customer FY 2020 FY 2019 FY 2018 16.47m 15.55m 15.15m 1.41 1.36 1.32 $45.60 $43.11 $41.30 © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 50 CFO’s review continued The Group’s reported cost of revenues decreased by $14.8m to $(196.0)m primarily due to the lower amortisation of acquisition intangibles. The amortisation of acquisition intangibles represents intangible assets acquired through business combinations. ($’m) FY 2020 FY 2019 Change Change % Operating costs (361.5) (315.8) (45.7) (14.5) Share-based payments (incl. employer’s costs) Depreciation and amortisation (excl. amortisation of acquisition intangible assets) Amortisation of acquisition intangible assets Exceptional items Adjusted operating costs (excluding D&A) 21.8 24.4 (2.6) (10.5) 12.8 12.7 0.1 0.9 0.5 46.5 0.0 1.7 0.5 44.8 Fav Fav (279.8) (276.9) (3.0) (1.1) The increase in the Group’s adjusted operating costs was caused by investment into R&D personnel costs of $(3.9)m, sales and marketing of $(9.3)m, new strategic initiatives of $(4.4)m, other personnel costs and other costs of $(6.9)m and negative FX impact of $(1.3)m, offset by decrease in Jumpshot costs of $22.8m. Adjusted operating costs represent the Group’s operating costs adjusted for depreciation and amortisation charges, share-based payments charges, and exceptional items. The increase in the Group’s reported operating costs of $(45.7)m, from $(315.8)m to $(361.5)m, reflects primarily the increase in exceptional items driven by Jumpshot wind-down operating costs of $(22.0)m (additional $(3.4)m in Cost of revenues) and donations on R&D initiatives related to COVID-19 of $(25)m. Exceptional items Exceptional items are income or expenses that arise from events or transactions that are clearly distinct from the ordinary activities of the Group. The Group believes that these non-recurring items should be separately disclosed to show the underlying business performance of the Group more accurately. Once an item is disclosed as exceptional, it will remain exceptional through completion of the event or programme. Exceptional items in FY 2020 consist primarily of donations on R&D initiatives related to COVID-19 and personnel and non-personnel costs related to Jumpshot wind-down (see Note 6 Exceptional items). Related cash flows have been included in the net cash flows from operating activities. Additional non-cash exceptional costs are represented by unrealised FX loss on Euro denominated loan and tax exceptional items. In FY 2019, exceptional costs consisted primarily of legal fees and restructuring costs related to the disposal of a subsidiary and related business operation (Managed Workplace business of SMB segment) and to the acquisition of TrackOFF and Tenta (see Note 6 Exceptional items). The portion of the exceptional items directly related to the disposal of business operation in FY 2019 was included in investing cash flows, and costs related to the acquisition were included in operating cash flows. The net gain on disposal of a business operation of $17.5m was treated as exceptional as well and therefore not included in adjusted net income. Finance income and expense Adjusted finance expense on a net basis was $(37.0)m in FY 2020, $24.3m lower compared with $(61.4)m in FY 2019. The decrease was driven by lower total loan interest costs of $22.8m resulting from the repayment of debt of $200.0m and $297.4m on top of mandatory repayments in 2020 and in 2019 respectively, and $1.5m decrease in other net finance costs including FX impact. The Group’s reported net finance costs increased by $51.7m to $(99.1)m in FY 2020 primarily driven by unfavourable non-cash FX from translation of Euro denominated tranche of the term loan, partially offset by the decrease in adjusted finance costs described above. ($’m) FY 2020 FY 2019 Change Change % Finance income and expenses, net Unrealised FX (gain)/loss on EUR tranche of bank loan Adjusted finance income and expenses, net (99.1) (47.5) (51.7) (108.8) 62.1 (13.9) 76.0 Fav (37.0) (61.4) 24.3 39.7 Income tax In the year ended 31 December 2020, the Group reported an income tax expense of $(66.7)m, compared with the income tax expense of $(65.7)m in the year ended 31 December 2019. Income tax was impacted by the tax expense from the foreign exchange movements on intercompany loans arising in the statutory accounts of the subsidiary concerned of $4.4m (tax benefit of $0.4m in FY 2019). © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 51 The tax impact of IP transfer represents amortisation of the net tax impact of the transfer of AVG E-comm web shop to Avast Software B.V. (’Avast BV’) on 1 May 2018 (’IP transfer’), when the former Dutch AVG business of Avast BV (including the web shop) was sold to Avast Software s.r.o. The total net impact of this transaction was $94.4m, which was treated as an exceptional item in 2018. The transferred IP is amortised for tax purposes over 15 years. The tax impact of other adjusted items represents the tax impact of amortisation of acquisition intangibles, deferred revenue haircut reversal11 arising from prior acquisitions, exceptional items, and other adjusted items, which has been calculated applying the tax rate that the Group determined to be applicable to the relevant item. Adjusted income tax is $(76.4)m for FY 2020, resulting in an adjusted effective tax rate of 17.5% (FY 2019: 19.4%). The adjusted effective tax rate is the adjusted income tax percentage of adjusted profit before tax of $436.7m (defined as adjusted net income of $360.2m before the deduction of adjusted income tax of $(76.4)m.) ($’m) Income tax FY 2020 FY 2019 Change Change % (66.7) (65.7) (1.0) (1.6) 4.4 (0.4) 4.8 Fav 6.3 6.3 0.0 0.0 – 2.3 (2.3) Unf Tax impact of FX difference on intercompany loans Tax impact of IP transfer Tax impact of disposal of a business operations Tax impact of donations Tax impact on adjusted items Adjusted income tax Cash flow Unlevered free cash flow represents the amount of cash generated by operations after allowing for capital expenditure, taxation, and working capital movements. Unlevered free cash flow provides an understanding of the Group’s cash generation and is a supplemental measure of liquidity in respect of the Group’s operations. Levered free cash flow represents amounts of incremental cash flows the Group has after it has met its financial obligations (after interest and lease repayments) and is defined as unlevered free cash flow less cash interest and lease repayments. ($’m) Adjusted cash EBITDA Net change in working capital (excl. change in deferred revenue and deferred COGS) Capex Cash tax (excl. Dutch exit tax) COVID-19 donations Unlevered free cash flow Cash interest Lease repayments Levered free cash flow FY 2020 FY 2019 Change Change % 522.7 519.4 3.4 0.7 19.9 (15.1) (10.0) (29.9) 29.9 14.8 (52.0) (24.5) 451.1 (27.5) (9.2) (54.8) 2.8 – (24.5) 424.6 (45.1) (9.2) 26.5 17.6 0.0 Fav 49.6 5.1 Unf 6.2 39.1 0.3 414.3 370.4 43.9 11.9 During the period, the Group recorded $(25.4)m exceptional costs related to the Jumpshot wind-down, which were largely paid by our Jumpshot subsidiary. Given these cash outflows represented one-off M&A activity, these costs were not included in unlevered free cash flow. Capex investment represents only 1.7% of adjusted revenue in 2020. That represents a decrease versus 2019 (FY19: 3.4%), when the Group carried out a significant investment into network infrastructure. The decrease in the adjusted cash tax is driven by the Czech Republic true-up system, where a company is obliged to make quarterly income tax advances based on its last known tax liability. Upon filing a tax return, tax advances paid during the year for which the tax return is filed offset the final tax liability. The cash tax included in the calculation of unlevered free cash flow in FY 2019 excluded a $49.4m Dutch exit tax paid in March 2019, as this was treated as an exceptional item. No cash tax has been treated as exceptional in FY 2020. ($’m) FY 2020 FY 2019 Change Change % Net cash flows from operating activities Net cash used in investing activities Net cash flows from financing activities 456.5 399.1 57.4 14.4 (16.4) (16.7) 0.3 1.8 (484.2) (440.9) (43.3) (9.8) (4.7) – (4.7) n/a Cash conversion11 86% 82% (15.7) (76.4) (20.3) (77.8) 4.6 1.3 22.6 1.7 © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 52 CFO’s review continued The following table presents a reconciliation between the Group’s adjusted cash EBITDA and net cash flows from operating activities as per the consolidated statement of cash flows. ($’m) Adjusted cash EBITDA Net change in working capital (excl. change in deferred revenue and deferred COGS) Cash tax (excl. Dutch exit tax) Dutch exit cash tax Movement of provisions and allowances Exceptional items (excl. transaction costs) Employer’s costs on share-based payments FX gains/losses and other non-cash items Net cash flows from operating activities FY 2020 FY 2019 Change Change % 522.7 519.4 3.3 0.6 19.9 (10.0) 29.9 Fav (52.0) – (54.8) (49.4) 2.8 49.4 (5.1) Fav 14.5 5.9 8.6 Fav (49.9) (1.5) (48.4) Unf (0.8) (4.2) 3.4 81.0 2.0 (6.3) 8.3 Fav 456.5 399.1 57.4 14.4 The Group’s net cash flow from operating activities increased by $57.4m primarily due to exceptional Dutch exit tax payment included in the baseline of $49.4m, higher adjusted cash EBITDA of $3.3m, lower cash tax of $2.8m, positive impact of the movement in provisions and allowances of $8.6m, positive change in FX gains/ losses and other financial expenses and non-cash costs of $8.3m, positive impact of working capital movement (excl. change in deferred revenue and deferred COGS) of $29.9m, lower employer’s costs paid on share-based payments of $3.4m (see Note 35 Share-based payments) offset by higher exceptional items of $(48.4)m. The portion of the exceptional items in FY 2019 directly related to the disposal of business operation of $(0.3)m was included in cash flows from investing activities. The Group’s net cash outflow from investing activities of $(16.4)m comprised capex of $(15.1)m, settlement of contingent consideration related to Inloop and Tenta acquisitions of $(3.9)m, TrackOFF holdback consideration release of $(0.8)m, contingent consideration received for disposal of Managed Workplace of $3.0m and interest received of $0.4m. The Group’s net cash outflow from investing activities in 2019 of $(16.7)m comprised capex of $(29.9)m, consideration paid for TrackOFF and Tenta acquisitions net of cash acquired of $(14.8)m (see Note 15 Business combinations), settlement of contingent consideration of $(0.2)m, proceeds from the sale of a business operation net of cash disposed and transaction costs of $26.7m (see Note 16 Disposal of a business operation) and interest received of $1.5m. The Group’s net cash outflow from financing activities includes $(105.4)m final dividend paid in respect of 2019, $(49.3)m interim dividend paid in respect of 2020, $(200.0)m voluntary repayment of borrowings, $(61.9)m mandatory repayment of borrowings, interest paid of $(27.5)m, lease repayments of $(9.3)m, proceeds from the exercise of options of $34.0m, and net proceeds from transactions with non-controlling interest $(64.8)m (see Note 34 Non-controlling interest). The Group’s net cash outflow in 2019 from financing activities includes $(83.7) m final dividend paid in respect of 2018, $(43.2)m interim dividend paid in respect of 2019, $(297.4)m net voluntary repayment of borrowings, $(63.0)m mandatory repayment of borrowings, interest paid of $(45.1)m, transaction costs related to borrowings of $(0.9)m, lease repayments of $(9.2)m, proceeds from the exercise of options of $47.2m, and net proceeds from transactions with non-controlling interest $54.3m (see Note 34 Non-controlling interest). Financing The Group further reduced its term loan by the repayment of $200m from the USD tranche in June and September 2020 (see Note 27 Term loan). As of 31 December 2020, the total gross debt12 of the Group was $901.0m and the total net debt12 was $725.6m. The decrease in gross debt since 31 December 2019 is attributable to $(200.0)m voluntary repayment of borrowings, $(61.9)m of mandatory repayment of borrowings, and $(0.3)m decrease in lease liabilities, offset by negative unrealised FX loss of $62.1m on the EUR tranche of the loan. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 53 ($’m) 31 December 2020 31 December 2019 USD tranche principal 113.8 336.5 EUR tranche principal 722.7 699.8 Margin USD LIBOR plus 2.25% EURIBOR plus 2.25% Principal exchange rates applied The table below summarises the principal exchange rates used for the translation of foreign currencies into USD. The assets and liabilities are translated using period-end exchange rates. Income and expense items are translated at the average exchange rates for the period. Revolver/overdraft Lease liabilities Gross debt Cash and cash equivalents Net debt Net debt/ LTM adjusted EBITDA – 64.5 901.0 USD LIBOR plus 2.25% – 64.8 1,101.1 (175.4) (216.6) 725.6 884.5 1.5x 1.8x ($:1.00) AUD BRL CAD CHF CZK EUR GBP ILS NOK FY 2020 average FY 2019 average 0.6876 0.6966 0.1975 0.2545 0.7444 0.7524 1.0624 1.0061 0.0431 0.0437 1.1384 1.1212 1.2860 1.2757 0.2905 0.2797 0.1063 0.1139 Earnings per share Basic adjusted earnings per share amounts are calculated by dividing the adjusted net income for the period by the weighted average number of shares of common stock outstanding during the year. The diluted adjusted earnings per share amounts consider the weighted average number of shares of common stock outstanding during the year adjusted for the effect of dilutive options. On a statutory basis, fully diluted EPS was $0.16 (see Note 14 for the statutory earnings per share). ($’m) FY 2020 FY 2019 Adjusted net income attributable to equity holders Basic weighted average number of shares Effects of dilution from share options and restricted share units Dilutive weighted average number of shares Basic adjusted earnings per share ($/share) Diluted adjusted earnings per share ($/share) 360.28 322.1 1,022,001,218 973,788,157 14,815,576 44,313,005 1,036,816,794 1,018,101,162 0.35 0.35 0.33 0.32 Dividend The Directors propose to pay a final dividend of 11.2 cents per share in respect of the year ending 31 December 2020 (payment of $115.3m). Combined with the interim dividend of 4.8 cents per share paid in October 2020 (payment of $49.3m), this gives a total dividend for the financial year of 16.0 cents (total payment of $164.6m), which represents 40% of the Group’s levered free cash flow for the period, in accordance with the Company’s dividend policy. Subject to shareholder approval, the final dividend will be paid in USD on 18 June 2021 to shareholders on the register on 14 May 2021. There will be an option for shareholders to elect to receive the dividend in pounds sterling and such an election should be made no later than 28 May 2021. The foreign exchange rate at which dividends declared in US dollars will be converted into pounds sterling will be calculated based on the average exchange rate over the five business days prior to 3 June 2021 and announced shortly thereafter. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 54 Organic growth APMs were introduced in FY 2019 to present the change in revenue and billings resulting from continuing Group operations. Organic growth rate excludes the impact of FX, acquisitions, business disposals and Discontinued Business. It excludes current period billings and revenue of acquisitions until the first anniversary of their consolidation. The definitions of non-GAAP measures in the year ended 31 December 2020 are consistent with those presented in the report for FY 2019 and there have been no changes to the bases of calculation. CFO’s review continued Proposed dividend timetable Ex-dividend date: 13 May 2021 Record date: 14 May 2021 Last date for currency election: 28 May 2021 Payment: 18 June 2021 Additional financial guidance In addition to the main full year 2021 guidance elements referenced in this document, additional supplementary points are provided below. Adjusted depreciation and amortisation 2021 guidance c. 3% of adjusted revenue Capex c. 2% of adjusted revenue Adjusted finance cost and lease repayments Adjusted effective tax rate Cash tax Net change in working capital (excl. change in deferred revenue and deferred COGS) Basic weighted average number of shares Dilutive weighted average number of shares Exceptional items: Share-based payments (incl. employer’s costs) Amortisation of acquisition intangible assets $30m P&L/ $32m cash flow 18% in line with adjusted income tax $10m outflow 1,034m 1,048m $54m $23m PRESENTATION OF RESULTS AND DEFINITIONS This full year report contains certain non-IFRS financial measures to provide further understanding and a clearer picture of the financial performance of the Group. These alternative performance measures (APMs) are used for the assessment of the Group’s performance and this is in line with how management monitors and manages the business day to day. It is not intended that APMs are a substitute for, or superior to, statutory measures. The APMs are not defined or recognised under IFRS, including adjusted billings, adjusted revenue, organic growth, adjusted EBITDA, adjusted cash EBITDA, adjusted net income, and unlevered free cash flow as defined and reconciled below. These non-IFRS financial measures and other metrics are not measures recognised under IFRS. The non-IFRS financial measures and other metrics, each as defined herein, may not be comparable to similarly titled measures presented by other companies as there are no generally accepted principles governing the calculation of these measures and the criteria upon which these measures are based can vary from company to company. Even though the non-IFRS financial measures and other metrics are used by management to assess the Group’s financial results and these types of measures are commonly used by investors, they have important limitations as analytical tools, and investors should not consider them in isolation or as substitutes for analysis of the Group’s position or results as reported under IFRS. The Group considers the following metrics to be the KPIs it uses to help evaluate growth trends, establish budgets, and assess operational performance and efficiencies. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 55 CONSOLIDATED STATEMENT OF ADJUSTED PROFIT AND LOSS FOR THE YEAR ENDED 31 DECEMBER 2020 ($’M) REVENUES Cost of revenues GROSS PROFIT Gross profit margin Sales and marketing Research and development General and administrative Total operating costs EBITDA EBITDA margin Depreciation & amortisation13 EBIT Finance income and expenses PROFIT BEFORE TAX Income tax NET INCOME Net income margin Net income attributable to: – equity holders of the parent – non-controlling interest Earnings per share (in $ per share): Basic EPS Diluted EPS © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm Year ended 31 December 2020 Year ended 31 December 2019 892.9 (117.5) 775.4 86.8% (122.5) (71.1) (86.2) (279.8) 495.5 55.5% (21.8) 473.7 (37.0) 436.7 (76.4) 360.2 40.3% 360.2 – 0.35 0.35 873.1 (113.2) 759.9 87.0% (123.1) (76.7) (77.0) (276.9) 483.0 55.3% (21.6) 461.5 (61.4) 400.1 (77.8) 322.3 36.9% 322.1 0.2 0.33 0.32 Adjusted billings Adjusted billings represent the full value of products and services being delivered under subscription and other agreements and include sales to new end customers plus renewals and additional sales to existing end customers. Under the subscription model, end customers pay the Group for the entire amount of the subscription in cash upfront upon initial delivery of the applicable products. The invoicing timing may slightly vary through the year with immaterial impact, as part of our usual renewal offers testing. Although the cash is paid upfront, under IFRS subscription revenue is deferred and recognised rateably over the life of the subscription agreement, whereas non-subscription revenue is typically recognised immediately. Adjusted billings represents the Group’s reported billings. Adjusted revenue Adjusted revenue represents the Group’s reported revenue adjusted for the deferred revenue haircut reversal14 and gross-up adjustment15. These historical adjustments are zero from 2020. The following is a reconciliation of the Group’s reported revenue to the Group’s adjusted billings and Group’s reported revenue to the Group’s adjusted revenue: ($’m) Revenue Net deferral of revenue Adjusted billings FY 2020 FY 2019 Change Change % 892.9 871.1 21.7 2.5 29.2 922.0 39.9 911.0 (10.7) (26.8) 11.0 1.2 Revenue 892.9 871.1 21.7 2.5 Deferred revenue haircut reversal/Other Gross-up adjustment – – 1.8 0.1 Adjusted revenue 892.9 873.1 (1.8) (0.1) 19.8 Unf Unf 2.3 CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 56 CFO’s review continued Adjusted EBITDA Adjusted earnings before interest, taxation, depreciation, and amortisation (‘adjusted EBITDA‘) is defined as the Group’s operating profit/loss before depreciation, amortisation of non-acquisition intangible assets, share-based payments including related employer’s costs, exceptional items, amortisation of acquisition intangible assets, the deferred revenue haircut reversal, and the COGS deferral adjustments16. Adjusted cash EBITDA Cash earnings before interest, taxation, depreciation, and amortisation (‘adjusted cash EBITDA‘) is defined as adjusted EBITDA plus the net deferral of revenue, the net change in deferred cost of goods sold, and the reversal of the COGS deferral adjustments. The following is a reconciliation of the Group’s reported operating profit to adjusted EBITDA and adjusted cash EBITDA: ($’m) Operating profit Share-based payments (incl. employer’s costs) Exceptional items Amortisation of acquisition intangible assets Deferred revenue haircut reversal/Other COGS deferral adjustments Depreciation Amortisation of non-acquisition intangible assets Adjusted EBITDA Net change in deferred revenues including FX re-translation/Other Net change in deferred cost of goods sold Reversal of COGS deferral adjustment Adjusted cash EBITDA FY 2020 FY 2019 Change Change % 335.4 344.6 22.7 49.9 65.8 – – 19.7 2.1 24.9 1.8 88.4 1.8 (0.1) 18.8 2.8 495.5 483.0 29.2 (1.9) – 38.0 (1.8) 0.1 522.7 519.4 (9.2) (2.2) 48.1 (2.7) (9.1) Fav (22.6) (25.6) (1.8) 0.1 0.9 (0.7) 12.5 (8.9) (0.1) (0.1) 3.4 Unf Fav 4.7 (23.8) 2.6 (23.3) (2.3) Unf 0.7 Adjusted net income Adjusted net income represents statutory net income (profit after tax) plus the deferred revenue haircut reversal, share-based payments, exceptional items, amortisation of acquisition intangible assets, unrealised foreign exchange gain/loss on the EUR tranche of the bank loan, the COGS Deferral Adjustments, the tax impact from the unrealised exchange differences on intercompany loans, and the tax impact of the foregoing adjusting items, IP transfer and donations, less gain on disposal of business operation. The following is a reconciliation of the Group’s reported net income to adjusted net income: © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm ($’m) FY 2020 FY 2019 Change Change % Net income Deferred revenue haircut reversal/Other Share-based payments Exceptional items Amortisation of acquisition intangible assets Unrealised FX gain/(loss) on EUR tranche of bank loan Tax impact from FX difference on intercompany loans COGS deferral Adjustments Tax impact of donations Tax impact on adjusted items Tax impact of IP transfer Gain on disposal of business operation Tax impact from disposal of business operation 169.6 248.9 (79.2) (31.8) – 1.8 (1.8) Unf 22.7 49.9 24.9 1.8 (2.2) 48.1 (9.1) Fav 65.8 88.4 (22.6) (25.6) 62.1 (13.9) 76.0 Fav 4.4 (0.4) 4.8 Fav – (0.1) 0.1 Fav (4.7) – (4.7) n/a (15.7) (20.3) 4.6 22.6 6.3 6.3 – – (17.5) 17.5 Fav – – Adjusted net income 360.2 322.3 2.3 (2.3) 37.9 Unf 11.8 CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 57 Unlevered free cash flow Represents adjusted cash EBITDA less capex, plus cash flows in relation to changes in working capital (excluding change in deferred revenue and change in deferred cost of goods sold as these are already included in adjusted cash EBITDA) and taxation. Changes in working capital are as per the cash flow statement on an unadjusted historical basis and unadjusted for exceptional items. In 2019, cash tax excluded a $49.4m Dutch exit tax paid as this was treated as an exceptional item. In 2020, the $25.4m Jumpshot wind-down costs were treated as an exceptional item, thus excluded from the unlevered free cash flow. Levered free cash flow Represents amounts of incremental cash flows of the Group after it has met its financial obligations (after interest and lease repayments) and is defined as unlevered free cash flow less cash interest and lease repayments. Rounding Due to rounding, numbers presented throughout this document may not add up precisely to the totals provided; however, growth rates are calculated based on precise actual numbers. Notes: 1 Organic growth rate excludes the impact of FX, acquisitions, business disposals and Discontinued Business. As such, organic revenue refers to revenue normalised as described here. 2 Adjusted EBITDA margin percentage is defined as adjusted EBITDA divided by adjusted revenue. 3 Growth rate excluding currency impact calculated by restating 2020 actual to 2019 FX rates (see ’Principal exchange rates applied’). Deferred revenue is translated to USD at the date of invoice and is therefore excluded when calculating the impact of FX on revenue. 4 In January 2020, Avast decided to terminate the provision of anonymised data to its data analytics business, Jumpshot, having concluded that the business was not consistent in the long term with the Group’s privacy priorities as a global cybersecurity company. As the company is also exiting its toolbar-related search distribution business (which had previously been an important contributor to AVG’s revenues) and the browser clean-up business, the growth figures exclude all of these (referred to above and throughout the report as ’Discontinued Business’). These revenues were negligible by the end of 2020 in line with expectations. The Discontinued Business does not represent a discontinued operation as defined by IFRS 5 since either it has not been disposed of but it is being continuously scaled down, or it is considered to be neither a separate major line of business nor a geographical area of operations. 5 On 1 February 2019, Avast plc sold the non-core asset of Managed Workplace, its remote monitoring and management product, to Barracuda Networks, Inc. (‘Barracuda’). Managed Workplace was Avast’s solution in the Remote Monitoring and Management (RMM) space, which is sold to Managed Service Providers (‘MSPs’). This business was not core to our SMB strategy, which focuses on securing the workplace. Barracuda, which has a large existing MSP base but did not offer an RMM solution, provides a better long-term solution for this business. In addition, Barracuda has signed a reseller agreement with Avast under which it now resells Avast’s business security solutions to MSPs. In the year ended 31 December 2018, the asset generated low teen revenue (USD million) with a materially lower margin profile than the Group. 6 Users who have at least one valid paid Consumer Direct Desktop subscription (or licence) at the end of the period. 7 APPC defined as the Consumer Direct Desktop simple average valid licences or subscriptions for the financial period presented divided by the simple average number of Customers during the same period. 8 ARPC defined as the Consumer Direct Desktop revenue for the financial period divided by the simple average number of Customers during the same period. 9 Organic growth excludes billings and revenues of Jumpshot, which are considered part of Discontinued Business. 10 ’Fav’ in change % represents favourable growth rate figure over 100%, ‘Unf’ represents unfavourable decline greater than negative 100%. 11 Cash conversion is defined as unlevered free cash flow divided by adjusted cash EBITDA. 12 Gross debt represents the sum of the total book value of the Group’s loan obligations (i.e. sum of loan principals) and lease liabilities. Net debt indicates gross debt netted by the company’s cash and cash equivalents. Both gross debt and net debt exclude the amount of capitalised arrangement fees on the balance sheet as of 31 December 2020 of $2.6m and accrued interest of $(0.1)m (31 December 2019: $8.7m and $(0.1)m). 13 Depreciation and amortisation included in adjusted net income excludes amortisation of acquisition intangibles. 14 Under IFRS 3, Business Combinations, an acquirer must recognise assets acquired and liabilities assumed at fair value as of the acquisition date. The process of determining the fair value of deferred revenues acquired often results in a significant downward adjustment to the target’s book value of deferred revenues. The reversal of the downward adjustment to the book value of deferred revenues of companies the Group has acquired during the periods under review is referred to as the deferred revenue haircut reversal. 15 The gross-up adjustment refers to the estimated impact of the additional amount of 2015 and 2016 revenue and expenses and their deferral that would have been recognised by Avast had the contractual arrangements with certain customers qualified to have been recognised on a gross rather than a net basis prior to 2017 (AVG had historically recognised billings and revenues on a gross basis, whereas Avast recognised them on a net basis). Both businesses recognise revenue on a gross basis since 2017. 16 There was no deferred cost of goods sold (COGS) balance consolidated by the Group in the acquisition balance sheet of AVG in 2016 and thus no subsequent expense was recorded as the revenue in respect of pre-acquisition date billings was recognised. The COGS deferral adjustments refers to an adjustment to reflect the recognition of deferred cost of goods sold expenses that would have been recorded in 2016 and 2017 in respect of pre-acquisition date AVG billings, had the AVG and the Group’s businesses always been combined and had AVG always been deferring cost of goods sold. © 2019 Friend Studio Ltd File name: CFOsXReview_v69 Modification Date: 2 March 2021 2:18 pm CFO’s review continued Strategic report Governance Financial statements Avast plc annual report 2020 58 Risk management The Board adopts a measured and disciplined approach to managing risk The Audit and Risk Committee supports the Board by overseeing the Group’s risk management framework, evaluating its principal and emerging risks, setting the risk appetite and assisting the Executive Management team with developing and implementing the operational plans required to strategically manage those risks. The principal and emerging risks facing the Group are monitored and reassessed on an ongoing basis, including by horizon scanning, aided by continuous dialogue between the Board and management. The Board recognises that risk is embedded in all business decisions it makes. In determining whether a risk is appropriate to take, the Board considers a number of factors, including the gravity and probability of the risk, as well as the potential impact it could have on the Group’s business model viability, future financial performance, liquidity, solvency, reputation or extent it may conflict with its core values. Following this assessment, the Board reviews the adequacy of the controls and contingency plans in place to manage those risk events. Where necessary, the Board will direct changes to be made to the Group’s controls and contingency plans. Steering committees comprising members of the Executive Management team regularly meet with both internal and external subject matter experts to monitor, review, and evaluate the risk prevention and mitigation plans. Periodic updates are provided by management to the Board on the progress in executing those plans. They have also tested the Group’s financial plans for severe but plausible scenarios related to certain principal risks materialising. The Board categorises risks facing the Group in terms of those which are emerging (recognised as those which are newly developing risks that cannot be fully assessed but that could, in the future, effect the viability of the company’s strategy) and those which are imminent (being those which require immediate and special attention from the Board and management). Apart from the businesses’ response to COVID-19 there were no additional imminent risks identified this year. Changes to the principal risks in the year In August 2020, the Audit and Risk Committee carried out an in-depth review of the emerging risks and principal risks and uncertainties facing the Group, and this was discussed again at the November 2020 meeting. As a result of this and the continuous risk assessment process undertaken by the Group, the Board has identified six broad categories of risk (increased from five last year) which encompass 32 specific individual risks (increased from 26 last year). Over the course of the year, the Board’s assessment of the principal risks affecting the business has been extended to cover the risks associated with the impact of COVID-19. A number of changes have also been made to the descriptions of risks and mitigations in the other principal risks, to reflect the impact that COVID-19 has had on the other principal risks. Avast’s recurring and subscription-based revenues, and strong liquidity position gives the business a resilient operational and financial position. However, the impact of the pandemic still remains uncertain, and the Board continues to closely monitor developments in order to adapt and respond accordingly. In addition, the Board has included Competition risk within the six categories of risk. The Board believes that the consumer security industry is becoming more competitive and complex, in particular due to the inroads Microsoft is making with its Windows Defender antivirus solution. In addition, there is an ever-increasing advancement into security and privacy related areas by the biggest technology companies in the market, including Microsoft, Google and Apple. As well as increasing product specific competition, such companies are increasingly developing operating systems with native security built in, so not only is there a risk that users may favour competitor’s products over Avast’s products, there is an increasing risk that users may accept bundled products and solutions provided by such companies rather than separately purchasing the Company’s products and solutions. Concentration risk has reduced with the continued growth of the Company and is therefore seen as a lower risk within the overall risk framework and so has been removed from the list of principal risks and uncertainties facing the Group. © 2019 Friend Studio Ltd File name: Risk_v47 Modification Date: 2 March 2021 2:25 pm Risk management Strategic report Governance Financial statements Avast plc annual report 2020 59 The principal risks and uncertainties which could have a material adverse effect on the Group’s business, results of operations, financial condition and/or prospects are: Description of Risk Movement Potential Impacts Mitigation and Strategy Global Pandemic An infectious disease spread on a global scale can lead to the imposition of Government controls on the movement of people with the associated cessation of large parts of the economy for a significant period of time. This brings a considerable level of uncertainty in terms of the potential widespread economic downturn and/or our employees’ ability to continue working. Competitors The consumer security industry is becoming more competitive and complex, in particular there is a progressive advancement of Microsoft’s Windows Defender antivirus solution. Additional new competitive threats may emerge. Technological developments from current and new competitors can develop quickly and disrupt the market. Current and new competitors may limit access to standard product interfaces and thereby inhibit our ability to develop products on their platforms. Future financial performance. Solvency. Liquidity. In particular: The low level of business activity and reduced customer demand can lead to reduced revenues which may impact the liquidity and ultimately solvency of the business. Key employees or a large proportion of employees might not be able to continue to work. Employees may not be able to be deployed to where they are needed. Business model viability. Future financial performance. Future operational performance. Reputation. In particular: An increase in competition could result in lost business, reduced revenue and reduced profitability impacting our future financial and operational performance. New entrants into the security software industry, including those in emerging markets, may become our direct competitors and erode our market share. Our results of operations will be materially and adversely affected if our competitors succeed in marketing products with better performance, functionality or at lower prices than our products. This may also have an impact on our reputation in the market. Maintenance of a strong balance sheet able to withstand a sustained period of lower business activity. Investment into information technologies and well-being and safety of all employees to ensure business continuity while working from home. Succession planning at the Board and senior executive level to ensure business continuity in the event of disruption to the Board and senior leadership team. We track the activities of our competitors through our business development and product functions and this insight is used to adapt our strategy. We continue to enhance our product portfolio through internal development and partnering and acquisition. We maintain a strong focus on our core target markets and work with partners to extend our reach in our chosen verticals. As part of our strategy, we aim to develop new services and products which are complementary rather than in direct competition to our competitors and move into new spaces. © 2019 Friend Studio Ltd File name: Risk_v47 Modification Date: 2 March 2021 2:25 pm Principal risks and uncertainties Strategic report Governance Financial statements Avast plc annual report 2020 60 Principal risks and uncertainties continued Description of Risk Movement Potential Impacts Mitigation and Strategy Offering The risk is that our product and service offerings stop appealing to users. Business model viability. Future financial performance. Solvency. Liquidity. Reputation. In particular: If we do not offer products and services that appeal to users, our free user base may materially decline, and/or we will fail to monetise our products and services, this will impact our business model viability. Our revenues, competitive position and reputation could be materially and adversely affected if our new products and product upgrades fail to achieve widespread acceptance and do not appeal to users. People The risk is that talented people leave or do not join our workforce. Future financial performance. Future operational performance. Solvency. Liquidity. Reputation. In particular: Our performance largely depends on the talents and efforts of highly skilled individuals, so our future success depends on our continuing ability to identify, hire, develop, motivate, and retain highly skilled personnel for all areas of our organization. Competition in our industry for qualified employees is intense. If we cannot attract or retain a talented workforce, we will not remain competitive in our industry. Failure to attract and retain key capabilities across the business could have a detrimental impact on our ability to meet our strategic objectives. Additionally, the success of our business is dependent to a large degree on the continued services of our directors and executive officers and our other key personnel who have extensive experience in our industry. If we lose the services of any of these integral personnel and fail to manage a smooth transition to new personnel, our business could suffer. Our strategy to address this risk and achieve long term strategic objectives is to invest in product innovation, product management, quality assurance, and customer care. The COVID-19 environment has not halted our continued investment. We carry out considerable market research around the viability of a new product before launch to ensure we provide the right products to the right consumers. We have simplified our organisational structure, establishing multi-disciplinary, autonomous teams that are focused on specific areas and deliverables to ensure we can meet the changing needs of our customers. We continue to develop a clearly defined people strategy. The Company has established a Diversity & Inclusion Committee which aims to create a culture that attracts, develops and empowers diverse talent and make Avast an attractive place to work. We believe we need to create an exciting brand; provide attractive and competitive compensation; provide our people with global mobility; recruit from a broad pool of candidates; promote based on diversity of backgrounds, skills, cultures, gender, and ethnicity; and provide effective training for personal and professional growth in order to achieve long term strategic objectives. Employee engagement is monitored formally every six months through a Group-wide survey and the results are used to focus on improvement activities. We monitor attrition rates by business function and location in order to identify issues and, where necessary, take restorative action. In response to COVID-19 we developed a program of employee development, support and wellbeing as well as remote work training with self-care help and performance management coaching. COVID-19 provided the catalyst to rethink our overall working approach and resulted in our Whole Life Flexibility offering to employees. See pages 34 and 68 for further details. Gross Change since last year before controls. © 2019 Friend Studio Ltd File name: Risk_v47 Modification Date: 2 March 2021 2:25 pm Principal risks and uncertainties continued Strategic report Governance Financial statements Avast plc annual report 2020 61 Description of Risk Movement Potential Impacts Mitigation and Strategy Data privacy and our security systems The risk is that the data we store, such as customer data, and the systems that store, manage and process this data become compromised. The Group’s data and systems risk has increased as a result of higher levels of online activity during COVID-19 as well as due to increased cyber disruption and threats. Regulatory We operate a digital business globally, and the scale and complexity of new laws, including regarding data protection, auto-renewal billing and tax, are increasing as the digital economy becomes the backbone of global economic growth. Business model viability. Future financial performance. Future operational performance. Solvency. Liquidity. Reputation. In particular: Failing to protect the data we store and the systems that store this data could: – have a material adverse impact on our reputation, our ability to provide services and updates, potentially resulting in a material decline in our user base; – result in increased litigation (including class actions), investigations, fines and censure by governmental and regulatory bodies, resulting in negative financial consequences; and – impact management time and resources. Business model viability. Future financial performance. Future operational performance. Reputation. In particular: New laws or changes in the interpretation or application of existing laws may impose restrictions and obligations on the Group that negatively impact the Group’s ability to operate or compete effectively, its profitability and ability to grow. Failing to comply with regulatory requirements could result in increased litigation (including class actions), investigations, fines and censure by governmental and regulatory bodies, resulting in negative financial consequences. Impact on management time and resources. We strive for strong, effective, and comprehensive data and systems security and governance. As a result, we continue to implement a host of new security processes and measures to protect the data we store, systems that store such data, and the updates we provide to provision our products and services. Embedded fundamental privacy values into the business through the ’rule of THUMB’ when we design a new product or evaluate a new internal procedure. See page 39 for further information. We develop products and services designed for security and privacy, and believe this helps us maintain an ethical culture in which people are concerned about and committed to securing and protecting data. We ensure sufficient resources and employees with appropriate experience are hired. We continue to focus on the enhancement of internal controls around data governance through the Data Office, an internal team responsible for ensuring data security, privacy, integrity and quality for all Avast data. We have built a ’red’ team as part of the Information Security function responsible for finding weaknesses within the Group’s systems and technologies before bad actors can. We are initiating the migration of our systems and infrastructure from on-premises to the public cloud to meet increasingly complex security demands in a cost-effective way. We actively monitor global legal developments to identify and meet our regulatory obligations and respond to emerging requirements. We participate in industry-wide lobbying. The Group maintains appropriate oversight and reporting, supported by training, to provide assurance that it is compliant with regulatory requirements. The Group continues to make resource investments in line with its strategy of being the market leading security company, having recently appointed a Chief Privacy Officer to proactively work with regulators across multiple jurisdictions. Gross Change since last year before controls. © 2019 Friend Studio Ltd File name: Risk_v47 Modification Date: 2 March 2021 2:25 pm Principal risks and uncertainties continued Strategic report Governance Financial statements Avast plc annual report 2020 62 The impact of Brexit on the current and future employees: while there may be some disruption or changes in the UK, these are not currently anticipated to materially affect one of the Group’s principal risks, the recruitment and retention of key personnel. The Board will continue to assess the impact of the post-Brexit EU-UK relationship on the different aspects of the business as the relationship evolves and the detail is further understood. Principal risks and uncertainties continued Brexit In June 2016, voters in the United Kingdom approved the withdrawal of the United Kingdom from the European Union (’Brexit’). In March 2017, the UK government initiated the exit process under Article 50 of the Treaty of the European Union and on 17 October 2019 entered into the EU-UK Article 50 withdrawal agreement which established the terms of the United Kingdom’s orderly withdrawal from the EU. Under the terms of the ratified EU-UK Article 50 withdrawal agreement, a transition period was agreed which ended on 31 December 2020. During that transition period, most EU rules and regulations continued to apply to the Group in the UK. Following the end of the transition period, the UK and the EU have agreed a number of new agreements governing their relationship, including a new trade deal to govern their trading relationship (The EU-UK Trade and Cooperation Agreement). Additional considerations The Board monitors potential future risks that may increase in importance, in particular, there can be no assurance that third parties will not assert that our products and intellectual property infringe, or may infringe, their proprietary rights. Any such claims, regardless of merit, could result in litigation, which could result in substantial expenses, result in the Group having to pay substantial damages (directly or on an indemnity basis), divert the attention of management, cause significant delays, materially disrupt the conduct of our business and have a material and adverse effect on our financial condition and results of operations. Climate change Environmental mismanagement could lead to failure across interdependent networks, disruption to power networks, flooding and reputational damage, while improvements could provide opportunities for increased business efficiencies in the medium to long term. As part of a program to embed structured ESG processes into the organisation, Avast is committed to taking steps to mitigate environmental impacts of the business, including improving tracking of emissions data and minimising emissions. The impact of Brexit and the new trade deal on all key aspects of the business, including on the corporate structure, sales, tax, IT infrastructure and payment processing has been considered. Whilst there may be additional administrative burdens, the Board considers that Brexit and the new trade deal will have a limited impact on the Company and its business. The impact of Brexit on the transfer of data: The EU-UK Trade and Cooperation Agreement extends the transition period during which transfers of personal data to and processing of personal data in the UK is treated like data processing in the EU until 30 April 2021. This transition period will automatically be extended by further two months, unless each of the EU or UK objects to such an extension. It is expected that before the expiry of the transition period, the European Commission will decide on adequacy of the UK allowing the free flow of personal data to the UK to continue. In the event that there is no adequacy decision by the European Commission, the UK will be regarded as a third country. In such a case, the Group is ready to implement the necessary contractual documentation (such as data transfer agreements based on standard contractual clauses) and other necessary measures to ensure that personal data can be transferred to our group companies and partners located in the UK. © 2019 Friend Studio Ltd File name: Risk_v47 Modification Date: 2 March 2021 2:25 pm Principal risks and uncertainties continued Strategic report Governance Financial statements Avast plc annual report 2020 63 Viability Statement The Directors have assessed the viability of the Group over a three-year period, taking into account the Group’s current position and the potential impacts of the principal risks documented on pages 59 to 62 of the Annual Report. This included consideration of the potential impact of the current COVID-19 environment on the business as well as the impact of increased competition risk. Whilst the impact of COVID-19 on the business persists, the business’s long-term strategy remains unchanged. As discussed in the CFO Review section, the initial lockdown brought a temporary uplift in installations and transactions, which normalised to pre-COVID levels early in the second half of the year. This spike contributed to higher revenue in the second half of the year. As such, the pandemic environment presents not only risk, but also an opportunity for the Group as it contributes to the market expansion. Despite the continued uncertainty, we believe that the performance of the business through the pandemic to date demonstrated the resilience of our business model and relevance of our purpose. Based on our assessment, the Directors confirm that they have a reasonable expectation that the Company will be able to continue to operate and to meet its liabilities as they fall due over the three years to 31 December 2023. The Group prepares annually, and on a rolling basis, a three year strategic plan, whose foundation is the more detailed one year budget (also prepared annually for review with the Board). The output of this three year plan is used to perform liquidity and associated covenant headroom profile analysis, which includes sensitivity to business as usual risks impacting EBITDA. Following assessment of the planning process, the Directors have determined that a three-year period is an appropriate period over which to assess the Group’s viability. Progress against the strategic plan is reviewed regularly by the Board through presentations from senior management on the performance of their respective business units. Whilst the Directors have no reason to believe that the Group will not be viable over a longer period; the period of three years has been chosen as this matches the term of the longest of the Group’s sales commitments (typically one to three years in duration, with a weighted average contract life of around fourteen months) which therefore aids the accuracy of planning with a single renewal cycle, thereby providing a greater degree of certainty over the forecasting assumptions used and, in the view of the Directors, still provides an appropriate long term outlook. In making this viability statement, the Board carried out a robust assessment of the principal risks facing the Group, including those that would threaten its business model, future performance, solvency or liquidity. The strategic plan has been tested for a number of scenarios which assess the potential impact of severe but plausible risks to the long-term viability of the Group. The scenarios, and their effect on EBITDA, liquidity and on the ability to meet financial covenants, were considered both individually and in combination. The scenarios responded to the principal risks facing the business. While there might be additional administrative burden, Brexit has not had any material impact on Group as the United Kingdom represents only a single-digit share of Group’s revenue. Other risks included reductions in certain revenue streams driven by increased competition risk or new initiatives not materialising. The scenario with the most significant individual impact was a sustained mid-single-digit year-on-year decline in revenues from the Customer Desktop business. Based on the downside scenarios applied to the base case forecast, individually and in combination, there would be no forecast liquidity issue or covenant breach during the going concern assessment period. In addition to the principal risks, the group’s term loan is due for repayment within the viability period. The group does not anticipate any issues in refinancing this debt prior to repayment being due. The Directors reviewed and discussed the process undertaken by management, and also reviewed the results of reverse stress testing performed to provide an illustration of the material contraction in revenue of the largest business unit that would be required to break the Group’s covenants or exhaust all available cash. The Directors concluded that the breach of the Financial Covenants could be only possible in the extreme situation of approx. 40% year-on- year billings contraction (or approx. 75% over 3 years), with no meaningful mitigating actions, and while still paying dividends. The process of identifying, assessing and managing principal risks is set out in the Audit and Risk Committee Report on pages 99 to 101. The Directors consider that this stress-testing based assessment of the Group’s prospects is reasonable and the Group’s business model has proven to be strong, robust and defensive in both short and long term. © 2019 Friend Studio Ltd File name: Risk_v47 Modification Date: 2 March 2021 2:25 pm Principal risks and uncertainties continued Strategic report Governance Financial statements Avast plc annual report 2020 64 People and culture Home becoming the new workplace for our people 2020 proved to be the year in which the people side of business showed its critical importance. As the COVID-19 pandemic forced businesses around the globe to change their operations and rethink their processes overnight, the home became the new workplace for many. Businesses became more vulnerable as their workplaces became more distributed, and scammers and hackers seized every opportunity to capitalise on the chaos and confusion created by the pandemic. Those circumstances also reinforced the enormous responsibilities that we have in keeping people safe and secure online. Even as we saw our purpose become more salient than ever, Avastians found themselves dealing with pandemic-imposed restrictions, upheaval to their personal lives, and the uncertainty that was the hallmark of 2020. Avastians responded to 2020’s difficult circumstances with determination, dedication, and empathy. As we adjusted to a new normal that saw everyone working from home, we became accustomed to showing up in each other’s homes, meeting each other’s children, and we became increasingly mindful of maintaining connections with colleagues and finding ways to take care of each other and our workforce. That spirit extended beyond Avast, as well. Our colleagues participated in numerous local relief efforts to alleviate the impact of COVID-19 in their communities, and helped raise hundreds of thousands of dollars for COVID relief through an employee matching programme. As a business, we also recognised the opportunity to reflect on the most important aspects of our culture, to examine in greater depth how we support our people to do their best work, and to make important decisions about how the organisation is structured and what kind of world-class people experience will enable Avast to succeed and grow. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Strategic report Governance Financial statements Avast plc annual report 2020 65 COVID-19 and the new normal Our people have risen to the challenges presented by COVID-19, not least by readily adapting to the changes in working conditions required by the pandemic. In March 2020, we closed our offices worldwide to protect staff health and safety and to ensure that we did not contribute further to community transmission. As we closely monitored the situation around the globe throughout the year, we concluded that keeping our offices closed was one of the most important things we could do to continue to support the health of our wider community as well as our workforce. Like every other business in 2020, Avast was deeply impacted by the COVID-19 pandemic, effectively switching to an entirely remote setup overnight in mid- March. Differing restrictions across each of our 19 global offices and the rapidly changing medical and governmental guidance around COVID-19 forced our entire workforce to become more flexible, adaptable, and resilient. COVID response teams in each of our locations in the Czech Republic, US, UK, Germany, Serbia, Slovakia, and Switzerland supported Avastians with up-to-date information about changing government restrictions and local news about safety measures. Our global facilities management team worked with local coordinators to manage safe and limited access to office premises for employees who needed to retrieve equipment or belongings. They also enabled the delivery of office furniture and equipment to people’s homes, and in cases where working from home was exceptionally difficult, we worked with employees to find space in safe coworking centres or to purchase appropriate furniture or equipment to enable the remote set up. Setting up workspaces was only one aspect of our support, however. Managers were encouraged to be flexible with respect to working hours and schedules, and our communication team set up a variety of channels to enable people to share their experiences, tips, and stories of working from home to help Avastians cope and build a strong sense of community. Supporting our partners, caring for customers The switch to working from home not only impacted our employees, but also external partners who provide customer care and support services around the clock and across the globe. While at least some remote working was common to many Avastians prior to the pandemic, this was not the case for our main partners Sitel and Winco, which operated from the usual large open spaces in their contact centres. These teams provide more than 80% of our customer care network capacity and employ over 450 people serving customers on our behalf. Our partners are a natural extension of the Avast Care family and the Avast brand, we all share and live by the same value of Customer Comes First. Nigel Bowman VP, Customer Success Avast’s care team assisted the partner centres in deploying work-from-home solutions across the network. In just six weeks, we adjusted all the required processes and provided the equipment to fit the remote work setup while remaining compliant with relevant data security standards. This unprecedentedly quick change in operations required the cooperation and major effort from many teams, including Avast’s in-house customer care teams, who took over a portion of the support volume normally covered by partners in order to minimise disruption to customer service. We assured continuity of our customer support throughout this challenging period and maintain transactional NPS scores above 20 for Avast and above 40 for AVG. The business continuity plan and operating model have been revised to reflect the new normal of a post-COVID world and measures are now in place to ensure that we will be able to flexibly adapt in case of further external disruptions. Wellbeing support services While we were able to pivot our workforce quickly to working from home and to consistently provide needed material support, we also recognised the toll that this unexpected change – and its long duration – were bound to take on employees, and we increased wellbeing support for all Avastians, which could be accessed at any time. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 66 People and culture continued Our values Avast’s values inform our approach to doing business. They underpin our employee relationships with each other, the communities we are part of, and our stakeholders. Customer Comes First Think Big No BS, Ever Give Back We began to offer free online medical consultations with physicians and specialists for all Avastians and their families through two third-party providers. Although the launch of this service was tied to the circumstances of the pandemic, we will continue to offer this as a permanent benefit. Recognising the importance of mental health, we worked with several external providers to offer online programming, including workshops ranging from webinars on resilience to movement and meditation courses, anonymous counselling services, and personal and professional coaching sessions. Avastians participated in 260 individual consultations with three external coaches, 160 people joined 15 mental resilience sessions and 156 people joined seven physio webinars. We also engaged with our customer care partners, who enacted additional measures to protect their staff’s health and safety, including alternate accommodation and private transportation to enable employees in heavily impacted areas to continue working safely, as well as compensation to those objectively unable to work due to the pandemic. 156 people joined seven physio webinars Mobilising our people Drawing on the lessons of 2020, Avast leadership recognised the need to adapt for a future that will require more flexibility, greater resilience and agility than ever before. In clarifying our Company purpose and long- term strategy, we also took the opportunity to more strongly align our organisational structure, employee value proposition, culture, and incentives to our long-term vision. Our five-step approach to reaching that vision is a laser focus on our customers, technological innovation, growing our B2B segment, bringing our brand to life, and optimising our structure for simplicity and growth. Simplification and optimisation In October, Avast reorganised to simplify the Company structure and support future growth, resulting in changes to leadership roles and the departure of just over 10% of staff. Peter Turner was appointed to a new role as Chief Commercial Officer, with all sales, acquisition, and product marketing functions reporting into him. Vita Santrucek took on the role of Chief Product Officer, responsible for all product development and engineering functions. The IT function was decentralised into the teams led by Vita Santrucek, Chief Product Officer, and Jaya Baloo, Chief Information Security Officer (CISO), resulting in the departure of our Chief Information Officer, Detlef Steinmetz, at the end of the year. Across the organisation, we have created new, multi-disciplinary teams that can work autonomously, focussing on specific areas and deliverables, driven by performance and measured by clear metrics. Change Engagement Group Following the announcement of the reorganisation to support our simplified structure and growth, Avast instituted a new employee feedback platform, the Change Engagement Group (CEG). It comprises a representative set of employees from around the business, and is led by Ondrej Vlcek, Rebecca Grattan, Chief People and Culture Officer (CPCO) and the Designated Non-Executive Director for Employee Engagement, Pavel Baudis. The CEG met weekly during the last quarter of 2020 to provide feedback about how the transformation was being received and to make recommendations to leadership based on that feedback. Seen as a critical platform for engaging employees and representing their concerns to leadership, the CEG will continue to meet throughout 2021 to provide insights and recommendations to management. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 67 Avast culture In 2019, we had already begun a journey to rearticulate and strengthen Avast’s culture. Four key values – Customer Comes First; Think Big; No BS, Ever; and Give Back – were developed to support a culture of responsibility, innovation, and autonomy. In 2020, we continued this journey through engagement with our workforce, although the form was different than expected. In April, over 600 Avastians participated in webinars to learn about the initiative and many provided their feedback on the ’beta version’ of the Avast Culture Book. While engagement with the exercise was high, as the pandemic wore on, we saw an increasing need to reflect on the changes necessary to ensure Avast’s culture is aligned to a radically different post-COVID reality, putting the culture initiative as such on hold in favor of company-wide discussions around the future of work. Ultimately, Avast leadership articulated the following principles, which describe the culture that we are committed to forging within the Company. These principles underpin the concept of Whole Life Flexibility that was introduced at the end of 2020, and will be the basis for continued work on our culture throughout 2021. Our principles Avast Board involvement in Avast culture and engagement Our Board plays an active role in monitoring workforce engagement and culture. One Board meeting per year focuses specifically on people and culture, looking at the outcomes of the prior year employee survey and plans for addressing the results. Rebecca Grattan, CPCO, regularly updates the Board on workforce engagement and culture, which are monitored in several ways. In 2020, the Board had sight into both the annual employee engagement survey, and Growth Mindset survey, which provide insight into global attributes of culture and areas for improvement and growth. Further, the succession planning exercise undertaken by the Nomination Committee included an assessment against a capability and cultural matrix. Pavel Baudis, Designated Non- Executive Director for Workforce Engagement, participates in initiatives to connect with employees and better understand engagement concerns. He conducted site visits in early 2020, prior to the pandemic travel restrictions, and presents at monthly employee onboarding sessions. Mr Baudis is a member of the Avast Diversity Committee and the Change Engagement Group. Throughout 2020, he also participated in consultations with employees on the Future of Work agenda, and reports regularly to the board on engagement and culture, based on his contact with employees. We work in ways that are mature and adult (based on mutual trust and transparent, open communication) We hold each of us accountable We promote an environment that’s achievement-focused, not input focused We encourage everyone to behave autonomously We work effectively asynchronously In order to assist colleagues in understanding the behaviours that support these principles and the culture we are seeking to achieve, all Avastians were invited to participate in a Growth Mindset survey. Designed in collaboration with the Chemistry Group, a talent strategy consultancy, the survey measured growth mindset in the context of Avast’s existing values and behaviours. Over 1,300 Avastians participated in the voluntary survey. Each participant received a detailed individual feedback report showing them how to embrace these concepts in their daily work and development planning. Webinars to help colleagues understand and interpret their individual results were held in November and development interventions for managers and colleagues are built into our 2021 organisational learning and development planning. In addition, we will continue to incorporate the Growth Mindset and associated behaviours in our people processes and culture development throughout 2021. