

# LEGION PARTNERS



May 2021

**ProtectOneSpan.com** 

# **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
| 8 | Appendix                                               |



# **Legion Partners**

# \$577 million<sup>1</sup>

Assets under management

#### 40+ years

Investment team's combined years of activist experience

#### 2012

Co-founders
Chris Kiper and
Ted White

Source: Legion Partners

#### **Strategic Stock Selection**

- · High-quality businesses trading at a significant discount relative to their intrinsic value
- Small-cap companies which offer the greatest upside potential
- · Concentrated, high-conviction portfolio based on rigorous investment criteria

#### **Drive Value Through Activism**

- Align the interests of company board and management with those of stockholders
- Have successfully placed more than 30 new board members at our portfolio companies – over 40% have been women and/or ethnically diverse<sup>2</sup>
- Enhance and accelerate value creation through a variety of activist strategies

#### **Aligning with Long-Term Goals**

- Second-largest institutional investor in OneSpan
- Continuous stockholder since April 2018 and 5%+ holder since October 2018
- Along with nominees, Legion owns 6.9% of outstanding OSPN common stock<sup>3</sup>



CONFIDENTIAL & PROPRIETARY

# Legion Partners' Track Record in Software and Hardware

Legion Partners has extensive experience investing in the technology space, including the software and hardware sectors

#### **Software and Hardware**







ShoreTel (SHOR)
Former Investment

Mitel (MITL)
Former Investment

Globalstar (GSAT)
Current Investment

#### Cloud-First Software-as-a-Service ("SaaS")





BroadSoft (BSFT)
Former Investment

SPS Commerce (SPSC)
Former Investment





Vonage (VG)
Current Investment

SurveyMonkey (SVMK)
Current Investment



Source: Legion Partners

This proxy contest is about addressing a deeply ingrained, insular Board that has done the bare minimum and defensively added new directors with largely irrelevant skillsets and personal connections in order to protect the status quo

It is not simply about corporate structure or one or two ideas

In order to improve this culture and the <u>severe stock price</u> <u>underperformance</u> that has accompanied it, we strongly believe truly **independent** directors **aligned with stockholders** are needed

# Legion's Nominees Are Aligned with OneSpan's Future

We have recruited a world-class group of technologists, operators, executives and investors who have overseen, led and invested in numerous successful modern public software and hardware companies



#### Sarika Garg

- World-renowned expert on SaaS operations, sales and architectures, particularly in the fintech space
- Former Chief Strategy Officer at Tradeshift
- 10+ years as top executive at SAP, including in the Office of the CEO, with a focus on product innovation and strategy
- Top 50 Women Leaders in SaaS (The Software Report – 2018 and 2019)



#### Rinki Sethi

- Award-winning leader in security innovation with experience leading and developing innovative security infrastructure for Fortune 500 companies
- Chief Information Security Officer (CISO) at Twitter
- Former CISO at Rubrik
- Former Enterprise CISO at IBM
- Former VP of Security Operations & Strategy at Palo Alto Networks















#### **Michael McConnell**

- Private investor with 20+ years of public company non-executive Board, CEO operating and public company investor experience
- Current Director at Vonage (VG), an enterprise communications SaaS company
- Former Director at SPS Commerce (SPSC), a supply chain SaaS company
- Former Director at Guidance Software (GUID), a cybersecurity company
- Former Managing Director at Shamrock Capital Advisors (Disney Family Office) -Head of the Shamrock Activist Value Fund



#### Sagar Gupta

- Over a decade of experience advising and investing in public TMT companies
- Senior Analyst at Legion Partners
  - Leads TMT investing

LEGION PARTNERS

- Legion Partners is a 6.9% stockholder in OSPN
- Former investor at KKR and Balvasny Asset Management











## **Our Nominees Bring a Relevant Track Record of Success**



"I've spent over a decade at SAP, including in the Office of the CEO, and witnessed firsthand the company's transition from perpetual licensing to a cloud-based business model. Given the tremendous size of the company, I was involved in nearly every aspect of the transition – architecture design, new product development, go-to-market strategy revamps, sales force reorganizations, and M&A. We acquired several billion-dollar-plus cloud companies and I was fortunate enough to play a key role in many of them. Given OneSpan is a much smaller company attempting a similar path, I believe I can quickly help implement best practices to ensure long-term growth."