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 68 People and culture continued COVID-19 and the Future of Work During the first weeks of the COVID-19 crisis, we addressed the immediate needs of safety, stability, and security to help Avastians transition to remote working. With COVID-19 response teams in place, Rebecca Grattan, CPCO, provided timely updates and resources for the workforce in the form of ’Our New Normal’ weekly newsletter. A dedicated communications team also created additional intranet resources and updates via dedicated Slack channels to keep colleagues up to date with the rapidly changing situation in each 1,300 Avastians participated in the voluntary survey location. These solutions helped to stabilise the organisation in the short term. However, the ongoing pandemic and the move to long-term working from home necessitated a search for solutions to meet the future needs and individual circumstances of Avast’s workforce. In June, the Future of Work project was established to seek feedback and input from Avastians across the globe and to accelerate the creation of well-tailored solutions for a world-class employee experience, regardless of external circumstances. Over 120 staff joined the project to work directly with the People and Culture team leadership to gather and provide input from employees throughout the business. Their feedback and proposals informed our decision to implement the Whole Life Flexibility policies, which we expect will become a strong enabler of employee engagement, organisational productivity, and talent attraction. Whole Life Flexibility We believe that when you ask people to give their best – which we expect at Avast – then you must do everything possible to enable them to do so and to reward them when they do. In a year of remote working, our colleagues have more than proved their dedication, ability, and desire to get things done even in the most difficult circumstances. When they needed to reimagine the structures of their days to accommodate for work, home schooling, © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm and new caring responsibilities, Avastians showed that they were more than capable of organising their lives to meet their needs and those of the Company and our customers. Although it became a de facto way of operating in 2020, this ’everyday flexibility’ will be the official policy of Avast, effective from 1 January 2021. Empowering our people by removing any strict requirements on specific work start or end times, number of daily working hours, or taking time off in the middle of the day to fulfill other responsibilities will enable them to be more productive and engaged. We also support Whole Life Flexibility in two additional groundbreaking ways. First, Unlimited Personal Time Off (PTO) will become standard for our employees in all jurisdictions, allowing them to make the right choices when it comes to taking days off for mental wellbeing, spending time with family, relaxing, and pursuing personal passions, provided they are able to meet the obligations of their role, and subject to manager approval. Second, employees can choose between two working modes: Work from Office (WFO) or Work from Anywhere (WFA). Those who choose WFO will have their dedicated desk and equipment set up for them in their local office, while still being able to occasionally and at their discretion work from home. People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 69 People and culture continued Those who choose WFA will have standard equipment set up for them in their home office, be able to work remotely from anywhere (in compliance with our WFA policy), and still have access to hot desks and shared working/collaborative spaces within our local offices. While managing these arrangements adds a layer of complexity to operations, we are committed to working with employees on a case by case basis to forge a truly global workforce and unlock the benefits that come from providing this level of flexibility and support. Offices are rapidly becoming less important as locations for dedicated working, but if 2020 has taught us anything, it is that a balance between physical and remote work is important. In 2021, Avast offices will be redesigned to provide different types of working environments, to enable focused work, group collaboration and co-creation, and socialising to spark creativity and create connection among our colleagues. Finally, we are committed to making all Avast employees shareholders and creating an alignment between their long-term compensation and Avast’s strategic goals. Beginning in 2021, eligible employees will receive a one-time RSU grant, equivalent in value to 40% of their annual base salary, and capped at 10,000 units. Through the Employee Share Matching Plan, employees will continue to be able to receive one free share for every three purchased shares after a two-year holding period, and Avast will continue to grant additional RSUs to a select group of high-performing and high-potential employees each year as a part of its existing long-term incentive plan. Learning and development Avast supports our people to grow personally and professionally. Training and people development resources went entirely online for most of 2020, as we adapted to our remote working environment. In addition to providing our normal offerings virtually, we introduced several additional modules around change management and resilience to help employees and managers gain the skills they needed to navigate the tumultuous year. We emphasise leadership development through focused training and programmes for middle managers and people leaders. In 2020, 43 managers attended the First Line Leadership Academy, which prepares leaders for the challenges of a rapidly evolving business environment. An additional 63 managers deepened their skills through the Advanced Leadership courses, which emphasise recognising and developing talent. Our emphasis on leadership development continues in 2021, ensuring our leaders are well equipped to support Avast’s culture and deliver on the Company’s long-term strategy. 43 managers attended the First Line Leadership Academy Self-directed learning is available to all Avastians through online learning platforms offering technical training courses, language training, and personal development on demand. The Avast Virtual University provides on-demand and live, interactive online training, certifications, and resources in a range of technical and professional areas, through a third-party online platform. During 2020, there were 350 active learners on the platform; they accessed 1,710 pieces of content, watched 37,000 minutes of training and attended 89 live webinars. Avast learners are also engaged in on-demand and live online tutoring and courses in English, French, German, and Czech, as required by business needs. Employee engagement Engagement with our employees in 2020 took on multiple forms, with a focus on increasing communication from leadership and providing additional feedback channels for employees. These channels included our COVID-19 response teams, as well as open discussions with Avastians about our Company culture and values, and our annual Your Voice employee survey. Your Voice engagement survey Avast measures employee engagement at the end of each year through the Company- wide Your Voice survey. The survey is launched in December and closes in early January, in order to capture engagement at the end of the calendar year. For 2020, engagement was 65%, based on the participation of 81% of our workforce. This compares with an engagement score of 73% and participation of 89% in 2019. Given the tumultuous year that our employees have endured, as well as the strategic restructuring during the last quarter of 2020, management expected to see a decrease in employee engagement. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Strategic report Governance Financial statements Avast plc annual report 2020 70 People and culture continued While Avast has endured the impact of COVID-19 well, there has been an inevitable toll on our workforce. Many employees are weary of uncertainty, but the majority are motivated by the Company’s vision and just cause: 74% are proud to work for Avast and 70% say they feel like they belong at the Company. In comments, Avastians revealed that they believe we can do even more to focus on customers and listen to employee feedback. We value our colleagues’ candour and willingness to share their insights about what needs to be improved, and a detailed analysis of the survey results to identify key concerns is already under way. Even with the challenges our colleagues faced this year, there is a lot of optimism. Employees’ responses indicate that we have the building blocks of a highly aligned, high-performance culture, and that Avast is primed well for longer-term sustainable growth. Questions around teamwork and ownership, for instance, are 84% positive, and management is rated at 83% positive. Employee engagement and cultural alignment is always an ongoing project. Avast management is committed to responding to employee concerns, increasing and improving communication, and stabilising the organisation to elevate engagement levels in 2021. 84% positive responses on teamwork and ownership A new position of Global Engagement & Culture Partner was established at the end of 2020 to increase engagement in order to drive better business outcomes, and ensure that we become more inclusive, and give everyone a voice by creating a culture of two-way communication and feedback between all leaders and employees. A practical and simple action plan to address the issues raised will be released in Q1, and this person will work closely with leaders throughout the year to implement changes and follow up on employee concerns. I’m excited to bring my product background to this role and to show leaders how high employee engagement correlates strongly with better business outcomes, like increased revenue, innovation, quality, and retention. Paul Yung Avast’s first Global Engagement & Culture Partner Internal communication Effective internal communication is the backbone of employee engagement. Driven initially by the pandemic and the demands of remote working on our workforce, we have increased the focus on internal communication throughout 2020. We have focused both on increasing the volume and regularity of substantive communication from our leadership through All Hands meetings, Ask Me Anything and Q&A sessions with leadership, and executive communications via email and Slack. In addition, we have introduced additional mechanisms, such as the Future of Work initiative and the Change Engagement Group, to increase cross-functional communication and collaboration, and increase feedback and bottom up communication. At the end of 2020, at the recommendation of the CEG, we have also begun a series of open conversations specifically on improving and maintaining good internal communication to better support our business objectives. This work will continue in 2021, as we embrace the changes to our ways of working engendered by the Whole Life Flexibility platform: more hybrid, asynchronous and flexible working, with some employees returning to offices as the situation with COVID-19 evolves and many others globally distributed and continuing to work from home. Diversity and inclusion The Avast Board and management are responsible for ensuring that Avast meets its diversity targets and fosters the appropriate inclusive culture to attract, retain, and advance diverse talent. Avast believes that diversity in all its dimensions is critical to organisational success, and we actively work to remove bias from all internal processes and practices. Avast’s Diversity Policy documents our commitment to ensuring that all recruitment, promotion, and access to training and resources are done without bias and are free from discrimination. The policy also states that it is the responsibility of all Avastians for fostering an inclusive and safe working environment for all colleagues. In 2020, Avast appointed its first Diversity, Inclusion and Communities Director, Dita Formankova, to set the Company’s strategy for recruiting and retaining female talent, connecting with diverse communities, and creating an inclusive culture to foster innovation. Dita previously founded and was the CEO of Czechitas, a Czech NGO inspiring, educating, and empowering new talent into IT with a community of over 25,000 alumni. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 71 The diversity and inclusion (D&I) team and agenda are advised by the Diversity and Inclusion Committee, which meets every two months and is chaired by Chief Financial Officer Philip Marshall. Rebecca Grattan, CPCO, Jaya Baloo, CISO, Pavel Baudis, NED and Chair for Workforce Engagement, and Maggie Chan Jones, Independent NED are also on the Committee, along with Dita Formankova and employee representatives from across the business. Within our industry, gender diversity is sorely lacking, and we have a responsibility to improve the representation of women within leadership and technical roles. We have therefore concentrated on making measurable improvements to gender diversity at the board and executive levels, and will focus on increasing the representation of women in technical and leadership roles in 2021. Signalling his personal commitment, Ondrej Vlcek joined the 30% Club, a global campaign of CEOs and chairpersons which aims to increase female representation at the board and executive level to at least 30% through voluntary action. The Company aims to reach 33% or higher representation on our Board and Executive Management team by the end of 2021. Employee Category Women Men % Women % Men Board Executive Management team* Senior management (active employees)** Staff (active employees)** 3 3 8 27% 73% 8 27% 73% 17 48 26% 74% 454 1234 27% 73% Numbers as of 31 December 2020 * Executive Management team includes CEO and his direct reports ** Senior management excludes administrative support staff reporting to the executive team *** Staff excludes Executive Management team, but includes senior management Board diversity At the end of 2020, Avast’s 11-member Board comprised three women and four men as independent Directors and four male non-independent Directors (Avast’s CEO, CFO, and two Company founders). Two of Avast’s long-serving independent Directors, Ulf Claussen and Erwin Gunst, will be leaving the Avast Board following the next Annual General Meeting (May 2021) as their tenure expires. With their departure, we are actively recruiting one new independent Non-Executive Director and the board size will be reduced to 10. With 10 members, Avast’s Board composition will be at least 30% female. Further information about the Board’s diversity policy can be found in the Nomination Committee report on page 103. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Executive diversity The gender balance of Avast’s Executive Management team improved from 9% to 27% over the course of 2020 as the composition of the team changed. At the beginning of 2020, Avast’s Executive Management team comprised one woman and nine men, following the departure of Robin Selden, Chief Marketing Officer (CMO), at the end of November 2019. Two women, Rebecca Grattan, CPCO, and Lisa Carey, CMO, joined in H1 2020, along with Julio Bezzera, Chief Strategy Officer. Gagan Singh, Chief Product Officer, and Alan Rassaby, Chief of Staff, left the organization in H1. Detlef Steinmetz, Chief Information Officer, left at the end of 2020. Thus, at the beginning of 2021, the Executive Management team comprises 30% women. Additional changes to the Executive Management team in 2021 will bring the gender diversity to 40% female. Kelby Barton, General Counsel and Corporate Secretary, will leave Avast in April, to be replaced in the role by Trudy Cooke, who joined Avast on 1 March, bringing extensive experience across both private and public markets. Together we are creating an attractive environment where everyone is treated fairly and respected. We focus on supporting communities, educating new talent, creating visibility for our experts, and removing barriers so no one is burdened by any prejudices against their background, age, gender identity, sexual orientation, disability, or appearance. Dita Formankova Director, Diversity & Inclusion and Communities People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 72 People and culture continued Gender pay equity A detailed gender-based analysis of salaries at each staff level across the entire organisation was conducted as part of the annual salary review. The exercise and outcome demonstrated our serious approach to equal pay and revealed that we do not have a material pay-equity issue. While our overall organisational gender pay gap analysis yielded a difference of around 24% in favour of male employees, this difference is driven exclusively by the greater number of men at senior and executive levels, a situation that we are working to remedy by focusing on increasing women in leadership. The analysis compared peers, accounting for region, function, salary band, and type of role. In total, only 86 employees (36 women and 50 men) needed their salaries to be levelled up to bring them in line with the expected pay for their role. We will continue this practice yearly to ensure that any pay gaps, gender-related or otherwise, are rectified in a timely manner. As part of our Whole Life Flexibility approach, all Avast employees will receive one-off RSU grants equivalent to 40% of their annual salary. With the full support of the Board, we have ensured that those on maternity and parental leave will also receive these grants. Being a part of the D&I team means constantly thinking about how to improve the experiences of our customers and employees. It’s all about the people. Bianca Grassi Senior Visual Designer and D&I Champion, Prague Foundations of D&I 2020 was the first year in which Avast had a dedicated D&I function, and activities were focused on creating a solid foundation from which to launch strategic initiatives to foster an inclusive culture and improve the hiring and retention of diverse candidates in the long term, while focusing in the immediate term on increasing the number of women in leadership and technical positions. For 2021, in addition to targeting 33% female representation for the Executive Management team and the Avast Board, Avast aims to increase the proportion of female employees within Avast by 4% over 2020 by creating an inclusive culture focused on equality of opportunity. The D&I programme is built around five strategic areas: Data: knowing our people; Advocacy and awareness: building knowledge of D&I among Avast staff and increasing our external visibility on D&I issues; Education: building IT skills capacity for women in Avast and sponsoring IT education for diverse communities; Partnerships: extending our reach to diverse communities through expert partners; Internal Policies and Practices: ensuring that we apply a D&I lens to all people-related practices. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 73 Diversity and inclusion programmes As knowing our people is one of the foundations of our D&I strategy, the D&I team began a series of focus groups for Avastians from different backgrounds. Over 30 women participated in six focus groups on women in leadership and women in technical positions, revealing that the greatest opportunities for making Avast a more inclusive environment rest with leadership development, improving awareness of unconscious biases and the benefits of diversity in general, and greater representation of employees from different backgrounds. Additional focus groups are planned in 2021 for employees from the LGBTQ+, people of colour/BAME, disability and other underrepresented communities. We build awareness internally and externally in a variety of ways. The D&I agenda is visibly supported by Avast leadership both through engagement with our employees, partners, and press, and through events. D&I Champions in each of Avast’s major locations coordinate local activities to raise awareness and engagement in D&I initiatives. D&I content will be incorporated in 2021 through leadership training, HR and hiring manager training, and unconscious bias and other learning resources will be made available for all staff over the course of the year. Presence at women-focused recruiting events and creating additional awareness of Avast’s D&I initiatives will be priorities during 2021. We work with partners to improve our outreach to diverse communities and become more active in bringing women and girls into IT, thus investing in building a pipeline of female candidates. Four partnerships were established in 2020. In the Czech Republic, we have become the General Partner sponsoring the diversitytalentpool.cz platform launched by OPIM, which connects diverse candidates or those from minority or underrepresented backgrounds to companies that value diversity and create inclusivity. 30+ participated in six focus groups on women in leadership and women in technical positions We also continue our longstanding partnership with Czechitas to support Digital Academies and requalification courses for women in data analytics, web development, and testing. In Slovakia, we have partnered with Aj Ty v IT to support their academies and a long-term course introducing women to IT security. In the UK, we are sponsoring women into Code First Girls courses and nano-degree programmes. This organisation serves a community of over 20,000 women, 50% of whom come from a black or minority ethnic background. Fostering diversity and including marginalised groups goes beyond addressing issues of gender representation, and Avast is proud to support additional initiatives to increase our outreach to new communities and create an inclusive culture. We joined the Pride Business Forum in the Czech Republic and signed the Charta Diverzity in Slovakia this year, signalling our commitment to the LGBTQ+ community and to inclusivity generally. It’s humbling to be able to propel change in Avast by establishing D&I partnerships that support underrepresented groups in tech. Janine Luk Software Engineer and D&I Champion, London © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 74 People and culture continued Our people, going above and beyond From the very start of the pandemic, Avastians around the world volunteered their time, technology, and expertise to help the fight against COVID-19. 1,000 hot meals a day were provided to key workers in Prague Food bank schemes backed in US cities such as Sacramento and Alameda. Translating vital medical materials Avast language experts helped translate vital medical materials from different languages for use in local hospitals. 3D printed face masks produced for use by medical professionals (in collaboration with the Czech Technical University in Prague) © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Employee volunteering and initiatives In addition to volunteering time and resources toward COVID-19 relief, Avastians engaged in other community service projects. Despite the ongoing lockdown in the UK, the Avast team participated in volunteer activities with the Demelza Hospice Care for Children to help keep the sites looking beautiful, and wrapped presents and sorted clothes and other items in their stores and warehouse. The Avast cooperation with Demelza began in 2019, when CEO Ondrej Vlcek decided to donate his Directorship fee to the hospice’s sibling, family support, and expert nursing care services. An Avast team also supported the hospice with technical expertise during lockdowns, providing information on online safety and security for families, and ensuring access for virtual events. We also worked around restrictions in the Czech Republic to deliver a unique pilot programme for individuals with autism spectrum disorder (ASD) seeking employment in the IT sector. Six employee volunteers were trained and then mentored three individuals with ASD to help them improve their IT skills, raise their confidence level, and provide structured social interaction. In November, a group of dedicated employees injected a bit of fun into their virtual meetings with Avast Movember, which has become a Company tradition to raise funds for men’s health, including cancer research, mental health, and suicide prevention. The Avast team raised over CZK 880,000 (approx. $40,000), including matching donations from our Founders, former CEO Vince Steckler, and CEO Ondrej Vlcek. Proceeds went directly to the Men Against Cancer foundation in the Czech Republic. Avast Donation Matching Programme Over the summer, Avast employees called for additional ways to help in their communities. Through a new employee donation matching programme, Avast matched each dollar donated by Avastians fivefold. In total, $735,000 was donated to 10 organisations in the Czech Republic, Slovakia, the UK, the US, Germany, and Serbia, tackling issues ranging from developing quality patient care for COVID-19 survivors, supporting caregivers, providing meals for essential workers and food aid to vulnerable communities, and supporting victims of domestic violence affected by the pandemic lockdowns. In response to Black Lives Matter protests and social unrest following the killing of George Floyd in the US, donations were also made to the American Civil Liberties Union, an organisation defending and preserving individual rights and liberties. People and culture continued Strategic report Governance Financial statements Avast plc annual report 2020 75 Social responsibility and sustainability Building a robust business that delivers shareholder value while creating positive social impact Simply put, we believe that it is possible to do well by doing good – and to do good by doing well. Since its very early days, Avast has operated in a way that allows us to responsibly meet the needs of our stakeholders, avoid excessive environmental impact, and create positive change in the wider society. In this exceptional year, we recognised many opportunities to give back, and as always, have acted with the best interests of our people, customers, and communities in mind. While the COVID-19 pandemic has had global repercussions, we know that there are many other pressing challenges that require our attention. Giving back through social impact programmes remains a cornerstone of our social responsibility initiatives. However, there is also a need to respond to the climate crisis, and other concerns of key stakeholders, more holistically. Over the course of 2021, we will be creating a comprehensive Environment, Social, and Governance (ESG) programme and reporting frameworking, including a new sustainability strategy built on the standards of the Taskforce for Climate-related Financial Disclosures (TCFD), the Sustainability Accounting Standards Board (SASB) metrics for the software sector, and the Global Reporting Initiative (GRI) framework. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Strategic report Governance Financial statements Avast plc annual report 2020 76 Environment, social and governance – Towards a more holistic approach As part of its broader corporate responsibility, Avast has a significant role to play in coherently addressing the social, economic, and environmental factors impacting our business, our employees, our customers, and our communities. We recognise the important distinction from traditional social responsibility programmes: the impact of ESG factors on company performance and value. We are committed to making meaningful progress on a holistic ESG programme, advancing our management of, and reporting of these issues. We have started to look at where we are today and the direction we want to take. While it’s early in the process, within the next 12 months we intend to implement an enhanced set of internal controls throughout the organisation for evaluating and managing ESG risk and opportunity, and develop key performance indicators to inform our decisions in a way that is meaningful and transparent. Our actions will be informed directly by stakeholders and with reference to GRI Standards and the SASB software sector guide and references, as well as the TCFD and the Carbon Disclosure Project (CDP) frameworks. Consequent learnings are expected to touch on Avast’s business, strategy and financial planning. An important initial step is identification of strategic and material priorities; the principal factors that could create or destroy value in our business. Later this year, the Company will present a more detailed roadmap as part of the implementation of the new ESG programme, but the priorities that we’ll address include: data privacy and protection, environmental responsibility, diversity and inclusion, and social impact. Customers entrust us to manage one of their most precious assets – their data. Earning trust as a data authority is not limited to products and services, but also encompasses our own operations as we fulfill information security and privacy requirements, and best practices. Our priorities will focus on maintenance and ongoing improvement of capabilities to safeguard data and protect privacy. Managing our natural resources responsibly is a duty we owe to all stakeholders. We have completed our first independent audit of GHG emissions to assess our Company-wide footprint. We now intend to expand our measurement and reporting on environmental sustainability in support of continual improvement. At Avast, fostering an environment that celebrates diverse perspectives and thinking is a top priority. Under the supervision of a newly appointed diversity and inclusion leader, the Company is actively engaging with employees to identify opportunities for Company-wide advancement in multiple diversity categories. Avast is relaunching the Avast Foundation with a new mandate focused on digital citizenship and digital freedom in 2021. The Group is committed to maintaining its commitment to social impact initiatives based on the Pledge 1% model, through which 1% of profit, time, and product are contributed annually to charitable causes. In developing the ESG programme, we are committed to providing a clear definition of the sustainable processes within the business to identify risks and opportunities, as well as explanation of management’s ongoing assessments and the Board’s oversight role. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Social Responsibility and Sustainability continued Strategic report Governance Financial statements Avast plc annual report 2020 77 Environmental disclosures Avast is committed to operating in an environmentally responsible manner, and has committed to transparent disclosure of emissions data, alongside a clear intention to offset remaining emissions and reduce Avast’s overall environmental footprint. In 2020, Avast completed its first scored CDP questionnaire. CDP is a non-profit organisation that runs the global disclosure system for investors and companies to better manage their environmental impacts, and is aligned to the TCFD reporting framework. Our C rating indicates that, although we have opportunities to improve our environmental and climate programme, we have an appropriate awareness and some existing mechanisms for monitoring and improving our operations and business practices to reduce our environmental footprint. At the end of 2020, Avast commissioned an external audit to review our prior emissions calculations, investigate whether the main drivers of our environmental impact are accurately captured, and provided additional recommendations for reducing our emissions, especially in light of the new Work from Anywhere policies that will fundamentally change the way in which we use our offices. The audit was conducted by ENVIROS, a leading Prague-based consultancy specialising in business, environmental, and energy services. Greenhouse gas emissions calculation and methodology Avast has a viable programme for collecting relevant data from suppliers, data centres, and landlords in order to calculate its carbon emissions. Since first implementing our greenhouse gas (GHG) emissions calculation activities, we have been able to capture a greater percentage of measured data each year, thereby reducing the need to estimate or extrapolate. We are consistently looking for ways to refine and improve the accuracy of our calculations and better understand our GHG emissions and carbon footprint. Based on recommendations from the audit conducted on our past disclosures (2018, 2019) and current process, we have decided to make adjustments to our 2020 and future calculations. Thus, our calculations are made according to the Greenhouse Gas Protocol Corporate Standard, and we have used the UK government’s DEFRA conversion factor guidance for 2020 for worldwide energy consumption, excluding the Czech Republic, for which we have applied conversion factor guidance from the 2018 Yearly Report on the Operation of the Czech Electrical Grid by the Energy Regulatory Office, UNFCCC Czech Republic. The emission factor for the Czech Republic is significantly higher than that for the UK, due to the higher use of solid fossil fuel (coal) in the Czech electricity mix. We also changed the calculation of scopes 1 and 2, including data on gaseous substances in scope 1 and heat and steam in scope 2. The net result is a higher emissions number that more accurately captures our GHG emissions. To make it possible to compare this data year on year, we have recalculated past years according to these more accurate parameters, demonstrating that we continue to be committed to reducing our emissions and taking responsibility for our operations. 2020 greenhouse gas calculation Operational responsibility for Avast’s environmental impact generally rests with our facilities and IT infrastructure leadership. Our primary environmental impact comes from the office facilities in which we house our employees and our data centre operations. Changing from office- based working to home-based working for the greater part of 2020 meant that our facilities-based emissions were lower in 2020 than in 2019. In addition, the complete restriction in business travel due to the pandemic meant that our emissions due to travel were greatly reduced. Data on the impact of reduced employee commuting and the distributed impact of employees working from home could not be captured under our current reporting framework, and so we have not attempted to incorporate these changes into our calculations. Overall, our emissions from electricity (scope 2) were reduced by 12.5%, while our emissions from fuel and the operation of buildings (scope 1) dropped by 25.4%. In 2020, Avast primarily used infrastructure in 12 data centres located in Europe and the Americas, while using some Amazon Web Services and smaller data centre capacity as needed. Of our 12 main data centres, six of these are Equinix data centres which operate on renewable energy only and account for 28.5% of our energy use from data centres. Equinix is committed to sustainability and is a leading provider of data centre services that are run on renewable energy and green by design. Calculations for facilities were based on measured data from our offices in Europe, the UK, Asia, and the USA, accounting for over 97% of the data. The remainder was extrapolated as an average for each office based on the known data. Calculations for our data centres were based on actual electricity consumption for those data centres in which we have owned hardware and for which we pay directly for energy consumption and on maximum allowable consumption for data centres in which we pay for consumption up to a certain limit. Rented data centre infrastructure is considered out of scope. 6 out of 12 of our main data centres are Equinix data centres which operate on renewable energy only and account for 28.5% of our energy use from data centres © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Social Responsibility and Sustainability continuedSocial Responsibility and Sustainability continued Strategic report Governance Financial statements Avast plc annual report 2020 78 with dedicated parking allotted to those employees who drive electric vehicles. As we change our ways of working in 2021 and beyond to accommodate for more flexible working and home office working based on the Work from Anywhere concept, we are also envisioning how we can use these two flagship offices for collaboration and community spaces and examining how these changes in use can support our goal to become more energy efficient. As a first step, Avast will purchase green energy for its offices in Prague and Brno, Czech Republic, beginning in 2021. We are also reviewing the feasibility of additional suggestions proposed through the audit process, and whether or not to implement such changes in 2021 or beyond. GHG emissions (for the year ended 31 December 2020) Scope Scope 1 2020 tCO2e 2019* tCO2e 2018* tCO2e Usage of fuel and operation of buildings 57.9 77.6 96.1 Scope 2 Emission from electricity Total (Scopes 1 & 2) Intensity ratio (tCO2e/m$ adjusted revenue) 3,886.1 4,443.6 4,395.8 3,944.0 4,521.2 4,491.9 4.42 5.18 5.42 2019* and 2018* calculated based on updated methodology including Czech-specific conversion factor and addition of gas data to scope 1 and heat and steam to scope 2. A small proportion of our combined scope 1 and 2 emissions are generated within the UK. The UK represents less than 1% of our scope 2 emissions (electricity, heat, and steam), but 33.7% of our Scope 1 emissions (diesel and gas). Details are provided in the tables below. UK vs offshore Other (non-UK) Offshore UK UK Grand Total Scope 2 Sum of tCO2 3,849.4 0.00 36.7 3,886.1 Country UK vs offshore Scope 2 EE in KWh Scope 2 Steam in KWh Scope 2 Heat in KWh Scope 1 Fuel (diesel) in kWh 2020 Scope 1 Sum of tCO2 38.4 0.00 19.5 57.9 2020 Scope 1 Gas in KWh Other (non-UK) 7,255,239.2 436,388.9 802,872.0 21,497.9 180,611.5 Offshore UK UK Total 0.0 151,478.1 0.0 0.0 0.0 8,034.8 0.0 0.0 0.0 106,133.0 7,406,717.3 436,388.9 810,906.8 21,497.9 286,744.5 Carbon offsetting and emissions reduction activities As part of the climate change and carbon management strategy, Avast chose to use purchases of carbon credits to offset its scope 1 and 2 emissions beginning in 2019. The Group is committed to better understanding our scope 3 GHG emissions in the future and investigating opportunities to reduce all GHG emissions. In 2019, we offset 2,777 tCO2e through a Gold Standard portfolio of programmes, and in 2020, we offset 2,200 tCO2e, based on initial assumptions of our scope 1 and 2 emissions. Based on the recalculated emissions conducted following the audit we commissioned, our combined scope 1 and 2 emissions for 2019 and 2020 are 4,521.2 tCO2e and 3,944.0 tCO2e, respectively. This means that our total offset for these two years falls short by 3,488.2 tCO2e. We will therefore offset this amount in addition to our calculated 2021 scope 1 and 2 emissions. In the future, we aim to continue to improve the accuracy of our calculations and to base our offsetting on calculated emissions, while investigating other measures to improve our efficiency and reduce our overall emissions. Avast’s two largest offices, located in Prague and Brno, Czech Republic, are both housed within buildings awarded BREEAM Excellent – New Construction certifications. Our operations in these offices are PET-free, and the buildings are equipped with waste separation, recycling programmes, light and climate control to reduce energy consumption, and in Prague, chargers for electric vehicles, © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Social responsibility and sustainability continued Strategic report Governance Financial statements Avast plc annual report 2020 79 Ethical business The Executive Management team is responsible for ensuring that all staff have access to and comply with the policies governing our business practices, community engagement, and charitable activities. All Avastians are required to follow the principles outlined in the Avast Code of Conduct and associated policies in order to uphold our commitments to ethical business practices, human rights, and social responsibility. Avast also obtains assurance from its suppliers, contractors, and those doing business on its behalf that they comply with certain ethical, social and legal standards. Human rights Avast deeply respects and upholds the principles of human rights as articulated in the United Nations Guiding Principles on Business and Human Rights, the Universal Declaration of Human Rights, and the International Labour Organization Declaration on Fundamental Principles and Rights at Work. Transparency and anti-corruption We do not tolerate corruption or bribery in our business operations and have policies in place to disclose and mitigate all potential conflicts of interest. Our commitments to human rights, transparency and anti-corruption are reflected in our business practices, charitable outreach, and community engagement, and documented in our Code of Conduct, annual Modern Slavery Transparency Statement, and related corporate policies, including: Suppliers’ Guidelines; Sanctions, Anti-Money Laundering and Counter Terrorist Financing Policy; Anti-Corruption Policy; Related Party Transactions Policy; Conflict of Interest Policy; Whistleblowing Policy; Avast Grievance Procedure; Avast Recruitment Policy; and Modern Slavery Policy. These policies are available for consultation to all employees via our intranet, and all employees must certify that they have read and understood these policies following mandatory training. Avast’s comprehensive Supplier Guidelines are published on our website, and cover our expectations for our supply chain with respect to labour, working conditions, occupational health and safety, business conduct and ethics, environment, conflict minerals, and management systems and adherence to international standards of conduct. Prior to signing contracts with any service providers, Avast requires that suppliers acknowledge these guidelines and agree to adhere to them. Avast has also implemented processes for our existing suppliers to agree with these principles. Avast employees and the public can report any perceived violations of these policies through the Avast Whistleblowing hotline, which is operated by a third-party provider to ensure confidentiality. All reports are assessed and where necessary, formal investigations are undertaken. Periodic summary updates are provided to the Audit Committee of the Avast Board. Avast complies with all applicable export control laws, as outlined in our Sanctions, Anti-Money Laundering and Counter Terrorist Financing Policy. Adherence is maintained through various internal processes and controls, as well as those of our partners, suppliers and resellers. User information is compared against lists of restricted parties published by relevant governmental agencies, including: the U.S. Department of Commerce Denied Persons List; the U.S. Department of Treasury’s Specially Designated Nationals List; U.S. Government export exclusion lists; Consolidated list of financial sanctions targets in the UK; and Consolidated list of persons, groups and entities subject to EU financial sanctions. Avast has implemented processes to prevent users based in sanctioned and embargoed territories from downloading, purchasing, operating, or updating our products and services. All of Avast’s policies are periodically reviewed and updated to ensure that they provide the appropriate framework for upholding our commitments to ethical business practices and that they accurately describe the business process which they govern. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Social responsibility and sustainability continuedSocial responsibility and sustainability continued Strategic report Governance Financial statements Avast plc annual report 2020 80 Social impact Giving back is in Avast’s DNA For the last decade, the Avast Foundation has been the Company’s primary vehicle for giving back. It has been a remarkably successful change agent in social issues such as palliative care, early childhood education, and supporting families of children with disabilities in the Czech Republic. At the beginning of 2020, the desire to see a greater global impact and increase the alignment of our social impact and charitable giving with Avast’s core purpose prompted a deep examination of the Avast Foundation and its future. We are proud that the Avast Foundation will be re-launched in 2021 with new leadership, a global mandate and a focus on developing programmes within the core areas of Digital Citizenship and Digital Freedom. Avast will maintain its annual, estimated $5 million, commitment to social impact initiatives based on the 1% of profit model. We have also seen this year that the unprecedented circumstances of the pandemic have required extraordinary actions by companies, governments, and citizens alike. On top of funding the Avast Foundation’s entire $4.3 million operating budget through its regular annual donation, Avast made an exceptional donation of $25 million USD to various efforts to fight COVID-19 and enabled the use of Avast infrastructure and expertise to support relief efforts. Our ability to respond meaningfully to crises and pressing social needs is a product of our sound business operations and the unequivocal value placed on giving back, with impact, and we are proud that our people also embody this spirit through their community involvement. Avast Foundation: Building on 10 years of impact The Avast Foundation will focus from 2021 onwards on programmes in the areas of digital freedom and digital citizenship, areas more closely aligned to the Company’s business and core expertise. Shane Ryan, former Deputy Director of the UK National Lottery Community Fund, joined as the Avast Foundation Global Executive Director in February 2021. He brings with him a wealth of global experience leading non-profit and charitable organisations, with a demonstrated history of social and community impact. A new Czech entity, Abakus, was established to continue the important work of the outgoing foundation under its existing leadership. We are very proud of the long history and programmes that the Avast Foundation undertook in its first decade. Funded entirely by donations from Avast, totalling over CZK 1 billion CZK ($50 million) over 10 years, it focused primarily on systemic issues and programme delivery through long-term partnerships and coalition building in the areas of palliative care, early childhood education, and support for families of children with disabilities. Avast employees also played an active role in the foundation’s giving through © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Be Safe Online Be Safe Online (BSO) is a non-commercial educational outreach programme built for pre-teens and early teens. Initially reliant on a collaboration with local influencers and built on a model of visiting schools directly, the programme was transformed in early 2020 from a roadshow of local lectures into a scalable, self-serve educational platform with content available in both the Czech Republic and Slovakia. Through its interactive online course covering various topics on security, privacy, online communication and digital wellbeing, BSO has educated over 30,000 children in the Czech Republic, earning an NPS score of 79%; 4,000 children in Slovakia have so far taken the online course. 30,000 children educated in the Czech Republic, earning an NPS of 79% The BSO social media channels have over 40,000 followers. We work with local influencers to shape our messaging and reach broader audiences, capitalising on their influence, the knowledge of Avast’s cybersecurity experts, and original research into how children act online to deliver relevant and timely content that is engaging for children and trusted by parents and educators. In 2020, BSO was awarded with a Silver Effie and recognised by WebTop100 for its educational campaigns. Additionally, thanks to the community of children who proactively report various threats via the BSO Instagram account, Avast experts recognized serious threats, including fake apps on TikTok and a WhatsApp scam. These stories and others gained international media attention. the annual Together with Employees programme. In 2020, the campaign resulted in support for 157 projects, 119 of which were in the Czech Republic and 38 of which were international, with a total of $461,500 being donated. Over the eight years of Together with Employees, Avastians have been able to support over 650 projects in domains ranging from education and culture, to environmental clean-up, healthcare and disease prevention, with a total of almost CZK 35 million in funding. Social responsibility and sustainability continued Strategic report Governance Financial statements Avast plc annual report 2020 81 As we reestablish the mission of the Avast Foundation, we will continue to support Abakus and its beneficiaries through a new arrangement. From 2021 until 2024, Avast will both fund the re-launched Avast Foundation and be the sole corporate partner to Abakus, providing a decreasing amount of funds each year to ensure programme continuity and ongoing benefit to communities and partners. From 2025, the full annual commitment will be donated to the Avast Foundation. 650+ employee-nominated projects in domains ranging from education and culture, to environmental clean up, healthcare and disease prevention COVID-19 prevention and cure research As the widespread and potentially devastating effects of the COVID-19 pandemic became clear, Avast management decided to put $25 million toward the fight against COVID-19, because we know that timely investment can drive necessary innovation and accelerate social impact. We therefore sought organisations taking a rigorous, scientific, and systematic approach to testing, treatment, and vaccine development, ultimately choosing to join the Wellcome-coordinated COVID-Zero Coalition, as it aligned with our vision. $20 million was donated to two projects to accelerate vaccine and treatment research and development. The COVID-19 Therapeutics Accelerator, coordinated by the Bill & Melinda Gates Foundation, Wellcome, and Mastercard, received $12 million USD to support research into the prevention and cure of the virus through rapid testing and the development of new treatments, including vaccines. Another $8 million went to the Coalition for Epidemic Preparedness Innovations (CEPI), where our donation went directly into vaccine research and development, including both pretrial research and manufacturing of nine vaccines in the testing stage. This large donation enabled CEPI to make key investments as part of their strategy to eliminate preventable deaths by pursuing testing, treatment, and prevention through the timely development of vaccines. The remaining $5 million went to a variety of additional initiatives, such as local efforts to fight COVID-19 impacts, an employee donation matching programme, and an extensive collaboration with Folding@ home, one of the world’s largest computer networks dedicated to finding cures for various diseases. Dozens of Avastians across the globe volunteered time and expertise to efforts to combat the spread of the virus and search for a cure, as well as to support members of their communities, frontline health workers, and local businesses. Activities ranged from sewing masks to creating prototypes for safe social distancing in restaurants to 3D printing face shields, developing open-source ventilators, apps to track social contact, providing food to healthcare workers, and more. © 2019 Friend Studio Ltd File name: PeopleX_XCSR_v89 Modification Date: 2 March 2021 8:46 pm Partnerships Avast is proud to work with partners whose missions align with our own. In 2020, we deepened our commitments to organisations fighting for digital freedom, privacy, and online safety. For over a decade, Avast has partnered with the Shadowserver Foundation by sharing threat intelligence, and in 2020, we made a $500,000 donation to further support their important work revealing security vulnerabilities, combating malicious activities, and helping victims of cybercrime. Avast shares a common goal with Tor, empowering people with strong privacy, protection, and freedom online. We became a founding member of the Tor Project Membership Program to demonstrate our commitment to privacy as well as to support Tor’s ongoing development. The Internet Watch Foundation (IWF) finds and removes images and videos of child sexual abuse from the internet. Avast became a member of the IWF and will work with the organisation to filter out webpages identified as hosting child abuse imagery, helping to crack down on the creation and sharing of such content, as well as protecting unsuspecting browsers from exposure to disturbing and illegal content. Avast joined Intel and Borsetta in launching the Private AI Collaborative Research Institute. The sole purpose of the collaboration will be to advance and develop technologies that strengthen privacy and trust for decentralised AI. The institute will encourage and support fundamental Folding@home collaboration Avast’s collaboration with Folding@ home (F@h) exemplifies the innovation, collaboration and giving back that we champion at Avast. F@h’s distributed computing platform harnesses the power of millions of individual machines to conduct innovative research to drive cures for myriad diseases. Several of our employees decided early on in the pandemic to donate their personal devices’ computing power to the network. Quickly, however, an idea took root: Avast has the technology and the expertise to greatly magnify F@h’s capacity, and we have a user network of millions of people who might also be lend their devices to efforts to elucidate the structure and mechanisms of the COVID-19 virus and contribute to a cure. Ultimately, in addition to a donation of $200,000 USD, two Avast servers were deployed to provide additional resources for F@h’s distributed computing coordination, while we also promoted the initiative via in-product messaging directly to our users, encouraging them to join the fight against COVID-19 with the F@h platform. research which will result in solving such real-world challenges for society, and will be dedicated to taking an ethical approach to AI development. Social responsibility and sustainability continuedSocial responsibility and sustainability continued Strategic report Governance Financial statements Avast plc annual report 2020 82 Section 172 statement Stakeholder engagement Avast operates in a fast-moving, complex industry, which involves engagement with a rich network of stakeholders based all around the world. The Board understands that its relationships with these stakeholders are dynamic, and that its stakeholders’ interests may change over time. For this reason, the Board actively engages with its stakeholders to keep informed of their interests and expectations. The Board is considerate of its stakeholders’ interests when making decisions, including any potential long-term impact of those decisions. The Board’s vision to create long-term value for its stakeholders is underpinned by Avast’s strategy, described on page 20, which it believes will drive growth and profitability as we adapt to emerging trends. In this section, we describe how the Board engages with its key stakeholders, and some of the ways it has considered their interests when making its decisions. Customers Avast is a customer-centric business, which operates on the principle that the Customer Comes First. Customer loyalty is important to the business, and therefore the Board always considers the potential long-term impact its decisions may have on customers. Primary interests: Customers want: To be secure in their digital lives, whatever they are doing online. To know their data is being kept private. To see transparency around how their data is collected and used. How we engage The Board receives regular reports from management based on market trends and customer feedback. The Board encourages the business to maintain multiple channels and methods of communication with customers to promote a meaningful and honest dialogue, including customer surveys, customer telephone support, social media, and company-run forums. The Board also tracks customer satisfaction through various metrics, including Avast’s relationship NPS and the average number of Avast products per customer. To incentivise meaningful engagement with customers, a portion of the Executive Directors’ annual bonus is based on overall customer satisfaction. The Board is responsible for approving material business transactions and key strategic changes, as part of which customers’ interests are at the fore. The Board is mindful of the fact that counterparties to commercial and corporate transactions may pursue strategies and outcomes which may conflict with interests of the customers. The Board considers if, and how, these divergent interests can be reconciled. Impact on Board decisions The Board is attuned to the growing concern among customers for their privacy, both in terms of keeping their data safe online and the ways in which companies they trust with their data use it. The Board oversaw the appointment of Avast’s first Chief Privacy Officer during the year, in an effort to further embed a privacy-by-design culture within Avast and to promote a resilient and transparent data protection strategy across the business, its policies, products, and service. In January 2020, the Board decided to close Avast’s data analytics business, Jumpshot. The Board listened to the concerns of its customers regarding Jumpshot, and, in particular, the perceived conflict between Avast’s role as a leader in the cybersecurity industry and the data collection business. © 2019 Friend Studio Ltd File name: SectionX172_v49 Modification Date: 2 March 2021 3:13 pm Section 172 statement Strategic report Governance Financial statements Avast plc annual report 2020 83 Impact on Board decisions Following consultation with Avastians: The Board approved the implementation of a new Future of Work Initiative, as part of which employees were given more flexibility to perform their jobs in the way that best suited them. Employees are now offered Unlimited Personal Time Off, and the ability to Work from Anywhere. This initiative is described in further detail on pages 35 and 68. The Board agreed to grant new and existing Avastians a one-time RSU grant, making them investors in Avast, and further aligning their interests with those of the Group’s shareholders. More details in relation to this RSU grant are set out on pages 35 and 69. Shareholders Avastians The Board’s primary objective in exercising its duties is to promote the success of the Group for the benefit of its shareholders. The Board seeks to treat all shareholders fairly, and this involves ensuring that decisions are made for the collective good rather than in the interest of a small number of large shareholders. Primary interests Shareholders want: Strong financial performance. Effective execution of the Group’s organic and inorganic growth strategy. Implementation of meaningful environment, social and governance policies. Efficient and appropriate allocation of the Group’s capital. How we engage As described in more detail on page 91, the Board spends a considerable amount of time engaging with shareholders to understand their interests, and any concerns they may have. As part of this effort, members of the Board attend meetings with shareholders, and solicit feedback from major shareholders in advance of making decisions that will materially impact the Group. Frequent updates are also provided to investors about the business through press releases, regulatory announcements, and periodic financial announcements. Impact on Board decisions Given the COVID-19-related restrictions in place in the UK in May, the Board was forced to reconsider the plans it had in place for its 2020 AGM at short notice. In line with government advice, the Board took the decision to hold its AGM in private, with shareholders represented by two proxies attending the meeting on their behalf. Shareholders were given the opportunity to attend the meeting by webinar, and to ask questions of the Board in advance. In February, the Chair and Senior Independent Director hosted an event for institutional investment firms and proxy agencies to discuss Avast’s approach to ESG matters, as well to respond to any questions the attendees had. The Board has overseen the strengthening of Avast’s ESG policies throughout the year, including through developing its understanding of shareholder expectations with respect to ESG reporting, and enhancing the Company’s ESG risk and opportunity evaluation processes for 2021. More details on the Company’s ESG programme can be found on page 76. In advance of the Company’s 2020 AGM, the Board notified significant shareholders and proxy agencies of its preference for John Schwarz to remain as Chair of the Board beyond 2020 for a limited period of time, notwithstanding the fact he would have sat on the Board for more than nine years. Significant shareholders and proxy agencies were given the opportunity to speak with the Board’s Senior Independent Director regarding their views on this matter. Following this engagement, the Board was comfortable with Mr Schwarz continuing to act as Chair for a limited period until his successor was found. More details in relation to this are set out on page 105. Avast’s employees, ’Avastians’, are its biggest asset. Maintaining a happy and engaged workforce is key to the Board’s strategy to attract and retain top talent in the technology industry. The Board appreciates that any decisions it makes may impact on Avastians’ performance, engagement, and work satisfaction. Primary interests Avastians want: A culture of autonomy and responsibility. To work for a leader in the industry, with opportunities for personal growth and career development. Competitive benefits and remuneration. How we engage Avastians are passionate about protecting customers’ digital lives, and truly value playing a part in the decisions made affecting the Group. The Board consults with Avastians through a variety of direct and indirect channels described in more detail on page 67, including through its dedicated Employee Engagement Director, Pavel Baudis. The Board has made monitoring and developing corporate culture a key initiative, and, as described in further detail below, oversaw a significant transformation of the way Avastians carry out their work during the year. © 2019 Friend Studio Ltd File name: SectionX172_v49 Modification Date: 2 March 2021 3:13 pm Section 172 statement continued Strategic report Governance Financial statements Avast plc annual report 2020 84 Section 172 statement continued Suppliers Communities The performance of Avast’s suppliers is integral to Avast’s success. From providers of software to hardware, from landlords to data centres, Avast’s supply chain plays a critical role in its mission to protect the digital lives of its customers. Avast aims to build mutually beneficial, long-term relationships with its material suppliers. Primary interests Suppliers want: The Group to meet its payment obligations on time. To build a long-term, mutually beneficial relationship. To interact with professional and respectful counterparts at Avast. How we engage The Executive Directors, together with members of the Executive Management team, engage collaboratively with material suppliers to discuss matters of mutual interest, including any risks which may need to be addressed. The Board is given updates from management, as appropriate, regarding the Group’s relationships with its material suppliers, including with respect to any material risks, performance issues or potential future changes. As part of the Group’s standard engagement process, suppliers are required to accept the Group’s Supplier Guidelines, which act as an acknowledgement that they meet certain minimum ethical and legal standards approved by the Board, including in relation to modern slavery, anti-bribery and anti-money laundering. More details in relation to these policies can be found on page 79. Impact on Board decisions The Board approved and oversaw the implementation of a new comprehensive strategy to identify the risk of modern slavery and forced servitude in the Group’s supply chain. This included an assessment of the Group’s suppliers to understand their individual risk profiles with respect to modern slavery, and to address issues identified, particularly those in a high-risk jurisdiction or industry. As part of this, the Board approved an update of the terms to the Supplier Guidelines which all suppliers are required to sign. In determining the Group’s readiness for Brexit, the Board, through the Executive management team, engaged with the Group’s payment processors to understand any additional cost or administrative burdens that they may experience following the end of the UK’s transition period, and any actions that needed to be taken to ensure continuity of service to customers. It is important to the Board, and all Avastians, that the Group gives back to the communities it operates in. The Board takes into consideration the impact that its decisions will have on the wider community, including through the example Avast sets as a global leader in the cybersecurity industry. Primary interests Communities care about: The Group’s tax strategy. The Group’s carbon footprint. The Group’s efforts to promote worthy causes within the community. How we engage During the year, the Board engaged with communities through the Avast Foundation and its employees. The Avast Foundation operates as Avast’s ’boots on the ground’, and allows the Group to most effectively deal with worthwhile causes in the community. Avast’s employees are encouraged to nominate matters which matter to them, which the Group donates to through the Foundation. In addition, the Board monitors initiatives addressing global issues impacting the world to understand how Avast can help through its position as a cybersecurity leader. The Board seeks to transparently disclose the Group’s carbon emissions, and the ways it achieves status as a carbon neutral business. More concerning Avast’s carbon emissions can be found on page 77. Impact on Board decisions The Board approved the funding of CZK90.0 million ($4.0 million) to the Avast Foundation for the year ended 31 December 2020. The Board oversaw the implementation of a transparent and fair tax policy that avoids using contrived tax structures that are intended for tax avoidance, lack commercial substance, and do not meet the spirit of local or international law. The Board committed to 1% of employees’ time being devoted to volunteering and 1% of Avast products being distributed to worthy causes. More details relating to Avast’s corporate social responsibilities are set out on page 75. Below are examples of how the Board took into consideration its stakeholders’ interests when making its principal decisions. © 2019 Friend Studio Ltd File name: SectionX172_v49 Modification Date: 2 March 2021 3:13 pm Section 172 statement continued Strategic report Governance Financial statements Avast plc annual report 2020 85 COVID-19 response Capital allocation Community: The Board was determined that Avast should play its part in helping with the global response to the pandemic. Avast participated in numerous initiatives in an effort to help (more details of which are set out on page 5), and, significantly, donated $25 million to science and technology initiatives to help combat COVID-19, offering critical financial and practical support to the global scientific and technology community focussed on the development of testing, treatments and vaccines to minimise disruption and save lives. The Board engaged with certain of its major shareholders to ensure that they were supportive of the donation. The Board seeks to allocate the Group’s capital in a way that offers significant returns to shareholders in line with the Company’s dividend policy, while also ensuring that the Group retains flexibility to continue to deploy capital towards profitable growth. During the year, the Group allocated $15.1 million to capex investments, $261.9 million to debt repayment, and $154.7 million to shareholders through dividends. Shareholders: Members of the Board and Investor Relations met with the Group’s significant shareholders to understand their interests in, and expectations of, Avast, with respect to growth, profitability, and dividends and to ensure alignment with respect to the Group’s capital allocation decisions. Customers: In making its capital allocation decisions, the Board also seeks to understand customers’ interests and evolving needs, which enables it to make informed decisions about the appropriate balance between organic and inorganic growth plans. The COVID-19 pandemic presented a momentous challenge for Avast and its stakeholders during the year and required a fundamental shift in the way Avast’s employees and customers operated on a day-to-day basis. Employees: The Board supported management’s swift decision to close its offices in March, with the primary purpose of keeping its workforce and their families safe. The Board oversaw employees’ transition to working from home which involved providing employees with suitable home office equipment, health and safety assessments, and appropriate support. Employees were periodically asked to participate in surveys about how they were coping with the changes and how the Group could further support them from both a professional and personal perspective. The Board was apprised of the results of the surveys, and through this process understood the desire of many employees to have greater flexibility with respect to their work life, including once the pandemic ends. The Board oversaw the formal engagement with employees regarding their views on the Future of Work initiative, which resulted in numerous changes being made to work life at Avast. More details in relation to the Future of Work Initiative can be found on page 68. Suppliers: When considering the temporary closure of the Group’s offices during the year in response to the COVID-19 pandemic, the Board was aware that third-party catering staff serving the canteen in its Prague headquarters would be adversely impacted by the decision. It was decided to continue to engage the services of the supplier during the first wave of the pandemic, and to distribute the meals they made to frontline workers in the Czech Republic. © 2019 Friend Studio Ltd File name: SectionX172_v49 Modification Date: 2 March 2021 3:13 pm Section 172 statement continued Strategic report Governance Financial statements Avast plc annual report 2020 86 Non-financial information statement This section of the strategic report constitutes the Company’s non-financial information statement. Reporting Requirements Policies & Statements which govern our approach Details of Policies, Statements, Due Diligence & Outcomes Environmental matters Environment, Social & Governance (ESG) programme Employees Avast Culture Book Diversity Policy Whole Life Flexibility Avast Code of Conduct 5A Principle Environmental Disclosures, page 77 Environment, Social & Governance, page 76 Mobilising our People, page 66 Whole Life Flexibility, page 68 Learning and Development, page 69 Diversity and Inclusion, page 70 The 5A Principle, page 35 Social matters Social Responsibility and Sustainability Ethical Business, page 79 Respect for human rights Whistleblowing Policy Transparency & Anti-Corruption, page 79 Anti-corruption & bribery Avast Grievance Procedure Avast Recruitment Policy Modern Slavery Policy Suppliers’ Guidelines Sanctions, Anti-Money Laundering and Counter Terrorist Financing Policy Anti-Corruption Policy Related Party Transactions Policy Conflict of Interest Policy Transparency & Anti-Corruption, page 79 Business model How our business is presented Business model, page 25 Non-financial KPIs Avast measures four non-financial areas of its business: 1. Employee engagement: We track employee engagement year over year using Avast’s Your Voice survey. This providing insights into areas for improvement that will help to raise employees’ sense of connection and commitment to the organisation. 2. Brand awareness: We conduct annual brand awareness surveys using quantitative interviews with a panel of respondents in key regions, including the United States and the United Kingdom, measuring prompted and unpromoted awareness. 3. Customer satisfaction: We measure customer satisfaction via net promoter score measures for Avast antivirus, AVG antivirus, Avast Business and customer service. 4. Customer churn: We calculate this by measuring the number of customers at the last year end and measuring how many from those customers are customers by the current year end. Strategic report approval The Strategic report on pages 1 to 86 was approved by the Board on 2 March 2021 and signed on its behalf by: Ondrej Vlcek Chief Executive Officer © 2019 Friend Studio Ltd File name: SectionX172_v49 Modification Date: 2 March 2021 3:13 pm Non-financial information statement Strategic report Governance Financial statements Avast plc annual report 2020 87 Governance Board of Directors Corporate governance statement Audit and Risk Committee report Nomination Committee report Directors’ remuneration report Directors’ report 88 90 97 103 107 129 © 2019 Friend Studio Ltd File name: SectionX172_v49 Modification Date: 2 March 2021 3:13 pm Strategic report Governance Financial statements Avast plc annual report 2020 88 1 3 5 7 9 11 2 4 6 8 10 AC Audit Committee NC Nomination Committee RC Remuneration Committee Committee Chair 1 John Schwarz Chair of the Board NC RC 3 Philip Marshall Chief Financial Officer Philip Marshall has served as the Chief Financial Officer and Director of Avast since February 2018. Prior to Avast, Mr Marshall served as CFO for Exova Group PLC before helping take the company back into private hands. Prior to this, Mr Marshall served as CFO for Wood Mackenzie under private equity ownership, and for General Electric (GE) for 17 years across multiple business units in both a CEO and CFO capacity. He has also served on the boards of several companies, and currently holds a supervisory board membership of Waberer’s International. Mr Marshall holds a BA in Accounting Studies from the University of West London. 4 Warren Finegold Senior Independent Non-Executive Director NC RC Warren Finegold joined the Board of Directors in February 2015. He was a member of the Vodafone Group Executive Committee where he served as Group Strategy and Business Development Director. Previously, he was a Managing Director of UBS Investment Bank, where he also formerly held several senior positions, most recently as Head of the Technology Team in Europe. Mr Finegold has also served as an independent non-executive Director of UBM plc and Inmarsat PLC and is currently Chairman of Ceres Power Holdings plc. He holds an MA in Philosophy, Politics and Economics from Oxford University and a Master’s degree in Business Administration from the London Business School. John Schwarz has been a member of our Board of Directors since 2011 and the Chair since 2014. He is currently the co-founder and Chair, of Visier Inc., a business analytics software firm. Previously, he served on the executive board of SAP AG from 2008 to 2010, and as Chief Executive Officer of Business Objects S.A. from 2005 through to its acquisition by SAP in 2008. Mr Schwarz has also served as the President and Chief Operating Officer of Symantec Corporation from 2001 to 2005. Mr Schwarz previously worked for 25 years at IBM Corporation, ultimately as the General Manager of IBM’s Industry Solutions division. Mr Schwarz has served on the boards of Synopsys Corporation since 2007, and at Teradata Corporation since 2010. Mr Schwarz holds degrees from the Canadian universities of Manitoba, Toronto, and Dalhousie. 2 Ondrej Vlcek Chief Executive Officer Ondrej Vlcek was appointed CEO of Avast in July 2019. Together with his senior management team, he executes on Avast’s vision to deliver people-centric security and spearheads the Company’s product innovation programme for emerging consumer technology categories, including the Internet of Things and 5G security. Previously, Mr Vlcek was President of Avast Consumer, the largest business within the Company, in which role he led Avast’s transformation from a traditional PC antivirus vendor to the leading provider of a full portfolio of protection, privacy, and performance products for consumers. Mr Vlcek was also a key member of the executive team that took the Company public on the London Stock Exchange in May 2018. Formerly, he held the combined position of Executive Vice-President & General Manager, Consumer, and Chief Technology Officer. Mr Vlcek holds an MS in Mathematics from the Czech Technical University in Prague. © 2019 Friend Studio Ltd File name: BoardXXofXDirectors_v39 Modification Date: 2 March 2021 3:18 pm Board of Directors Strategic report Governance Financial statements Avast plc annual report 2020 89 5 Pavel Baudis Non-Executive Director 7 Ulf Claesson Independent Non-Executive Director AC RC 10 Tamara Minick-Scokalo Independent Non-Executive Director AC RC Pavel Baudis is one of our co-founders and served as one of our Directors from the incorporation of AVAST Software a.s. in 2006 until 2014. In 1988, Mr Baudis wrote the original software program from which our current portfolio of security solutions has developed. Since 1991, Mr Baudis has played a leading role in the development of our business with our predecessor entity, ALWIL Software partnership. Prior to co-founding Avast, Mr Baudis was a graphics specialist at the Czech Computer Research Institute (VUMS). Mr Baudis holds an MS in Information Technology from the Prague School of Chemical Engineering. 6 Maggie Chan Jones Independent Non-Executive Director NC RC Maggie Chan Jones joined the Board of Directors in March 2019. She is a widely recognised industry thought leader in marketing and technology. Named one of the world’s most influential CMOs by Forbes, Ms. Chan Jones broke new ground as the first woman to be appointed Chief Marketing Officer at the world’s largest enterprise application software provider, SAP. She specialised in brand and cloud transformation at Level 3 Communications (now CenturyLink) and Microsoft. Ms Chan Jones founded and currently is CEO of Tenshey, a leadership development startup with a mission to advance gender diversity through executive coaching. Ms Chan Jones sits on the Board of Open Systems. She holds an executive MBA from Cornell University and a BS in Business Management from Binghamton University. Ulf Claesson joined the Board of Directors in October 2012. Since 2009, Mr Claesson has been a Partner at BLR & Partners AG, a private equity and advisory firm. From 2002 to 2006, he was co-founder and Chairman of Silverwire Group; on its acquisition by Hewlett-Packard Company, he built and ran one of HP’s product divisions. A serial tech entrepreneur, several of his startups have been acquired by HP, ESRI, and Husqvarna. Mr Claesson is a board member of the Swiss Federal Commission for Technology and Innovation, and teaches Technology Entrepreneurship at ETH, the Swiss Federal Institute of Technology. He holds an MSc from Chalmers University of Technology. 8 Erwin Gunst Independent Non-Executive Director AC NC Erwin Gunst joined the Board of Directors in October 2012. From 2008 to 2010, Mr Gunst served as COO and a member of the Executive Board of SAP AG, where he was responsible for global operations, information technology, human resources, and the management of all SAP Labs worldwide. Mr Gunst started his career in audit, finance, and controlling. He was SAP’s Managing Director in various countries and was its Regional President for EMEA before joining the SAP Board. Mr Gunst holds an MS degree in Commercial Engineering from the Free University (Solvay) in Brussels, Belgium. 9 Eduard Kucera Non-Executive Director Eduard Kucera, one of our co-founders, served as Chair of the Avast Board from the incorporation of AVAST Software a.s. in 2006 until 2014. Prior to that, Dr. Kucera was responsible for the activities of the predecessor entity, ALWIL Software partnership. He also served as our CEO, directing day-to-day operations that included the transition to a free software distribution model in 2002. Dr. Kucera holds a Doctorate of Natural Sciences in experimental physics from the Charles University, Prague. Tamara Minick-Scokalo joined the Board of Directors in March 2019 and is an experienced Non-Executive Director Board member. Most recently, she was President, Growth Markets and a member of the Executive Committee at Pearson plc in London. She also co-founded high-tech unicorn Trax Retail and was CEO, then Chairman, of this category-leading, image recognition tool for shelf management. Previously, she served as President Chocolate Europe, leading change management following the integration of the Kraft/Cadbury business. Her deep experience in consumer brands includes Elizabeth Arden, Proctor & Gamble, E & J Gallo Winery Europe, and Coca-Cola. Ms Minick-Scokalo holds a BS in Chemical Engineering from Lehigh University in Bethlehem, Pennsylvania. 11 Belinda Richards Independent Non-Executive Director AC Belinda Richards joined the Board of Directors in June 2018. Ms Richards’ background includes a 30-year career in finance, strategy, and M&A. Most recently, Ms Richards served as a Senior Corporate Finance Partner at Deloitte LLP where she held the position of Global Head of Deloitte’s Merger Integration and Separation Advisory Services business and was a Vice Chairman of the firm. Currently, Ms. Richards sits on the Boards of Phoenix Group Holdings Plc, The Monks Investment Trust Plc, and Schroder Japan Growth Fund Plc. She is a former member of FRC’s Advisory Group of Audit Committee Chairmen and is the Audit Chair of Youth Sport Trust. She has a first class honours degree from the University of Kent at Canterbury and a PhD from University College, London. © 2019 Friend Studio Ltd File name: BoardXXofXDirectors_v39 Modification Date: 2 March 2021 3:18 pm Board of Directors continuedBoard of Directors Strategic report Governance Financial statements Avast plc annual report 2020 90 Corporate governance statement As a company which serves hundreds of millions of people around the globe, we view governance and social responsibility as key pillars in developing a successful and sustainable business. John Schwarz Chair UK Corporate Governance Code compliance The Company is subject to the UK Corporate Governance Code 2018 (the Code) which is available at www.frc.org.uk. The Board is aware of the Code’s emphasis on businesses engaging effectively with their workforce, building strong stakeholder relationships, and establishing a culture that is aligned with the Company’s purpose, values, and strategy. We outline how we have applied these principles and complied with the provisions of the Code below and throughout this report. The Code requires that the chair should not remain in post beyond nine years from the date of their first appointment to the board (Provision 19). As of December 2020, the Company’s Chair, Mr Schwarz, has served on the Board for more than nine years, having been a member of the Board since 2011 and Chair since 2014. The Board considers Mr Schwarz’s continuation as Chair desirable for a limited period of time, to provide stability and continuity following Board and executive changes, including the upcoming retirement of Ulf Claesson and Erwin Gunst as Non-Executive Directors. Significant shareholders and proxy agencies were given the opportunity to speak with the Board’s Senior Independent Director regarding their views on the matter. The Company will soon commence with the succession plan for the Chair. The Code also requires companies to develop a formal policy for post-employment shareholding requirements encompassing both unvested and vested shares (Provision 36). The Company does not currently have in place post-employment guidelines for the reasons set out on page 115 of this report. The Company intends to incorporate such guidelines into its new Remuneration Policy to be approved by shareholders in 2022. With these exceptions, the Company complied with all of the provisions of the Code for the period under review. 1 Board leadership and Company purpose An effective Board The Board has collective responsibility to its shareholders and oversees the operational management of the Group. In addition, it is responsible for the long-term sustainable success of the Company, generating value for shareholders, and contributing to wider society. The key activities undertaken by the Board during 2020 included: Identified and reviewed Avast’s principal risks Oversaw the closure of Jumpshot Reviewed and monitored the Company’s response to COVID-19, including the impact on employees, changes to work practices, and culture Oversaw the Avast Foundation’s donation to science and technology initiatives Oversaw and supported Avast’s succession planning for the Executive Management team Reviewed and approved the Company’s financial reports, including the payment of interim and final dividends Undertook an evaluation of the performance and effectiveness of the Board, its Committees, and its Directors Reviewed and monitored the Group’s long-term business strategy and objectives The CFO’s review on pages 42 to 57 sets out how we have generated value for our shareholders. The importance to the Board of contributing to the wider society is outlined on pages 75 to 81. Values, strategy, and alignment with culture The Board sets the Company’s purpose, values, and strategy and ensures that these are aligned with the Company’s culture. The interaction of these are embedded in the Company’s vision as detailed further on pages 22 and 66. © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Strategic report Governance Financial statements Avast plc annual report 2020 91 Company performance and risk management The Board also ensures that the necessary financial and human resources are in place for the Company to meet its objectives, and measures performance against them. This was shown by the steps taken by the Board to ensure business continuity in light of the COVID-19 pandemic as detailed further from page 65. As part of the Group’s controls environment, there is a clear schedule of matters reserved for the Board, which include: The Group’s strategy and organisation development The Group’s corporate structure and capitalisation Approval of financial reports Risk management Approval of expenditure and material transactions including M&A Board composition and succession Determining the Remuneration Policy for Executive Directors Oversight of governance, including approval of the Group’s applicable corporate policies Approval of equity awards to employees and the Executive Management team The Board sets the risk appetite and evaluates principal risks for the Company. Since the IPO, the Board has continued to revise its principal and emerging risks to reflect the changes affecting the business and the markets in which it operates. This has resulted in a reassessment of the principal and emerging risks as detailed on page 58. The Board, through its Audit Committee, monitors the Company’s risk management and internal control systems. During the year, the Company appointed Deloitte LLP to complete an internal control benchmarking exercise in order to support the Company’s management to assess the maturity of existing governance, risk management, internal controls, and monitoring practices. See pages 99 to 100 for further information about the Company’s internal audit and internal controls processes. The Company has procedures in place to review and manage any potential or actual conflicts of interests arising from Directors’ current or proposed external roles. Internal controls are in place which require Directors to report any potential or actual conflict of interest to the Company for review. A register of actual and potential conflicts of interest is maintained by the General Counsel and Company Secretary and reviewed periodically. If a Director becomes aware that they, or any of their associated parties, have an interest in an existing or proposed transaction with the Company, they are required to notify the Board immediately. Note 36 to the financial statements describes the related party transactions between certain Directors and the Group which have been considered and, as appropriate, approved by the Board or, if the transaction was entered into prior to the IPO, the Board of Avast Holding BV. The Board considers these procedures to be working effectively. Stakeholder engagement and participation In order for the Company to meet its responsibilities to shareholders and stakeholders, the Board is required to ensure effective engagement with, and encourage participation from, these parties. The Board maintains a dialogue with shareholders to help enable a mutual understanding. The Board’s primary contact with shareholders is through the Executive Directors, but the Chair and the Non-Executive Directors also engage with and are available to major shareholders periodically and in advance of the Annual General Meeting to understand their views on the Group. The Director of Investor Relations attends Board meetings when appropriate and feedback is shared with the Board to help inform the Group’s strategy and governance framework. The Group has a comprehensive investor relations (IR) programme through which the CEO, CFO, and Director of Investor Relations engage regularly with the Company’s shareholders and potential investors to discuss strategic and other issues. This includes presentations on the Group’s results and participation at various conferences hosted by corporate brokers to ensure that a wide variety of shareholders, including those from different geographies, have access to management. While it has not been possible to hold physical conferences this year due to COVID-19 restrictions, the Company has made a strong effort to ensure that these continue in a virtual environment. The Chair and Senior Independent Director hosted an event in February 2020 for ESG professionals and fund managers from institutional investment firms and proxy agencies. The purpose of the event was to more deeply engage with stakeholders on ESG matters, provide details on the Company’s position and ESG processes, and hold a Q&A session. For further information relating to the Company's ESG programme, see page 76. Current and historical financial information, including trading statements, news releases, financial results presentations, and a wealth of other information regarding Avast can be found on the Investors section of the website at https:// investors.avast.com. The Group makes use of webcast technology for results presentations and Avast offers all of its shareholders the opportunity to register to receive shareholder communications, such as the annual report, notice of meeting, and related forms of proxy, electronically. © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Corporate governance statement continued Strategic report Governance Financial statements Avast plc annual report 2020 92 Workforce policies and practices Policies in relation to the workforce are approved by the Board. As part of its review, it ensures that such policies and practices are consistent with the Company’s values and support the Company’s long-term sustainable success. There are various initiatives designed to engender workforce engagement. Mr Baudis, the designated Non-Executive Director for workforce engagement, engages with employees globally to address their concerns. The Change Engagement Group enables two-way communication between the workforce and the Board, providing an additional channel for matters to be escalated to the Board. In addition, Mr Baudis and Ms Chan Jones sit as members on the Diversity & Inclusion (D&I) Committee, which aims to create a culture that attracts, grows, and empowers diverse talent. Further information about the Change Engagement Group, D&I Committee, workforce engagement, policies, and practices can be found on pages 64 to 74. 2 Division of responsibilities The role of the Chair The Chair, supported by the General Counsel and Company Secretary and the Senior Independent Director, leads the Board’s functions and ensures its effectiveness. The Chair was independent when he became a Director of Avast Holding BV in 2011 and also of Avast plc in 2018. Notwithstanding the fact that, as of December 2020, more than nine years has elapsed since the Chair was appointed to the Board, the Chair was deemed to be independent this year on the basis that no other circumstances existed which would call into question his independence and that his judgement, experience, and challenging approach ensured that he made a significant contribution to the work of the Board and its Committees and that his independence was maintained. The roles of the Chair and the CEO are separate and the division of responsibility between these roles has been agreed by the Chair, the CEO, and the Board. The Chair is responsible for the overall effectiveness of the Board and ensuring that it meets its duties. The CEO is responsible for the Group’s day-to-day operations, the management of the Executive Management team, and for establishing the strategic leadership of the Group. Role of the Senior Independent Director The Senior Independent Director has responsibilities to shareholders, the Chair, and the other Directors. The Senior Independent Director is to be available to shareholders if they have concerns which contact through the normal channels of the Chair, CEO, or Executive Directors has failed to resolve. The Senior Independent Director, together with the Chair, has a responsibility to ensure effective communication by the Group with its shareholders, which includes the discussion of governance, remuneration and strategy with major shareholders. In addition, the Senior Independent Director chairs the Nomination Committee, provides a sounding board for the Chair, meets other Non-Executive Directors at least once a year to appraise the Chair’s performance, and provides feedback to the Board on the views of the Independent Non-Executive Directors on certain matters. Role of Non-Executive Directors The Non-Executive Directors are responsible for scrutinising management’s performance. They constructively challenge and assist in the development of strategy, as well as ensure that the Group’s financial reporting and its systems of risk management are robust, and that the Group is meeting its strategic objectives. The Chair meets with the Non- Executive Directors before or after certain Board meetings where appropriate without the Executive Directors present. The Chair and CEO meet regularly to discuss operational, reputational, and organisational issues. Composition of the Board In respect of the period between 1 January 2020 and the date of this report, the following persons were Directors of the Company: Name Title Appointment Date John Schwarz Independent Chair Ondrej VIcek Chief Executive Officer Philip Marshall Chief Financial Officer Warren Finegold Senior Independent Non-Executive Director 9 May 2018 9 May 2018 9 May 2018 9 May 2018 Pavel Baudis Non-Executive Director 9 May 2018 Maggie Chan Jones Ulf Claesson Erwin Gunst Independent Non-Executive Director Independent Non-Executive Director Independent Non-Executive Director 13 March 2019 9 May 2018 9 May 2018 Eduard Kucera Non-Executive Director 9 May 2018 Tamara Minick- Scokalo Independent Non-Executive Director 13 March 2019 Belinda Richards Lorne Somerville Independent Non-Executive Director Independent Non-Executive Director* 8 June 2018 9 May 2018 * Mr Somerville retired as Independent Non-Executive Director on 21 May 2020. Biographies of the Directors can be found on pages 88 to 89. Members of the Executive Management team regularly attend Avast plc Board meetings and support the Board’s engagement on the Group’s strategy, financial results, and business reviews. © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Corporate governance statement continued Strategic report Governance Financial statements Avast plc annual report 2020 93 Board process and the role of the Company Secretary The Board directs and oversees the implementation of the Group’s strategy and objectives by way of a robust corporate governance framework. The Board discharges some of its responsibilities directly whereas some responsibilities are delegated to its Committees as described further below. Committees Audit and Risk Nomination Remuneration Belinda Richards (Chair), Tamara Minick-Scokalo, Erwin Gunst, and Ulf Claesson Warren Finegold (Chair), John Schwarz, Erwin Gunst, and Maggie Chan Jones Ulf Claesson (Chair), John Schwarz, Maggie Chan Jones, Warren Finegold, and Tamara Minick-Scokalo The Audit and Risk Committee assists the Board with the discharge of its responsibilities in relation to the Group’s financial reporting, controls, and risk management systems. The Committee reviews the Group’s annual and half-year financial statements, accounting policies, and significant reporting judgements; oversees the Group’s risk management framework, and evaluates the Group’s key business risks on an annual basis; develops and implements the Group’s policy on non-audit services and reviews the effectiveness of the Group’s internal controls, including cybersecurity controls and readiness, whistleblowing processes, and fraud systems. The terms of reference setting out the roles and responsibilities of the Audit and Risk Committee can be found at https://investors.avast.com/media/1399/audit-and- risk-committee-terms-of-reference.pdf The Nomination Committee assists the Board in reviewing the structure, size, performance, and composition (including the skills, knowledge, experience and diversity) of the Board. It is also responsible for reviewing succession plans for the Directors, including the Chair and CEO, and other senior executives, as well as reviewing the results of the Board performance evaluation process. The terms of reference setting out the roles and responsibilities of the Nomination Committee can be found at https://investors.avast.com/media/1397/nomination-committee-terms-of-reference.pdf The Remuneration Committee recommends the Group’s policy on executive remuneration; recommends the levels of remuneration for Executive Directors, the Chair, and other senior executives; grants awards under the Group’s incentive plans; and prepares an annual remuneration report for approval by the shareholders at the Annual General Meeting. The terms of reference setting out the roles and responsibilities of the Remuneration Committee can be found at https://investors.avast.com/media/1270/remuneration-committee-terms-of-reference.pdf Please refer to pages 97 to 102 for further details in relation to the Audit and Risk Committee; pages 103 to 106 for further details in relation to the Nomination Committee; and pages 107 to 128 for further details in relation to the Remuneration Committee. The Group also has a Disclosure Committee, which is responsible for managing the disclosure of information by the Group in compliance with its obligations under the UK Market Abuse Regulation, the Financial Conduct Authority’s Listing Rules, and the Disclosure Guidance and Transparency Rules. The Disclosure Committee comprises the CEO, CFO, General Counsel and Company Secretary, and Director of Investor Relations. The Disclosure Committee considered matters when appropriate during 2020. The Executive Management team comprises the CEO, CFO, and eight other individuals who are responsible for the key operational planning and management of the Company. A full list of the Executive Management team as well as their biographies can be found on the Company’s website at https://investors.avast.com. In 2020, the Board held 12 meetings. The Audit and Risk Committee and Remuneration Committee each held four meetings, and the Nomination Committee held five meetings. Meetings are generally held in London, but due to the restrictions imposed in response to the COVID-19 pandemic, all meetings after February were held virtually. During 2020, the Board’s meetings included reviewing the Group’s latest financial results, business unit execution, principal risks, the Group’s strategy, and its technology. The Board delegates the ordinary day-to-day operational responsibility to the Executive Management team. The Chair and Non-Executive Directors regularly hold sessions without the attendance of the Executive Directors or other members of the Executive Management team. Additionally, the Chair ensures that the Directors take independent professional advice where they judge it necessary in order to discharge their responsibilities. The General Counsel and Company Secretary is also available to provide advice for every Director. © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Corporate governance statement continuedCorporate governance statement continued Strategic report Governance Financial statements Avast plc annual report 2020 94 The Board is supported by the General Counsel and Company Secretary, who ensures that the Board has the policies, processes, information, time, and resources it needs in order to function effectively and efficiently. Board meeting attendance Board meeting John Schwarz Ondrej VIcek Philip Marshall Pavel Baudis Eduard Kucera Lorne Somerville* Warren Finegold Ulf Claesson Erwin Gunst Belinda Richards Tamara Minick-Scokalo Maggie Chan Jones * Mr Somerville resigned from the Board on 21 May 2020 23 Jan 2020 29 Jan 2020 25 Feb 2020 7 April 2020 15 April 2020 20 May 2020 14 July 2020 11 Aug 2020 18 Sep 2020 20 Oct 2020 19 Nov 2020 21 Dec 2020 X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Please refer to page 99 for the Audit and Risk Committee attendances; page 103 for the Nomination Committee attendances; and page 127 for the Remuneration Committee attendances. 3 Composition, succession and evaluation Appointments to the Board The Nomination Committee assists the Board in reviewing the structure, size, performance, and composition of the Board. It ensures a formal, rigorous, and transparent procedure for the appointment of new Directors. It is also responsible for reviewing succession plans for the Directors, including the Chair and CEO, and the Executive Management team. A detailed overview of the activities of the Nomination Committee in succession planning can be found in the Nomination Committee report on page 104. Evaluation Annual Board evaluation The Board undertakes an evaluation of its performance and effectiveness annually, in accordance with best practice and the requirements of the Code. In keeping with last year’s process, Avast engaged Lintstock, an independent external advisory firm, to assist with the FY 2020 Board evaluation. Lintstock has no other connection with Avast. © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Corporate governance statement continued Strategic report Governance Financial statements Avast plc annual report 2020 95 Evaluation process Lintstock engaged with the Chair and General Counsel and Company Secretary to set the context for the evaluation and tailored the survey content to the specific circumstances of Avast. Board members were invited to complete an online survey addressing the performance of the Board and its Committees The Independent Non-Executive Directors considered, without the Chair present, the Chair’s performance, the results of which were discussed between the Senior Independent Director and the Chair Board members conducted a self-evaluation of their individual performance and contribution to the Board, as well as their training requirements; the results were discussed on an independent basis with the Chair Lintstock produced reports regarding the performance of the Board, the Committees, and the Chair which were considered by the Board Focus areas for 2021 Making improvements to the meeting cycle, agenda and papers Evolving the dynamic between the Board and management Addressing Board composition Overall evaluation findings The performance of the Board and its Committees received a mixed rating, primarily as events since last year’s Board evaluation, including the COVID-19 pandemic, have amplified the need to make a number of changes in the governance model. The performance of the Audit and Risk Committee and Remuneration Committee was rated highly. The Nomination Committee was rated high overall with priorities for 2021 identified, including greater reporting back to the Board. A summary of the evaluation of the performance of each of the Committees can be found on pages 102 (Audit and Risk Committee,106 (Nomination Committee), and 128 (Remuneration Committee). Key evaluation findings and Board actions for 2021 Annual Board evaluation findings Board actions for 2021 Board composition Appropriateness of the current Board composition Chair succession Board dynamics Increase in Board involvement in key initiatives Develop closer relationships with the Executive Management team Strategic oversight Ensure that the key business priorities are agreed and tracked on a consistent basis to improve the Board’s visibility of operational execution Develop a more systematic approach to understanding the Company’s market and competitive positioning Focus will be given to agreeing how the composition of the Board should evolve going forward, including the skills set that should be targeted in the next Non-Executive Director to be appointed. The Board will consider the merits of undertaking a skills mapping exercise to help clarify priorities for future recruitment processes. The Chair’s succession will be a key focus over the coming 12 to 18 months. The Board will ensure that clear expectations are set around its level of involvement with the Executive Management team and will determine an annual cycle of meetings and less formal interactions to support an ongoing, collaborative dialogue and guide the Executive Management team in their engagement on key issues. The Board will continue to support the CEO and engage with the Executive Management team to agree key business priorities and develop processes to track operational execution of strategy. The Board will work with the Executive Management team to further understand the Company’s market and competitive positioning. Management and focus of meetings Have fewer topics on each Board meeting agenda, devote more time to discussing critical issues and ensure Board papers are more concise and focused on key issues The Board will work to develop a timetable to increase the annual number of Board meetings and ensure that the allocation of time within them is optimised. The Board will also develop appropriate reporting of key business priorities and ensure Board materials are aligned with the Board’s needs. Risk management and internal control Key risks should receive greater attention at the Board periodically The Board will continue to prioritise the identification and assessment of risks facing the Group to ensure all relevant risks are managed effectively in order to meet the Group’s strategic objectives and devote increased time in the Board calendar to consider key risks, in particular security risk. Succession planning and human resource management Strengthen the level of senior operational leadership The Board will continue to develop succession plans for the Executive Management team and oversight of talent and management and development processes. © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Corporate governance statement continuedCorporate governance statement continued Strategic report Governance Financial statements Avast plc annual report 2020 96 4 Audit, risk and internal control The Audit and Risk Committee assists the Board in reviewing the Group’s annual and half-year financial statements and internal and external audits and controls. It is also responsible for overseeing the risk management framework, the scope of the annual audit and non-audit work undertaken by external auditors, the effectiveness of the internal controls in place within the Group, ESG matters and cybersecurity. For further detail, please refer to the Audit and Risk Committee report on pages 97 to 102. The Board is responsible for the presentation of a fair, balanced, and understandable assessment of the Company’s position and prospects. This is a key consideration when preparing all financial information issued. The coordination and review of the annual report is conducted in parallel with the formal audit process undertaken by the external auditors and the review by the Board and its Committees. The Board is satisfied that the current policies and procedures in place ensure the independence and effectiveness of the internal and external audit functions. The Audit and Risk Committee is responsible for reviewing key judgements within the Group’s financial statements and narrative reporting, with the aim of maintaining the integrity of the Group’s financial reporting. The Board is responsible for carrying out a robust assessment of the Company’s emerging and principal risks. The Board, through the Audit and Risk Committee, has monitored the Company’s risk management and internal control systems and, at least annually, carries out a review of their effectiveness and reports on that review in the annual report. 5 Remuneration The Remuneration Committee recommends the Group’s policy on executive remuneration, recommends the levels of remuneration for Executive Directors, the Chair, and other senior executives, grants awards under the Group’s incentive plans, and prepares an annual remuneration report for approval by the shareholders at the Annual General Meeting (AGM). The Directors’ remuneration report, on pages 107 to 128, sets out the work of the Remuneration Committee, its activities during the year, and further details on how the Remuneration Policy is implemented. The Company has a formal and transparent procedure for developing the Remuneration Policy, and no Director is involved in deciding their own remuneration. The Remuneration Committee is working with the Executive Directors to revise the Remuneration Policy to ensure that executive remuneration remains aligned with the Company’s purpose and values, and is clearly linked to the successful delivery of the Company’s long-term strategy. The updated Remuneration Policy will be put to shareholders for approval at the 2022 AGM. Executive remuneration is set with regard to the wider workforce and through market benchmarking. The Remuneration Committee is supported by remuneration consultant Deloitte LLP. For further detail, please refer to the Remuneration Committee overview on pages 127 to 128. The Remuneration Committee comprises four Non- Executive Directors to ensure independent judgement with regard to remuneration outcomes. The Remuneration Committee considers remuneration on an annual basis and determines outcomes by assessing executive performance against performance criteria, details of which can be found in the Directors' remuneration report on pages 107 to 128. This states how our Remuneration Policy has been applied and sets out details of any adjustments made or discretions exercised. Annual General Meeting The 2021 AGM will be held on 6 May 2021. The notice of AGM will be sent to all shareholders who have requested a physical copy and can also be found on the Company’s website at https://investors.avast.com. The notice of AGM sets out the business to be conducted at the meeting and explanatory notes in relation to the proposed resolutions. Separate resolutions are proposed in respect of any other substantive issue, other than ordinary business, which is to be considered at or on the same day as the AGM. The Directors will review specific matters raised by shareholders throughout the year and meet with investors and shareholders. The Chairs of the Committees will be available to discuss any matters which are addressed in the Chair’s AGM statement. The Corporate Governance statement includes the Audit and Risk Committee report, the Nomination Committee report, and certain aspects of the Directors’ remuneration report, and incorporates the Takeover Directive disclosures in the Directors’ report. Stakeholder engagement disclosures can be found in the Strategic report. This Corporate Governance statement was approved by the Board on 2 March 2021 and signed by order of the Board. By order of the Board Kelby Barton Company Secretary 2 March 2021 © 2019 Friend Studio Ltd File name: CorporateXGovernance_v54 Modification Date: 2 March 2021 3:27 pm Corporate governance statement continued Strategic report Governance Financial statements Avast plc annual report 2020 97 Audit and Risk Committee report We are committed to assisting the Board on matters of governance, risk management, and internal control practices of the Group. Belinda Richards Chair of the Audit and Risk Committee Introduction Dear Shareholder I am pleased to present to you the Audit and Risk Committee report for the financial year ended 31 December 2020. In this report, we provide you with an overview of the Committee’s priorities and performance during the year, in addition to details regarding the audit and risk management policies approved by the Committee for implementation throughout the Group. The Audit and Risk Committee assists the Board with the discharge of its responsibilities in relation to the Group’s financial reporting, controls, and risk management systems. The Committee reviews the Group’s annual and half-year financial statements, accounting policies, and significant reporting judgements, oversees the Group’s risk management framework, evaluates the Group’s key business risks on an annual basis, develops and implements the Group’s policy on non-audit services, and reviews the effectiveness of the Group’s internal controls, including cybersecurity controls and readiness, whistleblowing processes, and fraud systems. The Committee also reviews and monitors the scope of the annual audit and its effectiveness, including the independence and objectivity of the external auditor, and provides recommendations to the Board on the appointment of external auditors. The last year has been unprecedented in terms of challenge and change. A priority for the Committee has been ensuring that the Company’s reporting, controls, assurance, and risk management systems have remained resilient in light of the restrictions imposed in response to the COVID-19 pandemic and its impact on operations globally. I look forward to working closely together with the other members of the Committee throughout the coming year, including any successor to each of Mr Claesson and Mr Gunst following their retirement from the Board at the AGM on 6 May 2021, and building on the successes we achieved in 2020. Belinda Richards Chair of the Audit and Risk Committee © 2019 Friend Studio Ltd File name: AuditXCommittee_v45 Modification Date: 2 March 2021 8:49 pm Strategic report Governance Financial statements Avast plc annual report 2020 98 Committee composition and attendance The Committee comprises four Independent Non-Executive Directors in compliance with the Code. Also, for the purposes of the Code, the Board has determined that the Committee’s Chair, Ms Richards, has recent and relevant financial experience, being a former corporate finance partner at Deloitte LLP. Principal activities The Committee sets an annual forward agenda based on the scope of its responsibilities under its terms of reference available on the website here: https://investors.avast.com/ media/1399/audit-and-risk-committee-terms-of-reference. pdf. In addition, the Committee considers any other relevant ad hoc matters which require its review. Full biographies of the Committee’s members can be found on pages 88 to 89, which details the qualifications of the Committee’s members. From time to time, the Committee may invite others to join their meetings, where it considers their expertise and knowledge to be relevant and necessary to the subject matter under consideration. The Committee meetings are routinely attended by the CEO, CFO, Vice President of Finance, Director of Internal Audit, Chief Security Information Officer, and General Counsel and Company Secretary. The Committee held four meetings in 2020 and the Committee members’ attendance is set out in the table below. Committee member Belinda Richards (Chair) Tamara Minick-Scokalo Ulf Claesson Erwin Gunst No. of meetings attended (No. of meetings convened while a member) 4(4) 4(4) 4(4) 4(4) Date of appointment 7 June 2018 22 May 2019 10 May 2018 10 May 2018 During 2020, the Committee afforded particular focus to the following matters: Assessing and overseeing the Group’s risk management framework Evaluating and updating the Company’s key business risks Reviewing the local risk registers and considering the appropriateness of the current review process Assessing the internal controls and risk management of the Group, including overseeing an exercise to increase awareness and training of Company policies, conducting a third-party review of the Company’s control environment and assessing the effectiveness of licensing systems, reviewing and monitoring data governance, disaster recovery planning, tax, treasury, and PPE (plant, property, and equipment) controls, and targeted assurance Reviewing the 2019 audit report and 2020 audit plan, together with the Group’s external auditor Reviewing the 2019 full-year and 2020 half-year financial results of the Group Evaluating the external auditor’s independence and objectivity, and the effectiveness of the audit process Reviewing the internal audit plans for the years ending 31 December 2020 and 31 December 2021 Reviewing and approving the Group’s external audit and tax advisory fees for 2020 and 2021 Overseeing the closure of Jumpshot Implementing and overseeing developments in the data governance environment, cybersecurity and ESG Reviewing significant accounting judgements Considering the EU Commission’s proposals on the taxation of the digital economy and reviewing digital tax proposals in EU member states Reviewing the Company’s dividend policy and proposed dividend distribution Assessing the Company’s principal and emerging risks, going concern, and viability statements, including the impact of COVID-19 Assessing the impact of Brexit on the business Significant issues relating to the accounts The issues considered by the Committee that are deemed to be significant to the Group’s accounts are set out below: Revenue recognition The Group transitioned to the IFRS 15 revenue recognition standard from 1 January 2018 and has continued to consistently apply its revenue recognition policy during 2020. This year, the external auditors focused on the key risks associated with recognition of licence revenue and the risk of management override on all revenue streams. No new significant accounting judgements relating to revenue recognition were made in 2020. The revenue recognition policies of the Group are described in Note 2. Having provided appropriate challenge to management and the external auditors, and undertaken further investigation of the sampling methodology employed, the Committee has concluded that the revenue recognition for the Group is appropriate, and the Group’s revenue recognition policy has been applied consistently. © 2019 Friend Studio Ltd File name: AuditXCommittee_v45 Modification Date: 2 March 2021 8:49 pm Audit and Risk Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 99 Income and deferred taxes The Group operates in multiple tax jurisdictions and entered into multiple significant transactions pre and post IPO. The Group reported deferred tax assets of $197.1m as at 31 December 2020 (Note 13), primarily as a result of transfers of intellectual property within the Group in 2018 and unused tax losses in the US. The deferred tax recognised as a result of the intragroup IP transfer will be recovered as a tax deduction from Avast’s Czech entity, Avast Software s.r.o., over a period of 15 years. The carrying value of the deferred tax asset in relation to the IP transfer as at 31 December 2020 is $119.8m, as described in Note 13. Avast Software s.r.o. has reported substantial taxable income in the Czech Republic in both the preceding and current financial years. From the forecasted results, it is likely that future taxable profits will allow benefits of the recognised deferred tax asset to be fully utilised in the future. The Group recognised a deferred tax asset of $49.9m (USD) as at 31 December 2020, arising from unused tax losses in the US, mainly as a result of deductions from stock option exercises. In accordance with US tax laws, deferred tax assets fully recognised as tax losses and generated after January 2018 can be carried forward indefinitely. As such, the Group assesses that future taxable profits will be sufficient to recover the full amount of allowable tax deductions. The Committee and the Group’s external auditors reviewed the appropriateness of significant decisions made by the Group regarding the recognition and measurement of the deferred tax assets. In particular, the Committee reviewed the current profitability of the Group’s US entities and future projections, noted that losses had a lifetime use in the US, and concluded that the appropriateness of the accounting in relation to deferred tax assets was in order. In addition, the Committee also reviewed the Group’s assessment of the potential impact of the EU Commission’s proposals on the taxation of the digital economy and similar proposals by individual member states, in particular, the Czech Republic and France. Going concern The Committee oversaw the process used by the Board to assess the going concern and viability of the Group and the preparation of the viability statement which is set out on page 63. As part of this process, the Committee reviewed the detailed going concern review and analysis which was undertaken by management due to the uncertainty arising from Covid-19, which included financial forecasting and reverse stress testing. The Committee also considered and monitored the procedures and actions in place to alert the Board to any changes which might impact the working capital of the Group. Impairment of goodwill and intangibles At each reporting date, the Group assesses whether there is an indication that an asset may be impaired. Management has provided the Committee with the results of the annual goodwill and intangible assets impairment analysis for 2020. The analysis indicates that the assets were not impaired and no reasonable change in input factors has resulted in an impairment. Having provided appropriate challenge to management and the external auditors, the Committee has concluded that the result of the analysis is appropriate and there is no impairment of either goodwill or intangible assets as of 31 December 2020. Jumpshot At the beginning of 2020, following an in-depth review of the Group’s data handling practices, the Board decided to immediately discontinue the data feed provided by the Group to Jumpshot, Inc., its data analytics business. Over the course of the year, the Company has proceeded to wind-down the business, which included the immediate cessation of product sales, settlement and termination of contracts, redundancies, office closure, and commercial settlements. Management has provided the Committee with regular updates on the status of the wind-down, which is substantially complete, and continues to receive updates in relation to developments with regard to the ongoing communications with relevant regulators and authorities in respect of certain data protection matters. Any potential future claims or liabilities arising out of communication with relevant regulators or authorities cannot at this time be quantified. For further details of the provisioning in relation to Jumpshot and the wind down, see page 178. Internal controls The Board is responsible for the Company’s risk management and internal control systems. The Committee is responsible for monitoring and keeping under review the adequacy and effectiveness of these systems. The Group maintains risk management and internal control systems and processes which accord with the FRC’s Guidance on Risk Management, Internal Control and Related Financial and Business Reporting, and these remained in place from 1 January 2020 up to the date of this report. While the risk management and internal control systems environment is an area continuously under review and which the Company is looking to improve, particularly in light of the Company’s growth and promotion to the FTSE 100 index, the Committee is satisfied that there are no significant weaknesses in these systems and that the Group’s key internal controls are operating effectively. Internal controls relating to financial reporting form an integral part of the Group’s corporate governance and enterprise risk management policy. The Group’s internal controls over financial reporting are in line with the COSO framework for internal controls. The internal controls processes of the Group are based on the following five key principles: control environment, risk assessment, control activities, information and communication, and monitoring, © 2019 Friend Studio Ltd File name: AuditXCommittee_v45 Modification Date: 2 March 2021 8:49 pm Audit and Risk Committee report continuedAudit and Risk Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 100 each of which is explained in more detail below. It is a process designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. Internal Audit The primary purpose of the Group’s Internal Audit function is to enhance and protect organisational value by providing an independent, objective assurance and consulting activity designed to add value and improve the Group’s operations, control, and governance processes. In order to ensure independence, the Internal Audit function has a reporting line to the Committee. The Committee assessed the effectiveness of Internal Audit and satisfied itself that the quality, experience, and expertise of the function is appropriate for the business. In performing this assessment, the Committee reviewed the annual internal audit plan and considered the performance against that plan along with any variations to it, met with the Head of Internal Audit to review the audit results and management responses regularly, and held meetings with the Head of Internal Audit, including in the absence of Executive Management. The Head of Internal Audit has a direct line of communication with and support of the Committee. The Committee reviewed and approved the internal audit plans for the years ending 31 December 2020 and 31 December 2021, which were created using a risk-based approach. In 2020, Internal Audit focused on validating the effectiveness of the internal control framework, monitoring activities within the Group, including the account reconciliation process, controls over revenue, payroll, and travel and expense processes, and mitigating identified operational and compliance risks. Whistleblowing Policy The Group has in place a Whistleblowing Policy, which enables employees to report any concerns relating to misconduct and serious breaches of Avast policy or ethical guidelines without fear of retribution. The Group has established a dedicated hotline and email address to handle all such reports. Ethical questions or concerns raised by employees are investigated and all findings and remedial actions are reported in detail in periodic reports prepared for and reviewed by the Committee. COSO framework Control environment The Group’s control environment serves as a foundation for its internal control process. Management at all levels is responsible for ensuring that the Group, and its employees, comply with the Group’s internal policies, including its Code of Conduct and other internal policies relating to, among others, financial processes, human resources, legal, information security, and IT. The financial shared services of the Group support harmonised and standardised financial accounting processes and controls. Risk assessment The Group takes a risk-based approach towards internal controls. During the year, the Committee, on behalf of the Board, carried out an assessment of the principal risks facing the Group, including those that would threaten its business model, future performance, solvency, and liquidity. As a result of this assessment and reflecting the growing regulatory environment and competitor developments, the principal risks were modified. A description of the principal risks and how these were reviewed to assess the Group’s viability can be found on pages 58 to 63. Control activities Control activities are designed to prevent or detect material misstatements in the financial statements and reporting. To manage these risks, the Group has established control activities. Key processes in relation to control activities, including related risks and key controls, have been implemented and documented in the Group’s internal control framework. During 2020, the Committee oversaw an external review of the Group’s control activities, and management is taking certain recommendations coming out of the external review forward. Information and communication Internal policies and directions, including requirements relating to the implementation of internal controls as well as accounting and reporting, are communicated to all relevant employees through internal communication channels such as the intranet, training sessions, and email. During the year, the Company appointed a new vendor to deliver mandatory training to improve the process of monitoring the compliance of legally required training and achieve 100% completion of such mandatory training globally, and ultimately increase awareness of the Company’s internal policies. Monitoring The Group has implemented a process for the monitoring of the performance of internal control activities through periodic control self-certification and compliance reviews by the Internal Audit function. The Group maintains an ongoing and transparent dialogue with its employees regarding internal controls and the performance of control activities. Control owners are encouraged to disclose any issues relating to the performance of control activities in order to ensure that any issues in the process can be addressed in their infancy. © 2019 Friend Studio Ltd File name: AuditXCommittee_v45 Modification Date: 2 March 2021 8:49 pm Audit and Risk Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 101 The Committee receives reports directly from both external and internal auditors. The reports are considered and discussed in detail by the Committee in meetings at which both the external and internal auditors are present. Financial reporting – internal controls and risk management The Group’s internal controls over financial reporting are designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of published financial statements in accordance with the relevant applicable laws and procedures and pursuant to the requirements of the Code. The key elements of the control environment, in addition to the risk management processes outlined on pages 58 to 63 of this report, are: A clear schedule of matters which require approval at Board level A policy in relation to delegation of authority and the limitations which apply Comprehensive annual budgets prepared for the Group, and individual business units Ongoing monitoring of the performance of the Group, and individual business units, against budgets with reports given to the Board on a regular basis Internal audit assessments, both with respect to financial matters and business matters, discussed with management and the Committee together with corrective actions agreed and monitored A centralised financial reporting system and close process, with controls and reconciliation procedures designed to facilitate the production of the consolidated accounts Assessment of accounting standard changes with both the external auditor and the Committee Documented policies made widely available to employees in relation to anti-bribery and corruption, anti-money laundering, export controls, and whistleblowing Approved internal audit plan for the year ended 31 December 2020 relating to financial, control, business, and operational audits An ongoing review of the principal risks which face the Group, in addition to the assessment undertaken by the Committee in preparing the viability statement Regular reports in relation to finance, tax, and treasury given to the Committee Meetings of the Disclosure Committee, when appropriate, which is responsible for managing the disclosure of information by the Group in compliance with its obligations under the Market Abuse Regulations, the Financial Conduct Authority’s Listing Rules, and the Disclosure Guidance and Transparency Rules Effectiveness of internal control and risk management Through a series of stakeholder interviews, control walkthroughs, and a documentation review, Deloitte LLP assessed the Company’s control framework against FTSE 100 index peers and good practice with reference to COSO. A report on opportunities for improvement identified through this exercise was presented to the Committee and the Committee requested the CFO be responsible for taking forward all high and medium priority observations. Also during the year, the Committee, on behalf of the Board, reviewed the effectiveness of the internal control and risk management systems of the Group, and reported its conclusions to the Board. The Committee believes that the risk management processes and key internal controls of the Group are effective. In coming to this conclusion, the Committee considered a number of factors, including: Management’s self-certification of the Group’s internal controls and risk management systems, including against the 2013 COSO framework, as monitored by the Committee Work carried out by the internal and external audit functions during the year ended 31 December 2020, including an internal assessment of the functional personnel and the annual internal audit work plan Reports it received from, and meetings it held with, the Group’s internal and external auditors Business updates provided by management in relation to work carried out by external advisers with respect to security and regulatory matters Detailed assessment of the risk ratings assigned to the individual risks within the business Measures the Group has in place to mitigate the principal risks it faces (more details of which can be found on pages 59 to 61) The Committee is satisfied that there is an ongoing process for identifying, evaluating, and managing the principal risks faced by the Group. The systems in place are regularly reviewed by the Committee. During the year, the Internal Audit Director