Sarika Garg - Former Chief Strategy Officer at Tradeshift



"I started my career as an engineer and even though I'm part of the C-suite now, I am still an engineer at heart. The new Trusted Identity Platform that OneSpan has built resonates with the latest and greatest architectures I've come across at other leading cloud-based cybersecurity companies in Silicon Valley. There is serious technological and business potential at OneSpan, and I believe my deep technical and executive experience in the space can help ensure OneSpan remains competitive in this fast-changing space."

Rinki Sethi - Chief Information Security Officer at Twitter



"I've served on 16 public company boards in a wide range of industries and foreign countries over the last 24 years. One accumulates pattern recognition over time and OneSpan appears to present many of the signs that signal chronic underperformance and the need for change. Additionally, I've served on several cloud software company boards and recognize critical elements that drive successful strategies and execution."

Michael McConnell - Board Director, Executive and Investor at Numerous Public Technology Firms



"My firm, Legion Partners, prides itself on implementing sound governance at all of our portfolio companies. Combined with my 10+ year background in technology, I believe this unique combination of governance and technology capital markets expertise can help improve OneSpan's underwhelming investor communications and redesign the Company's executive compensation programs to ensure proper long-term alignment between OneSpan's Board, management team and all stockholders."

Sagar Gupta – Senior Analyst & Head of TMT Investing at Legion Partners (6.9% OSPN Stockholder)



Source: Legion Partners

# OneSpan (OSPN) - Overview

# OneSpan (OSPN) is a leading mobile & identity cybersecurity and eSignature software provider to the world's largest financial institutions

- 10,000+ customers, including 70 of the top 100 global banks
- Transitioning to Software & Services ("Software") with a focus on cloud SaaS and term-based licensing recurring revenue
- Majority of revenue is now recurring Software revenue
- Legacy Hardware segment ("Hardware") in secular decline
- \$1.0bn market cap with \$115mm in cash and no debt





# Why Did We Invest in OneSpan?

#### We believe OSPN stock has tremendous valuation potential

- ✓ Underfollowed transition story with attractive Software growth driving significant margin expansion
- ✓ Exceptionally strong customer base with trusted relationships
- ✓ New cloud-based platform enables significant cross-sell opportunity
- Criticality of technology very high relative to small company size
- ✓ Large Total Addressable Market ("TAM")
- ✓ Highly strategic asset at forefront of identity & mobile cybersecurity
- ✓ Deeply undervalued relative to peers

# Why Are We Here?

OSPN Stock Has Been a Serial Underperformer

- OSPN currently trades at ~70% valuation discount to peers and its total shareholder returns ("TSR") has severely underperformed across 1, 3, 5, 10, and 15-year periods¹
- We believe Hardware detracts from OSPN's true valuation by overshadowing Software
- Navigating this issue and OneSpan's next stage requires new independent directors with relevant skillsets to help improve the Company's strategic oversight, operations, and financial disclosures – and objectively evaluate strategic alternatives
- In addition, we believe poor corporate governance, questionable capital allocation and confusing investor communications are weighing on OSPN's valuation

Reactive Maneuvers Have Failed to Improve TSR

- OneSpan is transitioning from Hardware to a cloud-first, recurring revenue Software company, but the Board's skill sets do not appear to have appropriately evolved with this strategy
- Despite our significant efforts to collaborate on refreshment, the Board has defensively added new directors with questionable qualifications and fit, as well as prior connections to existing directors
- We believe many of the Board's recent, incremental changes would not have occurred absent Legion's engagement, and have not gone far enough to improve OSPN's TSR