reported to the Committee on areas where it had carried out key control reviews, including the Group’s account reconciliations, data governance, and disaster recovery planning. The Board is satisfied that there are no significant weaknesses in these systems and that the Group’s key internal controls are operating effectively. Financial Reporting Council feedback on the annual report On 15 September 2020, the Group received a letter from the Financial Reporting Council (FRC) in relation to its thematic review of companies’ reporting relating to the application of, and disclosures made under, IFRS 15 ’Revenue from Contracts with Customers’. I am pleased to report that © 2019 Friend Studio Ltd File name: AuditXCommittee_v45 Modification Date: 2 March 2021 8:49 pm Audit and Risk Committee report continuedAudit and Risk Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 102 the FRC had identified the disclosures made by Avast in its annual report and accounts to 31 December 2019 as an example of better practice in providing clear description of the nature of performance obligations, associated contract terms, and why the control over software licences transfers over time. External auditor The Committee makes recommendations to the Board on the appointment, remuneration, and removal of the Group’s external auditor. The current lead external audit partner is Marcus Butler and 2020 was the third year of his term, having held the role since 2018. In accordance with the mandatory re-tendering rules implemented by the UK Competition and Markets Authority, at least once every 10 years the audit services contract will be put out to tender to enable the Committee to compare the quality and effectiveness of the services provided by the incumbent auditor with those of other audit firms. The Committee oversees and supervises any competitive tender process undertaken by the Group for the provision of external audit services. The last tender of audit services was undertaken in 2016, with the next tender due in 2026. Ernst & Young LLP was reappointed as external auditor of the Company on 21 May 2020 for the year ended 31 December 2020, following its reappointment at the Company’s 2020 AGM. Prior to this, Ernst & Young s.r.o. has acted as external auditor to the underlying group since the year ended 31 December 2007. The Company was in compliance with the Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Processes and Audit Committee Responsibilities) Order 2014 during the year. The Committee safeguards the independence and objectivity of the external auditor in a number of ways, including through an annual review of the auditors’ independence and by monitoring that no conflicting non-audit services are provided. Non-audit services In order to ensure the ongoing independence of the external auditor, the Group maintains a Non-Audit Services Policy which defines the rules under which the Group can use the external auditor for non-audit services. The Group’s procedures for procuring non-audit services from external sources specifically prohibit Ernst & Young LLP from undertaking certain types of services. The external auditors may perform certain non-audit services for the Group which are not prohibited. Any such non-audit services require pre-approval by the Audit and Risk Committee, must be in the best interests of the Company, and are only permitted to the extent allowed by relevant laws and regulations. The Policy complies with the FRC’s guidelines on the 2018 UK Corporate Governance Code and Ethical Standards. During the financial year, with the exception of the half-year review, no non-audit services were provided by the external auditor on behalf of the Group. The ratio of fees for audit:non-audit services provided during 2020 was 11:1. Refer to Note 7 for further details regarding the Group’s audit and non-audit fees. Effectiveness of external auditors The Committee reviewed the effectiveness of the external auditor for the financial year ended 31 December 2020. The Committee considered a number of factors when undertaking this assessment, including: The professional scepticism, independence, and objectivity of the external auditor The quality of the external auditor’s communication and interaction The external auditor’s qualifications, expertise, and resources, and the effectiveness of the audit process The tenure of the external auditor, and whether it would be appropriate to put the audit services contract out to tender The transparency reports of the external auditor for 2020 Upon completion of its review of the effectiveness of the external auditor, the Committee recommended to the Board that a resolution to reappoint Ernst & Young LLP be proposed at the next AGM. Performance evaluation The Audit and Risk Committee’s effectiveness for 2020 was considered as part of the annual Board evaluation process. The performance of the Committee was evaluated in accordance with the process set out on page 95. The specific areas assessed were: Reviewing the work of internal and external audit Overseeing financial reporting Assessing the control environment Monitoring risk management systems Overall, the Committee’s performance was rated highly. It was noted that it would be worth reviewing the delegation of responsibility between the Committee and the Board, (particularly in terms of risk) and that more time should be dedicated to Committee meetings. It was also noted that whilst the Committee had overseen improvements in the quality of risk and control systems in place since last year, driving forward the maturity of the risk and control environment would remain a key focus for 2021. The Committee has reflected on the findings of the report. By order of the Board Its meetings and discussions with the external auditor, including in relation to the auditor’s findings and reports on the annual audit and interim review, and the quality of the auditor’s work in relation to financial judgements made Belinda Richards Chair of the Audit and Risk Committee 2 March 2021 © 2019 Friend Studio Ltd File name: AuditXCommittee_v45 Modification Date: 2 March 2021 8:49 pm Audit and Risk Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 103 Nomination Committee report Our mission is to recruit, develop, and retain a world-class leadership team at Board, Executive Management, and senior management level. Warren Finegold Chair of the Nomination Committee Introduction Dear Shareholder I am pleased to introduce our Nomination Committee report for the financial year ended 31 December 2020. In this report, we provide you with an overview of the Committee’s responsibilities and performance during the year. The Committee is responsible for assisting the Board in evaluating the structure, size, performance, and composition of the Board and its Committees. More broadly, the Committee is responsible for reviewing succession plans at Board, Executive Management, and senior management level and assuring that a pipeline of suitably qualified and capable successor candidates is in place for both emergency and longer-term succession. The Committee is focused on ensuring that the Board comprises individuals with the requisite independence, knowledge, skills, diversity, and experience to discharge its responsibilities effectively. As part of this, the Committee’s decisions relating to the appointment of Directors follows a formal appointment process. During the year, it was announced that Ulf Claesson and Erwin Gunst would not be standing for re-election at the next AGM, having been Directors since 2012. A recruitment process, led by the Nomination Committee, is currently under way to find a replacement. We also oversaw a number of changes to the Executive Management team, including the retirement of Alan Rassaby who retired having spent more than seven years as General Counsel and Chief Human Resources Officer and latterly as Chief of Staff and Company Secretary. The Committee also oversaw a number of new hires to the Executive Management team, details of which are further described in the report below. Looking ahead, the Board is committed to having a diverse and inclusive leadership team and the Committee will continue to appoint on merit while maintaining its focus on succession planning, talent management, and increasing diversity on the Board. Warren Finegold Chair of the Nomination Committee Principal activities The Committee sets an annual forward agenda based on the scope of its responsibilities under its terms of reference available on the Company’s website at https://investors. avast.com/media/1269/terms-of-reference-nomination- committee-07062019.pdf. In addition, the Committee considers any other relevant ad hoc matters which require its review. During the year, the Committee paid particular attention to the following matters: Succession plans for the Board and members of the Executive Management team Recruitment of a new Chair of the Board Recruitment of a new Non-Executive Director to the Board Monitoring compliance with corporate culture External Annual Board evaluation Director independence Committee membership Committee member No. of meetings attended (No. of meetings convened while a member) Date of appointment Warren Finegold (Chair) 10 May 2018 John Schwarz Erwin Gunst Maggie Chan Jones 10 May 2018 10 May 2018 22 May 2019 5(5) 5(5) 5(5) 5(5) © 2019 Friend Studio Ltd File name: NominationXCommittee_v53 Modification Date: 2 March 2021 3:48 pm Strategic report Governance Financial statements Avast plc annual report 2020 104 Committee composition The Committee is chaired by Warren Finegold, the Senior Independent Non-Executive Director of the Company, and comprises three other Non-Executive Directors. Full biographies of the Committee’s members can be found on pages 88 to 89. The Group’s General Counsel and Company Secretary is secretary to the Committee. From time to time, the Committee may invite others to join meetings, where it considers their expertise and knowledge to be relevant and necessary to the subject matter under consideration. During the year, this included the CEO, the Chief of Staff and Company Secretary (prior to his retirement), and the Chief People and Culture Officer. The Company complies with the requirements of the Code that a majority of the Nomination Committee be Non-Executive Directors. Succession planning Succession planning is carried out with a view to strengthening the Company’s organisational capabilities and ensuring our Board and Executive Management team possess the requisite skills experience, and diversity. As part of our succession planning, the Company reviews the risk rating of the senior executives on an annual basis and discusses the succession plans for each of them. The successors are given a readiness status and their development is discussed. The Company seeks to promote from within the Group, where possible, and recruit externally if required, in order to ensure that the best candidates are obtained. Successor candidates’ capabilities were calibrated in 2020 using 360 feedback, psychometric testing, and in-depth interviewing with an executive search consultant. This has allowed us to determine the readiness for candidates in terms of succession. Development plans are being supported for all successor candidates to ensure that they are as prepared as possible for potential succession, and external market mapping has been commissioned for roles where there is no obvious internal successor. Throughout the year, the composition of the Executive Management team underwent a number of changes, as further set out below. In July 2020, Nick Viney joined the Group as Senior Vice President and General Manager of Telco, IoT, and Family. He is responsible for leading Avast’s global strategy for the business unit and expanding its portfolio of security products. He has held leadership positions at a number of leading technology companies, with his experience covering multiple channels to market, including the mobile and carrier sector and the Internet of Things (IoT) market as well as Original Equipment Manufacturing (OEM) and Retail. Appointment of senior executives The Company welcomed a number of senior executives in various roles throughout 2020, and the beginning of 2021. In January 2020, Julio Bezerra joined the Group as Chief Strategy and Transformation Officer. Mr Bezerra is responsible for developing, communicating, and executing the Company’s strategy, including leading major transformation projects, corporate development, and M&A transactions. Mr Bezerra has significant experience in fast-moving technology, consumer markets, and change management. In February 2020, we welcomed Rebecca Grattan as Chief People and Culture Officer. Ms Grattan is responsible for the human resources and facilities functions within the Group. Ms Grattan brings extensive global HR experience and has a particular interest in creating organisational climates where people thrive and where underrepresented groups can be supported to achieve their potential. Throughout her career, she has championed programmes to highlight and tackle gender, LGBTQ+, mental health, and wellbeing, and has been involved in a range of women in tech initiatives. In April 2020, Lisa Carey joined the Group as Chief Marketing Officer. Ms Carey leads the marketing team. Ms Carey brings more than 20 years of marketing expertise to Avast, having built world-class brands and businesses across all stages of growth. In August 2020, Allan Thomson joined the Group as Chief Architect Threat Defence Technology. Mr Thomson is responsible for the technical strategy, architecture, and product technology for threat defence products. Mr Thomson has significant experience across network security, threat intelligence, threat analysis, and distributed systems technologies, having served as a technology innovator, strategist, architect, and leader across a broad set of products at leading-edge companies. In September 2020, Dita Formankova joined the Group as Director of Diversity, Inclusion and Communities. Ms Formankova leads diversity initiatives and Group-wide, activities and training, and works with Avast’s ambassadors globally to jointly develop local initiatives and locally focused programmes. In October 2020, Shane McNamee joined the group as Chief Privacy Officer. The Chief Privacy Officer is a new role. Mr McNamee will work with the existing Privacy Compliance team and Data Protection Officer to enhance privacy compliance and focus on developing the Group’s privacy strategy, culture, and values. Mr McNamee has extensive experience working in both academia and national data protection regulation, having most recently worked at the Irish Data Protection Commission, the Irish regulator tasked with overseeing and enforcing data protection and privacy laws. © 2019 Friend Studio Ltd File name: NominationXCommittee_v53 Modification Date: 2 March 2021 3:48 pm Nomination Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 105 In October 2020, Miroslav Umlauf assumed a newly created role of Chief Data Officer. Mr Umlauf is responsible for developing, communicating, and executing Avast’s data strategy and helping Avast to find balance between data innovation and regulation. Mr Umlauf has been with the Company for 10 years in various data and analytics roles, and prior to Avast he spent several years in data roles in telecommunications. He has been teaching data skills in business institutes and universities. He contributed to the creation of master’s and MBA data programmes (University of Economics in Prague). In March 2021 we welcomed Trudy Cooke who joined as Group General Counsel and Company Secretary. Ms Cooke is responsible for leading the legal and company secretarial functions within the Group. Ms Cooke brings extensive international public and private legal, M&A and management experience. She was recently Group General Counsel at a UK listed satellite telecommunications company and prior to that worked first as a corporate lawyer and then more recently as the Chief Operating Officer and member of the Executive Board at a leading international private equity investment firm in London. In addition, as part of the reorganisation of our corporate structure and the establishment of multi-disciplinary, autonomous teams to focus on specific areas, there have been changes to the roles of two members of the Executive Management team. Vita Santrucek has been appointed as Avast’s Chief Product Officer and Peter Turner has been appointed as Avast’s Chief Commercial Officer. Nomination Committee report Independent Directors The Code recommends that at least half of the board of directors of a UK listed company, excluding the Chair, comprises non-executive directors determined by the board to be independent in character and judgement, and free from relationships or circumstances which may affect, or could appear to affect, the directors’ judgement. Six out of 11 Directors are independent. Further details on the classification of Directors are included in the Corporate Governance statement on page 92. As a result, the Company is compliant with the requirement of the Code. Board appointments All Directors are appointed by the Board following a rigorous selection process and subsequent recommendation by the Nomination Committee. We aim to appoint people who will help us address the operational and strategic challenges and opportunities facing the Company now, and in the future, and ensure that our Board is diverse in terms of gender, nationality, social background, and cognitive style. Pursuant to the requirements of the Code, prior to being appointed to the Board, the commitments of Non-Executive Directors are assessed. Upon appointment, Directors are required to allocate sufficient time to the Company in order to discharge their responsibilities effectively and meet the expectations of their role. Internal controls are in place which require Directors to notify the Board before accepting any additional commitments which may affect this. Mr Claesson and Mr Gunst, both Independent Non-Executive Directors, have been members of the Board for almost nine years. In accordance with best governance practice and as announced on 12 August 2020, neither Mr Claesson nor Mr Gunst will be standing for re-election at the AGM. The Nomination Committee has instructed Russell Reynolds to identify an appropriate candidate based on a profile and skill set agreed by the Nomination Committee. Russell Reynolds has no other connection with the Company. John Schwarz’s tenure as Chair As of December 2020, the Company’s Chair, Mr Schwarz, has served on the Board for more than nine years. The Code provides that the chair of a FTSE 350 company should not remain in the post beyond nine years from the date of their first appointment to the board. However, the Code allows for a limited extension beyond this period where the chair has been a non-executive director for a significant amount of time prior to becoming chair, and their continued appointment supports the company’s succession plan and Diversity Policy. The Board considers Mr Schwarz’s continuation as Chair desirable for a limited period of time, to provide stability and continuity following Board and executive changes, including the upcoming retirement of Mr Claesson and Mr Gunst as Non-Executive Directors. Significant shareholders and proxy agencies were given the opportunity to speak with the Board’s Senior Independent Director regarding their views on the matter. The Company, through the Nomination Committee, will soon commence with the succession plan for the Chair. Changes to the Committees During the year, Ms Minick-Scokalo was appointed as a member of the Remuneration Committee and her extensive international experience in fast-moving consumer goods and change management means she is well placed to assist the Committee in advising the Board on remuneration matters and ensuring that the Remuneration Policy is aligned with the business strategy and objectives, risk appetite, values, and long-term interests of all stakeholders. As part of the Remuneration Committee’s succession planning, it is intended that Ms Minick-Scokalo will succeed Mr Claesson as Chair of the Remuneration Committee following the AGM. © 2019 Friend Studio Ltd File name: NominationXCommittee_v53 Modification Date: 2 March 2021 3:48 pm Nomination Committee report continuedNomination Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 106 Evaluation of the Board’s structure, size, performance, and composition The Nomination Committee’s effectiveness for 2020 was considered as part of the annual Board evaluation process. The performance of the Committee was evaluated in accordance with the process set out on page 95. The specific areas assessed were: Composition of the Board Selection of new Directors Succession planning for Executive and Non-Executive Directors The performance of the Committee was rated highly overall. It was noted that greater reporting to the wider Board would be beneficial, in particular in relation to deciding how the make-up of the Board should evolve going forward and in determining the desired attributes to be sought in Non-Executive Director recruitment. It was noted that increased attention needed to be given to succession planning going forward. A summary of the process and findings of the annual Board evaluation can be found on page 95. The Committee has reflected on the findings of the report, together with the suggestions offered in relation to how the Committee can operate more effectively. Diversity Policy The Board is committed to increasing diversity among gender, race, culture, education, skills, and experience. The Board currently comprises members from six different nationalities, with experience across a diverse range of disciplines and industries. The Board seeks leaders who embrace the Group’s culture and values, and believes that, in order to provide effective strategic leadership, the Board must comprise individuals with a broad and diverse range of perspectives, along with the requisite skills, knowledge, and experience. The Board, and specifically the Committee, require that all lists of candidates proposed for new Board positions include a diverse set of candidates, and work with executive search firms that have signed up to the Voluntary Code of Conduct for Executive Search on both gender and diversity best practice. As of the date of this report, the proportion of women on the Board is 27%. The Board is mindful of the recommendations set out in the Hampton- Alexander Review and the Board remains committed to reaching its minimum 33% target for female representation on the Board. The Board’s strategy for achieving diversity is embedded in our succession planning and Director recruitment process, where we aim to bring a diverse and complementary range of backgrounds, skills, knowledge, and experience to the Board. In 2020, the representation of women on the Executive Management team and their direct reports was 27%. The Board is committed to increasing the representation of women in the Executive Management team and improving diversity. Recent changes to the Executive Management team (as described on page 71) will bring the gender diversity to 40% female. Further information about the Group’s Diversity Policy is set out on pages 70 to 73. The Board has met the target set by Sir John Parker and the Parker Review Committee in 2017 that there is at least one director from an ethnic minority background on the Board of FTSE 100 companies by 2021. Company culture Throughout 2020, Avastians have demonstrated their resilience in the face of change and uncertainty. The CEO’s culture initiative, undertaken to clarify and codify our values and ways of working, evolved as the Company navigated the challenging conditions of the global pandemic. Ongoing engagement with employees, and an understanding that the post-COVID reality will require radically different ways of working, prompted us to launch Avast’s new Whole Life Flexibility concept. This set of principles empowers employees to integrate their work and life priorities as they see fit, through policies such as unlimited paid time off, flexible working hours and locations, and providing office spaces that support collaboration, creativity, and connection. These policies and the cultural principles underpinning them are outlined in the CEO’s strategic report. The vision and strategy seeks to create a customer-focused, fast-moving company culture that enables ownership and accountability. Avast is of the view that the right culture is a competitive advantage and a key component of growth, and that culture dictates a company’s level of integrity, reputation, profitability, and shareholder value. Further details about the importance of culture are set out on pages 64 to 74. Throughout the year, the Board reviewed a number of important cultural initiatives and monitors compliance with the Company’s culture in a number of ways. The recently established Avast Change Engagement Group (see page 66 for further details) enables two-way communication and serves as a forum where colleagues can talk with members of the Executive Management team and the Board. Additionally, the Nomination Committee is attended by Rebecca Grattan, the Chief People and Culture Officer, who provides feedback to the Committee and the Board. By order of the Board Warren Finegold Chair of the Nomination Committee 2 March 2021 © 2019 Friend Studio Ltd File name: NominationXCommittee_v53 Modification Date: 2 March 2021 3:48 pm Nomination Committee report continued Strategic report Governance Financial statements Avast plc annual report 2020 107 Directors’ remuneration report Structure Chair’s letter Annual Remuneration Report 2020 – Summary of Remuneration Policy and implementation for 2021 – Directors’ remuneration for 2020 – Directors’ shareholdings – Remuneration Committee overview 107 110 111 118 123 127 In what has been an extremely challenging year, performance has been resilient as we have adapted our business to both protect the health of our people as well as to ensure that we continue to deliver for customers Ulf Claesson Chair of the Remuneration Committee Remuneration Committee Chair’s letter Dear shareholders I am pleased to present to you our Directors’ remuneration report for the year ended 31 December 2020. Following the Company’s listing on the London Stock Exchange in May 2018, the Committee designed our Directors’ Remuneration Policy to incorporate best practice features of the typical UK pay model, while recognising the need to compete for talent in a global market when setting reward levels, particularly long-term incentive opportunities. The policy was supported by 94.7% of our shareholders at our first AGM on 23 May 2019, and will remain in effect for the financial year ending 31 December 2021. Implementation of remuneration arrangements for 2021 We will continue to operate a bonus and long-term incentive programme (LTIP) structure in 2021 in line with our shareholder approved Directors’ Remuneration Policy. There are no changes to our annual bonus and LTIP award levels. The Committee has, however, reviewed the measures under the annual bonus to ensure that they continue to be aligned with our strategy and has determined that the measures should be simplified in order to provide greater consistency across the organisation. Specifically, the Committee has replaced the revenue measure with a billings measure to align the organisation with its commercial teams, in line with our growth aspirations and to recognise material investments being made. Billings is defined on page 55 of the annual report. In addition, the unlevered free cash flow (UFCF) measure will be replaced by adjusted EBITDA to incentivise management and the rest of the organisation to strengthen the focus on profitability. Therefore, the annual bonus for 2021 will be based on billings (35%), adjusted EBITDA (35%), relationship net promoter score (NPS) (15%) and performance against strategic key performance indicators (KPIs) (15%). Performance measures for the 2021 LTIP award will be based 50% on diluted adjusted EPS growth and 50% on adjusted revenue growth. Targets remain largely unchanged other than a slight reduction in the target for adjusted EPS growth which has reduced from 8% to 7% CAGR. As outlined in the 2019 Directors’ remuneration report, following his appointment as CEO on 1 July 2019, Ondrej Vlcek elected to waive his salary (not including his Board fee) and annual bonus. Mr Vlcek continues to receive his Board Director’s fee ($100,000 per annum) which he donates to charity. Mr Vlcek receives a nominal annual salary of $1 only in addition to his Board fee. The Committee reviewed base salaries in effect from 1 April 2021 and decided that no increase would be awarded at this time. As such, the CFO’s salary will remain at $600,000. The CEO’s ‘headline’ salary on which his LTIP award level is based will also remain the same at $700,000. Review of Remuneration Policy Our current Directors’ Remuneration Policy will soon have been in place for three years and therefore we are required to seek shareholder approval for a revised Policy at our 2022 AGM. A key area of focus for the Remuneration Committee for the next 12 months will therefore be undertaking a detailed review of this Policy to ensure that it continues to support our strategy and incentivises management to deliver value for shareholders. The Committee continues to learn from and adopt new developments in corporate governance and best practices, in the UK and globally. As part of this review, the Committee will be carefully considering how our Policy compares with best practice and will look to bring the policy in line where appropriate. For example, as part of the review of the Policy, the Committee will look to introduce a formal post-employment shareholding guideline. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Strategic report Governance Financial statements Avast plc annual report 2020 108 Pay outcomes for 2020 2020 was another successful year for Avast as we continued to execute our growth strategy delivering both organic revenue and adjusted net income growth in a challenging economic environment. It was also a year in which we demonstrated business resilience during the unprecedented COVID-19 pandemic, and despite the continuing uncertainty ahead, Avast remains well positioned and continues to make progress against our longer-term strategy. Annual bonus The annual bonus for 2020 was based on performance against organic revenue and unlevered free cash flow targets, customer satisfaction, and strategic Key Performance Indicators (KPIs). Organic revenue grew by 7.9%. Performance against the organic revenue plan was above target. Unlevered free cash flow grew by 6.2% and was just below target performance, largely as a result of the material donation made to COVID-19 related relief efforts. This resulted in a bonus payout of 55.1% of maximum in respect of the organic revenue component (35% weight), and 37.5% of maximum in respect of the unlevered free cash flow component (35% weight). The Group made good progress on improving the customer proposition during the year with robust change and transformation activities. These will ultimately enable us to deliver better products and experiences for our customers. Based on the performance delivered, the Committee judged that 50% of maximum for the customer satisfaction element of the bonus should be paid. The Committee reviewed individual performance carefully against the strategic KPIs set for each Executive Director, and awarded Mr Philip Marshall 53.3% of maximum for the strategic KPI measures as CFO. His overall bonus was therefore 47.9% of maximum. Further details are set out on page 120. As noted above, Mr Ondrej Vlcek elected to waive his annual bonus opportunity for the year. The Committee considered very carefully whether it was appropriate to pay an annual bonus to Executive Directors in the context of the economic and social environment. The Committee believes the underlying performance as well as the experience of shareholders and other stakeholders during the year supports the payment of an annual bonus. In coming to this judgement, the Committee considered the following factors: Financial performance for the year has been strong with revenue increasing organically by 7.9% and profit (adjusted net income) increasing by 11.8%. The share price at the date of signing this report was broadly flat on the start of the year compared to a fall of c.14% for the FTSE 100 index. We continued to pay dividends in June and October 2020 and we plan to pay a final dividend for 2020 in June 2021. We did not furlough any employees or receive any related government assistance. We have not made any redundancies as a result of COVID-19. As a company, we made a material donation to COVID-19 relief efforts. Despite the strong performance, the overall bonus for 2020 is lower than the bonus received for 2019, driven largely by the impact of our material donation to COVID-19 relief efforts on the unlevered free cash flow performance against target. LTIP Our first award post-IPO was made under the LTIP plan on 18 June 2018. This award vested based 50% on diluted adjusted EPS growth and 50% on adjusted (organic) revenue growth. Diluted adjusted EPS growth over the three financial years to 31 December 2020 was 10.0% (CAGR) and adjusted revenue growth (organic) over this period was 7.5% (CAGR). This performance resulted in 67.26% of the award vesting. The Committee believes that this level of vesting is a fair reflection of the excellent progress the Company has made since listing. No discretion was exercised in relation to the annual bonus for 2020 or the LTIP outcomes. Broader employee reward Like every other business in 2020, Avast was deeply impacted by the COVID-19 pandemic, effectively switching to an entirely remote setup overnight in mid-March. While we were able to pivot our workforce quickly to working from home and to provide the equipment and material support needed, we also increased wellness support for all Avastians ensuring that they could access these resources at any time. To support employees’ physical health and wellbeing, we began to offer free online medical consultations with physicians and specialists for all Avastians and their families. We also moved towards Whole Life Flexibility in two important ways. First, Unlimited Personal Time Off (PTO) will become standard for our employees in all jurisdictions. Second, all Avastians can choose between two working modes, Work from Office (WFO) or Work from Anywhere (WFA). These actions and initiatives, which enable our employees to undertake their roles while ensuring their wellbeing, are outlined in the People section on page 64. During the year, we have undertaken a significant change programme to ensure that we have the right organisational structure and culture in place to accelerate the delivery of performance and to deliver value for shareholders. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 109 Other Board changes During the year, we welcomed Ms Tamara Minick-Scokalo as a new member of the Remuneration Committee. After nine years on Avast’s Board I am due to step down from the Board and as Remuneration Committee Chair on 21 May 2021 and it is intended that Ms Minick-Scokalo will take over as Remuneration Committee Chair from this date. This Directors’ remuneration report will be submitted to shareholders for an advisory vote at the AGM on 21 May 2021 and I look forward to our ongoing dialogue on this important topic. Ulf Claesson Chair of the Remuneration Committee To recognise our employees’ commitment to Avast and to create alignment between their long-term compensation and Avast’s strategic goals and share in the growth of the business as shareholders, the Company announced that every employee below the Executive Management team will receive an award of one-off Restricted Stock Units (RSUs) in the value equivalent to 40% of annual base salary (capped at 10,000 units) and vesting in equal portions over a three-year period, after the March 2021 Board meeting. Going forward, all new joiners at this level will receive a similar award subject to passing their probation period, to ensure that every Avast employee is invested in the Company. These one-off RSUs are within our maximum share dilution level commitment of 10% over a period of 10 years and we will ensure that future RSU awards are within that limit as well. We are very excited by the new scheme which we believe allows employees to fully share in our success and which will motivate them to deliver our vision and the growth plans for the Avast of the future. Through the Employee Share Matching Plan (SMP), employees continue to be able to receive one free share for every three purchased shares after a two-year holding period, and Avast continues to grant additional RSUs to a select group of high-performing and high-potential employees each year. Avast Plc has fewer than 250 employees in the UK and is not required to disclose the CEO to all employee pay ratio. However, in line with our commitment to openness and transparency, the Committee has determined to voluntarily disclose Avast’s CEO pay ratio figures in respect of the financial year ended 31 December 2020, details of which can be found on page 126. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 110 Annual Remuneration Report 2020 The Annual Remuneration Report that follows has been prepared in accordance with the provisions of the 2018 UK Corporate Governance Code (Code), the Listing Rules, the Large and Medium-sized Companies and Groups (Accounts and Reports) (Amendment) Regulations 2013 and the Companies Act 2006. It will be subject to an advisory shareholder vote at the 2020 AGM on 21 May 2021. Summary of how our policy was implemented in 2020 Summary BASE SALARY No salary increases awarded in the year. Implementation in 2020 Ondrej Vlcek – CEO Philip Marshall – CFO Ondrej Vlcek had waived his salary (excluding his Board fee). He continued to receive his Board Director’s fee ($100,000 per annum) which he donated to charity. He received a nominal annual salary of $1 only in addition to his Board fee. His ‘headline’ salary was $700,000 $600,000 (this includes his Board fee of $100,000 per annum, which he donated to charity for the April – December period) BENEFITS Benefits included private health cover (for the individual and family members), life insurance, flexible benefit scheme, and car allowance. PENSION Executive Directors do not receive a pension contribution. ANNUAL BONUS (The CEO does not receive private health cover or a car allowance.) $8,732 $61,412 n/a n/a Maximum opportunity of 200% of salary in 2020. Performance measures for the 2020 annual bonus were as follows: The CEO has waived his annual bonus Outturn as a percentage of maximum: 47.9% 35% on organic revenue performance. 35% on unlevered free cash flow (as defined on page 108). 15% on customer satisfaction. 15% on strategic KPIs. $575,023 © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 111 Summary LTIP In 2018, the CEO was granted an award of 350% of salary based on his salary at the time of $450,000 in 2018 (for his role as President of Consumer). The CFO was granted an award of 350% of salary of $525,000. Performance was measured over three years to 31 December 2020. Performance measures for the 2018 award were as follows: 50% based on diluted adjusted EPS growth. 50% on adjusted (organic) revenue growth. SHARE MATCHING PLAN All employees, including the Executive Directors and members of the Executive Management team, are eligible to participate in the SMP. SHAREHOLDING GUIDELINES 200% of salary Participants can voluntarily invest up to $34,000 per year to acquire shares (via deductions from their base remuneration or quarterly bonus). The Company will award the participant a number of matching shares up to a maximum of one share per one purchased share. The current holding period is two years and the current matching is one share per three purchased shares. Implementation in 2020 Ondrej Vlcek – CEO Philip Marshall – CFO Percentage of award vesting: 67.26% Percentage of award vesting: 67.26% $2,511,919 $2,928,094 The CEO did not participate in the Share Matching Plan in 2020. The CFO participated in the Share Matching Plan in 2020, and acquired 7,396 shares under the plan. 24,336% of (‘headline’) salary 386% of salary Shareholding as at 31 December 2020 based on the share price at that date Shareholding as at 31 December 2020 based on the share price at that date Summary of key elements of Remuneration Policy and implementation for 2021 Our Remuneration Policy for Directors (’Policy’) was put to shareholders for approval at the AGM on 23 May 2019 and applies to payments made from this date. The following provides a summary of the Policy along with details of how the Policy will be implemented during 2021. No changes to the Policy are being proposed at this point. For full details of the Policy approved by shareholders, please refer to the 2018 Annual Report and Accounts which can be found on our website under the investor section (investors.avast.com/investors/results-reports- and-presentations/). The Group’s overall philosophy on remuneration is based on the approach that remuneration should be simple while being clearly linked to the performance and behaviour of the individual, business results, and shareholder outcomes. This approach to remuneration, which cascades down through the organisation, is designed to: Reward achievement of short and long-term financial objectives and support delivery of the business strategy and sustainable long-term returns to shareholders. Provide competitive, transparent and fair rewards. Align the interests of employees and shareholders through appropriate levels of employee share ownership. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 112 Reward levels are set to attract, retain, and engage high-calibre talent to support the business strategy while being aligned with our culture, purpose and values. The Group’s Remuneration Policy is regularly assessed against market practice in the countries where we compete for talent as well as against internal practice to ensure that it remains appropriate. A significant proportion of potential total reward for our Executive Directors is performance-related, aligning pay with business success. Award levels are capped with payout linked to performance against a limited number of measures which are well linked to our strategy. The high performance hurdles that we set ourselves ensure that the reward received by the executives through the incentive plans aligns with shareholder outcomes while taking into account our overall risk appetite. The Committee retains the discretion to adjust payouts where this is considered appropriate. Furthermore, our remuneration policy and long-term nature of our incentive plans promotes sustainable financial performance and ensures that appropriate safeguards are in place to avoid rewarding failure (such as malus and clawback provisions, shareholding guidelines and holding periods). The Committee believes that our Remuneration Policy reflects the principles of provision 40 of the UK Corporate Governance Code, as outlined based on the principles above. BASE SALARY Purpose and link to strategy: Reflects the particular skills and experience of an individual and provides a competitive base salary compared with similar roles in similar companies. Overview Base salary levels are determined by the Committee taking into account the role, responsibilities, performance, and experience of the individual, market data for comparable roles in the global market, and pay and employment conditions elsewhere in the Group. Salaries are typically reviewed annually, with any changes normally taking effect from 1 April each year. Maximum opportunity While there is no maximum salary level or maximum increase that may be offered, salary increases will normally be in line with typical increases awarded to other employees in the Group. Performance measures n/a Implementation for 2021 In line with the previous year, the CEO (Mr Ondrej Vlcek) waived his salary (excluding his Board fee) and his annual bonus. He will continue to receive his Board Director’s fee ($100,000 per annum) which he will donate to charity. Mr Ondrej Vlcek will receive a nominal annual salary of $ 1 only in addition to his Board fee. This is revocable with 30 days’ notice. His notional salary (for determining LTIP awards) will not be increased from 1 April 2021 and therefore will continue at $700,000 (inclusive of the $100,000 Board Director’s fee element). The salary of the CFO (Mr Philip Marshall) will also not be increased from 1 April 2021 and therefore will continue at $600,000. BENEFITS Purpose and link to strategy: To enable the Executive Directors to undertake their roles by ensuring their security and wellbeing. Overview Benefits currently include private health cover (for the individual and family members), life insurance, flexible benefit scheme, and car allowance. Executive Directors can access Avast products and are eligible to participate in any all-employee share plans on the same terms as offered to other employees. Maximum opportunity There is no maximum limit on the value of the benefits provided but the Committee monitors the total cost of the benefit provision. Performance measures n/a Implementation for 2021 The CEO (Mr Ondrej Vlcek) does not receive private health cover or a car allowance. The CFO will continue receiving benefits in line with the approach for 2020, including the car allowance. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 113 PENSION Purpose and link to strategy: To provide an appropriate allowance for retirement planning. Overview Executive Directors do not currently participate in pension arrangements in line with practice for other employees. ANNUAL BONUS Purpose and link to strategy: The annual bonus is designed to drive effective delivery of the business strategy, reward short-term operating performance, and promote executive share ownership via the deferral of bonus into shares where the shareholding guideline has not been met. The annual bonus scheme enables the Group to flexibly control its cost base through performance-linked reward and ensures that Executive Director remuneration is directly linked to business performance. Overview Annual bonuses are based on performance over one financial year. Annual bonuses are normally paid in cash following the year end. Where an executive has not met (or is not on course to meet) the executive shareholding guideline within the timeframe set out, 50% of any bonus earned will normally be deferred into shares. Any deferred shares would normally vest on the second anniversary of grant. The Committee retains the discretion to adjust the bonus award if it does not consider that it reflects underlying Company performance or for any other reason it considers appropriate. Recovery and withholding provisions apply (see below). If the Company were to introduce pension arrangements or similar for other employees in the Group, then Executive Directors may be provided with a pension or pension allowance at the same rate as other employees. Performance measures n/a Implementation for 2021 No change. Maximum opportunity n/a The specific targets for the 2021 year are considered commercially sensitive. However, the Committee intends to disclose these retrospectively in the 2021 Directors’ remuneration report to the extent that they do not remain commercially sensitive. Implementation for 2021 As noted above, the CEO (Mr Ondrej Vlcek) has waived his participation in the annual bonus plan. The maximum annual bonus opportunity for the CFO (Mr Philip Marshall) will continue to be 200% of salary. Maximum opportunity Maximum annual bonus is 200% of salary. Target bonus payout is set at 50% of the maximum. No more than 12.5% of the maximum will pay out for meeting threshold performance. Performance measures The annual bonus for 2021 will be based on the following performance measures: 35% on billings (as defined on page 107). 35% on adjusted EBITDA (as defined on page 107). 15% on relationship NPS (as defined on page 107). 15% on strategic KPIs. The Committee believes that these measures are appropriate as they incentivise executives to drive top-line financial results to deliver our growth strategy while also incentivising them to increase profitability. Customer satisfaction continues to be included through NPS in order to incentivise and reward executives for delivering a superior customer experience. Strategic KPIs are included to ensure a rounded assessment of performance and to incentivise management to deliver against our strategic milestones so that we continue to lay the foundations for future success. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 114 Implementation for 2021 The CEO will continue to receive an LTIP award of 500% of salary (maximum) based on this ‘headline’ salary of $700,000. The CFO will continue to receive an award of 450% of salary (maximum). LTIP Purpose and link to strategy: To drive long-term delivery of the Group’s objectives, to align Directors’ interests with those of the Company’s shareholders, and to encourage exceptional performance. Overview LTIP awards normally vest based on performance over a three-year period. The Committee retains the discretion to adjust the vesting of LTIP award if it does not consider that it reflects underlying Company performance or for any other reason it considers appropriate. Any shares vesting under the LTIP (net of tax) will be subject to a two-year holding period. Recovery and withholding provisions apply (see below). Maximum opportunity The maximum award is normally 500% of salary for the CEO and 450% of salary for the CFO. No more than 7% of maximum opportunity will be paid for meeting threshold levels of performance under each of the performance measures (i.e. 14% of the aggregate award). 55% of the award will normally vest for target performance and 100% of the award will normally vest for maximum performance. There is a straight-line vesting between the performance points. Performance measures 2021 LTIP will be subject to the following performance measures: 50% based on diluted adjusted EPS growth. 50% on adjusted revenue growth. Performance targets for the 2021 awards are set out below this table. The Committee is satisfied that the combination of adjusted revenue growth and diluted adjusted EPS growth incentivises management to grow the value of the Group over the long term and is strongly aligned to the execution of the business strategy. The Committee remains mindful that organic revenue is used as a measure in the LTIP and billings is used as a measure in the annual bonus; however, it considers that, given that billings and adjusted revenue growth are a critical part of our long-term strategy, this is appropriate. The Committee believes that there are sufficient safeguards in place to ensure that incentives do not encourage management to deliver revenue or billings that are not in the long-term interests of the Group. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 115 SHARE MATCHING PLAN Purpose and link to strategy: The purpose of the SMP is to encourage and enable all eligible employees to acquire a stake in the Company so that they can share in the future growth, development, and success of the Company, and to further align the interests of such employees with the interests of the shareholders of the Company. The SMP allows the Company to match shares purchased by employees in accordance with a matching ratio determined by the Remuneration Committee. SHAREHOLDING GUIDELINES Overview Executive Directors are normally expected to build a minimum shareholding in the Company. Maximum opportunity In-employment – Guideline is 200% of salary, built over a period of five years. If an individual subject to the guideline does not meet the guideline, or is not on course to meet this guideline, up to 50% of any bonus earned will normally be required to be deferred into shares as a deferred bonus award, and will be expected to retain at least half of the net shares vesting under the Company’s discretionary share-based employee incentive schemes until the guideline is met. Overview All employees, including the Executive Directors and members of the Executive Management team, are eligible to participate in the SMP. Maximum opportunity Participants can voluntarily invest up to $34,000 per year to acquire shares (via deductions from their base remuneration or quarterly bonus). The Company will award the participant a number of matching shares up to a maximum of one share per one purchased share. The current holding period is two years and the current matching is one share per three purchased shares. Post-employment – We do not have a formal policy on post-employment shareholding in place at the moment; however, the Committee reviewed the approach during 2020, taking into account evolving market practice, and continues to believe that the two-year post-vesting holding requirement for our LTIP awards, during which time our executives will not normally be able to sell their shares along with existing shareholdings, ensure the alignment of the interests of our Executive Directors and our shareholders post-cessation of employment. The Committee will review this approach as part of the 2022 Remuneration Policy review. Performance measures n/a Implementation for 2021 No changes. Performance measures n/a Implementation for 2021 No changes. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 116 Performance targets for the 2021 LTIP awards The following sets out the diluted adjusted EPS growth and adjusted revenue growth targets over the three-year performance period to 31 December 2023: Threshold 14% vesting Target 55% vesting Maximum 100% vesting Executive Directors’ services agreements Each of the Executive Directors has a service contract, which is available for inspection on request. Details of the notice periods currently included in services contracts of the Executive Directors are summarised in the table below: 50% weighting 5% CAGR 7% CAGR 12% CAGR Ondrej Vlcek Philip Marshall Date of contract Notice period 9 May 2018 9 May 2018 6 months’ 6 months’ Diluted adjusted EPS growth Adjusted revenue growth 50% weighting 5% CAGR 7% CAGR 12% CAGR There is straight-line vesting between the performance points. Recovery and withholding provisions Annual bonus payments may be recovered for a period of three years from the date of payment. Recovery and withholding provisions apply under the Deferred Bonus Plan (DBP), within three years from the date on which any DBP award is granted. Recovery and withholding provisions apply under the LTIP at any time prior to the third anniversary of the date on which awards vest following the end of performance period. The circumstances in which recovery/withholding provisions may apply are: a) A material misstatement of the Group’s financial results b) An error in assessing the achievement of any bonus or performance conditions, and c) Discovery of serious misconduct by the participant prior to vesting. The details of the policy on payments for loss of office are available in the 2018 Annual Report and Accounts (page 81) which can be found on our website under the investor section (investors.avast.com/investors/results- reports-and-presentations/). Non-Executive Director fees Our Non-Executive Director fees policy is to pay an annual basic fee for membership of the Board and additional fees for the Senior Independent Director (SID), the Chair of each of its Committees, and the members of each of its Committees to take into account the time commitment of these roles. The Chair is paid a single consolidated fee. There have been no changes to the Non-Executive Directors’ or Chair’s fees with effect from 1 April 2021. Chair fee Non-Executive Director base fee Additional fees: Senior Independent Director Audit and Risk Committee Chair Audit and Risk Committee member Remuneration Committee Chair Remuneration Committee member Nomination Committee Chair Nomination Committee member $350,000 (inclusive of Committee fees) $100,000 $15,000 $15,000 $7,500 $15,000 $7,500 $15,000 $7,500 © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm An additional allowance of $5,000 per meeting is payable where transatlantic travel is required. Additional fees or other payments may be made to reflect additional responsibilities, roles, and contributions. Non-Executive Directors’ letters of appointment Non-Executive Directors all serve under letters of appointment (effective from 9 May 2018) for periods of three years. The Non-Executive Directors (including the Chair) have a notice period of one month, although the Company may elect to make a payment in lieu of notice. The terms and conditions of appointment for Non-Executive Directors are available for inspection upon request. Remuneration policy for other employees and how employees’ views are taken into account The Committee took into account the Company’s approach to remuneration and related policies for the wider workforce when determining the Policy for Executive Directors. Base salary levels are determined based on the role, responsibilities, performance, and experience of the individual, market data for comparable roles in the global market, and pay and employment conditions elsewhere in the Group. Salaries are typically reviewed annually. Reflective of our commitment to pay equity, the Company made targeted salary investments in areas where gender-related gaps had been identified. Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 117 Consultation with employees During the year, we have extended our approach to consulting with our employees. Pavel Baudis, one of our founders, is the ‘designated’ Non-Executive Director for the purpose of employee engagement. During the year, Pavel attended a number of roadshows in different locations (prior to lockdown) and has regularly attended our employee Change Engagement Group. The members of the Change Engagement Group have been drawn from a range of locations and types of roles to provide quality feedback on some of the changes that have been made during the year. The Change Engagement Group enables two-way communication between the workforce and the Board, on a range of issues including pay and benefits, providing an additional channel for matters to be escalated to the Board. In addition, Pavel Baudis and Maggie Chan Jones sit as members on the D&I Committee which aims to create a culture that attracts, grows, and empowers diverse talent. Further information about the Change Engagement Group, D&I Committee, workforce engagement, policies, and practices can be found on page 64. How shareholders’ views are taken into account The Committee is committed to an open and ongoing dialogue with shareholders. The Committee will consider any shareholder feedback received throughout the year and at the Annual General Meeting in shaping the application of the Remuneration Policy and when it undertakes the annual remuneration review. It is the Committee’s intention to consult with major shareholders in advance of making any material changes to Executive Director remuneration arrangements. During 2021, the Committee will be undertaking a full review of our Remuneration Policy in advance of submitting a revised Directors’ Remuneration Policy to shareholders at the 2022 AGM. The Committee intends to consult with our largest shareholders and the proxy advisers in respect of the revised Policy. In addition, the majority of our employees are able to further share in the success of the Group through participation in a quarterly performance bonus plan, which is based on individual performance as well as on Company financial performance. Executive Directors, other members of the Executive Management team, and key employees are also eligible for participation in a long-term incentive plan. Long- term incentives for Executive Directors are linked to long- term performance objectives of the Company and awarded in the form of Performance Share Units (PSUs), while the other members of the Executive Management team and key employees receive RSUs. All employees including the Executive Directors are eligible to participate in a Share Matching Plan. During the year, to recognise employees’ commitment to Avast and ensure that they can share in the growth of the business as shareholders, the Company announced that every employee below the Executive Management team will receive a one-time award of one-off RSUs in the value equivalent to 40% of annual base salary (capped at 10,000 units) and vesting in equal portions over a three-year period, after the March 2021 Board meeting. Going forward, all new joiners at this level will receive a similar award subject to passing their probation period. We also adjusted the benefits for our employees in line with our move towards Whole Life Flexibility, as outlined in the People section on page 68. The Committee reviewed regular employee reward programmes, such as the annual salary review or the annual employee RSU awards for high-potential and high-performing employees, as well as the Share Matching Plan to ensure that the employee programmes are in line with the overall remuneration strategy, Company objectives, and competitive needs. The Committee did not directly consult with employees when setting the Policy but it took into account general feedback on employee engagement provided to the Board. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 118 Remuneration received by Directors for the year ended 31 December 2020 (audited) Directors’ remuneration for the years ended 31 December 2020 and 2019 was as follows: Salary & fees1 Benefits2 Pensions3 Total fixed Annual bonus Long-term incentives Total variable Total Executive Ondrej Vlcek4 Vincent Steckler5 Philip Marshall Non-Executive John Schwarz Erwin Gunst Pavel Baudis10 Eduard Kucera10 Lorne Somerville11 Ulf Claesson Warren Finegold Belinda Richards Maggie Chan Jones12 Tamara Minick-Scokalo13 Total 2020 2019 H1 – as President Consumer H2 – as CEO 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 2020 2019 $100,001 $275,001 $225,000 $50,001 $400,000 $600,000 $562,500 $350,000 $350,000 $115,000 $117,913 $97,086 $100,057 $97,080 $100,062 $39,011 $108,103 $122,500 $122,500 $137,500 $137,500 $115,000 $115,000 $115,000 $89,422 $111,435 $84,850 $1,999,612 $2,562,906 $8,732 $13,700 $7,385 $6,315 $11,285 $61,412 $62,019 $5,00014 $20,000 $21,846 $12,929 $21,846 $13,004 $5,00014 $20,000 $123,836 $152,937 – – – – $108,733 $288,701 $232,385 $56,316 $411,285 $661,412 $624,519 $355,000 $370,000 $115,000 $117,913 $118,932 $112,986 $118,926 $113,066 $39,011 $108,103 $122,500 $122,500 $137,500 $137,500 $115,000 $115,000 $120,000 $109,422 $111,435 $84,850 $2,123,448 $2,715,844 © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm $04 $2,511,9198 $235,4877 $6,409,2239 $235,4877 $04 $6,409,2239 $09 $05 $575,0236 $2,928,0948 $642,0776 $2,511,919 $6,644,710 $235,487 $6,409,223 $3,503,118 $642,077 $2,620,652 $6,933,411 $467,872 $6,465,539 $411,285 $4,164,529 $1,266,596 $355,000 $370,000 $115,000 $117,913 $118,932 $112,986 $118,926 $113,066 $39,011 $108,103 $122,500 $122,500 $137,500 $137,500 $115,000 $115,000 $120,000 $109,422 $111,435 $84,850 $6,015,037 $8,138,485 $7,286,787 $10,002,630 $575,023 $877,564 $5,440,013 $6,409,223 Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 119 Notes to the single figure 1 Aggregate salary for Executive Directors includes an amount for Board fee and salary. 2 Benefits for Executive Directors include life insurance, health insurance, flexible benefit scheme, and car allowance. Benefits include allowance for Non-Executive Directors who travel intercontinentally. 3 Executive Directors do not receive a pension contribution. 4 Mr Ondrej Vlcek was appointed to the role of CEO from 1 July 2019. His remuneration in 2019 is therefore shown in two lines – for the part of the year when he served as President Consumer (H1) and for the part when he served as CEO (H2). Mr Ondrej Vlcek elected to indefinitely waive his salary (not including his Board fee) and annual bonus from his appointment as CEO. He continues to receive his Board Director’s fee of $100,000 which he donated to charity. From 1 July 2019, Mr Ondrej Vlcek received a nominal annual salary of US$1 only in addition to his Board fee. 5 Mr Vincent Steckler stepped down from the Board and as CEO on 30 June 2019. He was not eligible to receive an annual bonus for 2019. 6 Mr Philip Marshall met his shareholding guideline and therefore the annual bonus for the year ended 31 December 2020 has been paid in cash. 7 The bonus for the year ended 31 December 2019 was paid 100% in cash as the Committee judged that all Executive Directors had met their shareholding guideline or were on progress to meet the shareholding guideline in the required time period. Mr Ondrej Vlcek’s annual bonus relates to the period 1 January 2019 to 30 June 2019 when he was President Consumer and was calculated based on the annual salary in effect at the end of H1, i.e. on 30 June 2019 ($450,000). This amount also includes a payment of $1,458 in respect of filing a patent under the Company-wide Patent Award programme in which all employees are eligible to participate. As noted above, from 1 July 2019 (i.e. for H2) Mr Ondrej Vlcek elected to waive his annual bonus. Mr Philip Marshall’s annual bonus was calculated based on the annual salary in effect at year end, i.e. on 31 December 2019 ($600,000). 8 LTIP awards granted in June 2018 vested based on performance to 31 December 2020. The value of the award disclosed in the single figure is based on the average share price over the last three months of the financial year ended 31 December 2020 of £4.978. This amount includes the value of additional shares awarded in respect of dividend equivalents. Between grant and the share price used to value the award for single figure purposes, the share price had increased to from £2.196 at the date of grant to £4.978 (3 month average to 31 December 2020) which equated to an increase in value of each vesting share equivalent to £2.782. The proportion of the value disclosed in the single figure attributable to share price growth is 55.9%. The Remuneration Committee did not exercise discretion in respect of the share price appreciation. Based on the performance achieved, these awards will vest at 67.26% of the maximum opportunity and Mr Ondrej Vlcek will receive 381,901 shares (including the dividend equivalent shares) and Mr Philip Marshall will receive 445,175 shares (including the dividend equivalent shares) upon the vesting on 19 June 2021. The 3-month average exchange rate of $1.3212/£1 was used to convert the LTIP value from GBP to USD. 9 Prior to the IPO in April 2017 Mr Vincent Steckler and Mr Ondrej Vlcek were granted an award of performance based stock options (Mr Ondrej Vlcek received 2,039,042 options and Mr Vincent Steckler received 3,624,969 options at the option price of £1.360, and Mr Ondrej Vlcek received 1,019,396 options and Mr Vincent Steckler received 1,812,264 options at the option price of £0.880). A portion of these options (99% of the target amount) vested on 13 March 2019 based on the achievement of EBIT performance to 31 December 2018 (described in more detail in the 2019 Directors’ remuneration report). The remaining portion of these awards (100% of maximum) vested on 6 September 2019 following the achievement of the performance condition. This performance condition was based on the achievement of a full sell-down of CVC’s pre-IPO shareholding (which took place on 4 September 2019) and the price at which this sell-down was achieved. For Mr Ondrej Vlcek, 1,366,159 options with the option price of £1.360 and 682,996 options with the option price of £0.88 vested. For Mr Vincent Steckler, 1,830,610 options with the option price of £1.360 and 915,193 options with the option price of £0.88 vested. The awards have been valued based on the share price on the date of vesting of £3.74 and the exchange rate on this date of $1.23/£1. These awards were structured as market value options and therefore the proportion of the value that has been disclosed that is attributable to share price growth is 100%. Awards for Mr Vincent Steckler vested following him stepping down from the Board and therefore are not shown in the single figure above. The value for single figure purposes would have been $8,588,158. 10 Mr Pavel Baudis and Mr Eduard Kucera have contractually agreed that the portion of their fees paid by Avast Software s.r.o. (equal to $50,000 annually for each) would be converted to CZK at the exchange rate of CZK21.319/$1 and paid in arrears in monthly payments of CZK88,830 (gross). The amounts reported in the single figure table are based on actual exchange rates for the year. 11 Mr Lorne Somerville donated the 2019 fees (net of national insurance and taxes) and a portion of the 2020 fees (£14,381.68) paid to him by the Company to charity. He stepped down from the Board on 21 May 2020, which was his last day as Non-Executive Director. In Q1 2019, he received a correction payment for a post-IPO underpayment in Q2 2018, equal to $8102.71 with exchange rate as of 9 May 2018 (£1 = $1.3577). 12 Ms Maggie Chan Jones was appointed to the Board on 13 March 2019 and remuneration shown is from this date. 13 Ms Tamara Minick-Scokalo was appointed to the Board on 13 March 2019 and remuneration shown is from this date. 14 Mr John Schwarz and Ms Maggie Chan Jones were paid an additional $5,000 in error in travel allowance each along with their fees for the second quarter of the year. Since there was no face-to-face Board meeting in that quarter requiring transatlantic travel for which they would be entitled to receive the travel allowance, this overpayment will be clawed back via payroll deduction in the first quarter of 2021. 15 Where relevant figures have been translated from their currency of payment into USD, the exchange rates used by Payroll teams at the times of the payments were applied. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 120 Salary (inclusive of Board fees) (audited) Since his appointment as CEO, Mr Ondrej Vlcek’s ‘headline’ salary was set at $700,000 (inclusive of his Board fee). Mr Ondrej Vlcek has elected to waive his salary (not including his Board fee) and annual bonus. Mr Ondrej Vlcek continues to receive his Board Director’s fee ($100,000) which he donated to charity. Mr Ondrej Vlcek also received a nominal annual salary of $1 only in addition to his Board fee. Mr Philip Marshall’s salary was $600,000 for the year. This includes his Board Director’s fee ($100,000) which he donated to charity for the period between April 2020 and December 2020. Annual bonus for the year ended 31 December 2020 (audited) The annual bonus for the year under review was based on organic revenue, unlevered free cash flow, customer satisfaction and individual strategic KPIs as follows: Weighting Threshold Target Maximum 12.5% payout 50% payout 100% payout Performance achieved Performance at budget FX rate1 % of maximum 35% $800.698M $889.664M $1,067.597M $887.588M $907.975M 55.1% 35% $419.987M $466.652M $559.982M $451.071M n/a 37.5% Organic revenue Unlevered free cash flow2 Notes 1 Actuals at target FX rates exclude currency impact calculated by restating 2020 actuals to 2020 planning rates, and are used for bonus payout calculation purposes. 2 Unlevered free cash flow performance was largely impacted by the material donation made to COVID-19 related relief efforts. In assessing the 15% bonus element associated with our Customer Experience performance, the Committee considered the progress made in 2020, the customer experience activities already delivered and the fact that more robust relationship NPS data will only become available in 2021. In 2020, the Company has become a listening, learning and improving organisation, with dedicated monthly executive level sessions focusing on key drivers and actions across Avast. The Company has also built new customer experience capabilities and competencies and put the spotlight on major incidents affecting our customer’s experience. A positive trend has been observed on the touchpoint NPS results between December 2019 and December 2020 when combining both Avast and AVG products. Based on the performance delivered, the Committee judged that the Company met its objectives with respect to customer satisfaction in 2020 and that 50% of maximum for the customer satisfaction element of the bonus should be paid. 15% of the bonus was based on performance against individual strategic KPIs as described below. Committee’s assessment of pay out 48.3% of maximum1 53.3% of maximum Executive Performance achieved Ondrej Vlcek Philip Marshall Established, promoted and championed the right Company culture and drove positive change in how people feel motivated about Avast’s vision and how they collaborate. Defined a clear strategic vision and a long-term strategy plan for the Company and communicated it throughout the organisation. Key product related projects scoped, with steady progress. Positive management and relationships with investors and analysts, and further diversification of shareholder base. Effectively partnered with operating leaders in delivery of business priorities and ongoing change agenda. Delivered and executed the framework for our future diversity program, including hiring of a new leader and initiation of external partnerships. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 121 The above stated performance resulted in the following payments: Executive Ondrej Vlcek Philip Marshall 2020 bonus payment $01 $575,023 % of maximum n/a 47.9% Notes 1 No bonus will be paid to Mr Ondrej Vlcek following his decision to waive his annual bonus since appointment as CEO. The Committee considered very carefully whether it was appropriate to pay an annual bonus to Executive Directors in the context of the economic and social environment. The Committee believes the underlying performance as well as the experience of shareholders and other stakeholders during the year supports the payment of an annual bonus. LTIP vesting for the year ended 31 December 2020 (audited) On 19 June 2018, Ondrej Vlcek was granted a conditional share award of 350% of salary (his salary at the date of grant was $450,000). This grant was equivalent to 538,707 PSUs at maximum vesting level. The market value at grant was £2.196 per share. On 19 June 2018, the CFO, Philip Marshall, was granted a conditional share award of 350% of salary (his salary at the data of grant was $525,000). This grant was equivalent to 627,960 PSUs at maximum vesting level. The market value at grant was £2.196 per share. 2018 PSU awards are subject to diluted adjusted EPS growth1 over the three financial years ending 31 December 2020 and organic revenue growth over the same period. Diluted adjusted EPS growth over the period was 10.0% (CAGR) and revenue growth over the period was 7.5% (CAGR). Therefore, the awards will vest at 67.26% of maximum opportunity. Weighting Threshold Target Maximum 14% payout 55% payout 100% payout Performance achieved % of maximum Diluted adjusted EPS growth1 Adjusted (organic) revenue growth 50% 50% 5% CAGR 8.4% CAGR 12% CAGR 10.0% 74.8% 5% CAGR 7% CAGR 12% CAGR 7.5% 59.8% Notes 1 The EPS growth performance measure was incorrectly labelled as ‘Group basic EPS (undiluted) growth’ in the 2018 and 2019 Directors’ remuneration report. The correct label of the EPS growth performance measure applicable to the 2018 LTIP awards, 2019 LTIP awards and 2020 LTIP awards is diluted adjusted EPS growth. As a result, Mr Ondrej Vlcek will receive 381,901 shares (including dividend equivalent shares) and Mr Philip Marshall will receive 445,175 shares (including dividend equivalent shares) upon vesting on 19 June 2021. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm When determining the LTIP outcome, the Committee also considered the underlying performance of the Group over the performance period, taking into account performance against key financial and non-financial indicators, the performance of the individuals, the impact of the COVID-19 pandemic, and the experience of shareholders and other stakeholders. The Committee also considered whether there had been a significant negative event (such as an ESG event) which would warrant an adjustment. The Committee concluded the proposed vesting outcome is an appropriate reflection of progress delivered over the period since IPO. No discretion was exercised in relation to the annual bonus for 2020 or LTIP outcomes. Overall, the Committee considers that the Remuneration Policy has operated as it intended during 2020. Share Matching Plan (audited) During the year, Mr Philip Marshall participated in the Company’s Share Matching Plan. Under this plan, participants are able to invest up to $34,000 per annum in the purchase of Company shares. If the participant continues to retain these shares at the end of the two-year holding period, they will receive one matching share for every three shares purchased. The value of these matching shares will be included in the single figure table on the date of the award at the end of the two-year holding period. Total pension entitlements (audited) During the year under review, the Executive Directors did not receive any pension contribution or pension allowance. Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 122 LTIP awards made during the year (audited) On 26 February 2020, the following awards were granted to Executive Directors: Details of award granted Executive Ondrej Vlcek Conditional share Philip Marshall Conditional share Type of award Basis of award granted (maximum) Share price (£)1 Number of shares granted Face value of award (£000) Face value of award ($000)2 500% of salary of $700,000 450% of salary of $600,000 £4.046 669,365 £2,708.3 $3,500.0 £4.046 516,367 £2,089.2 $2,700.0 % of face value that would vest at threshold performance 14% 14% Vesting determined by performance over Three financial years to 31 December 2022 Three financial years to 31 December 2022 Notes 1 The share price used to determine the number of shares awarded was £4.046 based on the closing share price on 26 February 2020. 2 Exchange rate used to present the face value of the award in USD is the rate on the day of the grant of £1/$1.2923. The performance condition for these awards is set out below: Group diluted adjusted EPS growth1 (50% weighting) Group organic revenue growth (50% weighting) Threshold 14% vesting Target 55% vesting Maximum 100% vesting 5% CAGR 5% CAGR 8% CAGR 7% CAGR 12% CAGR 12% CAGR Notes 1 The EPS growth performance measure was incorrectly labelled as ’Group basic EPS (undiluted) growth’ in the 2018 and 2019 Directors’ remuneration report. The correct label of the EPS growth performance measure applicable to the 2018 LTIP awards, 2019 LTIP awards and 2020 LTIP awards is diluted adjusted EPS growth. 14% of the total award shall vest for threshold performance (i.e. 7% of the award for each of the two financial criteria), 55% shall vest for target performance, and 100% of the total award shall vest for maximum performance. Straight-line vesting between the performance points will apply. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 123 Directors’ shareholding and share interests (audited) Share ownership plays a key role in the alignment of our executives with the interests of shareholders. Our Executive Directors are expected to build up and maintain a 200% of salary shareholding in the Company. This shareholding guideline was met for 2020 for both Executive Directors. The table below sets out the number of shares held or potentially held by Executive Directors (including their connected persons where relevant) as at 31 December 2020. Beneficially owned shares at 31/12/20191 Beneficially owned shares at 31/12/20201 % shareholding guideline achieved2 Award description3 Option price (GBP) Number of unvested options/awards at 31/12/2019 Number of vested options/ awards at 31/12/2019 Granted Exercised Lapsed Number of unvested options/awards at 31/12/2020 Number of vested options/ awards at 31/12/2020 Ondrej Vlcek 19,345,987 23,715,184 24,336% Performance Options April 2017 £0.88 Performance Options Apr 2017 Time Based Options Apr 2017 Time Based Options Apr 2017 Performance Stock Units 2018 Performance Stock Units 2019 Performance Stock Units 2020 £1.36 £0.88 £1.36 n/a n/a n/a 0 1,019,396 0 2,039,042 0 0 436,884 873,875 538,7077 807,911 0 0 0 0 0 1,019,396 0 2,039,042 0 0 0 0 669,365 436,884 873,875 0 0 0 1,346,618 4,369,197 669,365 4,369,1974 Philip Marshall5 315,364 322,7606 386% Time Based Options Feb 2018 £2.13 1,456,744 Time Based Options Mar 2018 £2.37 1,165,471 Performance Stock Units 2018 Performance Stock Units 2019 Performance Stock Units 2020 n/a n/a n/a 627,9607 650,583 0 3,900,758 0 0 0 0 0 0 0 0 0 0 516,367 516,367 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 538,707 807,911 669,365 2,015,983 0 0 0 0 0 0 0 0 971,163 485,581 582,735 582,736 627,960 650,583 516,367 0 0 0 0 3,348,808 1,068,317 Total 19,661,351 24,037,944 5,247,376 4,369,197 1,185,732 4,369,197 0 5,364,791 1,068,317 Includes shares owned by connected parties. Notes 1 2 Calculated based on the share price on 31 December 2020 of £5.375. 3 On IPO, share options were rolled over to equivalent share options of Avast Plc and have been included in share holdings and share interests. 4 Mr Ondrej Vlcek exercised these options on 23 March 2020 at the price of £3.108. 5 Between 31 December 2020 and 28 February 2021, Mr Philip Marshall purchased 2,481 shares through the Company Share Matching plan, subject to matching after two-year holding period, as per the Plan rules. On 14 January 2021, 725 shares were allotted to Mr Philip Marshall under the Share Matching Plan, against the 2,175 SMP shares purchased by him after the H2 2018 Accumulation Period, as per the Plan rules. On 1 February 2021, 485,581 time based pre-IPO options from the February 2018 grant vested. There were no other changes in share interests between 31 December 2020 and 28 February 2021. 6 Includes total of 9,270 shares purchased by Mr Philip Marshall under the Company Share Matching Plan, subject to matching after two-year holding period, as per the Plan rules, in addition to the 2,175 shares purchased through the Company Share Matching plan, as per footnote 5. The 2,175 shares were still subject to matching on 31 December 2020. 7 Based on the performance achieved, these awards will vest at 67.26% of the maximum opportunity and Mr Ondrej Vlcek will receive381,901 shares (including dividend equivalent shares) and Mr Philip Marshall will receive 445,175 shares (including dividend equivalent shares) upon vesting on 19 June 2021. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 124 The table below sets out the number of shares held or potentially held by Non-Executive Directors (including their connected persons where relevant) as at 31 December 2020. Beneficially owned shares at 31/12/20191 Beneficially owned shares at 31/12/20201 % shareholding guideline achieved Award description Option price (GBP) Number of unvested options/awards at 31/12/2019 Number of vested options/ awards at 31/12/2019 Granted Exercised Lapsed Number of unvested options/awards at 31/12/2020 Number of vested options/ awards at 31/12/2020 John Schwarz Erwin Gunst 0 0 Pavel Baudis 257,182,165 257,182,165 Eduard Kucera Lorne Somerville 99,793,912 99,793,912 0 Ulf Claesson 1,710,098 1,245,324 Warren Finegold Belinda Richards Maggie Chan Jones Tamara Minick- Scokalo Total2,3 108,132 108,132 0 0 0 358,794,307 358,329,533 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Includes shares owned by connected persons. Notes 1 2 The interests in shares are a result of the vested options owned by the Non-Executive Directors. 3 There were no changes in share interests between 31 December 2020 and 28 February 2021. The Company’s policy is that Non-Executive Directors will not be granted share options in the future. Payments to past Directors (audited) As set out in last years’ Directors’ remuneration report, Mr Vincent Steckler stepped down from the Board and as CEO on 30 June 2019. He remained available to the business in an advisory capacity until 30 June 2020 to ensure a smooth transition process. During the period, he received a fee of $400,000 per annum to reflect the expected time commitment of the role, of which $200,000 related to 2020. Mr Vincent Steckler received, in line with his employment agreement, health benefits for a period of 24 months. The cost of the health benefits for the period from 1 January 2020 to 30 May 2021 amounted to $14,202. No health benefits cost for the rest of 2020 was incurred. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 125 The LTIP award granted to him in 2018 continued on a pro-rata basis for the period he served as CEO and remained subject to the achievement of performance targets over the normal vesting period to 31 December 2020. EPS growth over the period was 10.0% per annum and revenue growth over the period was 7.5% per annum. Therefore, the award will vest at 67.26% of the prorated maximum opportunity and Mr Vincent Steckler will receive 315,735 shares (including dividend equivalent shares) upon the vesting. The awards will continue to remain subject to a post-vesting holding period of two years. External appointments Executive Directors are permitted to hold Non-Executive Director positions in other companies where it is considered appropriate and subject to approval by the Board. Disclosure of any associated income is required to be made to the Board, to shareholders, and in the annual report and financial statements. Mr Philip Marshall serves as a Non-Executive Director (a member of the Supervisory Board and Audit Committee member) of Waberer’s International and it was agreed that fees earned in connection with this appointment can be retained by him. For the financial year, Mr Philip Marshall’s fees for this appointment were EUR 15,000. Performance graph The graph below illustrates the Company’s total shareholder return (TSR) performance relative to the constituents of the FTSE 100 index excluding investment companies from the admission date on 15 May 2018 to 31 December 2020. This index has been selected as it is a broad market index of which the Company is a constituent. The graph shows performance of a hypothetical £100 invested and its performance over that period. TSR based to 100 at 10 May 2018 Avast FTSE 100 300 250 200 150 100 50 0 Source: Datastream. 10 May 2018 31 December 2018 31 December 2019 31 December 2020 © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 126 The total remuneration for the CEO in 2020, since the IPO, is shown below, along with the value of bonuses paid and long-term incentive awards vesting, as a percentage of the maximum opportunity. 2018 20191 2020 CEO total remuneration VS – $7,500,395 VS – $411,285 OV – $2,620,652 CEO to all employee pay ratio Avast plc has fewer than 250 employees in the UK and, as such, it is not required to disclose the CEO to all employee pay ratio. However, in line with our commitment to openness and transparency, the Committee has determined to voluntarily disclose Avast’s CEO pay ratio figures in respect of the financial year ended 31 December 2020. OV – $6,465,539 Year Method 25th Percentile pay ratio Median pay ratio 75th Percentile pay ratio 61.8% n/a2 n/a4 2020 Option A 78:1 53:1 30:1 Annual bonus (% of maximum) Share award (% of maximum) n/a3 n/a3 67.26%5 Notes 1 Mr Vincent Steckler (VS) served as CEO from admission to 30 June 2019. Mr Ondrej Vlcek (OV) was appointed as CEO from 1 July 2019. From this date, Mr Ondrej Vlcek waived his salary (not including Board fee) and annual bonus and opted to receive a nominal amount of $1 in addition to his Board fee which he donated to charity. 2 Mr Ondrej Vlcek has decided to waive his annual bonus from his appointment as CEO on 1 July 2019. 3 No LTIP share awards vested based on performance to 31 December 2018 or to 31 December 2019. Pre-IPO options granted in April 2017 vested during 2019; see footnote 9 from the single figure table on page 119. 4 Mr Ondrej Vlcek has decided to waive his 2020 annual bonus. 5 2018 PSU awards vesting in 2020 are subject to diluted adjusted EPS growth over the three financial years ending 31 December 2020 and organic revenue growth over the same period. Diluted adjusted EPS growth over the period was 10.0% (CAGR) and revenue growth over the period was 7.5% (CAGR). Therefore, the awards will vest at 67.26% of maximum opportunity. The ratios have been calculated using Option A methodology, as defined under the relevant regulations, as this is considered the most statistically accurate method under the reporting regulations. However, certain assumptions have been made based on data availability to ensure a fairer representation of employee pay. Total FTE remuneration has been determined by taking into account employees in all Avast entities both in the UK and outside the UK for the relevant financial year. We note that the formal requirement relates to UK employees; however, given that the majority of our employees are outside the UK, the Committee considered that showing the ratio based on our full workforce was more appropriate. The calculations are reflective of the following pay elements: full-time equivalent salary, bonuses paid in 2020 and restricted stock grants vested during 2020. For simplicity, employee benefits have been omitted, as the benefit plans were not changed in 2020. The employees at the 25th, 50th and 75th percentiles have been determined on the snapshot date of 31 December 2020, the last day of the financial year. The single figure values for the three employees at 25th percentile, median, and 75th percentile have been reviewed. It was determined that remuneration of the individual at the 25th percentile was not fully representative of pay at the relevant quartile due to part-time work arrangements, so another full-time individual, immediately above 25th percentile, has been selected instead. No adjustments were necessary in the case of individuals representative of the median and 75th percentile. Each employee was a full-time employee during the year. Year 2020 Supporting information 25th Percentile pay Median pay 75th Percentile pay Salary $30,780 $44,939 $78,810 Total Pay $33,667 $49,430 $86,066 © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 127 Annual percentage change in remuneration of Directors and employees The table below shows the percentage change in the remuneration paid to the Directors from the prior year compared with the average percentage change in remuneration for employees of Avast plc. Total employee remuneration1 in the Group (including Executive Directors) increased by 5.6% in 2020 (from $198.3 million to $209.4 million)2. Ondrej Vlcek Philip Marshall John Schwarz Erwin Gunst Pavel Baudis Eduard Kucera Lorne Somerville4 Ulf Claesson Warren Finegold Belinda Richards Maggie Chan Jones5 Tamara Minick- Scokalo6 Employees Group A1 Employees Group B1 Salary -63.6% 6.7% 0.0% -2.5% -3.0% -3.0% -63.9% 0.0% 0.0% 0.0.% 28.6% 31.3% 4.8% 6.5% Benefits -36.3% -1.0% -75.0% n/a 69.0% 68.0% Bonus -100% -10.4% n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a -75.0% n/a n/a n/a n/a 0% 0% 16.6% 10.0% Membership of the Remuneration Committee The Remuneration Committee comprises five independent Non-Executive Directors and is chaired by Ulf Claesson. Each Director was appointed to the Committee on 9 May 2018 apart from Maggie Chan Jones and Tamara Minick-Scokalo who were appointed to the Committee on 22 May 2019 and 22 June 2020 respectively. There were four meetings during the year. Members and attendance in the year is set out in the table below. Notes 1 Employees of Avast globally (’Group A’) and Employees of Avast Plc in the UK (’Group B’), who were employed throughout 2020. 2 Personnel expenses as described on page 167. 3 The negative change in the CEO remuneration is influenced by the change of CEO on 1 July 2019, and also by Mr Ondrej Vlcek’s waiver of a part of his salary and of his cash bonus, as outlined in the earlier part of this report. 4 Mr Lorne Somerville stepped down from the Board on 21 May 2020 and remuneration is shown up to this date. 5 Ms Maggie Chan Jones was appointed to the Board on 13 March 2019 and remuneration shown is from this date. 6 Ms Tamara Minick-Scokalo was appointed to the Board on 13 March 2019 and remuneration shown is from this date. Ulf Claesson John Schwarz Warren Finegold Maggie Chan Jones Tamara Minick-Scokalo Relative importance on the spend on pay The following table shows the Company’s actual spend on pay for all employees compared to distributions to shareholders for 2020 relative to 2019. Total spend on pay Distributions to shareholders by way of dividend and share buyback 1 Personnel expenses as described on page 167. 2019 2020 $198.3m $209.4m1 $127.0m $154.7m Change 5.6% 21.8% The Committee’s principal role is to determine remuneration policy for Executive Directors and to set remuneration for the Chair, Non-Executive Directors and other senior executives. In determining remuneration policy, the Committee takes into account pay and reward for the wider workforce to ensure that policy is appropriate in the context of this and our culture. In 2020, the meetings of the Committee covered the following key areas: Finalising our Directors’ remuneration report for shareholder approval at the 2020 AGM. Review of remuneration outcomes for 2020. Consideration of remuneration arrangements for 2021. Review of corporate governance developments and shareholder guidance. Consideration of the impact of the COVID-19 pandemic on remuneration outcomes. © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Attendance from meeting eligible to attend 4/4 4/4 4/4 4/4 2/4 Directors’ remuneration report continuedDirectors’ remuneration report continued Strategic report Governance Financial statements Avast plc annual report 2020 128 Alignment of employee benefit programmes to the needs of our people and longer-term business objectives. All-employee RSU awards to create alignment between their long-term compensation and Avast’s strategic goals. The Committee also reviewed regular employee reward programmes, such as the annual salary review or the annual employee RSU awards for high-potential and high-performing employees, as well as the Share Matching Plan to ensure that the employee programmes are in line with the overall remuneration strategy, Company objectives and competitive needs. The Remuneration Committee terms of reference are available on the Company’s website at investors.avast.com/ investors/corporate-governance/. These have been updated to reflect the provisions of the 2018 Code. Performance evaluation The Remuneration Committee’s effectiveness for 2020 was considered as part of the annual Board evaluation process. The performance of the Committee was evaluated in accordance with the process set out on page 95. The specific areas assessed were: Agreeing the remuneration report Aligning pay with strategic goals Understanding investor views on pay Motivating senior management Overall, the Committee’s performance was rated highly. It was noted that sustaining the effectiveness of the Committee through the upcoming transition in its Chair will be a key focus over the coming year and that this would be a good opportunity to reflect on the remuneration structures in place, to ensure that they are adequately aligned with the Company’s new strategic plan. The Committee has reflected on the findings of the report. External advisers The Remuneration Committee has access to independent advice where it considers it appropriate. The Committee appointed Deloitte LLP as its advisers in 2018 and received advice from Deloitte LLP during the year. The fees paid to Deloitte LLP for providing advice in relation to executive remuneration was £26,900. Fees charged were on a time and expenses basis. Separate teams within Deloitte also provided services in relation to risk advisory, internal audit and controls, international mobility, corporate employment, share schemes, and payroll advice. The Committee reviewed the potential for conflicts of interest and judged that there were appropriate safeguards against such conflicts. The Committee considers that the advice received from the advisers is independent, straightforward, relevant, and appropriate, and that it has an appropriate level of access to them and has confidence in their advice. Deloitte LLP is one of the founding members of the Remuneration Consulting Group. The Committee has been fully briefed on its compliance with the voluntary code of conduct in respect of the provision of remuneration consulting services. The CEO, the Chief of Staff, the General Counsel, and the Chief People and Culture Officer have attended certain Committee meetings and provided advice to the Committee during the year. They were not in attendance when matters relating to their own compensation or contracts were discussed. Statement of shareholder voting The Remuneration Policy was last approved by shareholders at our AGM on 23 May 2019 and the remuneration report was approved by shareholders at our 21 May AGM on 2020. Details of voting are shown below. Approval of the Directors’ remuneration report – 2020 AGM 829,132,963 97.05% 25,202,203 Approval of the Directors’ Remuneration Policy – 2019 AGM 787,114,401 94.66% 44,405,150 2.95 5.34 664,472 0 Number of votes % Number of votes % Number of votes For Against Withheld Approval This Directors’ remuneration report has been approved by the Board of Directors. By order of the Board Ulf Claesson Chair of the Remuneration Committee 2 March 2021 © 2019 Friend Studio Ltd File name: RemunerationXReport_v62 Modification Date: 2 March 2021 11:50 pm Directors’ remuneration report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 129 129 1 Corporate details The Company was incorporated under the Companies Act 2006 (as amended) on 7 January 2010 as a private company limited by shares under the name Avast Limited with registered number 07118170. On 3 May 2018, the Company re-registered as a public company under the name Avast plc. 2 Directors and Directors’ interests In respect of the period between 1 January 2020 and the date of this report, the following persons were Directors of the Company: Name Role John Schwarz Non-Executive Director and Chair Ondrej VIcek Chief Executive Officer Philip Marshall Chief Financial Officer Warren Finegold Non-Executive Director and Senior Independent Director Appointment date 9 May 2018 9 May 2018 9 May 2018 9 May 2018 Pavel Baudis Non-Executive Director 9 May 2018 Maggie Chan Jones Non-Executive Director 13 March 2019 Ulf Claesson Non-Executive Director Erwin Gunst Non-Executive Director Eduard Kucera Non-Executive Director 9 May 2018 9 May 2018 9 May 2018 Tamara Minick-Scokalo Belinda Richards Lorne Somerville Non-Executive Director 13 March 2019 Non-Executive Director 8 June 2018 Non-Executive Director 9 May 2018* Notes * Resigned on 21 May 2020. The Directors and the General Counsel and Company Secretary (certain of who are also directors of the Company’s subsidiaries) have the benefit of a qualifying third-party indemnity from the Company (the terms of which are in accordance with the Companies Act 2006) each of which was in force throughout the year and remains in force at the date of this report. In addition, the Company has in place appropriate directors’ and officers’ liability insurance. This cover also extends to employees of the Group who serve on the boards of the Company’s subsidiaries. Related party transactions relating to the Directors are detailed in Note 36 of the financial statements. Details of Directors’ interests in shares, options, and LTIPs are set out on pages 123 to 124 of the Directors’ remuneration report. The only changes in Directors’ interests since 31 December 2020 relate to the purchase of shares and the allocation of matched shares through the Company’s Share Matching Plan, in each case as further described in Note 5 to the Directors' remuneration report on page 123. 3 Dividend The Group’s dividend policy focuses on providing significant returns to shareholders, while also ensuring that the Group retains the flexibility to continue to deploy capital towards profitable growth. There can be no guarantees that the Company will pay future dividends. The determination of the level of future dividends, if any, will depend upon the Group’s results of operations, financial condition, capital requirements, contractual restrictions, business prospects, and any other factors the Board may deem relevant. The Group currently expects to maintain dividend payments of approximately 40% of levered free cash flow in the short to medium term. Dividend payments will be made on an approximate one-third:two-thirds split for interim and final dividends, respectively. 2019 final dividend During the year, the Board recommended a final dividend in the amount of 10.3 cents in respect of financial year ended 31 December 2019, which was approved by its shareholders at the Company’s AGM on 21 May 2020. The dividend was paid to shareholders on 24 June 2020. 2020 interim dividend On 11 August 2020, the Board declared an interim dividend in the amount of 4.8 cents per share. The dividend was paid to shareholders on 16 October 2020. Proposed 2020 final dividend The Directors propose to pay a final dividend of 11.2 cents per share in respect of the year ending 31 December 2020 (total payment of $115.3m). Combined with the interim dividend of 4.8 cents per share paid in October 2020 (total payment of $49.3m), this represents a total dividend for the financial year of 16.0 cents (total payment of $164.6m), which represents 40% of the Group’s levered free cash flow for the period in accordance with the Company’s dividend policy. Subject to shareholder approval, the final dividend will be paid in US dollars on 18 June 2021 to shareholders on the register on 14 May 2021. There will be an option for shareholders to elect to receive the dividend in pounds sterling and such an election should be made no later than 28 May 2021. The foreign exchange rate at which dividends declared in US dollars will be converted into pounds sterling will be calculated based on the average exchange rate over the five business days prior to 3 June 2021 and announced shortly thereafter. 4 Political donations The Group did not make any political donations, or incur any political expenditure, in the year ended 31 December 2020. © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 130 130 5 Research and development Avast places a substantial focus on the continuous development and improvement of technology, with 49% of its employees working in research and development (R&D) and an annual spend of $71m. We believe this focus on R&D strongly contributes to the fact that the Group’s products are consistently ranked among the highest-rated antivirus solutions by both users and editors on leading download and review websites, as well as in popular media globally. 6 Significant agreements Below are the only significant agreements that would take effect, alter, or terminate on change of control of the Company following a takeover: Credit Agreement Credit Agreement dated 30 September 2016, entered into between Avast Software BV, Sybil Software LLC, Avast Software s.r.o., Avast Holding BV, and Credit Suisse International. A takeover of the Company may trigger a change of control under the Credit Agreement which is an event of default thereunder and would permit Credit Suisse International as administrative agent under the Credit Agreement (with the consent or at the request of the ‘Required Lenders’ under Credit Agreement) to immediately accelerate full repayment of the outstanding debt. Google Distribution Agreement Promotion and Distribution Agreement dated 1 July 2012, entered into between Avast Software s.r.o. and Google Ireland Limited. Under this agreement, Avast Software s.r.o. agrees to bundle the Google Chrome and Google Toolbar products with distributions of its consumer antivirus products under the Avast and AVG brand names, and certain utility applications as approved by Google from time to time. Google Ireland Limited in turn agrees to pay Avast Software s.r.o. monthly fees in connection with offering users the Google Chrome browser and Google Toolbar. A takeover of the Company may trigger a change of control under the Google Distribution Agreement which would permit Google to immediately terminate the contract upon written notice. In addition, in the event of a takeover of the Company, the Board may, at its discretion, elect to accelerate unvested awards under the Company’s LTIP. More details in relation to this are set out in the Remuneration Policy approved by the shareholders at the AGM in 2020. 7 Share capital Share capital structure As at 31 December 2020, the entire issued share capital of the Company comprised 1,028,512,742 ordinary shares of £0.10 each. Significant holdings As at 31 December 2020, the following persons held interests in shares carrying 3% or more in voting rights: Name PaBa Software s.r.o. Pratincole Investments Limited % of total voting rights 25.01% 9.70% Relationship agreements The Company has entered into relationship agreements with its most significant shareholders to help ensure that the Company will be capable of operating and making decisions independently for the benefit of shareholders as a whole. On 10 May 2018, the Company entered into a relationship agreement (the Founder Relationship Agreement) with each of Pavel Baudis and Eduard Kucera and their respective investment vehicles, PaBa Software s.r.o. and Pratincole Investments Ltd (collectively, the Founders), pursuant to which, among other things, the Founders are jointly entitled to appoint: (i) one natural person to be a Non-Executive Director of the Company for so long as the Founders and/ or their associates hold in aggregate 10% or more (but less than 20%) of the voting rights attaching to the issued share capital of the Company; and (ii) two natural persons to be Non-Executive Directors for so long as the Founders and/ or their associates hold 20% or more of the voting rights attaching to the issued share capital of the Company. The Board confirms that through the applicable periods: the Company has complied with the independence provisions of the Founder Relationship Agreement; as far as the Company is aware, each of the Founders, and their respective associates have complied with the independence provisions of the Founder Relationship Agreement; and as far as the Company is aware, each of the Founders has procured the compliance of non-signing controlling shareholders with the independence provisions of the Founder Relationship Agreement. Restriction on transfer of shares The Board may refuse to register any transfer of any share which is not a fully paid share, provided that such discretion may not be exercised in a way which the Financial Conduct Authority or the London Stock Exchange regards as preventing dealings in the shares of the relevant class or classes from taking place on an open and proper basis. © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 131 131 The Board may also refuse to register a share where the instrument of transfer is: in favour of more than four persons jointly; not left at the registered office of the Company, or at such other place as the Board may from time to time determine, accompanied by the certificate(s) of the shares to which the instrument relates and such other evidence as the Directors may reasonably require to show the right of the transferor to make the transfer; and the instrument of transfer is in respect of more than one class of share. In addition, pursuant to the Listing Rules of the Financial Conduct Authority, Directors of the Company and persons discharging managerial responsibility are required to obtain prior approval from the Company to deal in the Company’s securities, and are prohibited from dealing during close periods. Voting rights On a poll, votes may be given personally or by proxy. Subject to any rights or restrictions attached to any class or classes of shares and to any other provisions of the Articles of Association: if a vote is taken on a show of hands, every member or proxy present in person shall have one vote; and if a vote is taken on a poll, every member present in person or by proxy shall have one vote for each share held by him. All resolutions put to the members at electronic general meetings will be voted on by a poll. All resolutions put to the members at a physical general meeting will be voted on by a show of hands unless a poll is demanded: by the Chair of the meeting; or by at least five members present in person or by proxy and having the right to vote on the resolution; or by any member or members present in person or by proxy and representing not less than one-tenth of the total voting rights of all the members having the right to vote on the resolution; or by a member or members present in person or by proxy holding shares in the Company conferring a right to vote on the resolution being shares on which an aggregate sum has been paid up equal to not less than one-tenth of the total sum paid up on all shares conferring that right. As far as the Board is aware, there are no agreements between shareholders that may restrict transfer of securities or voting rights. The below are the only special control rights attaching to any of the Company’s issued share capital: Pursuant to the Founder Relationship Agreement: (i) the Founders are jointly entitled to appoint: (a) one natural person to be a Non-Executive Director of the Company for so long as the Founders and/or their associates hold in aggregate 10% or more (but less than 20%) of the voting rights attaching to the issued share capital of the Company; and (ii) two natural persons to be Non-Executive Directors for so long as the Founders and/or their associates hold 20% or more of the voting rights attaching to the issued share capital of the Company; and (ii) for so long as the Founders hold in aggregate 10% or more of the voting rights attaching to the issued share capital of the Company, one of the Directors appointed by the Founders is permitted to attend as an observer at the Board’s Nomination Committee, Audit and Risk Committee, and Remuneration Committee meetings. Appointment and replacement of Directors There is no maximum number of Directors who can serve on the Board, but the number of Directors cannot be less than two. Directors may be appointed by ordinary resolution of shareholders or by the Board. No person other than a Director retiring at a general meeting will, unless recommended by the Directors, be eligible for appointment to the office of Director at any general meeting unless a member notifies the Company in advance in accordance with the Articles of Association of his or her intention to propose such person for appointment, and also notice in writing signed by that person of his willingness to be appointed. Under the Articles of Association, a Director is required to retire at an AGM if he or she was a Director at each of the preceding two AGMs and was not appointed or reappointed by the Company in a general meeting at, or since, either such meeting. Notwithstanding this, and in compliance with the Code, each Director is subject to election at the first AGM following their appointment, and re-election at each subsequent AGM. The Company may by ordinary resolution remove any Director before the expiration of his period of office provided special notice has been given in accordance with the Companies Act 2006. Articles of Association The Articles of Association of the Company were adopted by special resolution on 9 May 2018. Any amendment to the Articles of Association of the Company may be made in accordance with the provisions of the Companies Act 2006, by way of special resolution. Power of the Company’s Directors The business of the Company is managed by the Directors, who may exercise all the powers of the Company subject to the provisions of the Articles of Association, the Companies Act 2006, and such directions as may be given by the Company at a general meeting by special resolution. © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report continuedDirectors’ report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 132 132 Employee Benefit Trust The Group has an employee benefit trust (the EBT). As at 31 December 2020, no shares were held by the trust. In the event that shares are held by the EBT on behalf of employees as beneficiaries, the Trustee is required to comply with any direction from the beneficiary as to the exercise of any voting rights carried by such shares but, unless otherwise agreed with the beneficiary in writing, shall not be under any obligation to seek such direction from any beneficiary. In the absence of any such direction, the Trustee shall not be entitled to exercise the voting rights attaching to such shares. Subject to this, the Trustee may vote or abstain from voting shares, or accept or reject any offer relating to shares, in any way it sees fit without incurring any liability and without being required to give reasons for its decision. 8 Authority to purchase its own shares The Company is permitted, pursuant to the terms of its Articles of Association, to purchase its own shares subject to shareholder approval. At its AGM held on 21 May 2020, the Company was given authority to make market purchases (within the meaning of section 693(4) of the Companies Act 2006) up to a limit of 101,980,970 of its ordinary shares. The minimum price that must be paid for each ordinary share is its nominal value, and the maximum price is the higher of: (i) 105% of the average middle market quotations for an ordinary share as derived from the London Stock Exchange for the five (5) business days immediately before the purchase is made; and (ii) an amount equal to the higher of the price of the last independent trade of an ordinary share and the highest current independent bid for an ordinary share on the trading venues where the purchase is carried out. This authority will expire at the earlier of the conclusion of the Company’s 2021 AGM and 30 June 2021. The Company did not repurchase any of its shares during the 2020 financial year. 9 Authority to issue shares The Company is permitted – pursuant to the terms of its Articles of Association – to allot, grant options over, offer, or otherwise deal with or dispose of shares in the Company to such persons at such times, and generally on such terms and conditions as they may determine. At its AGM held on 21 May 2020, the Company was given authority to allot shares and grant rights to subscribe for, or convert any security into, shares in the Company, up to: (i) an aggregate nominal amount of £33,990,257.27 (less the nominal amount of any shares or rights to subscribe for or convert any security into shares in the Company granted under sub-paragraph (ii) below in excess of £33,990,257.27); and (ii) comprising equity securities (as defined in section 560 of the Companies Act 2006) up to an aggregate nominal amount of £67,990,712.63 (less any allotments or grants made under sub-paragraph (i) above) in connection with or pursuant to an offer by way of a rights issue, in each case subject to the conditions set out in the AGM notice. This authority will expire at the earlier of the conclusion of the Company’s 2021 AGM and 30 June 2021. The Company did not allot any new shares, other than those shares allotted pursuant to the Group’s share option plans and LTIPs. 10 Going concern Due to the uncertainty arising from the COVID-19 pandemic, management have performed a detailed going concern review and analysis of the accounts and consider that the Group has adequate resources to continue business for the foreseeable future, and a period from the signing of the financial statements through 30 June 2022. Group’s financial covenants The Group’s Term Loan Credit Agreement includes a single financial covenant that is triggered at any time when $35 million or more is outstanding under the revolving credit agreement for a period ending on 30 June or 31 December. The Group must maintain, on a consolidated basis, a leverage ratio (set as a ratio of Consolidated First Lien Net Debt to Consolidated EBITDA) less than 6.50x. This covenant is tested quarterly at such time as it is in effect. The Total Net First Lien Leverage Ratio remains materially lower than 6.5x during the period under review. The ratio was 1.4x at 31 December 2020 and there is no reason to believe that the Group would have any material risk against the ceiling of 6.5x. As of 31 December 2020, $40 million committed was undrawn under the revolving credit facility (see Note 27). Reverse stress testing To make the going concern assessment, the Directors have reviewed the latest budget and forecast through 30 June 2022 including the projected cash flows and other relevant information. The cash flow projections have been subject to reverse stress testing, which assessed the potential impact of an extreme scenario in which the Consumer Direct Desktop billings would decline drastically without any mitigating action taken by management. Even in such a scenario, which is considered remote, the Group has more than sufficient headroom in its available resources to withstand the period from signing of the financial statements through 30 June 2022 and not to be in breach of the financial covenant. The Group would only run out of available cash in the extreme situation where practically no further Consumer Direct Desktop billings would be realised after March 2021, collections would stop, and no meaningful offsetting cost actions would be taken, whilst still paying dividends according to the current policy (i.e. 40% of Levered Free Cash Flow). Such a situation is considered very remote. © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 133 133 Our business remains resilient because: Cash collection is strong and bad debt risk is limited as clients typically pay for service up front; The renewal rate remains steady in Consumer Direct Desktop; Flexible cost base – a significant portion of Group’s costs are discretionary in nature; The work-from-home trend in the pandemic environment created an upswing in demand across the product portfolio resulting in strong growth in paying customers (up 997,000 since the end of 2019); Our deferred revenue balance is growing (deferred revenue up +6.5% vs FY 2019, excluding Jumpshot) supporting attractive future revenue growth and good future revenue visibility. Deferred revenue balance as of 31 December 2020 of $496.5m includes $458.8m to be released into revenue in the following 12 months; and We continuously monitor and invest into market needs. In FY 2020 Avast continued its strong investment in technology capability and innovation, and further enhanced the customer experience to support mid-term growth initiatives, and to keep up with the latest technology trends. The Directors continue to carefully monitor the impact of the Covid-19 pandemic on the operations of the Group and have a range of possible mitigation actions, which could be implemented in the event of a downturn of the business. 11 Financial risk management Details of financial risk management and financial instruments are disclosed in Note 30 of the Group financial statements. 12 Additional disclosures The Strategic report is a requirement of the UK Companies Act 2006 and can be found on pages 1 to 86 of this report. The Company has chosen, in accordance with section 414 C(11) of the Act, to include the following matters of strategic importance in its Strategic report that would otherwise be disclosed in this Directors’ report: Section Likely future developments Greenhouse gas emissions, energy consumption, and energy efficiency Post balance sheet events Stakeholder and employee engagement disclosures Page(s) 47 77 to 78 190 64 to 74 and 82 to 85 Information required by the Financial Conduct Authority’s Listing Rules can be located as follows: Listing Rule LR 9.8.4(2) Section Publication of unaudited financial information Page 42 to 57 LR 9.8.4(5) and (6) Details of waived 107 to 128 Director emoluments Related party contracts Independence of controlling shareholders 190 130 13 Disclosure of information to auditors The Directors confirm that: (i) so far as the Directors are aware, there is no relevant audit information of which the Company’s auditor is unaware; and (ii) the Directors have taken all the steps that they ought to have taken as directors to make themselves aware of any relevant audit information and to establish that the Company’s auditor is aware of that information. 14 Statement of Directors’ responsibilities in respect of the annual report and the financial statements The Directors are responsible for preparing the annual report and the financial statements in accordance with applicable law and regulations. The UK Companies Act 2006 requires the Directors to prepare financial statements for each financial period that give a true and fair view of the financial position of the Group and the Parent Company and the financial performance and cash flows of the Group for that period. Under that law, the Directors have prepared the Group financial statements in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006 and in accordance with applicable law, and have elected to prepare the Parent Company financial statements in accordance with UK Generally Accepted Accounting Practice (UK Accounting Standards and applicable law), including Financial Reporting Standard 102 (FRS 102). On the basis of the above considerations, the Directors have a reasonable expectation that the Group will have adequate resources to continue in business for the foreseeable future and therefore continue to adopt the going concern basis in preparing the financial statements. LR 9.8.4R(10) and (11) LR 9.8.4(14) © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report continuedDirectors’ report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 134 134 In preparing these financial statements, the Directors are required to: select suitable accounting policies and then apply them consistently; make judgements and estimates that are reasonable and prudent; present information, including accounting policies, in a manner that provides relevant, reliable, comparable, and understandable information; in respect of the Group financial statements, state whether international accounting standards in conformity with the requirements of the Companies Act 2006 (and IFRSs adopted pursuant to Regulation(EC) No 1606/2002 as it applies in the European Union) have been followed, subject to any material departures disclosed and explained in the financial statements; provide additional disclosures when compliance with the specific requirements in IFRSs are insufficient to enable users to understand the impact of particular transactions, other events, and conditions on the Group’s financial position and financial performance; in respect of the Parent Company financial statements, state whether applicable UK Accounting Standards, including FRS 102, have been followed, subject to any material departures disclosed and explained in the financial statements; and prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Company and/or the Group will continue in business. The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s and Group’s transactions and disclose with reasonable accuracy at any time the financial position of the Company and the Group, and enable them to ensure that the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the Company and Group and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. Under applicable law and regulations, the Directors are also responsible for preparing a strategic report, directors’ report, directors’ remuneration report, and corporate governance statement that comply with that law and those regulations. The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the Company’s website. Legislation in the UK governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions. 15 Responsibility statement of the Directors in respect of the annual financial report The Directors confirm, to the best of their knowledge, that: the Group financial statements, prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006 and international reporting standards adopted pursuant to Regulation (EC) No. 1606/2002 as it applies to the European Union and in accordance with applicable law, give a true and fair view of the assets, liabilities, financial position, and profit of the Company and the undertakings included in the consolidation taken as a whole; and the Strategic report and Directors’ report include a fair review of the development and performance of the business and the position of the Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face. The annual report and the financial statements, taken as a whole, is fair, balanced, and understandable, and provides the information necessary for shareholders to assess the Group’s position and performance, business model, and strategy. The Directors’ report on pages 129 to 134 was approved by the Board on 2 March 2021 and signed by order of the Board. By order of the Board Kelby Barton Company Secretary 2 March 2021 © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 135 135 Financial statements Independent Auditor’s report Consolidated financial statements Notes to the consolidated financial statements Company financial statements Notes to the Company financial statements Glossary 136 146 153 193 195 199 © 2019 Friend Studio Ltd File name: DirectorsXReport_v49 Modification Date: 2 March 2021 4:24 pm Directors’ report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 Avast annual report 2020 136 136 136 Independent Auditor’s Report to the members of Avast plc Opinion In our opinion: We have audited the financial statements of Avast plc (the ‘parent company’) and its subsidiaries (the ‘Group’) for the year ended 31 December 2020 which comprise: Avast plc’s Group financial statements and parent company financial statements (’the financial statements’) give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 December 2020 and of the Group’s profit for the year then ended; The Group financial statements have been properly prepared in accordance with International Accounting Standards in conformity with the requirements of the Companies Act 2006 and International Financial Reporting Standards adopted pursuant to Regulation (EC) No. 1606/2002 as it applies in the European Union; The parent company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. Parent company Company statement of financial position as at 31 December 2020 Company statement of changes in equity for the year then ended Related Notes 1 to 13 to the financial statements including a summary of significant accounting policies Group Consolidated statement of financial position as at 31 December 2020 Consolidated statement of profit and loss for the year then ended Consolidated statement of comprehensive income for the year then ended Consolidated statement of changes in shareholders’ equity for the year then ended Consolidated statement of cash flows for the year then ended Related Notes 1 to 39 to the financial statements, including a summary of significant accounting policies The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and International Accounting Standards in conformity with the requirements of the Companies Act 2006 and International Financial Reporting Standards adopted pursuant to Regulation (EC) No. 1606/2002 as it applies in the European Union. The financial reporting framework that has been applied in the preparation of the parent company financial statements is applicable law and United Kingdom Accounting Standards, including FRS 102 ’The Financial Reporting Standard applicable in the UK and Republic of Ireland’ (United Kingdom Generally Accepted Accounting Practice). Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the Group in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed public interest entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 137 137 We considered the mitigating factors included in the cash forecasts and covenant calculations that are within the control of the Group. This includes review of the Group’s non-operating cash outflows and evaluating the Group’s ability to control these outflows as mitigating actions if required. Based on the work we have performed, we have not identified any material uncertainties relating to events or conditions that, individually or collectively, may cast significant doubt on the Group and parent company’s ability to continue as a going concern for the period to 30 June 2022. We have performed reverse stress testing in order to identify what factors would lead to the Group utilising all liquidity or breaching the financial covenant during the going concern period. We reviewed the Group’s going concern disclosures included in the annual report in order to assess that the disclosures were appropriate and in conformity with the reporting standards. The Group’s going concern assessment is based on the budget as approved by the Board. We have assessed management’s forecast against external analyst reports and historical accuracy, noting no issues. Throughout the going concern period, the Group is forecast to increase its available liquidity and improve its covenant headroom, both of which are significant. In relation to the Group and parent company’s reporting on how they have applied the UK Corporate Governance Code, we have nothing material to add or draw attention to in relation to the Directors’ statement in the financial statements about whether the Directors considered it appropriate to adopt the going concern basis of accounting. Our responsibilities and the responsibilities of the Directors with respect to going concern are described in the relevant sections of this report. However, because not all future events or conditions can be predicted, this statement is not a guarantee as to the Group’s ability to continue as a going concern. Conclusions relating to going concern In auditing the financial statements, we have concluded that the Directors’ use of the going concern basis of accounting in the preparation of the financial statements is appropriate. Our evaluation of the Directors’ assessment of the Group and parent company’s ability to continue to adopt the going concern basis of accounting included: In conjunction with our walkthrough of the Group’s financial close process, we confirmed our understanding of management’s Going Concern assessment process and also engaged with management early to ensure all key factors were considered in their assessment. We obtained management’s going concern assessment, including the cash forecasts and covenant calculation for the going concern period which covers the period to 30 June 2022. The Group has modelled a number of adverse scenarios in their cash forecasts and covenant calculations in order to incorporate unexpected changes to the forecasted liquidity of the Group. We specifically considered the impact of COVID-19 on the Group, which management have assessed as having a minimal financial impact and limited operational impact, and therefore limited potential to alter management’s cash flow forecast. We assessed the factors and assumptions included in each modelled scenario for the cash forecast and covenant calculation with reference to our understanding of the business and historical performance. We considered the appropriateness of the methods used to calculate the cash forecasts and covenant calculations and determined through inspection and testing of the methodology and calculations that the methods utilised were appropriately sophisticated to be able to make an assessment for the entity. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report continuedIndependent Auditor’s Report Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 Avast annual report 2020 138 138 138 Overview of our audit approach Audit scope We performed an audit of the complete financial information of two components and audit procedures on specific balances for a further six components. The components where we performed full or specific audit procedures accounted for 99% of Profit before Tax (‘PBT’) adjusted for exceptional items and unrealised Foreign Exchange (‘FX’) loss, 97% of Revenue and 96% of Total assets. Key audit matters Revenue recognition, including risk of management override, in particular: – Licence revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manipulation of the licence term – Cut-off risk. – Licence, platform, and other revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manipulation of the timing of revenues or due to an error. Complexity of income and deferred tax: The Group records significant deferred tax assets (DTA) in the USA originating largely from prior periods tax losses carried forward. There is a risk of recoverability/ impairment of the US DTA. Materiality Overall group materiality of $17.4m which represents 5% of the Group’s PBT adjusted for exceptional items and unrealised FX loss (on the Term Loan). An overview of the scope of the parent company and Group audits Tailoring the scope Our assessment of audit risk, our evaluation of materiality and our allocation of performance materiality determine our audit scope for each company within the Group. Taken together, this enables us to form an opinion on the consolidated financial statements. We take into account size, risk profile, the organisation of the Group and effectiveness of group-wide controls, changes in the business environment and other factors such as recent Internal audit results when assessing the level of work to be performed at each entity. In assessing the risk of material misstatement to the Group financial statements, and to ensure we had adequate quantitative coverage of significant accounts in the financial statements, of the 40 reporting components of the Group, we selected 8 components covering entities within the Czech Republic, Netherlands, United Kingdom and US, which represent the principal business units within the Group. Of the 8 components selected, we performed an audit of the complete financial information of 2 components (’full scope components’) which were selected based on their size or risk characteristics. For the remaining 6 components (’specific scope components’), we performed audit procedures on specific accounts within that component that we considered had the potential for the greatest impact on the significant accounts in the financial statements either because of the size of these accounts or their risk profile. The reporting components where we performed audit procedures accounted for 99% (2019: 97%) of the Group’s PBT adjusted for exceptional items and unrealised FX loss measure used to calculate materiality, 97% (2019: 95%) of the Group’s Revenue and 96% (2019: 95%) of the Group’s Total Assets. For the current year, the full scope components contributed 108% (2019: 98%) of the Group’s PBT adjusted for exceptional items and unrealised FX loss measure used to calculate materiality, 88% (2019: 83%) of the Group’s Revenue and 88% (2019: 35%) of the Group’s Total Assets. The specific scope components contributed -9% (2019: -1%) of the Group’s PBT adjusted for exceptional items and unrealised FX loss measure used to calculate materiality, 9% (2019: 9%) of the Group’s Revenue and 8% (2019: 60%) of the Group’s Total assets. The audit scope of these components may not have included testing of all significant accounts of the component but will have contributed to the coverage of significant accounts tested for the Group. Of the remaining 32 components that together represent 1% of the Group’s PBT adjusted for exceptional items and unrealised FX loss, none are individually greater than 5% of the Group’s PBT adjusted for exceptional items and unrealised FX loss, we performed specified procedures over certain aspects of operating costs for one component and we have also performed other procedures, including analytical review, testing of consolidation journals, intercompany eliminations and foreign currency translation recalculations to respond to any potential risks of material misstatement to the Group financial statements. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 139 139 The charts below illustrate the coverage obtained from the work performed by our audit teams. Adjusted PBT 108% Full scope components (9%) Specific scope components 1% Other procedures Revenue Total assets 88% Full scope components 9% Specific scope components 3% Other procedures 88% Full scope components 8% Specific scope components 4% Other procedures Changes from the prior year Goodwill and Intangible Assets, which are audited in totality, are considered to contribute to the ‘Full Scope’ coverage in the current year. In the prior year, these were proportionally distributed to entities for calculating coverage. The Group has been undergoing a group simplification exercise, including merging and liquidating entities and transfers of trade to centralised entities. Our total full scope locations are consistent with the prior year. Our total number of specific scope components is reduced from 7 in the prior year to 6 in the current year. We believe our overall coverage is comparable and continues to be appropriate for the risk of the business. Integrated team structure and involvement with component teams The overall audit strategy is determined by the senior statutory auditor. The senior statutory auditor is based in the UK; however, as Group management and many operations reside in the Czech Republic, the Group audit team (’integrated audit team’) includes members from both the UK and Czech Republic, including tax, IT and valuations professionals in both countries, as well as tax professionals in the Netherlands. The integrated audit team performs all audit procedures centrally on one audit file. Members of the Group audit team in both jurisdictions work together as an integrated team throughout the audit process. All audit work performed for the purposes of the 2020 annual report and accounts was undertaken by the integrated audit team. Impact of the COVID-19 pandemic: Due to the travel restrictions in place by the UK and Czech Republic governments, the senior statutory auditor has been unable to travel to the Czech Republic during the current audit cycle to visit members of the Group audit team. The members of the Group audit team in both jurisdictions work together as an integrated team throughout the audit process, facilitated by the EY Canvas cloud-based audit platform and all audit evidence being electronic in nature. The senior statutory auditor reviewed and approved key working papers consistently with how this process would have been performed previously. In order to mitigate the risk of working remotely during the current year audit, the senior statutory auditor held regular video conference calls with the Czech Republic and UK based members of the audit team to lead discussion of the audit approach and issues arising from the audit work, focussing his time on the significant risks and judgemental areas of the audit. There have been no new core members of the integrated audit team and the senior statutory auditor has held face-to-face meetings with all core team members previously. The performance of the year end audit remotely was supported through the use of EY Canvas for the secure and timely delivery of requested audit evidence from the Company to EY. Additionally, the senior statutory auditor held regular video conferences, in place of face to face meetings, to meet with Group financial management and other key personnel, including the CEO. The senior statutory auditor attended all 4 Audit Committee meetings throughout the year, all of which were hosted virtually. Overall oversight of the current year audit was further supported by there have been no changes in key members of the client management team from the previous years with whom in-person meetings were conducted previously by the senior statutory auditor and the integrated audit team. Based upon the above approach we are satisfied that the senior statutory auditor has been able to direct, supervise and review the audit. The onset of COVID-19 and the move to working from home across the UK and Czech Republic has not prevented the integrated audit team from performing its intended procedures. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report continuedIndependent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 Avast annual report 2020 140 140 140 Key audit matters Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified. These matters included those which had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in our opinion thereon, and we do not provide a separate opinion on these matters. Risk Risk of inappropriate revenue recognition 2020: $892.9m (2019: $871.1m) In particular, the risks are: 1) Licence revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manipulation of the licence term – Cut-off risk. 2) Licence, platform, and other revenue: Improper revenue recognition due to management’s incentive to accelerate earnings through manipulation of the timing of revenues through or due to an error. Misstatements that occur in relation to this risk would impact the revenue recognised in the income statement as well as deferred revenue. Revenue recognition is a key driver for the Group’s profitability which impacts management and employee bonuses and has an indirect impact on the value of share-based compensation paid to key management personnel. Therefore, we assess that overstatement of revenue presents a higher risk and a key audit matter. The overall risk of revenue recognition has remained consistent compared with the prior year. Refer to the Audit Committee report (page 97); Accounting policies (page 153); and Note 5 of the Consolidated Financial Statements (page 164). Our response to the risk We have reviewed and walked through the process over the approval and recognition of revenue across the Group. We have tested IT and Financial controls over revenue pertaining to one significant class of revenue transactions during the year. We have performed revenue transaction testing in order to ensure that revenue is recognised in line with the Group’s revenue recognition policy and IFRS 15 and has been appropriately recorded in the current year income statement and the balance sheet as appropriate. This was achieved by selecting a sample of transactions and: Performing testing to validate delivery of individual licence keys and correct cut-off through application of correct licence term; Obtaining evidence that the licence has been delivered to customers prior to revenue recognition; Reviewing standard End User Licence Agreement (‘EULA’) and Reseller contract terms for any conditions that would impact timing of revenue recognition and deferred revenue; Agreeing revenue transactions to customer reports to validate occurrence; and Tracing a sample of billings to cash received. We selected a risk-based sample of revenue journals and assessed the appropriateness of the journal by checking to supporting evidence and ensuring compliance with IFRS 15 and the Group’s revenue recognition policy. We performed an overall recalculation of deferred revenue with specific focus on the split of sales in a 1, 2 and 3 year period for appropriateness based upon contract terms, where 3 years is the maximum length of licence sold. We obtained customer confirmation of a selected sample of accounts receivable and unbilled revenue and performed alternative procedures where responses were not received. We sampled significant resellers to confirm contract terms and conditions to identify if a change in revenue recognition is required. We performed disaggregated analytical procedures over revenue on a monthly basis at a segment level to check for completeness. We performed full and specific scope audit procedures over this risk area in 3 locations, which covered 97% of the risk amount. For the remaining items we performed other analytical procedures. Key observations communicated to the Audit Committee As part of our procedures, we noted no indication of deliberate or other manipulation of licence terms or management override. Based on the results of the audit procedures performed, we conclude that the revenue recognised during the year, and deferred revenue as at 31 December 2020, are materially correct and appropriately disclosed in the Annual Report and Accounts. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 141 141 Risk Complexity of Taxes Income tax expense: $66.7m (2019: $65.7m) Deferred Tax Asset (‘DTA’): $197.1m, (2019: $203.8m) The overall risk of complexities of income and deferred tax has reduced compared to the prior year as management have not performed any one-off transactions in the current year. As such, our risk is specific to recoverability of the Deferred Tax Asset in the USA. This includes: 1) Management exercises significant judgement to determine the recoverability of deferred tax assets and have recovery periods in excess of 20 years. Refer to the Audit Committee Report (page 97); Accounting policies (page 153); and Note 13 of the Consolidated Financial Statements (page 168) Our response to the risk We obtained the Group’s tax consolidation and focused our detailed testing of the current and deferred income tax positions for 4 regions, including consolidation, and IFRS adjustments recorded by the Group. In addition, in order to respond to our risk, we: Engaged tax specialists including for the USA and the United Kingdom to support the team’s audit of complex areas, including accounting for tax on share options. Further, our specialists were consulted to independently assess the US tax jurisdiction assumptions in management’s Deferred Tax Asset assessment. Obtained and reviewed management’s deferred tax asset recoverability assessment paper and management’s expectations of recoverability. Audited management’s prospective financial information (PFI) to support the recoverability of the significant deferred tax assets. Challenged the underlying assumptions including: – applicability of US tax laws to deferred tax recoverability; – assessing against the Group’s historic forecasting accuracy; and – appropriateness of recoverability period by comparison to historic performance, Group and industry wide performance. Evaluated the adequacy and completeness of the disclosures provided by the Group in relation to tax balances and activity. We specifically noted management have disclosed the recoverability as a significant judgement and highlighted the length of recoverability in their judgement. In the prior year, our auditor’s report included the same Key Audit Matters as noted above. Key observations communicated to the Audit Committee We highlight that the recoverability of deferred tax assets for a period in excess of 20 years requires significant judgement; however, conclude this is supportable and appropriately disclosed. We conclude that the deferred income tax asset amount reported as at 31 December 2020 and for the year then ended are materially correct. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s report continuedIndependent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 Avast annual report 2020 142 142 142 Our application of materiality We apply the concept of materiality in planning and performing the audit, in evaluating the effect of identified misstatements on the audit and in forming our audit opinion. Materiality We determined materiality for the Group to be $17.4 million (2019: $15.0 million), which is 5% (2019: 5%) of the Group’s PBT adjusted for exceptional items and unrealised FX loss (on the Term Loan). We believe that PBT adjusted for exceptional items and unrealised FX loss provides us with the most relevant measure of underlying performance of the Group as it better reflects the future performance of the business and what users are most interested in. In the prior period, we did not adjust for unrealised FX gain/loss as this was immaterial. Further, in the prior year, we adjusted for ‘deferred revenue haircut’ adjustment, which is immaterial in the current year. We determined materiality for the Parent Company to be $32.0 million (2019: $32.0 million), which is 1% (2019: 1%) of total equity, which is greater than that of the Group as a result of its investment in Avast Holdings B.V. During the course of our audit, we reassessed initial materiality and included the unrealised FX loss on the Term Loan (as included above) as an additional adjustment following the significant volatility in EUR to USD exchange rates in H2 2020. This resulted in an overall materiality level largely consistent with that determined at planning ($16.0m). Performance materiality The application of materiality at the individual account or balance level. It is set at an amount to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality. On the basis of our risk assessments, together with our assessment of the Group’s overall control environment, our judgement was that performance materiality was set at 50% (2019: 50%) of our planning materiality, namely $8.7m (2019: $7.5m). We have set performance materiality at this percentage to ensure that the total uncorrected and undetected audit differences in all accounts did not exceed our materiality. Starting basis Adjustments Materiality Profit before tax: $236.3m Add back $49.9m exceptional items (as disclosed in Note 6 of the financial statements), unrealised FX loss from EUR tranch of bank loan of $62.1m (as disclosed in Note 11 of the financial statements). Totals $348.3m of PBT adjusted for exceptional items and unrealised FX loss Materiality of $17.4m (5% of PBT adjusted for exceptional items and unrealised FX loss) © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Audit work at component locations for the purpose of obtaining audit coverage over significant financial statement accounts is undertaken based on a percentage of total performance materiality. The performance materiality set for each component is based on the relative scale and risk of the component to the Group as a whole and our assessment of the risk of misstatement at that component. In the current year, the range of performance materiality allocated to components was $1.7m to $7.8m (2019: $1.5m to $6.7m). Reporting threshold An amount below which identified misstatements are considered as being clearly trivial. We agreed with the Audit Committee that we would report to them all uncorrected audit differences in excess of $0.87m (2019: $0.75m), which is set at 5% of planning materiality, as well as differences below that threshold that, in our view, warranted reporting on qualitative grounds. We evaluate any uncorrected misstatements against both the quantitative measures of materiality discussed above and in light of other relevant qualitative considerations in forming our opinion. Other information The other information comprises the information included in the annual report set out on pages 1-134, including Strategic Report and Governance Reports set out on pages 1 and 88 respectively, other than the financial statements and our auditor’s report thereon. The Directors are responsible for the other information contained within the annual report. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in this report, we do not express any form of assurance conclusion thereon. Independent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 143 143 Our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a material misstatement of the other information, we are required to report that fact. We have nothing to report in this regard. Opinions on other matters prescribed by the Companies Act 2006 In our opinion, the part of the Directors’ remuneration report to be audited has been properly prepared in accordance with the Companies Act 2006. In our opinion, based on the work undertaken in the course of the audit: The information given in the strategic report and the directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements and those reports have been prepared in accordance with applicable legal requirements; The information about internal control and risk management systems in relation to financial reporting processes and about share capital structures, given in compliance with rules 7.2.5 and 7.2.6 in the Disclosure Rules and Transparency Rules sourcebook made by the Financial Conduct Authority (the FCA Rules), is consistent with the financial statements and has been prepared in accordance with applicable legal requirements; and Information about the company’s Corporate Governance Statement and practices and about its administrative, management and supervisory bodies and their committees complies with rules 7.2.2, 7.2.3 and 7.2.7 of the FCA Rules. Matters on which we are required to report by exception In the light of the knowledge and understanding of the Group and the parent company and its environment obtained in the course of the audit, we have not identified material misstatements in: The strategic report or the directors’ report; or The information about internal control and risk management systems in relation to financial reporting processes and about share capital structures, given in compliance with rules 7.2.5 and 7.2.6 of the FCA Rules We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: Adequate accounting records have not been kept by the parent company, or returns adequate for our audit have not been received from branches not visited by us; or The parent company financial statements and the part of the Directors’ remuneration report to be audited are not in agreement with the accounting records and returns; or Certain disclosures of Directors’ remuneration specified by law are not made; or We have not received all the information and explanations we require for our audit; or A Corporate Governance Statement has not been prepared by the Company Corporate governance statement The Listing Rules require us to review the Directors’ statement in relation to going concern, longer-term viability and that part of the Corporate governance statement relating to the Group and Company’s compliance with the provisions of the UK Corporate Governance Code specified for our review. Based on the work undertaken as part of our audit, we have concluded that each of the following elements of the Corporate governance statement is materially consistent with the financial statements or our knowledge obtained during the audit: Directors’ statement with regards to the appropriateness of adopting the going concern basis of accounting and any material uncertainties identified set out on page 132; Directors’ explanation as to their assessment of the Company’s prospects, the period this assessment covers and why the period is appropriate set out on page 63; Directors’ statement on fair, balanced and understandable set out on page 134; Board’s confirmation that it has carried out a robust assessment of the emerging and principal risks set out on page 58; The section of the annual report that describes the review of effectiveness of risk management and internal control systems set out on page 101; and The section describing the work of the Audit Committee set out on page 97 © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report continuedIndependent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 Avast annual report 2020 144 144 144 Responsibilities of Directors As explained more fully in the Directors’ responsibilities statement (set out on page 133), the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group and parent company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or the parent company or to cease operations, or have no realistic alternative but to do so. Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. Explanation as to what extent the audit was considered capable of detecting irregularities, including fraud Irregularities, including fraud, are instances of non- compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect irregularities, including fraud. The risk of not detecting a material misstatement due to fraud is higher than the risk of not detecting one resulting from error, as fraud may involve deliberate concealment by, for example, forgery or intentional misrepresentations, or through collusion. The extent to which our procedures are capable of detecting irregularities, including fraud is detailed below. However, the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the Company and management. We obtained an understanding of the legal and regulatory frameworks that are applicable to the Group and determined that the most significant are: – Those that relate to the reporting framework (International Accounting Standards in conformity with the requirements of the Companies Act 2006 and International Financial Reporting Standards, FRS 102 ‘The Financial Reporting Standard applicable in the UK and Republic of Ireland’, Companies Act 2006, the UK Corporate Governance Code 2018, Disclosure Guidance and Transparency Rules of the Financial Conduct Authority and the Listing Rules of the Financial Conduct Authority). – Relevant tax compliance regulations in the jurisdictions in which the Group operates. – The General Data Protection Regulations (GDPR). – In addition, we concluded that there are certain laws and regulations that may have an effect on the determination of the amounts and disclosures in the financial statements; and – Laws and regulations relating to health and safety, employee matters, environment and bribery and corruption practices. We understood how Avast plc is complying with those frameworks by making enquiries of management, internal audit, those responsible for legal and compliance procedures and the Company Secretary. We corroborated our enquiries through our review of Board minutes and papers provided to the Audit and Risk Committee and correspondence received from regulatory bodies. We assessed the susceptibility of the Group’s financial statements to material misstatement, including how fraud might occur, by meeting with management within various parts of the business to understand where they consider there was susceptibility to fraud. We also considered performance targets and their influence on efforts made by management to manage earnings or influence the perceptions of analysts. We considered the programmes and controls that the Group has established to address risks identified, or that otherwise prevent, deter and detect fraud; and how senior management monitors those programmes and controls. Where the risk was considered to be higher, we performed audit procedures to address each identified fraud risk. These procedures included testing manual journals and review of accounting estimates and judgements and were designed to provide reasonable assurance that the financial statements were free from fraud or error. Based on this understanding we designed our audit procedures to identify non-compliance with such laws and regulations. Our procedures involved management enquiries, review of legal correspondence and journal entry testing. A further description of our responsibilities for the audit of the financial statements is located on the Financial Reporting Council’s website at https://www.frc.org.uk/ auditorsresponsibilities. This description forms part of our auditor’s report. © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 145 145 Other matters we are required to address We were appointed by the Company on 15 January 2021 to audit the financial statements for the year ending 31 December 2020 and subsequent financial periods. The period of total uninterrupted engagement including previous renewals and reappointments is 3 years, covering the years ending 31 December 2018 to 31 December 2020. The non-audit services prohibited by the FRC’s Ethical Standard were not provided to the Group or the parent company and we remain independent of the Group and the parent company in conducting the audit. The audit opinion is consistent with the additional report to the Audit Committee. Use of our report This report is made solely to the Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Company and the Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Marcus Butler (Senior statutory auditor) for and on behalf of Ernst & Young LLP, Statutory Auditor London 3 March 2021 © 2019 Friend Studio Ltd File name: Auditor_sXReport_v21 Modification Date: 2 March 2021 8:50 pm Independent Auditor’s report continuedIndependent Auditor’s Report continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 146 146 Consolidated financial statements Consolidated statement of profit and loss For the year-ended 31 December 2020 REVENUE Cost of revenues GROSS PROFIT Sales and marketing Research and development General and administrative Total operating costs OPERATING PROFIT Net gain on disposal of a business operation Interest income Interest expense Other finance income and expense (net) PROFIT BEFORE TAX Income tax PROFIT FOR THE FINANCIAL YEAR Attributable to: Equity holders of the parent Non-controlling interest (NCI) Earnings per share (EPS; in $ per share): Basic EPS Diluted EPS The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Note 5 8 9 16 11 11 11 13 34 14 14 Year-ended 31 December 2020 $M Year-ended 31 December 2019 $M 892.9 (196.0) 696.9 (134.7) (86.1) (140.7) (361.5) 335.4 – 0.4 (35.5) (64.0) 236.3 (66.7) 169.6 169.6 – 0.17 0.16 871.1 (210.7) 660.4 (132.0) (82.5) (101.3) (315.8) 344.6 17.5 1.5 (58.7) 9.7 314.6 (65.7) 248.9 248.7 0.2 0.26 0.24 Consolidated financial statements Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 147 147 Consolidated statement of comprehensive income For the year-ended 31 December 2020 Profit for the financial year Other comprehensive gains: Items that may be reclassified subsequently to profit or loss: – Translation differences Total other comprehensive gains Comprehensive income for the year Attributable to: Equity holders of the parent Non-controlling interest The accompanying notes form an integral part of these financial statements. Year-ended 31 December 2020 $M Year-ended 31 December 2019 $M 169.6 248.9 1.9 1.9 171.5 171.5 – 0.3 0.3 249.2 249.0 0.2 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 148 148 Consolidated financial statements continued Consolidated statement of financial position As at 31 December 2020 Company registered number: 07118170 ASSETS Current assets Cash and cash equivalents Trade and other receivables Capitalised contract costs Prepaid expenses Inventory Tax receivables Other financial assets Non-current assets Property, plant and equipment Right-of-use assets Intangible assets Deferred tax assets Other financial assets Capitalised contract costs Prepaid expenses Goodwill TOTAL ASSETS © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Note 31 December 2020 $M 31 December 2019 $M 17 18 19 13 20 21 22 13 19 23 175.4 63.0 35.0 10.3 – 5.2 0.3 289.2 41.2 56.4 127.7 197.1 0.8 2.8 0.5 1,991.3 2,417.8 2,707.0 216.6 78.9 33.3 13.6 0.4 22.0 1.2 366.0 42.9 62.6 193.3 203.8 0.8 4.4 0.8 1,991.3 2,499.9 2,865.9 Consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 149 149 Consolidated statement of financial position (continued) As at 31 December 2020 Company registered number: 07118170 SHAREHOLDERS’ EQUITY AND LIABILITIES Current liabilities Trade payables and other liabilities Lease liability Provisions Income tax liability Deferred revenue Term loan Financial liabilities Non-current liabilities Lease liability Provisions Deferred revenues Term loan Financial liability Other non-current liabilities Redemption obligation Deferred tax liabilities Shareholders’ equity Share capital Share premium, statutory and other reserves Translation differences Retained earnings Equity attributable to equity holders of the parent Non-controlling interest TOTAL SHAREHOLDERS’ EQUITY AND LIABILITIES These financial statements were approved by the Board of Directors on 2 March 2021 and signed on its behalf by: © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Note 31 December 2020 $M 31 December 2019 $M 24 21 25 13 26 27 21 25 26 27 29 13 31 31, 32 34 63.2 7.0 27.7 1.3 458.8 64.6 0.4 623.0 57.5 0.6 37.7 769.4 – 0.7 – 22.8 888.7 138.6 374.8 3.2 678.7 1,195.3 – 1,195.3 2,707.0 65.1 7.3 11.6 0.3 420.5 58.2 – 563.0 57.5 0.9 54.3 969.5 2.1 1.7 56.3 36.2 1,178.5 136.0 280.7 1.3 698.9 1,116.9 7.5 1,124.4 2,865.9 Philip Marshall Chief Financial Officer The accompanying notes form an integral part of these financial statements. Consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 150 150 Consolidated financial statements continued Consolidated statement of changes in shareholders’ equity For the year-ended 31 December 2020 Share capital $M Share premium, statutory and other reserves $M Translation differences $M Retained earnings $M Note Equity attributable to equity holders of the parent $M Non-controlling interests $M Total equity $M 129.0 275.9 – – – – – – – – 7.0 – – – – – (55.7) – 0.2 20.1 40.2 – 136.0 280.7 – – – – – – – – 2.6 – – – – – – – 55.7 (15.4) 21.8 32.0 – – 34 29 35 31 33 34 29 32 35 31 33 (0.3) – 0.3 0.3 – – – 1.3 – – – 1.3 – 1.9 1.9 – – – – – – – – 138.6 374.8 3.2 494.8 248.7 – 248.7 48.6 – 34.9 (1.1) – – (127.0) 698.9 169.6 – 169.6 0.9 (57.3) 0.6 15.4 – (0.6) 5.9 (154.7) 678.7 899.4 248.7 0.3 249.0 48.6 (55.7) 34.9 0.4 20.1 47.2 (127.0) 1,116.9 169.6 1.9 171.5 0.9 (57.3) 56.3 – 21.8 34.0 5.9 (154.7) 1,195.3 1.0 0.2 – 0.2 5.7 – – – 0.6 – – 7.5 – – – – (7.5) – – – – – – – 900.4 248.9 0.3 249.2 54.3 (55.7) 34.9 0.4 20.7 47.2 (127.0) 1,124.4 169.6 1.9 171.5 0.9 (64.8) 56.3 – 21.8 34.0 5.9 (154.7) 1,195.3 At 31 December 2018 Result of the year Other comprehensive income Comprehensive income for the year Transactions with NCI – Sale of interest Transactions with NCI – Recognition of put liability Share-based payments tax Other movements Share-based payments Issuance of shares under share-based payments plans Cash dividend At 31 December 2019 Result of the year Other comprehensive income Comprehensive income for the year Other movements Transactions with NCI – Purchase of interest Transactions with NCI – De-recognition of put liability Transfer of share-based payments to retained earnings Share-based payments Issuance of shares under share-based payments plans Share-based payments tax Cash dividend At 31 December 2020 The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 151 151 Consolidated statement of cash flows For the year-ended 31 December 2020 Cash flows from operating activities Profit for the financial year Non-cash adjustments to reconcile profit to net cash flows: Income tax Depreciation Amortisation Impairment Gain on disposal of a business operation Gain on disposal of property, plant and equipment Movement of provisions and allowances Interest income Interest expense, changes of fair values of derivatives and other non-cash financial expense Shares granted to employees Effect of exchange rate changes on cash and cash equivalents held in foreign currencies Unrealised foreign exchange gains and losses and other non-cash transactions Working capital adjustments: (Increase)/decrease in trade and other receivables (Increase)/decrease in inventories Increase/(decrease) in trade and other payables Increase in deferred revenues Income tax paid Net cash flows from operating activities © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Note Year-ended 31 December 2020 $M Year-ended 31 December 2019 $M 169.6 248.9 13 12 12 16 11 11 35 11 26 66.7 19.7 67.9 2.8 – – 14.5 (0.4) 29.7 21.9 (3.0) 72.0 14.7 0.8 2.4 29.2 (52.0) 456.5 65.7 18.9 91.1 – (17.5) (0.2) 5.9 (1.5) 59.6 20.7 (2.8) (13.8) (9.3) (1.1) (1.2) 39.9 (104.2) 399.1 Consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 152 152 Consolidated financial statements continued Consolidated statement of cash flows (continued) For the year-ended 31 December 2020 Cash flows from investing activities Acquisition of property and equipment Acquisition of intangible assets Investment in subsidiary, net of cash acquired Settlement of contingent consideration Proceeds from sale of a business operation, net of cash disposed Interest received Net cash used in investing activities Cash flows from financing activities Transaction with NCI, net of fees Exercise of options Dividend paid Repayment of borrowings Proceeds from borrowings Transaction costs related to borrowings Interest paid Lease payments interest Lease payments principal Net cash used in financing activities Net increase/(decrease) in cash and cash equivalents Effect of exchange rate changes on cash and cash equivalents held in foreign currencies Cash and cash equivalents at beginning of period Cash and cash equivalents at end of period The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Note Year-ended 31 December 2020 $M Year-ended 31 December 2019 $M 20 22 15 16 34 31 33 27 27 27 27 21 21 17 (12.4) (2.7) – (4.7) 3.0 0.4 (16.4) (64.8) 34.0 (154.7) (261.9) – – (27.5) (2.1) (7.2) (484.2) (44.2) 3.0 216.6 175.4 (26.3) (3.6) (14.8) (0.2) 26.7 1.5 (16.7) 54.3 47.2 (127.0) (562.9) 202.6 (0.9) (45.1) (2.3) (6.8) (440.9) (58.5) 2.8 272.3 216.6 Consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 153 153 1 General information Avast plc, together with its subsidiaries (collectively, ’Avast’, ’the Group’ or ’the Company’), is a leading global cybersecurity provider. Avast plc is a public limited company incorporated and domiciled in the UK, and registered under the laws of England & Wales under company number 07118170 with its registered address at 110 High Holborn, London WC1V 6JS. The ordinary shares of Avast plc are admitted to the premium listing segment of the Official List of the UK Financial Conduct Authority and trade on the London Stock Exchange plc’s main market for listed securities. 2 Significant accounting policies The accounting policies used in preparing the historical financial information are set out below. These accounting policies have been consistently applied in all material respects to all periods presented except for the changes described in Note 4. Basis of preparation The audited consolidated financial statements of the Group have been prepared in accordance with international accounting standards in conformity with the requirements of the Companies Act 2006 and international financial reporting standards adopted pursuant to Regulation (EC) No 1606/2002 as it applies in the European Union. The consolidated financial statements have been prepared on a historical cost basis and are presented in US dollars. All values are rounded to the nearest 0.1 million ($’m), except where otherwise indicated. Under section 408 of the Companies Act 2006, the parent company is exempt from the requirement to present its own profit and loss account. The Group uses the direct method of consolidation, under which the financial statements are translated directly into the presentation currency of the Group, the US dollar (USD). The consolidation of a subsidiary begins when the Group obtains control over the subsidiary, and continues to be consolidated until the date when such control ceases. All intra-group balances, transactions, unrealised gains and losses resulting from intra-group transactions and dividends are eliminated in full on consolidation. Going concern Due to the uncertainty arising from the COVID-19 pandemic, management has performed a detailed going concern review and analysis of the accounts and considers that the Group has adequate resources to continue business for the foreseeable future, and a period from the signing of the financial statements through 30 June 2022. Group’s financial covenants The Group’s Term Loan Credit Agreement includes a single financial covenant that is triggered at any time when $35m or more is outstanding under the revolving credit agreement for a period ending on 30 June or 31 December. The Group must maintain, on a consolidated basis, a leverage ratio (set as a ratio of Consolidated First Lien Net Debt to Consolidated EBITDA) less than 6.5x. This covenant is tested quarterly at such time as it is in effect. The Total Net First Lien Leverage Ratio remains materially lower than 6.5x during the period under review. The ratio was 1.4x at 31 December 2020 and there is no reason to believe that the Group would have any material risk against the ceiling of 6.5x. As of 31 December 2020, the $40m committed was undrawn under the revolving credit facility (see Note 27). Reverse stress testing To make the going concern assessment, the Directors have reviewed the latest budget and forecast through 30 June 2022, including the projected cash flows and other relevant information. The cash flow projections have been subject to reverse stress testing, which assessed the potential impact of an extreme scenario in which the Consumer Direct Desktop billings would decline drastically without any mitigating action taken by management. Even in such a scenario, which is considered remote, the Group has © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm more than sufficient headroom in its available resources to withstand the period from signing of the financial statements through 30 June 2022 and not to be in breach of the financial covenant. The Group would only run out of available cash in an extreme situation where practically no further Consumer Direct Desktop billings would be realised after March 2021, collections would stop, and no meaningful offsetting cost actions would be taken, whilst still paying dividends according to the current policy (i.e. 40% of Levered Free Cash Flow). Such a situation is considered very remote. Our business remains resilient because: Cash collection is strong and bad debt risk is limited as clients typically pay for service up front. The renewal rate remains steady in Consumer Direct Desktop. Flexible cost base – a significant portion of the Group’s costs are discretionary in nature. The work-from-home trend in the pandemic environment created an upswing in demand across the product portfolio, resulting in strong growth in paying customers (up 997,000 since the end of 2019). Our deferred revenue balance is growing (deferred revenue up +6.5% vs FY 2019, excluding Jumpshot) supporting attractive future revenue growth and good future revenue visibility. Deferred revenue balance as of 31 December 2020 of $496.5m includes $458.8m to be released into revenue in the following 12 months. Notes to the consolidated financial statements Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 154 154 Notes to the consolidated financial statements continued 2 Significant accounting policies (continued) We continuously monitor and invest into market needs. In FY 2020 Avast continued its strong investment in technology capability and innovation, and further enhanced the customer experience to support mid- term growth initiatives, and to keep up with the latest technology trends. The Directors continue to carefully monitor the impact of the COVID-19 pandemic on the operations of the Group and have a range of possible mitigating actions, which could be implemented in the event of a downturn of the business. On the basis of the above considerations, the Directors have a reasonable expectation that the Group will have adequate resources to continue in business for the foreseeable future and therefore continue to adopt the going concern basis in preparing the financial statements. Impact of COVID-19 on financial statements at 31 December 2020 In light of the impact of COVID-19, management have considered the impact on accounting policies, judgements and estimates. In particular, on the expected credit loss, where customers have been reviewed for potential increased level of risk. There has been no material specific impairment against the Group’s receivables recorded as of 31 December 2020. At 31 December 2020, the Group tested goodwill and intangible assets for impairment and considered uncertainty caused by COVID-19. No significant adjustment to Group’s accounting estimates has been deemed necessary, considering also the fact that the headroom of market capitalisation over net assets is significant. There is no reason to believe that impairment would be required. See Note 23 for further details of the impairment test. Revenue recognition Revenue is measured based on the fair value of consideration specified in the contract with a customer, and excludes taxes and duty. The Group recognises the revenue when it transfers control over a product and service to a customer. Each contract is evaluated to determine whether the Group is the principal in the revenue arrangements. Revenues from individual products and services are aggregated into the following categories: Consumer Direct The principal revenue stream of the Group is derived from the sale of its software and related services for desktop and mobile which protect users’ security, online privacy and device performance. Licence agreements with customers include a pre-defined subscription period during which the customer is entitled to the usage of the products, including updates of the software. The typical length of a subscription period is 1, 12, 24, or 36 months. Antivirus software requires frequent updates to keep the software current in order for it to be beneficial to the customer and the customer is therefore required to use the updated software during the licence period. This provides evidence that the licence grants the right to access the software over time and therefore revenue is recognised evenly over the term of the licence. The software licence, together with the unspecified updates, form a single distinct performance obligation. The Group mainly sells software licences through direct sales (mainly through e-commerce services providers including Digital River and the Group’s e-shop) to customers. However, the Group also sells a small portion through indirect sales via the Group’s retailers and resellers. Deferred revenue represents the contract liability arising from contracts with customers. The portion of deferred revenues that will be recognised as revenue in the 12 months following the balance sheet date is classified as current, and the remaining balance is classified as non-current. Deferred revenue also materially represents the transaction price, relating to sales of software licences, that is allocated to future performance obligations. Some of the Group’s products can be used on a one-time basis (VPN and Utilities), in which case sales are recognised immediately as revenue. The Group uses a practical expedient not to adjust the promised amount of consideration for the effects of a significant financing component if the Group expects, at contract inception, that the period between when the Group transfers a promised good or service to a customer and when the customer pays for that good or service will be one year or less. When the Group concludes that it has control over the provided product or service before that product or service is transferred to the customer, the Group acts as principal, and revenues for satisfying the performance obligations are recognised on a gross basis (before deduction of resellers’ commissions, payment provider fees and the third party costs). Otherwise revenues are recognised on a net basis. The Group accounts for sales of products through e-commerce partners on a gross basis before the deduction of the e-commerce partners’ commissions and fees. The Group’s e-commerce service providers fulfil administrative functions, such as collecting payment and remitting any required sales tax. The Group’s e-commerce service providers collect the fees and transfer cash payments to the Group on a monthly basis within 30 days after the end of the month with respect to which payment is being made. The Group sets the retail list prices and has control over the licences before transferring them to the customer. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 155 155 2 Significant accounting policies (continued) The Group also sells subscription software licences through an e-shop directly to end customers in cooperation with certain payment gateways providers. Revenue from sales through the e-shop are accounted for on a gross basis before the deduction of payment gateways fees. The Group sets the final retail prices and fully controls the revenue arrangement with the end customers. Location Labs, LLC (’Location Labs’) provides mobile security solutions that partner with Mobile Network Operators (MNOs) providing locator, phone controls and drive safe products to their customers. Once the product is developed by Avast based on the MNO’s requirements, the product is then sold to the end customer via the MNO’s subscription plans . The revenues generated by these arrangements are based on revenue share percentages as stated in the MNO agreements. Revenue is recognised on a net basis, after deduction of partners’ commissions, based on the delivery of monthly services to the end customers of the MNOs. Avast has no control of the product and no discretion to set the final prices. The Group reduces revenue for estimated sales returns. End users may return the Group’s products, subject to varying limitations, through resellers or to the Group directly for refund within a reasonably short period from the date of purchase. The Group estimates and records provisions for sales returns based on historical experience. The amount of such provisions is not material. Indirect Consumer indirect revenues arise from several products and distribution arrangements that represent the monetisation of the user base. These arrangements are accounted for on a net basis in an amount corresponding to the fee the Group receives from the monetisation arrangement. The contracted partner in the arrangement is the customer rather than the end customer. The most significant sources of revenues are: Google – The Group has two distribution arrangements with Google Ireland Limited (’Google’) pursuant to which the Group is paid fees in connection with the Group’s offers to users of Google Chrome or Google Toolbar. The Group recognises revenue from Google in full in the month they are earned as the Group has no subsequent performance obligations after the date of sale. Secure Browsing – The Group’s Secure browser earns the Group a share of advertising revenue generated by end user search activity. Revenue is recognised immediately as the Group has no performance obligation after the date of sale. Advertising – Other Consumer Indirect derived revenues comprise advertising fees and product fees. Advertising fees are earned through advertising arrangements the Group has with third parties whereby the third party is obligated to pay the Group a portion of the revenue they earn from advertisements to the Group’s end users. Amounts earned are reflected as revenue in the month the advertisement is delivered to the end user. The Group also receives product fees earned through arrangements with third parties, whereby the Group incorporates the content and functionality of the third party into the Group’s product offerings. Fees earned during a period are based on the number of active clients with the installed third-party content or functionality multiplied by the applicable client fee. Analytics – The Group offered big data and marketing analytics through its entity, Jumpshot Inc. (’Jumpshot’), generating mostly recurring subscription revenue. Subscriptions were recognised ratably over the subscription period covered by the contract. In January 2020, the Group made a decision to discontinue business of Jumpshot. Small and Medium-sized business (SMB) SMB includes subscription revenue targeted at small and medium-sized businesses. Revenue is generated through the sale of security software and other IT managed solutions (including CloudCare). CloudCare is a cloud-based security suite designed for SMBs and third party managed service providers who can use this tool to manage security on behalf of their clients. Licences are provided in conjunction with hosting services as the customers have no control over the software independently. The licence is not distinct and would be combined with the hosting service as a single performance obligation. The performance obligation is typically satisfied over the subscription term, beginning on the date that service is made available to the customer. Revenues from sales of CloudCare are recognised on a gross basis, before deduction of the payment gateways fees. Cost of revenues Expenses directly connected with the sale of products and the provision of services, e.g. commissions, payments and other fees and third party licence costs related to the subscription software licences, are recognised as cost of revenues. Capitalised contract costs The Group pays commissions, third party licence costs and payment fees to resellers and payment providers for selling the subscription software licences to end customers. Capitalised contract costs are amortised over the licence period and recognised in the cost of revenues. Capitalised contract costs are subject to an impairment assessment at the end of each reporting period. Impairment losses are recognised in profit or loss. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 156 156 Notes to the consolidated financial statements continued 2 Significant accounting policies (continued) Taxes Current income tax assets and liabilities recognised are the amount expected to be recovered from or paid to the taxation authorities. The tax rates and tax laws used to compute the amount are those that are enacted or substantively enacted at the reporting date in the country where the Group operates and generates taxable income. Deferred tax is recognised for all temporary differences, except: where the deferred tax arises from the initial recognition of goodwill or of an asset or liability in a transaction that is not a business combination and, at the time of the transaction, affects neither the accounting profit nor taxable profit or loss; and in respect of taxable temporary differences associated with investments in subsidiaries, associates and interests in joint ventures, where the timing of the reversal of the temporary differences can be controlled and it is probable that the temporary differences will not reverse in the foreseeable future. Deferred tax assets are recognised to the extent that it is probable that taxable profits will be available, whereby the deductible temporary differences and the carry forward of unused tax credits and unused tax losses, can be utilised. The carrying amount of deferred tax assets is reviewed at each reporting date and reduced to the extent that it is no longer probable that sufficient taxable profit will be available to allow all or part of the deferred tax asset to be utilised. Unrecognised deferred tax assets are reassessed at each reporting date and are recognised to the extent that it has become probable that future taxable profits will allow the deferred tax asset to be recovered. Deferred tax assets and liabilities are measured at the tax rates that are expected to apply in the year when the asset is realised or the liability is settled, based on tax rates (and tax laws) that have been enacted or substantively enacted at the reporting date for the respective tax jurisdiction. Deferred tax items are recognised with respect to the related underlying transaction either in other comprehensive income or directly in equity. Deferred tax assets and deferred tax liabilities are offset if a legally enforceable right exists to set off current tax assets against current income tax liabilities and the deferred taxes relate to the same taxable entity and the same taxation authority. Foreign currency translation The Group’s historical financial information is presented in US dollars (USD or $). The functional currencies of all Group entities are presented in the adjacent table. Each entity in the Group (including branch offices not representing incorporated entities) determines its own functional currency, and items included in the financial statements of each entity are measured using that functional currency. For the purposes of inclusion in the historical financial information, the statement of financial position of entities with non-USD functional currencies are translated into USD at the exchange rates prevailing at the balance sheet date and the income statements are translated at the average exchange rate for each month of the relevant year. The resulting net translation difference is recorded in other comprehensive income. The functional currencies of the Group’s main entities are as follows: Company or branch Avast plc Avast Holding B.V. Avast Software B.V. Avast Software s.r.o. Avast Software, Inc. Avast Deutschland GmbH AVG Technologies UK Limited AVG Technologies USA, LLC FileHippo s.r.o. INLOOPX s.r.o. Location Labs, LLC Piriform Group Limited Piriform Limited Piriform Software Limited Piriform, Inc. Privax Limited TrackOFF, Inc. Functional currency USD USD USD USD USD EUR GBP USD CZK EUR USD GBP GBP GBP USD USD USD Transactions in foreign currencies are initially recorded by the Group entities at their respective functional currency rates prevailing at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies are recalculated at the functional currency spot rate of exchange valid at the reporting date. All differences are recorded in the statement of profit and loss as finance income and expenses. Non-monetary items that are measured in terms of historical cost in a foreign currency are translated using the exchange rates at the dates of the initial transactions. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 157 157 2 Significant accounting policies (continued) Business combinations and goodwill Business combinations are accounted for using the acquisition method. The cost of an acquisition is measured as the aggregate of the consideration transferred measured at acquisition date fair value and the amount of any non- controlling interests in the acquiree. For each business combination, the Group elects whether to measure the non-controlling interests in the acquiree at fair value or at the proportionate share of the acquiree’s identifiable net assets. Acquisition-related costs are expensed as incurred and included in Administrative expenses. When the Group acquires a business, it assesses the financial assets and liabilities assumed for appropriate classification and designation in accordance with the contractual terms, economic circumstances and pertinent conditions as at the acquisition date. If the business combination is achieved in stages, any previously held equity interest is remeasured at its acquisition date fair value and any resulting gain or loss is recognised in profit or loss. It is then considered in the determination of goodwill. Any contingent consideration to be transferred will be recognised at fair value at the acquisition date. Contingent consideration is measured at fair value with changes in fair value recognised in profit or loss. Contingent consideration that is classified as equity is not remeasured and subsequent settlement is accounted for within equity. Goodwill is initially measured at cost, being the excess of the aggregate of the consideration transferred and the amount recognised for non-controlling interests, and any previous interest held, over the net identifiable assets acquired and liabilities assumed. If the fair value of the net assets acquired is in excess of the aggregate consideration transferred, the Group re-assesses whether it has correctly identified all of the assets acquired and all of the liabilities assumed and reviews the procedures used to measure the amounts to be recognised at the acquisition date. During the measurement period, which may be up to one year from the acquisition date, the Group may record adjustments to the assets acquired and liabilities assumed with the corresponding offset to goodwill. Upon the conclusion of the measurement period or final determination of the values of assets acquired or liabilities assumed, whichever comes first, any subsequent adjustments are recorded to the Consolidated Statement of Profit and Loss. After initial recognition, goodwill is measured at cost less any accumulated impairment losses. For the purpose of impairment testing, goodwill acquired in a business combination is, from the acquisition date, allocated to each of the Group’s cash-generating units that are expected to benefit from the combination, irrespective of whether other assets or liabilities of the acquiree are assigned to those units. Indefinite lived intangibles are not amortised but are tested for impairment annually and for impairment indicators on a quarterly basis. The assessment of indefinite life is reviewed annually to determine whether the indefinite life assumption continues to be appropriate. The useful economic lives of intangible assets are as follows: Developed technology Avast Trademark Piriform Trademark AVG Trademark Customer relationships and user base Other licensed intangible assets Years 4-5 Indefinite 10 6 4 3-5 Intangible assets Intangible assets acquired separately are measured on initial recognition at cost. The cost of intangible assets acquired in a business combination is their fair value as at the date of acquisition. Research and development costs Research costs are expensed when incurred when the criteria for capitalisation are not met. Development expenditures are recognised as an intangible asset when the Group can demonstrate: Intangible assets are carried at cost less accumulated amortisation and accumulated impairment losses. the technical feasibility of completing the intangible asset so that the asset will be available for use or sale; Intangible assets with finite lives are amortised over their useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period for an intangible asset with a finite useful life is reviewed at least at the end of each reporting period. The amortisation expense on intangible assets with finite lives is recognised in the Consolidated Statement of Profit and Loss in the expense category consistent with the function of the intangible assets. its intention to complete and its ability and intention to use or sell the asset; how the asset will generate future economic benefits; the availability of resources to complete the asset; and the ability to measure reliably the expenditure during development. Development expenditure incurred on minor or major upgrades, or other changes in software functionalities, does not satisfy the criteria, as the product is not substantially new in its design or functional characteristics. Such expenditure is therefore recognised as an expense in the Consolidated Statement of Profit or Loss as incurred. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 158 158 Notes to the consolidated financial statements continued 2 Significant accounting policies (continued) Goodwill Goodwill is assessed as having an indefinite useful life and is tested for impairment annually. Property, plant and equipment Property, plant and equipment are carried at cost less accumulated depreciation and accumulated impairment losses. Cost comprises the aggregate amount paid and the fair value of any other consideration given to acquire the asset and includes costs directly attributable to making the asset capable of operating as intended. Repairs and maintenance costs are charged to the Consolidated Statement of Profit and Loss for the accounting period during which they are incurred. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset, as follows: Leasehold improvements Machinery and equipment Years over the lease term 2-5 Gains or losses arising from the de-recognition of property, plant and equipment are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the Consolidated Statement of Profit and Loss when the asset is de-recognised. Impairment The Group assesses at each reporting date whether there is an indication that an asset may be impaired. If any indication exists, or when annual impairment testing for an asset is required, the Group estimates the asset’s recoverable amount. An asset’s recoverable amount is the higher of an asset’s or cash-generating unit’s (CGU) fair value less costs of disposal or its value in use and is determined for an individual asset, unless the asset does not generate cash inflows that are largely independent of those from other assets or groups of assets. Where the carrying amount of an asset or CGU exceeds its recoverable amount, the asset is considered impaired and is written down to its recoverable amount. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset. In determining fair value less costs of disposal, recent market transactions are taken into account, if available. If no such transactions can be identified, an appropriate valuation model is used. Impairment losses of continuing operations are recognised in the Consolidated Statement of Profit and Loss in those expense categories consistent with the function of the impaired asset. For assets excluding goodwill, an assessment is made at each reporting date as to whether there is any indication that previously recognised impairment losses may no longer exist or may have decreased. Any reversal of previously recognised impairment is limited so that the carrying amount of the asset does not exceed the lower of its recoverable amount or the carrying amount that would have been determined, net of depreciation, had no impairment loss been recognised for the asset in prior years. Such reversal is recognised in the Consolidated Statement of Profit and Loss. Goodwill and intangible assets with indefinite useful lives are tested for impairment annually as at 31 December at the operating segment level, which is the smallest group of CGUs to which the goodwill and intangible assets with indefinite useful life can be allocated. Goodwill is allocated to the groups of CGUs that correspond with operating segments (Consumer and SMB) according to the allocation from past business combinations – see Note 23. Intangible assets with indefinite useful lives are all allocated to the Group of CGUs that correspond to the Consumer operating segment. Leases The Group adopted IFRS 16 using the modified retrospective method of adoption with the date of initial application of 1 January 2019. Right-of-use assets were measured at the amount of the lease liability on adoption using the incremental borrowing rate at the date of initial application (adjusted for any prepaid or accrued lease expenses and assessed for impairment). The weighted average discount rate was 3.3%. For any new contracts entered into on or after 1 January 2019, the Group considers whether a contract is, or contains a lease. That is, if the contract conveys the right to control the use of an identified asset for a period of time in exchange for consideration. On transition to IFRS 16, the Group elected to apply the practical expedient to grandfather the assessment of which transactions are leases. The Group applied IFRS 16 only to contracts that were previously identified as leases. Therefore, the definition of a lease under IFRS 16 was applied only to contracts entered into on or after 1 January 2019. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 159 159 2 Significant accounting policies (continued) The Group applies a recognition exemption for lease contracts that, at the commencement date, have a lease term of 12 months or less and do not contain a purchase option (‘short-term leases’), and lease contracts for which the underlying asset is of low value (‘low-value assets’). Short-term lease payments are recognised as operating expenses in the Consolidated Statement of Profit and Loss on a straight-line basis over the lease term. Right-of-use assets The Group recognises right-of-use assets at the commencement date of the lease. Right-of-use assets are measured at cost, less any accumulated depreciation and impairment losses, and are subsequently adjusted (where appropriate) for any remeasurement of lease liabilities. The cost of right-of-use assets includes the amount of lease liabilities recognised, initial direct costs incurred, and lease payments made at or before the commencement date less any lease incentives received. The right-of-use asset is depreciated on a straight-line basis over the lease term or, if it is shorter, over the useful life of the leased asset. The Group currently applies the lease term for depreciation of all right-of-use assets (see Note 21). Related expenses are presented within depreciation, allocated to general and administrative expenses. The Group also assesses the right-of-use asset for impairment when such indicators exist. Lease liabilities At the commencement date of the lease, the Group recognises lease liabilities measured at the present value of lease payments to be made over the lease term. The lease payments include fixed payments less any lease incentives receivable, variable lease payments that depend on an index or a rate and lease payments within extension option periods for which the Group considers it likely that the extension option will be utilised. In calculating the present value of lease payments, the Group uses the incremental borrowing rate at the lease commencement date because the interest rate implicit in the lease is not readily determinable. The amount of lease liabilities is increased to reflect the accretion of interest and reduced for the lease payments made. Lease interest is presented within Interest expenses. In addition, the carrying amount of lease liabilities is re- measured if there is a reassessment of the lease term (using a revised discount rate at the date of the reassessment) or a change in the variable lease payments that depend on an index or rate (using the original discount rate). In such cases, there is a corresponding adjustment to the right-of-use asset. Employee stock option plans Employees of the Group receive remuneration in the form of share-based payment transactions whereby employees render services as consideration for equity instruments (equity-settled transactions). Equity-settled transactions The cost of equity-settled transactions is determined based on the fair value of the share-based payment award at the date when the grant is made, taking into account the market and non-vesting conditions, using an appropriate valuation model. Non-market vesting conditions are not taken into account in determining the fair value of the award. The cost is recognised, together with a corresponding increase in other capital reserves in equity, over the period in which the performance or service conditions are fulfilled. The cumulative expense recognised for equity-settled transactions at each reporting date until the vesting date reflects the extent to which the vesting period has expired and the Group’s best estimate of the number of equity instruments that will ultimately vest. The Consolidated Statement of Profit and Loss expense or credit for a period represents the movement in cumulative expense recognised as at the beginning and end of that period and is recognised in compensation expense. No expense is recognised for awards that do not ultimately vest, except for equity-settled transactions where vesting is conditional upon a market or non-vesting condition, which are treated as vesting irrespective of whether or not the market or non-vesting condition is satisfied, provided that all other performance and/or service conditions are satisfied. When the terms of an equity-settled transaction are modified, where the modification increases the total fair value of the share-based payment transaction, or is otherwise beneficial to the employee as measured at the date of modification, additional expense is recognised. When an equity-settled award is cancelled other than by forfeiture, it is treated as if it vested on the date of cancellation, and any expense not yet recognised for the award is recognised immediately. This includes any award where non-vesting conditions within the control of either the entity or the employee are not met. However, if a new award is substituted for the cancelled award, and designated as a replacement award on the date that it is granted, the cancelled and new awards are treated as if they were a modification of the original award. The dilutive effect of outstanding options is reflected in the computation of diluted earnings per share. Payments for settlement of equity-settled awards are taken to equity up to the fair value of the award at the time of settlement (with any excess recognised in profit or loss). Deferred tax assets are recognised in connection with a granted stock option in the amount of the expected tax deduction available on exercise, measured using the share price at the end of the period and multiplied by the expired portion of the vesting period. The cumulative related tax benefit is recognised in profit and loss to the extent of the tax rate applied to the cumulative recognised share-based payments expense, with the excess (if any) recognised directly through equity. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 160 160 Notes to the consolidated financial statements continued 2 Significant accounting policies (continued) Employee benefits Pension obligations Contributions are made to the government health, retirement benefit and unemployment plans at statutory rates applicable during the period and are based on gross salary payments. The arrangements of the government health, retirement benefit and unemployment plans qualify as defined contribution plans. The Group has no further payment obligations once the contributions have been paid. The expense for the contributions is charged to profit and loss in the same period as the related salary expense. As a benefit for employees, the Group also makes contributions to defined contribution schemes operated by external (third-party) pension companies. These contributions are charged to profit and loss in the period to which the contributions relate. Defined contribution plans The Group maintains a defined contribution 401(k) retirement savings plan for its US employees. Each participant in the 401(k) retirement savings plan may elect to contribute a percentage of his or her annual compensation up to a specified maximum amount allowed under US Internal Revenue Service regulations. The Group matches employee contributions to a maximum of 4% of the participant annual compensation. Redundancy and termination benefits Redundancy and termination benefits are payable when employment is terminated before the normal retirement or contract expiry date. The Group recognises redundancy and termination benefits when it is demonstrably committed to have terminated the employment of current employees according to a detailed formal plan without possibility of withdrawal. Benefits falling due more than 12 months after the balance sheet date are discounted to present value. There are currently no redundancy and termination benefits falling due more than 12 months after the balance sheet date. Key management personnel The Group discloses the total remuneration of key management personnel (KMP) as required by IAS 24 – Related party disclosures. The Group includes within KMP all individuals who have authority and responsibility for planning, directing and controlling the activities of the Group. KMP includes all members of the Board and the Executive Management team of the Group. Other related parties include family members if applicable. See Note 36 for more details. Financial instruments Financial assets and liabilities are recognised on the Group’s Consolidated Statement of Financial Position when the Group becomes a contractual party to the instrument. When financial instruments are recognised initially, they are measured at fair value, which is the transaction price plus, in the case of financial assets and financial liabilities not measured at fair value through profit and loss, directly attributable transaction costs. All assets and liabilities for which fair value is measured or disclosed in the financial statements are categorised within the fair value hierarchy, described as follows, based on the lowest level input that is significant to the fair value measurement as a whole: Level 1 – Quoted (unadjusted) market prices in active markets for identical assets or liabilities; Level 2 – Valuation techniques for which the lowest level input that is significant to the fair value measurement is directly or indirectly observable; and Level 3 – Valuation techniques for which the lowest level input that is significant to the fair value measurement is unobservable. Trade and other receivables Trade receivables are at initial recognition recorded at the original invoice amount, including value-added tax and other sales taxes. At subsequent reporting dates, the carrying amount is decreased by the expected lifetime loss allowance attributable to the receivable or group of receivables based on a credit assessment of the counterparty or estimate for relevant group of receivables respectively. The Group uses the expected credit loss model for impairment of receivables. The Group applies practical expedients when measuring the expected credit loss. The Group applies a simplified approach and recognises expected lifetime loss allowances for trade receivables and contract assets. The expected lifetime loss is calculated using the provision matrix, which assigns provision rates to classes of receivables based on the number of days they are overdue, based on the Group’s historical credit loss experience adjusted for forward-looking development. The classes of receivables are stratified by types of customer and by operating segments between the Consumer and SMB receivables. Bad debts are written off in the period in which they are determined to be completely irrecoverable. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 161 161 2 Significant accounting policies (continued) Cash and cash equivalents For the purpose of the Consolidated Statement of Cash Flows, cash and cash equivalents consist of cash at bank, cash in hand and short-term deposits with an original maturity of three months or less. The Group´s Consolidated Statement of Cash Flows is prepared based on the indirect method from the Consolidated Statement of Financial Position and Consolidated Statement of Profit and Loss. Pledged or restricted assets Financial assets transferred to third parties as collateral, assets that are pledged and assets as to which the Group has otherwise restricted dispositions are classified as other long-term receivables, if the period until which the restriction ends or return of the assets in question will take place is more than 12 months from the balance sheet date. Trade payables and other liabilities Trade payables and other liabilities are recognised at their amortised cost which is deemed to be materially the same as the fair value. Loans Loans are initially recognised at their fair value net of transaction costs and subsequently measured at amortised cost using the effective interest method. The effective interest rate is the rate that exactly discounts the estimated future cash payments or receipts over the expected life of the financial instrument or a shorter period, where appropriate, to the net carrying amount of the financial liability. Derivative financial instruments Derivatives are initially recognised at fair value at the date a derivative contract is entered into and are subsequently remeasured at fair value at the end of each reporting period. The resulting gain or loss is recognised in profit and loss immediately. A derivative embedded within a host contract containing a financial asset host is not accounted for separately. The financial asset host together with the embedded derivative is required to be classified in its entirety as a financial asset at fair value through profit or loss. De-recognition of financial instruments A financial asset or liability is generally de-recognised when the contract that gives right to it is settled, sold, cancelled, or expires. When an existing financial liability is replaced by another from the same lender on substantially different terms, or the terms of an existing liability are substantially modified, such an exchange or modification is treated as a de-recognition of the original liability and the recognition of a new liability, and the difference in the respective carrying amounts is recognised in the Consolidated Statement of Profit and Loss. Provisions Provisions are recognised when the Group has a present obligation (legal or constructive) as a result of a past event, it is probable that an outflow of resources embodying economic benefits will be required to settle the obligation and a reliable estimate can be made of the amount of the obligation. Onerous contracts If the Group has a contract that is onerous, the present obligation under the contract is recognised and measured as a provision. However, before a separate provision for an onerous contract is established, the Group recognises any impairment loss that has occurred on assets dedicated to that contract. An onerous contract is a contract under which the unavoidable costs (i.e., the costs that the Group cannot avoid because it has the contract) of meeting the obligations under the contract exceed the economic benefits expected to be received under it. The unavoidable costs under a contract reflect the least net cost of exiting from the contract, which is the lower of the cost of fulfilling it and any compensation or penalties arising from failure to fulfil it. Interest income and expense Interest income consists of interest income on deposits. Interest expense consists of interest expense on term loans, including amortisation of arrangement fees, and interest expense on leases. Other finance income and expense Other financial income and expenses consist of realised and unrealised foreign exchange gains and losses, changes in fair value of derivatives, unwinding of discounts on non-current provisions and other liabilities discounted to net present value and other financial expenses. Exceptional items Exceptional items are material or non-recurring items of income and expense which the Group believes should be separately disclosed to show the business performance of the Group more accurately. Such items are separately disclosed in the notes to the consolidated financial statements. Examples of such items include legal and advisory costs related to acquisition, disposals, integration, costs incurred due to discontinuation of business and COVID-19 donations. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 162 162 Notes to the consolidated financial statements continued 3 Significant accounting judgements, estimates and assumptions Significant judgements Leases – Extension options When the Group has the option to extend a lease, management uses its judgement to determine whether or not an option would be reasonably certain to be exercised. The Group has the option, under some of its leases, to lease the assets for additional terms of up to ten years. The Group applies judgement in evaluating whether it is reasonably certain to exercise the option to renew and therefore considers all relevant factors, including long-term business strategy, conditions of the lease, availability of alternative options and potential relocation costs, for it to exercise the renewal. Potential future cash outflows of $7.4m have not been included in the lease liability because it is not reasonably certain that the lease will be extended (or not terminated). There were no changes to the extension options for the year ended 31 December 2020. Impairment testing Significant management judgement and estimates are required to determine the individual cash generating units (CGUs) of the Group, the allocation of assets to these CGUs and the determination of the value in use or fair value less cost to sell of these CGUs. Management has concluded that the operating segments used for segment reporting represents the lowest level within the Group at which the goodwill is monitored. Therefore, the operating segments correspond to groups of CGUs at which goodwill is tested for impairment. Loans The terms of the Credit Agreement offer the Company significant flexibility, allowing it to prepay, reprice, refinance, substitute, or replace any drawn loans without penalty (except within a six-month period following issue or a repricing, a term intended to provide a degree of protection to the lenders’ income). The terms also provide for the Company to be able to request a reduction in the interest rate margin payable. Although any such reduction would, as a matter of form, be made through re-negotiation, the agreement was drawn up on the understanding by both the Company and the lenders that the Company would routinely make such requests where it was supported by appropriate evidence (that market perception of the credit risk of the Company had improved) and that such requests would generally be granted (as has been the experience since 2017). If not granted the Company would be able to obtain replacement financing at the reduced market price, repay the original loan at par and the lenders would lose their income stream. Consequently, management’s judgement is that the term loan is in substance a floating rate loan for which the interest margin is reset every six months to the market rate, provided it is favourable to the Company. The reduction in margin is accounted for as a change in effective interest rate prospectively from the moment the change in estimate takes place rather than by treating it as a modification of terms. Significant estimates Deferred tax Deferred tax assets are recognised for unused tax losses to the extent that it is probable that taxable profit will be available against which the losses can be utilised. Significant management judgement is required to determine the amount of deferred tax assets that can be recognised, based upon the likely timing and the level of future taxable profits. The Group recognises substantial deferred tax assets from unused tax losses in its US-based subsidiaries excluding Jumpshot Inc. (see Note 13). The management assesses that these deferred tax assets are recoverable, with key elements of judgement being the fact that US tax losses carry over indefinitely, and the significant business presence of the Group in the US market give the Group the ability to generate sufficient taxable profit for the foreseeable future. Based on expectations of future profitability, management expects to recover the deferred tax asset over approximately a 25-year time frame. The recovery period is sensitive to the level of profitability of the underlying business; however, there are no significant assumptions that would impact our expectation of recovery. The Group also recognises substantial deferred tax assets from the 2018 transfer of intellectual property to the Czech Republic, which is being recovered linearly over a 15-year period. The management assesses that this deferred tax asset is recoverable, with key elements of judgement being that the major portion of the Group’s profit is generated in the Group’s Czech entity and this structure is expected to remain for the foreseeable future . Provisions The amount recognised as a provision is the best estimate of the consideration required to settle the present obligation at the balance sheet date, taking into account the risks and uncertainties surrounding the obligation. Other provisions relate to a small number of contractual disputes. The management has provided the best estimate of the provisions, based on the legal advice. Refer to Note 25 for further details. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 163 163 4 Application of new and revised IFRS standards New and adopted standards IFRS 3 Business Combinations (Amendments) The IASB issued amendments in Definition of a business (Amendments to IFRS 3) aimed at resolving the difficulties that arise when an entity determines whether it has acquired a business or a group of assets. The Amendments are effective for business combinations for which the acquisition date is in the first annual reporting period beginning on or after 1 January 2020 and to asset acquisitions that occur on or after the beginning of that period, with earlier application permitted. These amendments had no impact on the consolidated financial statements of the Group, but may impact future periods should the Group enter into any business combinations. IAS 1 Presentation of Financial Statements and IAS 8 Accounting Policies, Changes in Accounting Estimates and Errors: Definition of ‘material’ (Amendments) The Amendments are effective for annual periods beginning on or after 1 January 2020 with earlier application permitted. The Amendments clarify the definition of material and how it should be applied. The new definition states that, ’Information is material if omitting, misstating or obscuring it could reasonably be expected to influence decisions that the primary users of general purpose financial statements make on the basis of those financial statements, which provide financial information about a specific reporting entity’. In addition, the explanations accompanying the definition have been improved. These amendments had no impact on the consolidated financial statements of, nor is there expected to be any future impact to, the Group. Standards issued but not yet effective and not early adopted Amendments to IAS 1: Classification of Liabilities as Current or Non-current In January 2020, the IASB issued amendments to paragraphs 69 to 76 of IAS 1 to specify the requirements for classifying liabilities as current or non-current. The amendments clarify: What is meant by a right to defer settlement That a right to defer must exist at the end of the reporting period That classification is unaffected by the likelihood that an entity will exercise its deferral right That only if an embedded derivative in a convertible liability is itself an equity instrument would the terms of a liability not impact its classification The amendments are effective for annual reporting periods beginning on or after 1 January 2023 and must be applied retrospectively. In the year of initial application of the IAS 1 amendment, the term loan will be reported as current since both facilities are repayable in full in September 2023 (see Note 27). Interest Rate Benchmark Reform – Phase 2 – Amendments to IFRS 9, IAS 39, IFRS 7, IFRS 4 & IFRS 16 The amendments provide temporary reliefs which address the financial reporting effects when an interbank offered rate (IBOR) is replaced with an alternative nearly risk-free interest rate (RFR). In particular, the amendments provide for a practical expedient when accounting for changes in the basis for determining the contractual cash flows of financial assets and liabilities, to require the effective interest rate to be adjusted, equivalent to a movement in a market rate of interest. The amendment is effective for annual reporting periods beginning on or after 1 January 2021 with earlier adoption permitted. The Group is currently assessing the impact the amendments will have on current credit agreement. There are other new and revised standards that are not yet effective and not early adopted which are not relevant to the Group: IFRS 17 Insurance Contracts – effective on 1 January 2021 IFRS 3 Business Combinations – effective on 1 January 2022 IAS 16 Property, Plant and Equipment – effective on or 1 January 2022 IAS 37 Provisions, Contingent Liabilities and Contingent Assets – effective on 1 January 2022 Annual Improvements 2018-2020 (Amendment) – effective on 1 January 2022 The Group does not currently plan to adopt early any of the new standards issued but not effective as discussed above. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 164 164 Notes to the consolidated financial statements continued The Group evaluates the performance of its segments based primarily on Billing, Revenue and Operating profit. Billings are not defined or recognised under IFRS and considered as a non-IFRS financial measure used to evaluate current business performance. Certain costs that are not directly applicable to the segments are identified as ’Corporate Overhead’ costs and represent general corporate costs that are applicable to the consolidated Group. In addition, costs relating to share-based payments and exceptional items are not allocated to the segments since these costs are not directly applicable to the segments, and therefore not included in the evaluation of performance of the segments. The following tables present summarised information by segment: For the year ended 31 December 2020 ($’m) Billings Deferral of revenue Segment revenue Segment cost of revenues Segment sales and marketing costs Segment research and development costs Segment general and administrative costs Total Segment operating profit Corporate overhead Deferred revenue haircut reversal Depreciation and amortisation Exceptional items Share-based payments Employer’s taxes on share-based payments Consolidated operating profit Consumer 873.6 (28.8) 844.8 (81.1) (84.3) (49.2) (1.2) 629.0 SMB 48.4 (0.3) 48.1 (5.8) (17.5) (3.5) 0.2 21.5 Total 922.0 (29.1) 892.9 (86.9) (101.8) (52.7) (1.0) 650.5 (154.9) – (87.6) (49.9) (21.9) (0.8) 335.4 5 Segment information and other disclosures Management monitors operating results in two customer segments: consumer products (which generate direct and indirect revenue streams) and products for the SMB market. For management reporting purposes, the operating and reportable segments are determined to be Consumer and Small and Medium-sized Business (SMB). This is the level on which the Chief Operating Decision Maker decides about the allocation of the Group’s resources. The principal products and services offered by each segment are summarised below: Consumer –The Group’s consumer products include direct revenue streams through its offerings for desktop security and mobile device protection and consist of free and premium paid products for the individual consumer market. The Group also has several value-added solutions for performance, privacy, and other tools. The Group also focuses on monetising the user base indirectly by leveraging its user base to partner with third-party vendors. Products and services include secure web browsing, distribution of third-party software, an e-commerce tool, and mobile advertising. SMB – The Group’s SMB segment focuses on delivering high-level security and protection solutions for small and medium sized business customers. Billings is one of the important metrics used to evaluate and manage operating segments. Billings represent the full value of products and services being delivered under subscription and other agreements and include sales to new end customers plus renewals and additional sales to existing end customers. Under the subscription model, end customers pay the Group for the entire amount of the subscription in cash upfront upon initial delivery of the applicable products. The invoicing timing may slightly vary through the year with immaterial impact, as part of our usual renewal offers testing. Although the cash is paid up front, under IFRS subscription revenue is deferred and recognised ratably over the life of the subscription agreement, whereas non-subscription revenue is typically recognised immediately. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 165 165 5 Segment information and other disclosures (continued) For the year ended 31 December 2019 ($’m) Billings Deferral of revenue Revenues Deferred revenue haircut reversal Segment revenue Segment cost of revenues Segment sales and marketing costs Segment research and development costs Segment general and administrative costs Total Segment operating profit Corporate overhead Deferred revenue haircut reversal Depreciation and amortisation Exceptional items Share-based payments Employer’s taxes on share-based payments Consolidated operating profit Consumer 865.1 (42.2) 822.9 0.8 823.7 (84.7) (78.7) (57.7) (5.4) 597.2 SMB 45.9 2.3 48.2 1.0 49.2 (5.3) (18.9) (4.7) 3.1 23.4 The following table presents depreciation and amortisation by segment: ($’m) Consumer SMB Corporate overhead Total depreciation and amortisation Year–ended 31 December 2020 Year–ended 31 December 2019 67.4 0.1 20.1 87.6 91.6 0.2 18.2 110.0 The following table presents further disaggregation of revenue: ($’m) Consumer Direct Desktop Consumer Direct Mobile Consumer Indirect* SMB Other Total Year–ended 31 December 2020 Year–ended 31 December 2019 699.7 72.1 67.9 48.0 5.2 892.9 631.1 75.4 70.4 49.2 45.0 871.1 Total 911.0 (39.9) 871.1 1.8 872.9 (90.0) (97.6) (62.4) (2.3) 620.6 (137.5) (1.8) (110.0) (1.8) (20.7) (4.2) 344.6 Corporate overhead costs primarily include the costs of the Group’s IT, Technology (R&D), HR, Finance and Central Marketing functions, legal and office related costs, which are not allocated to the individual segments. * For the year ended 31 December 2020 and 2019, revenues of Jumpshot of $1m and $36.1m, respectively, were reclassified into Other. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 166 166 Notes to the consolidated financial statements continued Revenues from relationships with certain third parties exceeding 10% of the Group’s total revenues were as follows: Year–ended 31 December 2020 Year–ended 31 December 2019 ($’m) (in %) ($’m) (in %) Revenues realised through online resellers: Digital River 620.1 69.5% 521.8 59.9% In 2020 and 2019, revenues realised through Digital River significantly increased by $98.3m and $151.7m, respectively, due to the continuing transfer of part of the business from in-house payment processing to the external vendor. The majority of revenues from Digital River were reported in the Consumer segment, while the remaining $22.5m (2019: $12.0m) of revenues were reported in the SMB segment. 6 Exceptional items The following table presents the exceptional items by activity: ($’m) Year–ended 31 December 2020 Year–ended 31 December 2019 Exceptional items in operating profit 49.9 1.8 Net gain on disposal of business operation – 17.5 Exceptional items in operating profit During the year, the Group incurred $25.4m in relation to the winding down of the operations of Jumpshot. These costs were primarily cash items consisting of restructuring personnel costs, legal fees, refunds to the customer and Ascential exit costs (Note 34). The non-cash items included gain from release of deferred revenue of $7.6m which was offset by impairment of fixed assets and right-of-use assets of $3.1m and creation of bad debt provision and write-offs of account receivables and other assets of $4.5m. These exceptional items have been treated as tax non-deductible and all have been included in the cash flows from operating activities. In addition, Avast donated $25m to accelerate global R&D programs to help combat COVID-19. Total donations were included in the net cash flows from operating activities and the related tax impact has been included in the tax adjusting items ($4.7m). Net gain on disposal of a business operation On 30 January 2019, the Group sold all activities of Managed Workplace business recognising a gain of $17.5m as an exceptional item (Note 16). Proceeds from this transaction, net of cash sold, have been included in cash flows from investing activities. 5 Segment information and other disclosures (continued) The following table presents the Group´s non-current assets, net of accumulated depreciation and amortisation, by country. Non-current assets for this purpose consist of property and equipment, right-of-use assets and intangible assets. Czech Republic UK USA Other countries* Total 31 December 2020 31 December 2019 ($’m) 193.7 13.9 12.9 (in %) 86.0% 6.1% 5.7% ($’m) 257.7 20.9 16.1 (in %) 86.2% 7.0% 5.4% 4.8 2.2% 4.1 1.4% 225.3 100.0% 298.8 100.0% * No individual country represented more than 5% of the respective totals. The following table presents revenue attributed to countries based on the location of the end user: Year–ended 31 December 2020 Year–ended 31 December 2019 ($’m) 349.0 81.6 69.2 60.1 332.9 892.9 (in %) ($’m) 39.1% 358.9 9.1% 7.8% 6.7% 75.8 66.2 56.6 (in %) 41.2% 8.7% 7.6% 6.5% 37.3% 100% 313.6 871.1 36.0% 100% USA UK France Germany Other countries* Total * No individual country represented more than 5% of the respective totals. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 167 167 9 Operating costs Operating costs are internally monitored by function; their allocation by nature is as follows: ($ ’m) Depreciation Amortisation Personnel expenses Purchases of services from third party vendors Gifts and charities Other operating expenses Impairment Total Year–ended 31 December 2020 Year–ended 31 December 2019 11.3 2.0 11.7 1.2 191.2 180.1 128.3 27.8 0.4 0.5 116.5 5.0 1.3 – 361.5 315.8 Purchases of services from third party vendors include legal and outsourced services, advertising, paid search and other services. 7 Auditor’s remuneration The Group paid the following amounts to its auditors in respect of the audit of the financial statements and for other non-audit services provided to the Group. ($ ’m) Audit of the financial statements Audit of the financial statements of subsidiaries Total audit fees Other assurance services Corporate finance services Tax services Total non-audit fees Total fees Year–ended 31 December 2020 Year–ended 31 December 2019 0.9 0.2 1.1 0.1 – – 0.1 1.2 0.9 0.2 1.1 0.1 – – 0.1 1.2 8 Cost of revenues Cost of revenues consist of the following: ($ ’m) Amortisation Depreciation Personnel costs of product support and virus updates Digital content distribution costs Third party licence costs Other product support and virus update costs Commissions, payment and other fees Impairment Total Year–ended 31 December 2020 Year–ended 31 December 2019 65.9 8.4 19.0 20.9 5.6 89.9 7.2 19.1 16.4 5.3 13.4 13.2 60.5 2.3 59.6 – 196.0 210.7 10 Personnel expenses Personnel expenses consist of the following: Year-ended 31 December 2020 Year-ended 31 December 2019 ($ ’m) Employees Non- executive directors Employees Non- executive directors Wages and salaries Social security and health insurance* Pension costs Social costs Severance payments and termination benefits Share-based payments (including employer’s costs) Total personnel expense 137.8 0.8 135.1 0.9 27.4 0.5 6.7 14.3 22.7 – – – – – 27.2 0.2 8.0 2.9 24.9 – – – – – 209.4 0.8 198.3 0.9 * State and government pension costs of Czech employees are also included in the social security and health insurance costs. The average number of employees by category during the period was as follows: Sales and marketing Research and development General and administrative Year-ended 31 December 2020 Year-ended 31 December 2019 683 878 242 635 911 246 Total average number of employees 1,803 1,792 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 168 168 Notes to the consolidated financial statements continued 10 Personnel expenses (continued) Decrease in average number of employees in research and development reflects winding down of Jumpshot operations during the year. 11 Finance income and expenses Interest income: ($ ’m) Interest on bank deposits Total finance income Interest expense: ($ ’m) Term loan interest expense Lease interest expense Total interest expense Year-ended 31 December 2020 Year-ended 31 December 2019 0.4 0.4 1.5 1.5 Year-ended 31 December 2020 Year-ended 31 December 2019 (33.4) (2.1) (35.5) (56.4) (2.3) (58.7) Other finance income and expense (net): ($ ’m) Changes of fair values of derivatives Revolving loan – commitment fee Foreign currency losses Unrealised foreign exchange gains/(losses) on borrowings Other financial expense Total other finance income and expense (net) Year-ended 31 December 2020 Year-ended 31 December 2019 1.7 (0.4) (7.7) (62.1) 4.5 (0.8) (0.8) (3.3) 13.9 0.7 (64.0) 9.7 12 Depreciation and amortisation Amortisation by function: ($ ’m) Cost of revenues Total amortisation of acquisition intangible assets Cost of revenues Sales and marketing Research and development General and administration Total amortisation of non-acquisition intangible assets Total amortisation Depreciation by function: ($ ’m) Cost of revenues Sales and marketing Research and development General and administration* Total depreciation Year-ended 31 December 2020 Year-ended 31 December 2019 65.8 88.3 65.8 88.3 0.6 0.2 0.4 0.9 2.1 67.9 1.6 0.2 0.1 0.9 2.8 91.1 Year-ended 31 December 2020 Year-ended 31 December 2019 8.4 0.1 0.2 11.0 19.7 7.2 0.1 0.6 11.0 18.9 * $7.9m (2019: $7.7m) is attributable to the depreciation of right-of-use assets (see Note 21). Tangible and intangible assets are allocated to each department of the Group. The depreciation and amortisation of these assets is reported as part of operating costs and cost of revenues. 13 Income tax In the Consolidated Statement of Financial Position, the Corporate Income tax receivable of $1.9m (2019: $17.2m) is part of the caption Tax receivables. The major components of the income tax in the consolidated statement of comprehensive income are: ($ ’m) Current income tax Related to current year Related to prior year Current income tax total Deferred tax Related to current year Related to prior year Deferred tax total Year-ended 31 December 2020 Year-ended 31 December 2019 (68.0) 0.3 (67.7) 1.2 (0.2) 1.0 (54.8) (0.9) (55.7) (4.8) (5.2) (10.0) Total income tax (expense)/ income through P&L (66.7) (65.7) The Group generates a temporary difference relating to an intragroup loan denominated in USD received by Avast Software s.r.o., a subsidiary with a USD functional currency (but with a tax currency of CZK). This loan is subject to hedging in its local statutory books (with the effect that current tax relief does not cover the full period exchange differences). The tax impact related to the loan is a deferred tax expense of $4.4m (2019: benefit $0.4m) and the Group reports a deferred tax asset of $5.7m (2019: $10.1m) related to the loan. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 169 169 31 December 2020 31 December 2019 Asset/ (Liability) Asset/ (Liability) (26.2) 119.8 (38.2) 122.9 1.7 50.1 7.1 2.4 3.4 3.4 2.3 5.7 4.5 3.5 45.8 4.2 2.1 2.7 5.7 0.8 10.1 8.0 174.2 167.6 The deferred tax relates to following temporary differences: 13 Income tax (continued) The reconciliation of income tax (expense)/benefit applicable to accounting profit before income tax at the statutory income tax rate to income tax expenses at the Group’s effective income tax rate is as follows: ($ ’m) Profit before tax Year-ended 31 December 2020 Year-ended 31 December 2019 236.2 314.6 Group effective income tax rate (19.5% in 2020 and 20% in 2019*) (46.1) (62.9) ($ ’m) Temporary differences Fixed assets IP transfer tax benefit Deferred revenue and unbilled receivables Tax loss carryforward Tax credits carryforward Loans and derivatives Recurring adjustments Non-deductible expenses Share-based payments FX effect on intercompany loans Non recurring adjustments Current year deferred tax assets not recognised Recognition of previously not recognised deferred tax assets Effect of prior year taxes Effect of enacted changes in tax rates on deferred taxes Effect of higher taxes in Netherlands Remaining impact of tax rate variance and other effects Total income tax (66.7) (65.7) * Estimated as a Group’s blended rate across the jurisdictions where the Group operates. (1.8) (3.0) (4.4) (3.7) (1.6) 0.4 Carryforward of unutilised interest Share-based payments transactions Provisions Tax impact from FX difference on intercompany loans (19.2) (0.1) Other Net 0.7 0.1 1.1 3.4 2.5 4.7 (6.1) 0.2 (0.7) 4.1 Tax losses carried forward are recorded by the following subsidiaries: 31 December 2020 31 December 2019 Deferred tax from tax losses carryforward Deferred tax from tax losses carryforward Tax jurisdiction 49.9 – 0.2 44.6 0.9 0.3 50.1 45.8 USA UK – – ($ ’m) Avast Software Inc. (tax group incl. Location Labs and AVG Technologies USA) Avast plc Other Total deferred tax from tax losses carryforward Tax losses carried forward in the United States are related mainly to share-based payments exercises. As a result of share-based payments exercises there was a $41.0m (2019: $147.6m) tax deduction in Avast Software, Inc., Location Labs LLC, Jumpshot, Inc., Avast plc and AVG UK that created a tax benefit of $9.6m (2019: $34.2m). A tax benefit of $7.3m (2019: $31.8m) exceeding related cumulative remuneration expenses is recognised directly in equity, of which the current tax benefit is $0.4m (2019: $3.4m) and deferred tax benefit is $6.9m (2019: $28.4m). Tax losses reported by Avast Software Inc. can be utilised by all subsidiaries incorporated in the USA (Note 39) excluding Jumpshot, Inc. Tax credit of $4.5m from federal and state tax losses generated during the years 2011 – 2017 can be utilised over 20 years. Tax credit of $45.4m from federal and state tax losses can be carried forward for an indefinite period of time. The tax deduction for share-based payments is not received until the instruments are exercised. Therefore, a temporary difference arises between the tax deduction (prorated for the period to vesting) and the tax effect of the related cumulative remuneration expense. The deferred tax asset of $3.4m (2019: $5.7m) is measured as an estimated tax deduction at the date of exercise (prorated for the period to vesting), based on the year end share price. As the amount of the deferred tax asset exceeded the tax effect of the related cumulative remuneration expense, the reduction in the excess of the associated deferred tax of $1.4m was recognised directly in equity. Following the transactions of IP transfer in 2018, the Group reports a deferred tax asset of $119.8m (2019: $122.9m), of which the major part of $116.9m relates to the transfer of the former Dutch AVG business from Avast BV to Avast Software s.r.o. The temporary difference is amortised and deducted from the tax base of Avast Software s.r.o. registered in the Czech Republic linearly over 15 years. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 170 170 Notes to the consolidated financial statements continued The movement in deferred tax balances: ($ ’m) Temporary differences Fixed assets IP transfer tax benefit Deferred revenue and unbilled receivables Tax loss carryforward Tax credits carryforward Loans and derivatives Carryforward of unutilised interest Share-based payments transactions 13 Income tax (continued) The Group does not recognise the following potential deferred tax asset of $39.6m (2019: $21.1m), mostly related to Jumpshot tax losses $14.9m (2019: $8.9m) and temporary difference related to EUR loan $14.5m (2019: nil), for which the Group considers future recoverability to be uncertain. 31 December 2020 31 December 2019 Asset/ (Liability) Asset/ (Liability) 7.2 1.8 6.6 7.6 5.5 ($ ’m) Tax losses carried forward – expiration 20 years Tax losses carried forward – indefinite Tax losses carried forward – expiration 1-6 years Temporary differences related to loans and interests – indefinite Other temporary differences – expiration n/a Total deferred tax asset not recognised 4.5 Provisions Tax impact from FX difference on intercompany loans 18.6 5.2 1.3 39.6 2.4 21.1 Other Net ($ ’m) Temporary differences Fixed assets IP transfer tax benefit Deferred revenue and unbilled receivables Tax loss carryforward Tax credits carryforward Loans and derivatives Carryforward of unutilised interest Share-based payments transactions Provisions Tax impact from FX difference on intercompany loans Other Net © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm 31 December 2019 Asset/ (Liability) Recognised in profit and loss 31 December 2020 Recognised in equity Asset/ (Liability) (38.2) 122.9 3.5 45.8 4.2 2.1 2.7 5.7 0.8 10.1 8.0 167.6 12.0 (3.1) (1.8) (2.7) 2.9 0.3 0.7 (0.9) 1.5 (4.4) (3.5) 1.0 – – – 7.0 – – – (1.4) – – – (26.2) 119.8 1.7 50.1 7.1 2.4 3.4 3.4 2.3 5.7 4.5 5.6 174.2 31 December 2018 Asset/ (Liability) (53.1) 142.9 15.9 16.6 3.7 11.0 – – 1.8 9.8 0.8 149.4 Effect of business combinations (Note 15) (3.6) – – – – – – – – – 0.3 (3.3) Recognised in profit and loss 31 December 2019 Recognised in equity Asset/ (Liability) 18.5 (20.0) (12.4) 0.8 0.5 (8.9) 2.7 2.6 (1.0) 0.3 6.9 – – – 28.4 – – – 3.1 – – – (38.2) 122.9 3.5 45.8 4.2 2.1 2.7 5.7 0.8 10.1 8.0 (10.0) 31.5 167.6 Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 171 171 13 Income tax (continued) The deferred tax asset increased significantly due to tax losses realised in 2019 and 2018 from significant share- based payments’ exercises. Such significant share-based payments’ transactions are not expected to repeat in future periods and management expects the underlying business to remain profitable for the foreseeable future. The temporary differences associated with investments in the Group’s subsidiaries, for which a deferred tax liability has not been recognised in the period presented, aggregate to $77.1m (2019: nil). These relate to undistributed reserves of the US subsidiaries, which would be subject to withholding taxes if distributed. The Group has determined that the undistributed profits of its subsidiaries will not be distributed in the foreseeable future. While EU subsidiaries (including the Czech Republic and the Netherlands) have significant reserves, the management has determined that based on the Group structure no material withholding taxes would arise from distributions from these subsidiaries following the UK’s exit from the European Union. 14 Earnings per share Basic earnings per share (‘EPS’) is calculated by dividing the net profit for the period attributable to equity holders of the Group by the weighted average number of shares of ordinary shares outstanding during the year. Diluted EPS is calculated by dividing the net profit for the period attributable to equity holders of the Group by the weighted average number of ordinary shares outstanding during the period plus the weighted average number of shares that would be issued if all dilutive potential ordinary shares were converted into ordinary shares. Adjusted EPS is calculated by dividing the adjusted net profit for the period attributable to equity holders by the weighted average number of ordinary shares outstanding during the period. The following reflects the income and share data used in calculating EPS: Net profit attributable to equity holders ($ ’m) Basic weighted average number of shares Effects of dilution from share options, performance and restricted share units Total number of shares used in computing dilutive earnings per share Basic earnings per share ($/share) Diluted earnings per share ($/share) Year-ended 31 December 2020 Year-ended 31 December 2019 169.6 248.7 1,022,001,218 973,788,157 14,815,576 44,313,005 1,036,816,794 1,018,101,162 0.17 0.16 0.26 0.24 Adjusted earnings per share measures: Net profit attributable to equity holders ($ ’m) Deferred Revenue Haircut reversal/Other Share-based payments (including employers‘ costs) Exceptional items Amortisation of acquisition intangible assets Unrealised FX gain/(loss) on EUR tranche of bank loan Tax impact from FX difference on intercompany loans COGS Deferral Adjustments Tax impact on donations Tax impact on adjusted items Tax impact of IP transfer Gain on disposal of business operation Tax impact from disposal of business operation Adjusted net profit attributable to equity holders ($ ’m) Basic weighted average number of shares Adjusted basic earnings per share ($/share) Diluted weighted average number of shares Adjusted diluted earnings per share ($/share) Year-ended 31 December 2020 Year-ended 31 December 2019 169.6 248.7 – 22.7 49.9 65.8 62.1 4.4 – (4.7) (15.7) 6.3 – – 1.8 24.9 1.8 88.4 (13.9) (0.4) (0.1) – (20.3) 6.3 (17.5) 2.3 360.2 322.1 1,022,001,218 973,788,157 0.35 0.33 1,036,816,794 1,018,101,162 0.35 0.32 Management regards the above adjustments necessary to give a fair picture of the adjusted results of the Group for the period. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 172 172 Notes to the consolidated financial statements continued 15 Business combinations The Group has not made an acquisition during 2020. Below are acquisitions made during 2019: Acquisition of Emerald Cactus Ventures Inc. (‘Tenta’) On 6 November 2019, Avast Software, Inc. purchased a 100% stake in the American company Emerald Cactus Ventures, Inc. that has been offering the Tenta Browser providing a privacy-first mobile web browser to hundreds of thousands of Android users worldwide. Tenta Browser will be paired with the current desktop-based Avast Secure Browser with its tens of millions of active users, resulting in a true multi-platform, people-centric solution for private and secure web browsing. The transaction represents a business combination with Avast Software, Inc. being the acquirer. The fair value of the consideration including contingent payment at the acquisition date was determined by the Group to be $5.3m. ($ ’m) Intangible assets Total Assets Deferred tax liability Total Liabilities Net assets acquired Consideration paid Goodwill Fair Value at 6 November 2019 2.3 2.3 0.5 0.5 1.8 5.3 3.5 The business combination resulted in the recognition of goodwill of $3.5m, which is allocated to the Consumer CGU and is tested for impairment at least annually. The goodwill of $3.5m comprises the workforce in place and the value of expected synergies arising from the acquisition. The carrying value of goodwill is not expected to be tax deductible. The business combination resulted in the recognition of intangible assets in the amount of $2.3m that represents the intellectual property of Tenta, and will be amortised over the estimated useful life of five years. Analysis of cash flows on acquisition: ($’m) Cash consideration Holdback consideration payable in 18 months Earn-out Net cash flow on acquisition 31 December 2020 31 December 2019 – – (0.8) (0.8) (5.3) 0.6 1.4 (3.3) Transaction costs of $0.2m have been expensed and are included in General and administrative expenses in the statement of profit or loss and are part of operating cash flows in the statement of cash flows. The revenues and net profit of the Group for the year ended 31 December 2019 would not have been significantly different had the acquisition occurred at the beginning of the reporting period (1 January 2019). Acquisition of TrackOFF, Inc. (’TrackOFF’) On 24 May 2019, Avast Software, Inc. purchased a 100% stake in the American company TrackOFF, a developer of tools to protect users’ identities and personal lives. The Group has acquired TrackOFF to strengthen further development of Avast’s Anti-tracking products and other products that help users maintain their privacy online. The transaction represents a business combination with Avast Software, Inc. being the acquirer. The fair value of the consideration at the acquisition date was determined by the Group to be $13.1m for 100% ownership. The consideration given was paid in cash. The fair value of assets acquired and liabilities incurred on the acquisition date was determined on final basis as follows: ($’m) ASSETS Current Assets Cash and cash equivalents Trade and other receivables Total current assets Non-current assets Intangible assets Deferred tax assets Total non-current assets TOTAL ASSETS LIABILITIES Trade payables Deferred revenues Other current liabilities Total current liabilities Deferred tax liability Total non-current liabilities TOTAL LIABILITIES Net assets acquired Consideration paid Goodwill Fair Value at 24 May 2019 0.6 0.2 0.8 11.2 0.4 11.6 12.4 0.2 1.7 0.2 2.1 2.3 2.3 4.4 8.0 13.1 5.1 The business combination resulted in the recognition of goodwill of $5.1m, which is allocated to the Consumer CGU and is tested for impairment at least annually. The goodwill of $5.1m comprises the workforce in place and the value of expected synergies arising from the acquisition. The carrying value of goodwill is not expected to be tax deductible. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 173 173 15 Business combinations (continued) The business combination resulted in the recognition of intangible asset in the amount of $11.2m that represents intellectual property of TrackOFF, and will be amortised over the estimated useful life of 5 years. Analysis of cash flows on acquisition: ($’m) Cash consideration Net cash acquired with the business (included in cash flow from investing activities) Holdback consideration payable in 12 months Net cash flow on acquisition 31 December 2020 31 December 2019 – – (0.8) (0.8) (13.1) 0.6 1.0 (11.5) Transaction costs of $0.2m have been expensed and are included in General and administrative expenses in the statement of profit or loss and are part of operating cash flows in the statement of cash flows. Revenues and net profit of the Group for the twelve months period ended 31 December 2019 would not have been significantly different had the acquisition occurred at the beginning of the reporting period (1 January 2019). 16 Disposal of a business operation The Group has not made a disposal during 2020. Below is the disposal made during 2019: On 30 January 2019, Avast Group sold all activities of Managed Workplace business, its remote monitoring and management product, to Barracuda Networks, Inc. (‘Barracuda’). The transaction consisted of the sale of a subsidiary AVG Technologies Canada, Inc. (‘AVG CAN’) owned by Avast Software B.V., sale of intellectual property (IP) owned by Avast Software s.r.o. and sale of other assets, notably receivables, by Avast Deutschland GmbH, Avast Switzerland AG, AVG Technologies Norway A/S and AVG Distribuidora de Tecnologias do Brasil LTDA. The total selling price for the transaction was $30.0m, on a cash-free, debt-free basis, of which $3.0m was withheld in escrow for a 12-month period to satisfy any potential indemnity claims against the Group under the applicable share and asset purchase agreement entered into between the parties. As of 31 December 2020, $3m was fully released from the escrow to the Group. As a result, the Group de-recognised all assets and liabilities of sold subsidiary AVG CAN. Because the sale of a subsidiary is part of a single transaction of the sale of a part of the business, the Group presents the result of the whole transaction (except for tax impacts) within a single line in the statement of comprehensive income, including the sale of IP and other assets. The carrying amounts of assets and liabilities as of the date of sale were as follows: ($’m) Cash and cash equivalents Trade and other receivables Prepaid expenses Current assets Tangible assets Deferred tax assets Non-current assets Total assets Trade and other payables Lease liability Deferred revenues Other current liabilities Current liabilities Lease liabilities Non-current liabilities Total liabilities Net assets 30 January 2019 6.0 1.3 0.2 7.5 1.4 0.8 2.2 9.7 0.2 0.2 0.9 0.2 1.5 0.7 0.7 2.2 7.5 Because the sold business was part of the group of CGUs to which the goodwill was allocated, a portion of the goodwill had to be disposed of as part of the transaction. The Group has determined that the appropriate amount of goodwill disposed of is $11.0m which was part of the SMB CGU. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 174 174 Notes to the consolidated financial statements continued 16 Disposal of a business operation (continued) The resulting gain on disposal of a business operation is shown in the table below: 17 Cash and cash equivalents For purposes of the statement of cash flows, cash and cash equivalents comprise the following: ($’m) 30 January 2019 ($ ’m) Consideration received or receivable: Cash on hand and cash equivalents Cash Receivable – holdback Total disposal consideration Carrying amount of net assets sold Gain on disposal of a business operation Other adjustments: Goodwill write-off Net gain on disposal of a business operation Analysis of cash flows on disposal: 33.0 3.0 36.0 (7.5) 28.5 (11.0) 17.5 ($’m) Cash received Net cash sold of the business (included in cash flow from investing activities) Transaction costs paid Net cash flow on disposal 31 December 2020 31 December 2019 3.0 33.0 – – 3.0 (6.0) (0.3) 26.7 ($ ’m) Allowances at 31 December 2018 Additions Write-offs Reversals Allowances at 31 December 2019 Additions Write-offs Reversals Allowances at 31 December 2020 Amount 6.0 1.1 (0.3) – 6.8 3.7 (5.3) (3.0) 2.2 Movements in the allowances described above relate mainly to trade receivables. As of 31 December 2019 and 2020, the nominal value of receivables overdue for more than 360 days are $4.5m (carrying value: nil) and $1.2m (carrying value: nil), respectively. 31 December 2020 31 December 2019 0.3 175.1 175.4 1.4 215.2 216.6 31 December 2020 31 December 2019 13.6 48.1 3.5 65.2 30.4 48.9 6.4 85.7 (2.2) 63.0 (6.8) 78.9 The ageing analysis of trade receivables, unbilled receivables and other receivables was as follows (carrying amounts after valuation allowance): Cash in bank Total 18 Trade and other receivables ($ ’m) Trade receivables Unbilled revenues Other receivables Trade receivables, gross Less: Expected loss allowance on trade receivables, unbilled revenues and other receivables Trade receivables, net Trade receivables are non-interest bearing and are generally payable on 30-day terms. The fair value of receivables approximates their carrying value due to their short term maturities. The expected loss allowance relates to trade receivables (with only insignificant amounts relating to other classes of receivable). Unbilled revenues represent sold products (for which the revenue has been deferred over the term of the product licence) but for which an invoice has not yet been issued. Other receivables represent mainly advances to, and receivables from, employees. Not past due 72.5 62.0 Past due 1-90 days 5.9 0.8 Past due more than 90 days 0.4 0.1 Past due more than 180 days 0.1 0.1 Past due more than 360 days Total – 78.9 – 63.0 ($ ’m) 31 December 2019 31 December 2020 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 175 175 19 Capitalised contract costs 20 Property, plant and equipment ($ ’m) At 1 January Additions Sales commissions and fees Licence fees Amortisation Sales commissions and fees Licence fees At 31 December Total current Total non-current 31 December 2020 31 December 2019 37.7 67.7 61.6 6.1 (67.6) (62.1) (5.5) 37.8 35.0 2.8 35.8 65.6 60.6 5.0 (63.7) (58.4) (5.3) 37.7 33.3 4.4 ($ ’m) Cost at 31 December 2018 Additions Transfers Net foreign currency exchange difference Disposals Cost at 31 December 2019 Additions Transfers Disposals Cost at 31 December 2020 Capitalised contract costs include commissions and fees and third party licence costs related to the subscription software licences that are amortised on a straight-line basis over the licence period, consistent with the pattern of recognition of the associated revenue. Capitalised contract costs are reviewed for impairment annually. All costs are expected to be recovered. ($ ’m) Acc. depreciation at 31 December 2018 Depreciation Disposals Acc. depreciation at 31 December 2019 Depreciation Disposals Impairment Acc. depreciation at 31 December 2020 NBV at 31 December 2019 NBV at 31 December 2020 Equipment, furniture and fixtures Vehicles Leasehold improvements In progress 45.9 17.8 2.5 0.3 (4.9) 61.6 9.0 6.4 (2.0) 75.0 0.4 0.1 – (0.2) (0.2) 0.1 – – – 0.1 10.3 0.9 – (0.2) (1.5) 9.5 0.7 0.5 – 10.7 2.5 7.5 (2.5) 0.4 (0.2) 7.7 2.7 (6.9) (0.1) 3.4 Equipment, furniture and fixtures Vehicles Leasehold improvements In progress (28.2) (9.7) 4.4 (33.5) (10.0) 2.0 (2.2) (43.7) 28.1 31.3 (0.2) (0.1) 0.2 (0.1) – – – (0.1) – – (1.4) (1.4) 0.4 (2.4) (1.8) – – (4.2) 7.1 6.5 – – – – – – – – 7.7 3.4 Total 59.1 26.3 – 0.3 (6.8) 78.9 12.4 – (2.1) 89.2 Total (29.8) (11.2) 5.0 (36.0) (11.8) 2.0 (2.2) (48.0) 42.9 41.2 For the year ended 31 December 2020, the Group recorded an impairment loss of $2.2m for idle fixed assets due to discontinuation of Jumpshot’s business. These have been impaired to an immaterial recoverable amount. The impairment loss is included in general and administrative expenses in the statement of profit or loss. There has been no individually significant addition to the property, plant and equipment during the year. For the information about items of property, plant and equipment pledged as security refer to Note 27. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 176 176 Notes to the consolidated financial statements continued 21 Leases Right-of-use assets Set out below, are the carrying amounts of the Group’s right-of-use assets and the movements during the period. The Group has lease contracts related primarily to office buildings. ($ ’m) Current Non-current Total 31 December 2020 31 December 2019 7.0 57.5 64.5 7.3 57.5 64.8 Below are the terms of significant lease contracts as of 31 December 2020: ($ ’m) At 1 January Additions Remeasurements Impairment Disposals Depreciation of right-of-use assets At 31 December 31 December 2020 31 December 2019 62.6 3.2 0.6 (0.5) (1.6) (7.9) 56.4 69.7 0.9 (0.1) (0.2) – (7.7) 62.6 Significant lease contracts Enterprise Building in Prague, Czech Republic* Vlněna Office in Brno, Czech Republic The following table shows the breakdown of the lease expense between amount charged to operating profit and amount charged to finance costs: ($ ’m) Depreciation of right-of-use assets Short-term lease expense Impairment Carrying amount ($ ’m) End date Option to extend Option to be used Leases of low-value lease expense 23.5 August 2024 22.4 January 2026 24 months two times 60 months two times Yes – in full Charge to operating profit Lease interest expense Charge to profit before taxation for leases 11.0 11.4 Yes – in full For maturity of the leases, refer to Note 30. Year-ended 31 December 2020 Year-ended 31 December 2019 7.9 0.5 0.5 – 8.9 2.1 7.7 1.2 0.2 – 9.1 2.3 Office in Emeryville, California, USA 2.7 June 2024 60 months No * Lease payments are subject to indexation based on changes of consumer price index. A 1% increase in the index would not substantially increase total lease payments. Lease liabilities Lease liabilities are presented in the statement of financial position as follows: ($ ’m) At 1 January Additions Remeasurements Terminations Lease interest expense Payments of lease liabilities Foreign currency exchange difference At 31 December 31 December 2020 31 December 2019 64.8 3.2 0.6 (1.9) 2.1 (9.3) 5.0 64.5 71.7 0.9 (0.1) – 2.3 (9.2) (0.8) 64.8 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 177 177 The Group assesses that the Avast trademark, with a carrying value of $70.3m, has an indefinite useful life, as it is a well established brand. Avast is a core brand and is expected to be a core brand for the foreseeable future, as the Group constantly invests into brand development and brand awareness. The AVG trademark, with a carrying value of $26.0m, has a remaining useful life of 1.7 years as of 31 December 2020. The Piriform trademark, with a carrying value of $2.4m, has a remaining useful life of 6.5 years as of 31 December 2020. AVG developed technology has been fully depreciated as of 31 December 2020. AVG customer relationship has been fully depreciated as of 31 December 2020. Piriform and FileHippo software, with a carrying value of $7.8m, has a remaining useful life of 1.5 years as of 31 December 2020. For information about intangible assets pledged as securities, refer to Note 27. The Group has not capitalised development costs in the year ended 31 December 2020 (2019: nil) as the Company believes the criteria set out in IAS 38 has not been met. See Note 2. 22 Intangible assets ($ ’m) Cost at 31 December 2018 Business combination Additions Developed technology Trademarks Software Customer relationship and user base 250.5 164.1 40.0 246.6 – – – – – – – – Cost at 31 December 2019 250.5 164.1 40.0 246.6 Additions Transfers Disposal – – – – – – – – – – – – Cost at 31 December 2020 250.5 164.1 40.0 246.6 36.8 Other In progress 18.8 13.5 2.3 34.6 2.0 0.2 – Total 721.5 13.5 3.6 738.6 2.7 – (0.4) 740.9 1.5 – 1.3 2.8 0.7 (0.2) (0.4) 2.9 ($ ’m) Acc. amortisation at 31 December 2018 Amortisation Acc. amortisation at 31 December 2019 Amortisation Acc. amortisation at 31 December 2020 NBV at 31 December 2019 NBV at 31 December 2020 Developed technology (228.7) (16.7) (245.4) (5.1) (250.5) 5.1 – Trademarks Software Customer relationship and user base Other In progress Total (33.7) (15.2) (48.9) (15.7) (64.6) 115.2 99.5 (22.3) (158.3) (5.0) (50.1) (27.3) (208.4) (4.9) (37.8) (32.2) (246.2) 12.7 7.8 38.2 0.4 (11.2) (4.1) (15.3) (4.4) (19.7) 19.3 17.1 – – – – – 2.8 2.9 (454.2) (91.1) (545.3) (67.9) (613.2) 193.3 127.7 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 178 178 Notes to the consolidated financial statements continued 23 Goodwill and impairment The key assumptions used in the assessments are as follows: ($ ’m) At 1 January Acquisitions (Note 15) Disposals (Note 16) At 31 December 31 December 2020 31 December 2019 ($’m) 1,991.3 1,993.7 Terminal growth rate – – 8.6 (11.0) Pre-tax discount rate After-tax discount rate 31 December 2020 31 December 2019 2.0% 12.2% 10.6% 2.0% 12.9% 11.2% 1,991.3 1,991.3 Goodwill was calculated as the difference between the acquisition date fair value of consideration transferred less the fair value of acquired net assets. Goodwill & intangible assets impairment tests Goodwill and intangible assets with an indefinite useful life are tested for impairment at least once a year, or more frequently if events or changes in circumstances indicate that the carrying amount may not be recoverable. The impairment test as of 31 December 2020 is performed on the basis of two groups of cash generating units that correspond to the two operating segments as below: Terminal growth rate does not exceed the long term average growth rate for the market. After-tax discount rate represents the Group’s weighted average cost of capital calculated from the cost of equity and cost of debt at a ratio typical for an industry of 70% equity and 30% debt. The Group has considered sensitivity of the impairment of test results to changes in key assumptions. The recoverable amount of tested assets exceeds their carrying value. As the Group’s management is not aware of any other indications of impairment and given the results of the impairment tests, no impairment was recorded. No reasonable possible change in the calculation assumptions would lead to an impairment. ($’m) Consumer SMB Total goodwill 31 December 2020 31 December 2019 24 Trade payables and other liabilities 1,978.4 1,978.4 12.9 12.9 1,991.3 1,991.3 ($ ’m) Trade payables Accruals The Group prepares projected 2021-2023 free cash flow derived from the most current financial plan of the Group approved by the Board which takes into account both historical performance, industry forecasts and expectations for future developments. Cash flow projections are based on management assumptions that include revenue growth of 6 to 8 percent despite an increase in operating costs from the Company’s planned on-premises to cloud migration. In performing the value-in-use calculations, the Group has applied pre-tax discount rates to discount the forecast future attributable pre-tax cash flows. Amounts owed to employees Social security and other taxes Other payables and liabilities Total trade payables and other liabilities © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm 31 December 2020 31 December 2019 5.4 30.0 21.1 2.0 4.6 2.6 28.5 22.0 2.0 10.0 63.1 65.1 25 Provisions and contingent liabilities The movements in the provision accounts were as follows: ($ ’m) As at 31 December 2018 Additions Utilisation As at 31 December 2019 Additions Utilisation As at 31 December 2020 As at 31 December 2019 Total current Total non-current As at 31 December 2020 Total current Total non-current Accrued vacation provision Provision for restructuring Other Total 1.4 1.7 (1.4) 1.7 0.8 (1.7) 5.6 – 3.0 7.8 10.0 9.5 (3.0) (2.6) (7.0) 2.6 7.4 8.2 11.6 12.5 19.8 (1.7) (0.6) (4.0) 0.8 8.3 19.2 28.3 1.7 – 0.8 – 1.9 0.7 8.0 0.2 11.6 0.9 8.0 0.3 18.9 0.3 27.7 0.6 Other provisions predominantly comprise potential claims in relation to contractual indemnities and disputes, including Jumpshot-related and other third parties. The majority of the claims in relation to Jumpshot have been successfully settled as of 31 December 2020. As further disclosure would prejudice the outcome of these negotiations, as permitted by IAS 37.92, we have not made any further disclosures about estimates in connection with the financial effects of, and disclosures about the uncertainty regarding the timing or amount of these. Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 179 179 Prior year current deferred revenue is recognised as revenue in the current period. 27 Term loan Term loan balance is as follows: ($ ’m) Current term loan Long-term term loan Total term loans ($ ’m) USD tranche principal EUR tranche principal Total principal 31 December 2020 31 December 2019 64.6 769.4 834.0 58.2 969.5 1,027.7 31 December 2020 31 December 2019 113.8 722.7 836.5 336.5 699.8 1,036.3 In June 2020 and September 2020, the Group paid down the USD tranche by $100m each time. Repayments resulted in the partial derecognition of arrangement fees of $2.7m and $2.5m respectively. In March 2019, the Group upsized the EUR tranche by €177.5m ($202.6m) and paid down the USD tranche by $400m. This resulted in the partial de-recognition of arrangement fees of $8.7m through interest expense. In April 2019, the Group applied for the margin reduction of 0.25% per annum on both tranches due to favourable leverage ratio results. The repricing of the margin to market terms, which is allowed for in the terms of the loan, was a change in contractual variable payments to be accounted for by altering prospectively the effective interest rate, consistent with the requirements for floating rate loans. In October 2019, the Group paid down the USD tranche by an additional $100m. Repayment resulted in the partial de-recognition of arrangement fees of $2.7m. Further, the Group reduced the margin on the EUR tranche by 0.25% per annum. Avast Software B.V. may voluntarily prepay term loans in whole or in part without premium or penalty. Under the Repricing agreement, the following terms apply to the bank loans: Facility Interest Floor Margin 31 December 2020 Margin 31 December 2019 USD Tranche EUR Tranche 3-month USD LIBOR 3-month EURIBOR 1.00% p.a. 0.00% p.a. 2.25% p.a. 2.25% p.a. 2.25% p.a. 2.25% p.a. Both facilities are repayable in full at the end of the 84-month term on 30 September 2023. The margin payable on both facilities is dependent upon the ratio of the Group’s net debt to adjusted EBITDA as defined in the facility agreement. 25 Provisions and contingent liabilities (continued) In addition, and as disclosed in the prior year, as part of the process to effect an orderly wind-down of Jumpshot, Avast continues to be in communication with relevant regulators and authorities in respect of certain data protection matters and is cooperating fully in respect of all regulatory enquiries. Any potential future claims or liabilities arising out of communication with relevant regulators or authorities cannot at this time be quantified. There is no provision in relation to this respect as of 31 December 2020. 26 Deferred revenue The Group sells consumer and corporate antivirus products for periods of 12, 24 or 36 months with payment received at the beginning of the licence term. Revenues are recognised ratably over the subscription period covered by the agreement. Deferred revenue materially represents the transaction price relating to sales of software licences that is allocated to future performance obligations. The movements in the deferred revenue were as follows: ($ ’m) At 1 January Additions – billings Business combination Deductions – revenue Disposal of a business operation Jumpshot’s release of deferred revenue* Translation and other adjustments At 31 December Current Non-current Total 31 December 2020 31 December 2019 474.8 922.0 – (892.9) – (7.6) 0.2 496.5 458.8 37.7 496.5 435.5 911.0 0.3 (871.1) (0.9) – – 474.8 420.5 54.3 474.8 * Jumpshot’s release of deferred revenue is included in exceptional costs. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 180 180 Notes to the consolidated financial statements continued Avast Software s.r.o. pledged its receivables from bank accounts, trade receivables, receivables from insurance policies, trademarks, receivables from intragroup loan agreements, its movable assets, domain names, source codes and virus databases. Since Avast Software s.r.o. forms a substantial portion of the Group, the estimated value of the pledged assets exceeds the total value of the term loan. Term loan balance reconciliation The table below reconciles the movements of the Term loan balance with the statement of cash flow: Revolving facility Avast Software B.V. also obtained a revolving credit facility of $40.0m for operational purposes which has not been drawn as of the date of these consolidated financial statements. It is valid up to 30 September 2022. The Credit Agreement includes a financial covenant that is triggered if at any time $35.0m or more is outstanding under the revolving credit agreement as of 31 December 2020. If the revolving credit facility exceeds this threshold, then the Group must maintain, on a consolidated basis, a leverage ratio of less than 6.5:1. This covenant is tested quarterly at such time as it is in effect. ($ ’m) Term loan balance at beginning of period Additional loan drawn (gross of fees) Drawing fees Interest expense Interest paid Loan repayment Unrealised foreign exchange loss/(gain) 31 December 2020 31 December 2019 1,027.7 1,391.5 – – 33.4 (27.5) 202.6 (0.9) 56.4 (45.1) (261.9) (562.9) 62.1 0.2 (13.9) – 834.0 1,027.7 27 Term loan (continued) The Credit Agreement (CA) requires the following mandatory repayments in addition to the quarterly amortisation payments: Excess Cash Flow Payment Amount (’ECF Payment Amount’, defined in the CA as the consolidated net increase in cash and cash equivalents of Avast plc for the period adjusted for potential future business combinations and the results of Jumpshot, Inc., Jumpshot s.r.o. and Avast plc and other adjustments) – 50% of Excess Cash Flow (as defined, and subject to certain reductions and to the extent where ECF Payment Amount exceeds $40m), with a reduction to 25% and elimination based upon the achievement of Total Net First Lien Leverage Ratios (’Net debt ratio’) not exceeding 3.5:1 and 3.0:1, respectively. The Net debt ratio is defined as the nominal value of debt less cash on hand as of the relevant date divided by adjusted operating profit for the preceding four calendar quarters. The operating profit is adjusted for amortisation and depreciation, non-cash expenses such as share-based payments, the effects of business combination accounting and other non-cash items. The Net debt ratio was 1.5:1 as of 31 December 2020 so no mandatory repayment was required (see also Note 2). The following pledge agreements existed as of the date of issuance of these consolidated financial statements: Avast Software B.V. pledged its 100% share in Avast Software s.r.o. and 100% share in Avast Operations B.V. Other Total Avast Software B.V. pledged its receivables Avast Software B.V. pledged its securities Avast Holding B.V. pledged its 100% share in Avast Software B.V. Avast Operations B.V. pledged its receivables from intragroup loan agreements © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 181 181 29 Redemption obligation In connection with the sale of 35% fully diluted shares of Jumpshot, Inc. to Ascential Investor on 30 August 2019, the stockholders’ agreement gave Ascential Investor the right (the put option) to sell back the shares. Avast therefore recognised a redemption obligation at the present value of the exercise price ($61.6m) discounted by the estimated Avast annual borrowing rate of 3.6%, with a corresponding entry in equity at year end. In January 2020, the Group decided to discontinue operations of Jumpshot Inc. As a result, the put option was rendered void and redemption obligation was reclassified to the same component of equity that was previously reduced (on initial recognition) as of 31 December 2020. 28 Derivatives The carrying amount of derivative financial instruments held by the Group was as follows: ($ ’m) Type of derivative Interest rate Cap Total Classified as Current financial liability Non-current financial liability Total 31 December 2020 31 December 2019 Type Assets Liabilities Assets Liabilities Level 3 – – – – – 0.4 0.4 0.4 – 0.4 – – – – – 2.0 2.0 – 2.1 2.1 The Group has not designated the derivatives as hedging instruments, and therefore changes in the fair value during the period are recorded in the Consolidated Statement of Profit and Loss. Interest rate cap On 20 February 2017, Avast Software B.V. entered into an interest rate cap with an effective date from 31 March 2017 until 31 March 2021 (’Cap’). As of 31 December 2020, the 3-month USD LIBOR is capped at 2.75% p.a. for a notional amount of $708.8m. The fee for the cap is $1.6m annually paid in quarterly installments. During the reporting period ended 31 December 2020 there were no transfers between the Level 2 and Level 3 fair value measurements. The movement in fair value of the derivatives was as follows: ($ ’m) 31 December 2018 Change in fair value through profit and loss 31 December 2019 Change in fair value through profit and loss 31 December 2020 Interest rate cap 1.0 1.1 2.1 (1.7) 0.4 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 182 182 Notes to the consolidated financial statements continued 30 Financial risk management The Group’s classes of financial instruments correspond with the line items presented in the Consolidated Statement of Financial Position. The management of the Group identifies the financial risks that may have an adverse impact on the business objectives and through active risk management mitigates these risks to an acceptable level. The specific risks related to the Group’s financial assets and liabilities and sales and expenses are interest rate risk, credit risk and exposure to the fluctuations of foreign currency. Credit risk The outstanding balances of trade and other receivables are monitored on a regular basis. The Group has been managing receivables effectively and improved collections process by simplifying the billing system structure which is reflected in the overall decrease of total receivables (see Note 18). The credit quality of larger customers is assessed based on the credit rating, and individual credit limits are defined in accordance with the assessment. The Group did not issue any guarantees or credit derivatives. The Group does not consider the credit risk related to cash balances held with banks to be material. A significant portion of sales is realised through the Group’s online resellers, mainly Digital River. From 2018, the Group manages its credit exposure by receiving advance payments from Digital River. The Group evaluates the concentration of risk with respect to accounts receivable as medium, due to the relatively low balance of trade receivables that is past due. The risk is reduced by the fact that its customers are located in several jurisdictions and operate in largely independent markets and the exposure to its largest individual distributors is also medium. Foreign currency risk Foreign currency risk is the risk that the fair value of future cash flows of an exposure will fluctuate because of changes in foreign exchange rates. The Group’s exposure to the risk of changes in foreign exchange rates relates primarily to the Group’s operating activities (when revenue or expense is denominated in foreign currency). At the parent company level, the functional and presentation currency is the US dollar and the Group’s revenue and costs are reported in US dollars. The Group is exposed to translation risk resulting from the international sales and costs denominated in currencies other than US dollars and the resulting foreign currency balances held on the balance sheet. The Group is exposed to material transaction and translation currency risk from fluctuations in currency rates between USD, GBP, CZK and EUR. The following table shows payments for the Group’s products and services by end users (either directly to Group or paid to an e-commerce service provider) in individual currencies. Based on agreements with the Group, e-commerce service providers may convert billings collected on behalf of the Group in specific currencies to a remittance currency (usually USD and EUR) at the existing market rates which does not remove the underlying foreign exchange risk. The table below shows the original currency composition of payments made by end users to illustrate the foreign exchange risk to billings. USD EUR GBP Other Total Year-ended 31 December 2020 Year-ended 31 December 2019 46% 24% 9% 21% 49% 22% 8% 21% 100% 100% As the majority of revenues represent sales of software licences, the revenues are recognised over the duration of the licence period, despite payment being received at the start of the licence period. Because the release of deferred revenues is performed using the exchange rates valid at the start of the licence term, they are not subject to foreign currency risk. The following table shows financial assets and liabilities in individual currencies, net: ($ ’m) USD* EUR* CZK GBP Other Total 31 December 2020 31 December 2019 34.3 (766.4) (18.5) 15.9 11.3 (290.1) (714.4) (34.3) 89.9 25.6 (723.4) (923.3) * The fluctuation in the currencies are mainly caused by the term loan repayments as further described in Note 27. Financial assets and liabilities include cash and cash equivalents, trade and other receivables and trade and other payables, term loan, lease liabilities, other current liabilities, and non-current financial assets and liabilities. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 183 183 30 Financial risk management (continued) The table below presents the sensitivity of the profit before tax to a hypothetical change in EUR, CZK and other currencies and the impact on financial assets and liabilities of the Group. The sensitivity analysis is prepared under the assumption that the other variables are constant. The analysis against USD is based solely on the net balance of cash and cash equivalents, trade and other receivables, trade and other payables and term loan. ($ ’m) EUR CZK GBP Other % change 31 December 2020 31 December 2019 +/-10% (76.6)/76.6 (71.4)/71.4 +/-10% +/-10% +/-10% (1.8)/1.8 (3.4)/3.4 1.6/(1.6) 1.1/(1.1) 9.0/(9.0) 2.6/(2.6) The sensitivity analysis above is based on the consolidated assets and liabilities, i.e. excluding intercompany receivables and payables. However, Avast Software s.r.o. has a significant intercompany loan from Avast Software B.V. denominated in USD. As the functional currency of Avast Software s.r.o. is the USD but the tax basis of Avast Software s.r.o. is denominated in CZK the income tax gains or losses of Avast Software s.r.o. are exposed to significant foreign exchange volatility. If the CZK depreciates against the USD, the corporate income tax expense would decrease. Avast Software B.V. is not exposed to any similar volatilities as its functional and tax currency is the USD. Interest rate risk Cash held by the Group is not subject to any material interest. The only liabilities held by the Group subject to interest rate risk are the loan and derivatives described in Note 27 and 28. Other liabilities and provisions themselves are not subject to interest rate risk. The Group keeps all its available cash in current bank accounts or term deposit contracts (see Note 17) with a fixed interest rate and original maturity not exceeding three months. As at 31 December 2020, the Group has a term loan with an interest rate of 3-month USD LIBOR plus a 2.25% p.a. mark-up for USD tranche and 3-month EURIBOR plus a 2.25% p.a. mark-up for EUR tranche. The 3-month USD LIBOR and 3-month EURIBOR are subject to a 1% interest rate floor and 0% interest rate floor, respectively. As of 31 December 2020, the 3-month USD LIBOR was 0.22% p.a. and 3-months EURIBOR was -0.50%. To reduce the interest rate risk, Avast Software B.V. entered into an interest rate cap (’Cap’) with certain counterparties on 20 February 2017 effective from 31 March 2017. Under the Cap, 3 month USD LIBOR is limited to 2.75% p.a. for a notional amount of $802.5m at the beginning to $708.8m through 31 March 2021. As of 31 December 2020, the Cap is not effective as the interest rates are significantly lower. Interest rate sensitivity A change of 100 basis points in market interest rates would have increased/(decreased) equity and profit and loss before tax by the amounts shown below: Increase in interest rates Decrease in interest rates Year-ended 31 December 2020 Year-ended 31 December 2019 (3.9) – (5.9) 3.4 Liquidity risk The Group performs regular monitoring of its liquidity position to maintain sufficient financial sources to settle its liabilities and commitments. The Group is dependent on a long-term credit facility and so it must ensure that it is compliant with its terms. As it generates positive cash flow from operating activities, the Group is able to cover the normal operating expenditures, pay outstanding short- term liabilities as they fall due without requiring additional financing and has sufficient funds to meet the capital expenditure requirement. The Group considers the impact on liquidity each time it makes an acquisition in order to ensure that it does not adversely affect its ability to meet the financial obligation as they fall due. As at 31 December 2020 and 2019, the Group’s current ratio (current assets divided by current liabilities including the current portion of deferred revenue) was 0.46 and 0.65. The ratio is significantly impacted by the high current deferred revenue balance due to the sales model, where subscription revenue is collected in advance from end users and deferred over the licence period. The Group’s current ratio excluding deferred revenue was 1.76 and 2.57 as at 31 December 2020 and 2019, respectively. In 2020, Avast’s credit rating was upgraded to BB+ from BB with Standard & Poor’s while rating with Moody remained at Ba2, driven mainly by the voluntary debt repayments and strong financial performance. The credit ratings are subject to regular review by the credit rating agencies and may change in response to economic and commercial developments. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 184 184 Notes to the consolidated financial statements continued 30 Financial risk management (continued) The following table shows the ageing structure of financial liabilities as of 31 December 2020: ($ ’m) Term loan Interest payment Trade payables and other liabilities Derivative financial instruments Other non-current liabilities Lease liability Total Due within 3 months Due between 3 to 12 months Due between 1 to 5 years Due in more than 5 years 16.1 5.0 53.6 0.4 – 2.2 77.3 48.4 14.6 7.5 – – 6.9 77.4 772.0 30.1 – – 0.7 33.8 836.6 – – – – – 32.4 32.4 The following table shows the ageing structure of financial liabilities as of 31 December 2019: ($ ’m) Term loan Interest payment Trade payables and other liabilities Derivative financial instruments Other non-current liabilities Lease liability Redemption obligation* Total Due within 3 months Due between 3 to 12 months Due between 1 to 5 years Due in more than 5 years 14.5 7.5 54.4 0.4 – 2.4 – 43.6 21.5 8.7 1.6 – 6.9 – 978.2 69.7 – – 1.6 32.7 61.6 79.2 82.3 1,143.8 – – – – – 42.1 – 42.1 Total 836.5 49.7 61.1 0.4 0.7 75.3 1,023.7 Total 1,036.3 98.7 63.1 2.0 1.6 84.1 61.6 1,347.4 * While the redemption liability as per Note 29 is correctly treated as a non-current liability at the 31 December 2019, the original transaction was reversed in 2020 because of the repayment to Ascential. This impacted the overall liquidity position. Fair values The fair values of financial assets and liabilities are included at the price that would be received to sell an asset, or paid to transfer a liability, in an orderly transaction between market participants at the end of the reporting period. The following methods and assumptions are used to estimate the fair values: Cash and cash equivalents – approximates to the carrying amount Term loans – approximates to the carrying amount Receivables and payables – approximates to the carrying amount Lease liabilities – approximates to the carrying amount Financial assets and liabilities that are recognised at fair value subsequent to initial recognition are grouped into Levels 1 to 3 based on the degree to which the fair value is observable: Level 1 – Quoted (unadjusted) market prices in active markets for identical assets or liabilities; Level 2 – Valuation techniques for which the lowest level input that is significant to the fair value measurement is directly or indirectly observable; and Level 3 – Valuation techniques for which the lowest level input that is significant to the fair value measurement is unobservable. In connection with the put option (further described in Note 29), the Group recognised redemption obligation of $61.6m measured at the present value of the redemption exercise price through profit or loss as of 31 December 2019. The Group classified the redemption liability as Level 3 liability. The fair value of the put option itself (as opposed to the gross exercise price) was immaterial. Following the closure of Jumpshot, the put option was rendered void and therefore reclassified to the same component of equity as of 31 December 2020. On 31 December 2020, the Group had forward foreign exchange contracts which were measured at Level 2 fair value subsequent to initial recognition. The fair value of the liability in respect of foreign exchange contracts was nil at 31 December 2020 (2019: liability of $0.1m). In addition, the Group had derivatives which were measured at Level 3 fair value. See Note 28 for further information. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 185 185 30 Financial risk management (continued) 31 Share capital and share premium Capital management For the purpose of the Group’s capital management, capital includes issued capital, share premium and all other equity reserves attributable to the equity holders of the parent. The primary objective of the Group’s capital management is to maximise the shareholder value. The Group manages its capital structure and makes adjustments to it in the light of changes in circumstances, including economic conditions. To maintain or adjust the capital structure, the Group may adjust the dividend payment to shareholders, return capital to shareholders or issue new shares. The Group currently expects to maintain dividend payments of approximately 40% of Group’s levered free cash flow in the short to medium term. The Group monitors capital using the net liability position and gearing ratio (the net liability position divided by the sum of the net liability position and equity). The Group includes within the net liability position all current and non-current liabilities, less cash and cash equivalents. Shares issued and fully paid: Number of shares Share Capital ($ ’m) Share Premium ($ ’m) Share capital at 31 December 2018 (Ordinary shares of £0.10 each) 953,438,299 Issuance of shares under share-based payment plans 54,581,736 Share capital at 31 December 2019 (Ordinary shares of £0.10 each) 1,008,020,035 Issuance of shares under share-based payment plans 20,492,707 Share capital at 31 December 2020 (Ordinary shares of £0.10 each) 1,028,512,742 32 Other reserves The movements in the other reserves were as follows: ($ ’m) Other reserves at 1 January Redemption obligation reserve (see Note 29) Share-based payments1 Transfer of share-based payments to retained earnings2 Other movements Other reserves at 31 December 129.0 7.0 136.0 2.6 138.6 2020 225.1 55.7 21.8 (15.4) – 287.2 15.4 40.2 55.6 32.0 87.6 2019 260.5 (55.7) 20.1 – 0.2 225.1 ($ ’m) 31 December 2020 31 December 2019 1 The fair value of share awards granted to employees is recorded over the vesting periods of individual options granted as a personnel expense with a corresponding entry to other reserves. Refer to Note 34 for further details of share-based payments. 2 The amount represents reclassification of accumulated share-based payments reserve into retained earnings as actual shares were issued in regards to Current and non-current liabilities* 1,511.7 1,685.2 Less: cash and short – term deposits (175.4) (216.6) the granted awards. Net liability position Equity* Gearing ratio 1,336.3 1,468.6 1,195.3 1,172.6 52.8% 55.6% * As of 31 December 2019, the Group excluded redemption obligation of $56.3m from current and non-current liabilities in line with debt covenant calculation and corresponding recognition of put liability of $55.7m from equity. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 186 186 Notes to the consolidated financial statements continued 33 Dividends made and proposed ($ ’m) 2020 2019 Interim 2020 dividend paid of $4.8 cents (2019: $4.4 cents) per share Final 2019 dividend paid of $10.3 cents (May 2018 – Dec 2018: $8.6 cents) per share Total cash dividend paid 49.3 43.2 105.4 154.7 83.7 127.0 Dividend proposed The Directors propose to pay a final dividend of $11.2 cents per share in respect of the year ending 31 December 2020 (total payment of $115.3m). Combined with the interim dividend of 4.8 cents per share paid in October 2020 (total payment of $49.3m), this gives a total dividend for the financial year of 16.0 cents (total payment of $164.6m), which represents 40% of the Group’s levered free cash flow for the period in accordance with the Company’s dividend policy. Subject to shareholder approval, the final dividend will be paid in US dollars on 18 June 2021 to shareholders on the register on 14 May 2021. There will be an option for shareholders to elect to receive the dividend in pounds sterling and such an election should be made no later than 28 May 2021. The foreign exchange rate at which dividends declared in US dollars will be converted into pounds sterling will be calculated based on the average exchange rate over the five business days prior to 3 June 2021 and announced shortly thereafter. 34 Non-controlling interest In July 2019, Avast entered into an agreement with WGSN, Inc., a wholly owned subsidiary of Ascential plc (‘Ascential’), based on which, on 30 August 2019, Avast sold 35% of fully diluted shares of Jumpshot Inc. to Ascential for a consideration of $58.8m (net of $2.8m Avast transaction fees), while retaining control of Jumpshot. Pursuant to the agreement, both Avast and Ascential also made capital contributions to Jumpshot, Inc. of $4.8m and $3.2m, respectively. In addition, as part of the agreement, Avast made a capital contribution to Jumpshot, Inc. of $6.8m, which was used by Jumpshot, Inc. to repurchase a portion of the vested share options held by employees. The Group accounted for this transaction as a transaction with non-controlling interest while retaining control, with net proceeds from the transaction as increase in total equity of $48.6m as of 31 December 2019. The Group initially measured the non-controlling interest as a proportionate amount of net assets. In January 2020, the Group decided to wind down the operation of Jumpshot. The Group returned the investments made by Ascential plc into the business, along with associated exit costs, in the amount of $73.0m. Associated exit costs of $8.2m were recorded as general and administrative expenses in the statement of comprehensive income and included in the exceptional costs. The remaining $64.8m was recognised as a decrease in total equity as of 31 December 2020. As of 31 December 2020, Avast owned almost 100% of Jumpshot Inc. As a result, the non-controlling interest of $7.5m as fully de-recognised. 35 Share-based payments During the period, the Group has had several equity-settled incentive plans available for employees: Avast plc, 2018 Long Term Incentive Plan (LTIP) The purpose of the LTIP is to incentivise employees and Executive Directors whose contributions are essential to the continued growth and success of the business of the Company, in order to strengthen their commitment to the Company and, in turn, further the growth, development and success of the Company. The following types of awards can be granted: Performance Stock Units (PSUs) PSUs will be granted to Executive Directors and members of the Executive Management team. Each PSU entitles a participant to receive a share in the Company upon the attainment, over a three year performance period, of challenging performance conditions determined by the Remuneration Committee. The award carries a right to a dividend equivalent. Restricted Stock Units (RSUs) RSUs will be granted to key employees of the Group who are not Executive Directors or members of the Executive Management team. Each RSU entitles a participant to receive a share in the Company upon vesting of the RSU. Each award of RSUs will ordinarily vest either in three equal proportions over a three year period or on the third anniversary of grant or over such other period as the Committee may determine, provided the participant remains in service. The award carries no right to a dividend equivalent. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 187 187 35 Share-based payments (continued) Stock options (’options’) Options may be granted to key employees of the Group who are not Executive Directors or members of the Executive Management team. Each option entitles a participant to the right to acquire a share of the Company upon vesting of the option. Each option will ordinarily become exercisable either in three equal proportions over a three year period or on the third anniversary of the grant, or over such other period as the Remuneration Committee may determine. Share Matching Plan (SMP) The purpose of the SMP is to encourage and enable employees and Executive Directors to acquire a significant stake in the Company so that they can share in the future growth, development and success of the Company. Under this plan, employees will be granted one matched share for every three purchased shares after a two-year period. Deferred Bonus Plan (DBP) The Company has adopted the Deferred Bonus Plan, for only Executive Directors. Where a participant is required to defer a portion of their annual bonus into shares under the terms of the Company’s annual bonus arrangements, the Remuneration Committee may grant an award to acquire shares under the DBP in order to facilitate such deferral. Awards will ordinarily vest on the second anniversary of the date of grant. No award under DBP was granted in 2020. Existing Employee Share plan (formerly known as Avast Holding 2014 Share Option Plan; ’Avast Option Plan’) The Avast Option Plan was the primary share option plan of the Group prior to the IPO. No new options have been granted under the Avast Option Plan since the IPO. Furthermore, the Company does not intend to grant any further options under the Avast Option Plan. Options generally vest over a four-year period in four equal installments. Some of the options granted to the key management personnel are performance-based. The contractual life of all options is 10 years. Jumpshot Inc., 2015 Share Option Plan (’Jumpshot Option Plan’) The Jumpshot Option Plan concluded during the year as a result of Jumpshot’s closure and the departure of its employees. Following the departure of all Jumpshot employees, all vested and unvested options lapsed in accordance with the terms of the Jumpshot Option Plan. There are no outstanding options under this plan as of 31 December 2020. Share-based payment expense The total expense that relates to share-based payment transactions during the year is as follows: ($ ’m) LTIP SMP Option plans Total share-based payment expense Year-ended 31 December 2020 Year-ended 31 December 2019 21.9 0.5 (0.5) 21.9 14.2 0.1 6.4 20.7 The Group also recognised additional $0.8m (2019: $4.2m) of employer’s costs related to the share-based payments exercise included in operating costs. Total costs related to share-based payments adjusted out from the operating profit amounted to $22.7m (2019: $24.9m). © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 188 188 Notes to the consolidated financial statements continued 35 Share-based payments (continued) Share options The number and weighted average exercise prices of, and movements in, share options of Avast Option Plan in the year is set out below: Outstanding – 1 January Forfeited Exercised Outstanding – 31 December Vested and exercisable – 31 December Number of shares options Weighted average exercise ($) Number of shares options Weighted average exercise ($) Year-ended 31 December 2020 Year-ended 31 December 2019 24,757,234 (3,302,223) (16,692,684) 4,762,327 2,489,697 2.27 3.53 2.10 2.77 2.36 68,941,832 (3,055,422) (41,129,176) 24,757,234 13,968,428 1.60 3.24 1.07 2.27 1.52 The weighted average share price for options exercised during the year was £ pence 390.36 (2019: £ pence 367.94). Options outstanding at the end of the year had the following range of exercise prices and weighted average remaining contractual life: Exercise price: $0.77 – $0.94 $1.00 – $1.86 $2.72 – $3.63 Outstanding – 31 December Replacement options Outstanding – 1 January Exercised Outstanding – 31 December Vested and exercisable – 31 December Number of shares outstanding 31 December 2020 Weighted average remaining life (years) Number of shares outstanding 31 December 2019 Weighted average remaining life (years) 470,403 709,601 3,582,323 4,762,327 3.80 6.34 7.19 6.73 2,171,117 12,006,156 10,579,961 24,757,234 4.70 7.34 8.22 7.49 Year-ended 31 December 2020 Year-ended 31 December 2019 Number of shares Weighted average exercise ($) Number of shares Weighted average exercise ($) 583,435 (574,042) 9,393 9,393 0.18 0.19 0.19 0.19 12,266,682 (11,683,247) 583,435 583,435 0.19 0.19 0.18 0.18 © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 189 189 35 Share-based payments (continued) Restricted Stock Units The following table illustrates the number and weighted average share price on date of award, and movements in, restricted stock units granted under the LTIP: Outstanding – 1 January Granted Forfeited Vested Outstanding – 31 December Number of shares 8,160,349 5,287,758 (1,984,348) (2,994,633) 8,469,126 Year-ended 31 December 2020 Weighted average share price (£ pence) 319.76 529.86 355.32 303.43 443.74 Number of shares 4,927,332 6,130,302 (1,329,900) (1,567,385) 8,160,349 Year-ended 31 December 2019 Weighted average share price (£ pence) 234.97 354.05 260.99 237.21 319.76 The fair value of RSUs granted is measured as at date of grant using Black-Scholes model, the outcome of which is a weighted average fair value of RSUs granted during the year at £ pence 503.77 (2019: £ pence 324.93). Future dividends have been taken into account based on expected cash flow and dividend policy. Performance Stock Units The following table illustrates the number and weighted average share price on date of award, and movements in, performance stock units granted under the LTIP: Outstanding – 1 January Granted Forfeited Outstanding – 31 December Number of shares 5,358,037 1,185,732 (695,099) 5,848,670 Year-ended 31 December 2020 Weighted average share price (£ pence) 242.30 404.60 219.60 277.91 Number of shares 6,309,881 1,458,494 (2,410,338) 5,358,037 Year-ended 31 December 2019 Weighted average share price (£ pence) 219.60 303.01 219.60 242.30 The vesting of the awards under LTIP is subject to the attainment of performance conditions as described in the Directors’ remuneration report. The fair value of PSUs granted is measured as at date of grant using Black-Scholes model, the outcome of which is a weighted average fair value of PSUs granted during the year was £ pence 404.60 (2019: £ pence 303.01). Share Matching Plan During 2020, the Group has issued 231,348 (2019: 201,928) shares to the employees under the Share Matching Plan and an additional 76,555 (2019: 66,914) will be issued after the matching period (which is two years). The cost of the additional shares is to be recognised against the other reserves over the matching period and amounted to $0.5m in total for all tranches as of 31 December 2020 (2019: $0.1m). The weighted average fair value of additional shares was £ pence 454.70 for the year ended 31 December 2020 (2019: £ pence 289.78). © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 190 190 Notes to the consolidated financial statements continued 36 Related party disclosures Transactions between the Company and its subsidiaries, which are related parties, have been eliminated on consolidation and are not disclosed in this note. Compensation of key management personnel (including Directors) Year-ended 31 December 2020 Year-ended 31 December 2019 Key management personnel Other related parties Key management personnel Other related parties 10.5 0.2 6.4 17.1 0.2 – – 0.2 11.9 1.2 10.0 23.1 0.1 – – 0.1 ($ ’m) Short term employee benefits (including salaries) Termination benefits Share-based payments Total The amounts in the table above includes, in addition to the compensation of key management personnel of the Group, the remuneration of employees of the Group that are considered related parties under IAS 24 Related party disclosures. The aggregate amount of gains made by Directors on the exercise of share options during the year was approximately $10.7m (£8.3m) (2019: $6.4m (£5.0m)). The aggregate amount of gains made by the highest paid Director on the exercise of share options during the year was $10.7m (£8.3m) (2019: $2.6m (£2.1m)). Statutory Directors’ remuneration amounted to $2.7m (2019: $3.6m) for qualifying services to the Company during the year. The aggregate value of the LTIP granted in 2018 will be reported as statutory Directors’ remuneration when it vests in 2021 (but is included in the single total figure table in the Directors’ remuneration report). Further details about the Directors’ remuneration is set out on pages 105 to 126. Other Related Parties Nadační fond AVAST (’AVAST Foundation’) The foundation was established by Avast Software s.r.o. and it distributes the gifts to other charities and foundations in the Czech Republic. The foundation is considered to be a related party as the spouses of Messrs. Kučera and Baudiš are members of the management board of the foundation. On 13 March 2018, the Board approved that the annual donation will be CZK 100m ($5.0m). The donation is paid in quarterly instalments during the year. During the twelve months ended 31 December 2020, Avast Software s.r.o. paid donations of CZK 90.0m ($4.0m (2019: CZK 100.0m ($4.4 m)) to the Foundation. Further $21.0m were paid to the Foundation, which was part of total $25m donations on COVID-19 initiatives. As of 31 December 2020, the Company recorded an accrual of CZK 51.8m ($2.4m) (2019: CZK 56.6m ($2.5m)). Nadační fond Abakus (’Abakus Foundation’) On 29 September 2020, Avast’s founders Messrs. Baudiš and Kučera established the new foundation Abakus. The foundation is considered to be a related party as the spouses of Messrs. Kučera and Baudiš are members of the management board of the foundation. The foundation will distribute the gifts to other charities and foundations in the Czech Republic. The Group will contribute to the operation of the Abakus Foundation. There have been no transactions between the Group and Abakus during the period from the date of the foundation’s establishment through 31 December 2020. Subsequent to year end, Abakus Foundation merged with AVAST Foundation (see Note 38). Enterprise Office Center On 15 November 2016, Enterprise Office Center (owned by Starship Enterprise, a.s.) where Avast Software s.r.o. resides was sold by a third party to a group of investors, including co-founders of Avast Group, Eduard Kučera and Pavel Baudiš for $119.5m (ca. €110m). The term of lease ends in August 2024 and offers two options to extend for another 24 months under the same conditions. The annual rent is €3.3m ($4.0m). 37 Principal exchange rates Translation of Czech crown into US dollar ($:CZK1.00) Average Closing Translation of Sterling into US dollar ($:£1.00) Average Closing Translation of Euro into US dollar ($:€1.00) Average Closing Year-ended 31 December 2020 Year-ended 31 December 2019 0.0431 0.0468 0.0437 0.0442 1.2860 1.3648 1.2757 1.3203 1.1384 1.2271 1.1212 1.1233 38 Subsequent events On 1 January 2021, the Group changed its disaggregation of Consumer reporting of billings and revenues. In prior years, the Consumer segment was further split into Consumer Direct Desktop, Consumer Direct Mobile and Consumer Indirect. In 2021, the direct-to-consumer mobile subscription business will be reported together with the desktop business within the one segment ’Consumer Direct’, due to a rise of multi-device subscriptions. Consumer Indirect will consist of revenues generated via the carrier channel (named as Partner) alongside with Mobile advertising and Platform revenue. The Consumer reporting change has no impact on the overall Group result. There is no change to the overall segments which is consistently reported as Consumer and SMB. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 191 191 38 Subsequent events (continued) On 1 January 2021, Abakus Foundation merged as a successor company with AVAST Foundation. The legacy and the projects of AVAST Foundation in the Czech Republic will continue through the Abakus Foundation, the Avast Founders’ foundation. The Abakus Foundation will support important societal topics such as end-of-life care, support for families with disabled children, and general educational improvement in the Czech Republic. On 4 January 2021, all Avast employees were granted RSUs under the Avast plc 2018 Long Term Incentive Plan. The grant date of these options is 4 January 2021 with vesting generally over a period of 1-3 years. The Group is still analyzing the fair value of the RSU. As of the date of these financial statements, the Group expects the total costs of the RSUs over the vesting period to be approximately $30.4m. On 6 January 2021, Stichting Avast, known as Avast Foundation, was established in the Netherlands by Avast Holding. The new Avast Foundation will support a new range of programs that are aligned with the Avast’s core mission of protecting people in the digital world. The Foundation is considered a related party according to IAS 24 as some of the key management personnel of Avast are members of the Foundation’s Board. 39 Full list of subsidiaries as of 31 December 2020 AVG Technologies UK Limited (06301720), Piriform Software Ltd (08235567) and Privax Limited (07207304) will take advantage of the audit exemption set out within section 479A of the Companies Act 2006 for the year ended 31 December 2020. Country of incorporation Registered office Registered address Netherlands Avast Holding B.V. Avast Software B.V. Databankweg 26, Amersfoort, 3821 AL, The Netherlands Databankweg 26, Amersfoort, 3821 AL, The Netherlands AVG Ecommerce CY BV Databankweg 26, Amersfoort, 3821 AL, The Netherlands Czech Republic Avast Software s.r.o. Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic Germany UK USA Jumpshot s.r.o. FileHippo s.r.o. Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic Pikrtova 1737/1a, 140 00 Prague 4, Czech Republic Avast Deutschland GmbH Otto-Lilienthal-Straße 6, 88046 Friedrichshafen, Germany AVG Technologies UK Limited 7th Floor 110 High Holborn, London, England, WC1V 6JS Privax Limited Piriform Software Ltd AVAST Software, Inc.** Remotium Inc. TrackOFF, Inc. Sybil Software LLC Jumpshot, Inc. 7th Floor 110 High Holborn, London, England, WC1V 6JS 7th Floor 110 High Holborn, London, England, WC1V 6JS 2625 Broadway Street, Redwood City, County of San Mateo, CA 94063, USA 2625 Broadway Street, Redwood City, County of San Mateo, CA 94063, USA 3700 O’Donnell St, Baltimore, MD 21224 Corporation Service Company 251 Little Falls Drive, Wilmington, DE 19808, USA 2625 Broadway Street, Redwood City, County of San Mateo, CA 94063, USA AVG Technologies USA, LLC 2625 Broadway Street, Redwood City, County of San Mateo, CA 94063, USA Location Labs, LLC Piriform Inc. 2100 Powell St, Emeryville, CA 94608, USA Corporation Service Company, 251 Little Falls Drive, Wilmington, DE 19808, USA Class of shares held Percentage of share held Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary 100% 100% 100% 100% 99.9% 100% 100% 100% 100% 100% 100% 100% 100% 100% 99.9% 100% 100% 100% © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Notes to the consolidated financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 192 192 Notes to the consolidated financial statements continued 39 Full list of subsidiaries as of 31 December 2020 (continued) Country of incorporation Registered office Registered address Hong Kong Israel Cyprus AVAST Software (Asia) Limited 10/F, Guangdong Investment Tower, 148 Connaught Road Central, Hong Kong AVG Mobile Technologies Ltd* 2 HaShlosha Street, Tel Aviv Yaffo 6706054, Israel (PO BOX 9244) Piriform Group Ltd Piriform Limited 1 Constantinou Skokou St, Capital Chambers, 5th Floor, Agios Antonios, 1061 Nicosia, Cyprus 1 Constantinou Skokou St, Capital Chambers, 5th Floor, Agios Antonios, 1061 Nicosia, Cyprus Australia AVG Technologies AU Pty Ltd C/- Intertrust Australia Pty Ltd, Suite 2, Level 25, 100 Miller Street, North Sydney NSW 2060” Australia Class of shares held Percentage of share held Ordinary Ordinary Ordinary Ordinary Ordinary 100% 100% 100% 100% 100% Brasil Norway Slovak Republic Switzerland Serbia Japan Romania Ireland Italy AVG Distribuidora de Tecnologias do Brasil Ltda. Conj 38, R. Amazonas, 669 – Santa Paula, São Caetano do Sul – SP, 09520-070, Brasil Ordinary 100% AVG Technologies Norway AS Lysaker Torg 5, 1366 Lysaker, Bærum, Norway INLOOPX s.r.o.*** Avast Switzerland AG Privax d.o.o. Beograd Poštová 1, 010 08 Žilina, Slovakia Grosspeteranlage 29, 4052 Basel, Switzerland Bulevar Mihaila Pupina 6, 11070 Belgrade-Novi Beograd, Serbia Avast Software Japan Godo Kaisha 1F and 2F Otemachi Building, 1-6-1 Otemachi, Chiyoda-ku, Tokyo, Japan Avast Software Romania S.R.L. Municipiul Iasi, Strada Palas Nr. 7B-7C, Clădirea C1, United Business Center 3, Etaj 8, Judet Iasi, Romania Avast Software Ireland Limited 5th Floor Beaux Lane House, Mercer Street, Lower Dublin 2 D02 DH60, Ireland Avast Software Italy s.r.l. Viale Abruzzi 94 CAP 20131, Milano, Italy Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary Ordinary 100% 100% 100% 100% 100% 100% 100% 100% In liquidation. * ** As of 17 December 2020, Emerald Cactus Ventures, Inc. merged into AVAST Software, Inc. *** As of 11 January 2021, Inloop s.r.o. changed its legal name to Avast Slovakia s.r.o. The Company’s directly held subsidiary is Avast Holding B.V. All other subsidiaries are indirectly held. © 2019 Friend Studio Ltd File name: FinancialXStatements_v61 Modification Date: 2 March 2021 5:31 pm Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 193 193 Company statement of financial position As at 31 December 2020 Non-current assets Investment in subsidiary Deferred tax assets Total non-current assets Current assets Current tax receivables Trade and other receivables: Amounts due from related party Prepayments Other accounts receivable Cash and cash equivalents Total current assets Total assets Current liabilities Trade payables and other liabilities: Trade payables Corporate income tax Amounts due to related party Total current liabilities Net assets Capital and reserves Share capital Share premium Merger reserve Other reserve Retained earnings Total equity Notes 4 5 6 7 8 8 9 9 31 December 2020 $M 31 December 2019 $M 3,245.6 0.9 3,246.5 0.2 26.4 0.7 – 27.1 – 27.3 3,273.8 3.2 – – 3.2 3.2 3,270.6 138.6 87.6 2,893.9 37.2 113.3 3,270.6 3,231.1 1.4 3,232.5 0.4 126.5 0.5 0.2 127.2 16.5 144.1 3,376.6 1.3 0.1 – 1.4 1.4 3,375.2 136.0 55.6 2,893.9 30.8 258.9 3,375.2 The Company has taken advantage of the exemption in section 408 of the Companies Act 2006 not to present its individual profit and loss account. The loss of the Company was $(6.2)m (2019: Profit of $223.0m). These financial statements were approved by the Board of Directors on 2 March 2021 and signed on its behalf by: Philip Marshall Chief Financial Officer The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Company financial statements Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 194 194 Company financial statements continued Company statement of changes in equity For the year-ended 31 December 2020 Notes Share capital $M 129.0 Share premium $M Merger reserve $M 15.4 2,893.9 – – – – 7.0 – – – – – 40.2 – – – – – – – Other reserve $M 10.6 – – – 20.2 – – 136.0 55.6 2,893.9 30.8 – – – – – 2.6 – 138.6 – – – – – 32.0 – 87.6 – – – – – – – – – – (15.4) 21.8 – – 2,893.9 37..2 9 8 9 9 8 Retained earnings $M 161.6 223.0 223.0 1.3 – – Total equity $M 3,210.5 223.0 223.0 1.3 20.2 47.2 (127.0) 258.9 (127.0) 3,375.2 (6.2) (6.2) 0.5 15.4 – (0.6) (6.2) (6.2) 0.5 – 21.8 34.0 (154.7) 113.3 (154.7) 3,270.6 At 31 December 2018 Profit for the year Total comprehensive profit for the year Share-based payments tax Share-based payments Exercise of options Cash dividend At 31 December 2019 Loss for the year Total comprehensive profit/(loss) for the year Share-based payments tax Share-based payments transfer to retained earnings Share-based payments Exercise of options Cash dividend At 31 December 2020 The accompanying notes form an integral part of these financial statements. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Company financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 195 195 Capitalisation of share-based payments Where the Company grants share-based awards over its own shares in exchange for employee services rendered to its subsidiaries, it recognises an increase in the cost of investment equivalent to the share-based payment expense recognised in the consolidated financial statements and a corresponding credit in other reserves in equity. The Company recharges the expenses for share-based awards relating to employees employed in US and UK subsidiaries to the subsidiary which employs the respective employee at an amount equivalent to the respective share- based payment expense recognised in the consolidated financial statements relating to those subsidiary employees. The Company recognises in its individual financial statements an increase to amounts due from related parties and a corresponding decrease in the cost of investment. Therefore, the cost of investment increases by the share-based payment expense recognised in the consolidated financial statements net of any recharges and amounts relating to services supplied to the Company. Refer to Note 2 of the consolidated financial statements for the accounting policy in respect of share-based payments. 1 General Avast plc (’the Company’) is a public limited company incorporated and domiciled in the UK, and registered under the laws of England & Wales under company number 07118170 with its registered address at 110 High Holborn, London WC1V 6JS. The ordinary shares of Avast plc are admitted to the premium listing segment of the Official List of the UK Financial Conduct Authority and trade on the London Stock Exchange plc’s main market for listed securities. 2 Summary of significant accounting policies Basis of preparation The financial statements have been prepared in accordance with Financial Reporting Standard 102 (’FRS 102’) and under the historical cost accounting rules. The Company is a qualifying entity as it prepares consolidated financial statements. In its individual financial statements, the Company has applied the disclosure exemptions available under the FRS 102 The Financial Reporting Standard Applicable in the UK and Republic of Ireland in respect of preparation of a cash flow statement and disclosure of key management personnel compensation. As the consolidated financial statements of the Company include the equivalent disclosures, the Company has also taken the exemptions available under FRS 102 in respect of disclosures in respect of share-based payments and financial instruments. The Company has taken the exemption not to disclose intragroup transactions with wholly owned subsidiary undertakings. Going concern The Company and its subsidiaries have considerable financial resources and a large number of customer contracts across different geographic areas and industries. The Directors have reviewed the projected cash flows for the Group and have a reasonable expectation that the Company is well placed to manage its business risk successfully and has adequate resources to continue in operational existence for the foreseeable future, and a period of at least 12 months from the signing of the accounts. For this reason, the Directors have adopted the going concern assumption in preparing the financial statements (see Note 2 of consolidated financial statements of the Company). Investment in subsidiary The investment in subsidiary is stated in the Company’s separate financial statements at cost less impairment losses. The carrying value of the investment in subsidiary is reviewed for impairment if events or changes in circumstances indicate that the carrying value may not be recoverable. Cash and cash equivalents Cash and cash equivalents in the statement of financial position comprise cash at bank and on hand and short-term deposits with a maturity of three months or less. Financial instruments Financial assets and liabilities are recognised on the Company’s Statement of Financial Position when the Company becomes a contractual party to the instrument. When financial instruments are recognised initially, they are measured at fair value, which is the transaction price plus, in the case of financial assets and financial liabilities not measured at fair value through profit and loss, directly attributable transaction costs. The Company’s receivables qualify as basic financial instruments under Section 11 of FRS 102 and are included at amortised cost. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Notes to the Company financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 196 196 Notes to the Company financial statements continued 2 Summary of significant accounting policies (continued) Foreign currencies Transactions in foreign currencies are recorded using the rate of exchange ruling at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies are translated using the rate of exchange valid at the balance sheet date and the gains or losses on translation are included in profit or loss as finance income and expenses. Non-monetary assets and liabilities denominated in foreign currencies are stated at historical foreign exchange rates. Functional currency The Company’s functional currency is US dollars. Employee benefit trust The Group has established an employee benefit trust (Avast plc Employee Benefit Trust; EBT) in 2019. The trust is treated as an extension of the Company. During the year, 2,994,633 RSUs (2019: 1,567,385) were issued to the EBT for the amount of the nominal value of $0.6m (2019: $0.2m) and then transferred to employees. At 31 December 2020, no shares were held by the trust. 3 Auditor’s remuneration The figures for auditor’s remuneration for the Company required by regulation 5(1)(b) of the Companies (Disclosure of Auditor Remuneration and Liability Limitation Agreements) Regulations 2008 are not presented as the consolidated financial statements comply with this regulation on a consolidated basis. 4 Investment in subsidiary The investment in subsidiary represents the investment in Avast Holding B.V. (’Avast Holding’), a wholly owned subsidiary of the Company. A full list of the Company’s direct and indirect subsidiaries is included in Note 40 of the consolidated financial statements. In addition, the amounts due from related party also includes $6.1m (2019: $3.7m) of recharges for management services provided by the Company to Group subsidiaries and $5.2m (2019: nil) of recharges for share-based payment expense to the USA and UK. 6 Cash and cash equivalents ($ ’m) Cash in bank Total 31 December 2020 31 December 2019 – – 16.5 16.5 7 Trade payables and other liabilities ($ ’m) Trade payables Corporate income tax Total 31 December 2020 31 December 2019 3.2 – 3.2 1.3 0.1 1.4 Cost at 31 December 2018 Capitalisation of share-based payments Cost at 31 December 2019 Capitalisation of share-based payments Cost at 31 December 2020 $M 3,217.5 13.6 3,231.1 14.5 3,245.6 The additions in the year relate to IFRS 2 share-based payment expense. 5 Trade and other receivables ($ ’m) Amounts due from related party Prepayments Other accounts receivable Total 31 December 2020 31 December 2019 26.4 0.7 – 27.1 126.5 0.5 0.2 127.2 As of 15 May 2018, the Company entered into a cash management agreement with Avast Corporate Services B.V., its indirect subsidiary, which operates a cash pooling arrangement for the Group. Under this agreement, the Company has a short-term loan receivable of $15.0m (2019: $122.8m), repayable on demand, with a variable interest rate based on 3-month USD LIBOR -0.5% (2019: -0.5%) assessed quarterly. The interest income for the period ended 31 December 2020 was $0.2m (2019: $0.3m). The interest rates for both credit and debit balances are floored at 0%. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Notes to the Company financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 197 197 8 Share capital Shares issued and fully paid: Share capital on 31 December 2018 (Ordinary share of £0.10 each) Issuance of shares under share-based payments plans Share capital on 31 December 2019 (Ordinary share of £0.10 each) Issuance of shares under share-based payments plans Share capital on 31 December 2020 (Ordinary share of £0.10 each) Number of shares 953,438,299 54,581,736 1,008,020,035 20,492,707 1,028,512,742 For details of dividends (including proposed dividends), see Note 33 of consolidated financial statements. Share capital ($ ’m) Share premium ($ ’m) 11 Personnel expenses Personnel expenses of the Company consist of the following: 129.0 7.0 136.0 2.6 138.6 15.4 40.2 55.6 32.0 87.6 ($ ’m) Wages and salaries Social security and health insurance Social costs Share-based payments (including employer’s costs) Total personnel expense 2020 6.7 1.0 0.4 2.5 10.6 2019 4.9 0.7 0.1 4.8 10.5 For details of options and other share awards over the Company’s shares, see Note 35 of consolidated financial statements of the Company. The average number of employees by category during the period was as follows: 9 Reserves Merger reserve Merger reserve includes a reserve for the share-for-share exchange transaction that qualified for merger relief in accordance with section 612. This reserve also includes the value of the options over PLC shares that were subsequently net exercised on the IPO, in excess of the share capital and premium arising on exercise. The merger reserve is non-distributable. Other reserve The fair value of share awards granted to employees is recorded over the vesting periods of individual options granted as a personnel expense (or where appropriate, capitalised as investment in subsidiary) with a corresponding entry to other reserves. The amount of $21.8m (2019: $20.2m) represents the expense from the share awards granted under Avast’s incentive plans for the year ended 31 December 2020. In addition, the amount of $15.4m represents reclassification of parts of the other reserves that are realised relating to awards to the Company’s own employees and due to recharges to subsidiaries. For more information about the plan, see Note 35 in the consolidated financial statements. 10 Dividend The dividend income for the year ended 31 December 2020 was $nil (2019: $225.0m). 2020 2019 Sales and marketing General and administrative Total average number of employees 8 10 18 The total expense that relates to the equity-settled share-based payment transactions of employees of the Company during the period is as follows: ($ ’m) Avast Option Plan LTIP Total share-based payment expense 2020 0.1 2.1 2.2 5 6 11 2019 0.9 0.4 1.3 The cost of equity-settled transactions with employees is measured by reference to the fair value at the date at which they are granted, further details of which are given in Note 35 of consolidated financial statements. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Notes to the Company financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 198 198 Notes to the Company financial statements continued 12 Guarantees As denoted in Note 39 of the consolidated financial statements, the Company will guarantee the debts and liabilities of certain of its UK subsidiaries at the balance sheet date in accordance with section 479C of the Companies Act 2006. The Company has assessed the probability of loss under these guarantees as remote. 13 Subsequent events On 29 January 2021, the Company received an interim dividend of $115.3m from its direct subsidiary Avast Holding B.V. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Notes to the Company financial statements continued Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 Avast annual report 2020 199 199 Adjusted Billings Adjusted Billings represent the full value of products and services being delivered under subscription and other agreements and include sales to new end customers plus renewals and additional sales to existing end customers. Under the subscription model, end customers pay the Group for the entire amount of the subscription in cash upfront upon initial delivery of the applicable products. The invoicing timing may slightly vary through the year with immaterial impact, as part of our usual renewal offers testing. Although the cash is paid upfront, under IFRS subscription revenue is deferred and recognised rateably over the life of the subscription agreement, whereas non-subscription revenue is typically recognised immediately. Adjusted Billings represents the Group’s reported billings. Adjusted EBITDA margin Adjusted effective tax rate Adjusted EPS Adjusted Revenue Adjusted Revenue represents the Group’s reported revenue adjusted for the Deferred Revenue Haircut Reversal, the Gross-Up Adjustment. These historical adjustments are negligible from 2019. A reconciliation is included in the ’PRESENTATION OF RESULTS AND DEFINITIONS’. Adjusted Net Income Adjusted Billings/Revenue excluding FX Adjusted Cash EBITDA Adjusted Cost of Revenues/ Operating costs Adjusted EBITDA Growth rate excluding exchange rate impact calculated by restating 2020 actuals to 2019 FX rates. Deferred revenue is translated to USD at the date of invoice and is therefore excluded when calculating the impact of FX on revenue. For the FX rates applied, see ‘Principal exchange rates applied’. Cash earnings before interest, taxation, depreciation, and amortisation (‘Adjusted Cash EBITDA‘) is defined as Adjusted EBITDA plus the net deferral of revenue, the net change in deferred cost of goods sold, and the reversal of the COGS Deferral Adjustments. A full reconciliation is included in the ’PRESENTATION OF RESULTS AND DEFINITIONS’. Adjusted Cost of Revenues/Operating costs represent the Group’s cost of revenues/operating costs adjusted for depreciation and amortisation charges, share-based payments charges, exceptional items, COGS deferral adjustment and the gross-up adjustment. A full reconciliation is included in the ’Costs’ section of the ’FINANCIAL REVIEW’. Adjusted earnings before interest, taxation, depreciation and amortisation (’Adjusted EBITDA’) is defined as the Group’s operating profit/loss before depreciation, amortisation of non-acquisition intangible assets, share-based payments including related employer’s costs, exceptional items, amortisation of acquisition intangible assets, the Deferred Revenue Haircut Reversal and the COGS Deferral Adjustments. A full reconciliation is included in the ’PRESENTATION OF RESULTS AND DEFINITIONS’. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Adjusted EBITDA as a percentage of Adjusted Revenue. Adjusted Income tax as a percentage of Adjusted Profit before tax (defined as Adjusted Net Income before deduction of Adjusted Income tax) For the Adjusted Income Tax reconciliation see ’Income Tax’ section of ’FINANCIAL REVIEW’. Basic Adjusted earnings per share amounts are calculated by dividing the Adjusted net income for the period by the weighted average number of shares of common stock outstanding during the year. The diluted Adjusted earnings per share amounts consider the weighted average number of shares of common stock outstanding during the year adjusted for the effect of dilutive options. For the reconciliation see ’Earnings per share’ in the ’FINANCIAL REVIEW’ section. Adjusted Net Income represents statutory net income plus the Deferred Revenue Haircut Reversal, share-based payments, exceptional items, amortisation of acquisition intangible assets, unrealised foreign exchange gain/loss on the EUR tranche of the bank loan, the COGS Deferral Adjustments, the tax impact from the unrealised exchange differences on intercompany loans and the tax impact of the foregoing adjusting items, IP transfer and donations, less gain on disposal of business operation. For the reconciliation see ’PRESENTATION OF RESULTS AND DEFINITIONS’ section. Amortisation of acquisition intangibles Represents the amortisation of intangible assets acquired through business combinations which does not reflect the ongoing normal level of amortisation in the business. Average Products Per Customer (APPC) APPC defined as the Consumer Direct Desktop simple average valid licences or subscriptions for the financial period presented divided by the simple average number of Customers during the same period. See ’Consumer Direct Desktop Operational KPIs’. Average Revenue Per Customer (ARPC) ARPC is defined as the Consumer Direct Desktop revenue for the financial period divided by the average number of Customers during the same period. See ’Consumer Direct Desktop Operational KPIs’. Cash conversion Unlevered Free Cash Flow as a percentage of Adjusted Cash EBITDA. See ’Cash flow’ section of ’FINANCIAL REVIEW’. Glossary Strategic report Governance Financial statements Strategic report Governance Financial statements Avast plc annual report 2020 200 Avast annual report 2020 200 Glossary continued COGS Deferral Adjustments Deferred Revenue Haircut Reversal Discontinued Business Exceptional items Gross debt There was no deferred cost of goods sold (’COGS’) balance consolidated by the Group in the acquisition balance sheet of AVG in 2016 and thus no subsequent expense was recorded as the revenue in respect of pre-acquisition date billings was recognised. The ’COGS Deferral Adjustments’ refers to an adjustment to reflect the recognition of deferred cost of goods sold expenses that would have been recorded in 2016 and 2017 in respect of pre-acquisition date AVG billings, had the AVG and the Group’s businesses always been combined and had AVG always been deferring cost of goods sold. See ’PRESENTATION OF RESULTS AND DEFINITIONS’. Under IFRS 3, Business Combinations, an acquirer must recognise assets acquired and liabilities assumed at fair value as of the acquisition date. The process of determining the fair value of deferred revenues acquired often results in a significant downward adjustment to the target’s book value of deferred revenues. The reversal of the downward adjustment to the book value of deferred revenues of companies the Group has acquired during the periods under review is referred to as the ’Deferred Revenue Haircut Reversal’. See ’PRESENTATION OF RESULTS AND DEFINITIONS’. In January 2020 Avast decided to terminate the provision of anonymized data to its data analytics business, Jumpshot, having concluded that the business was not consistent in long term with the Group’s privacy priorities as a global cybersecurity company. As the company is also exiting its toolbar-related search distribution business (which had previously been an important contributor to AVG’s revenues) and the browser clean-up business, the growth figures exclude all of these (referred to above and throughout the report as ’Discontinued Business’). These revenues were negligible by the end of 2020 in line with expectations. The Discontinued Business does not represent a discontinued operation as defined by IFRS 5 since it either has not been disposed of but rather it is being continuously scaled down or it is considered to be neither a separate major line of business, nor geographical area of operations. Exceptional items are material and non-recurring items of income and expense which Group believes should be separately disclosed to show the underlying business performance of the Group more accurately. For details see ’Exceptional items’ of ’FINANCIAL REVIEW’ and Note 6. Represents the sum of the total book value of the Group’s loan obligations (i.e. sum of loan principals). A reconciliation is included in the ’Financing’ section of the ’FINANCIAL REVIEW’. © 2019 Friend Studio Ltd File name: CompanyXFinancialXStatements_v29 Modification Date: 2 March 2021 4:38 pm Gross-Up Adjustment Levered Free Cash Flow Net debt Number of customers Organic growth Unlevered Free Cash Flow The ’Gross-Up Adjustment’ refers to the estimated impact of the additional amount of 2015 and 2016 revenue and expenses and their deferral that would have been recognised by Avast had the contractual arrangements with certain customers qualified to have been recognised on a gross rather than a net basis prior to 2017 (AVG had historically recognised Billings and revenues on a gross basis, whereas Avast recognised them on a net basis). See ’PRESENTATION OF RESULTS AND DEFINITIONS’. Represents amounts of incremental cash flows the Group has after it has met its financial obligations (after interest and lease repayments) and is defined as Unlevered Free Cash Flow less cash interest and lease repayments. See ’Cash flow’ section of ’FINANCIAL REVIEW’ for reconciliation. Net debt indicates gross debt netted by the company’s cash and cash equivalents. A reconciliation is included in the ’Financing’ section of the ’FINANCIAL REVIEW’. Users who have at least one valid paid Consumer Direct Desktop subscription (or license) at the end of the period. Organic growth represents growth figures excluding the impact of FX, acquisitions, business disposals and discontinued business. Excludes current period revenue of acquisitions until the first anniversary of their consolidation. As such, organic revenue refers to revenue normalised as described here. Represents Adjusted Cash EBITDA less capex, plus cash flows in relation to changes in working capital (excluding change in deferred revenue and change in deferred cost of goods sold as these are already included in Adjusted Cash EBITDA) and taxation. Changes in working capital and taxation are as per the cash flow statement on an unadjusted historical basis and unadjusted for exceptional items. In 2019, cash tax excluded a significant Dutch exit tax paid as this was treated as an exceptional item. In 2020, the Jumpshot wind-down costs were treated as an exceptional item, thus excluded from the Unlevered Free Cash Flow. See ’Cash flow’ section of ’FINANCIAL REVIEW’ for reconciliation. Unrealised FX on EUR tranche of bank loan In the reported financials, the Group retranslates into USD at each balance sheet date the Euro value of the Euro tranche of the bank debt, with the unrealised FX movement going to the income statement. This adjustment reverses this unrealised element of the FX gain/loss. Printed on Galerie Satin, and FSC® Mixed Sources paper manufactured using pulp from well managed forests at a mill accredited with EMAS and ISO 14001 environmental standards. Printed by CPI Colour. CPI Colour are ISO 14001 certified, CarbonNeutral® and FSC® chain of Custody certified. Designed and produced by Friend www.friendstudio.com © 2019 Friend Studio Ltd File name: BackXCover_v13 Modification Date: 2 March 2021 3:29 pm Strategic report Governance Financial statements Strategic report Governance Financial statements Avast annual report 2020 Avast annual report 2020 Avast annual report 2020 192 192 192 Notes to the Company financial statements Contact Brokers J.P. Morgan Cazenove UBS Investment Bank Independent Auditors Ernst & Young 1 More London Place London SE1 2AF Investor Relations IR@avast.com Public Relations mediarelations@avast.com Registrar Equiniti Aspect House Spencer Road Lancing West Sussex BN99 6DA UK callers: 0371 384 2030 International callers: +44 121 415 7047 Registered office address Avast plc 110 High Holborn London WC1V 6JS Company number : 07118170 © 2019 Friend Studio Ltd File name: BackXCover_v13 Modification Date: 2 March 2021 3:29 pm
Continue reading text version or see original annual report in PDF format above