Board Leadership and Culture Need to Change

- We believe OSPN's TSR has not improved because the real power in the boardroom has not changed as longer-tenured and underqualified directors continue to hold key leadership positions
- Engagement with the Board has been almost non-existent other than a brief, chance meeting
  with Chairman Fox at the Company's Investor Day, and three short phone calls in early 2020, no
  independent director has been willing to meet with Legion over the past 3 years
- Our four nominees consist of technologists, operators, executives and investors who have overseen, led and invested in numerous successful modern public software and hardware companies – and can help close OSPN's persistent valuation gap



# OneSpan's TSR Has Severely Underperformed

OSPN stock has underperformed several pertinent peer groups, including the Company's self-selected Fiscal 2020 Form 10-K peer group, and broader market indices over multiple time periods through the Unaffected Date (2/24/21)

| OSPN Relative Total Shareholder Returns vs. Major Benchmarks and Peer G |        |        |        |        |         |         |
|-------------------------------------------------------------------------|--------|--------|--------|--------|---------|---------|
| OSPN vs.                                                                | 1 Year | 2 Year | 3 Year | 5 Year | 10 Year | 15 Year |
| Cybersecurity Peers                                                     | (50%)  | (56%)  | (50%)  | (245%) | (106%)  | (346%)  |
| Direct Software Peers                                                   | (93%)  | (162%) | (127%) | (395%) | (382%)  | (450%)  |
| Company Peers                                                           | (92%)  | (79%)  | (51%)  | (254%) | (304%)  | (354%)  |
| Russell 3000                                                            | 9%     | (25%)  | 47%    | (40%)  | (38%)   | (79%)   |
| MSCI ACWI/Software Index                                                | (3%)   | (65%)  | (17%)  | (208%) | (292%)  | (482%)  |
| IGV                                                                     | (13%)  | (60%)  | (20%)  | (234%) | (346%)  | (669%)  |
| NASDAQ                                                                  | (13%)  | (62%)  | 8%     | (129%) | (230%)  | (357%)  |

Across any peer group, index, or time period, the result is the same – OSPN has generally underperformed



# The Right OneSpan Peer Sets

# Legion utilizes three major peer sets: Cybersecurity Peers, Direct Software Peers, and Company Peers

- Cybersecurity Peers: cybersecurity public peers of meaningful size (\$500mm+ market capitalization), many of whom sell both software (all deployment types) and hardware solutions (firewall appliances, etc.)
  - Many have undergone a similar transition to a cloud-first, recurring revenue business model over a similar time period as OSPN, and many still possess legacy hardware segments
  - We predominantly rely on this peer set for comparison against the valuation of consolidated OSPN (EV / Revenue methodology)
- Direct Software Peers: pure play cybersecurity and banking/eSignature recurring software (term licensing and SaaS) peers
  - Excludes cybersecurity peers with substantial hardware/appliance or perpetual license revenue
  - We predominantly rely on this peer set for comparison against the implied valuation of OSPN's recurring revenue (EV / ARR methodology)
- Company Peers: OneSpan's hand-selected peers disclosed in their Fiscal 2020 Form 10-K
- Legion also compares OSPN's TSR to several market indices

All three peer sets are appropriate for comparison to OSPN's TSR and valuation



# OneSpan's Own TSR Scorecard Appears to be an "F"

#### The Company's TSR analysis from their Fiscal 2020 Form 10-K



This is not "admirable"

# **OSPN's Valuation Continues to Lag**

# OneSpan's valuation continues to trade near the bottom of Cybersecurity Peers at a ~70% discount

Cybersecurity Peers - 2021E Enterprise Value / Revenue





### **Board Has Mischaracterized its Track Record**

# The Board has misleadingly claimed "admirable" performance and extensive engagement with Legion

- Misleading Claim #1: OSPN stock "outperformed our peers" since Legion invested, and has "performed admirably" versus peers on a 1, 2, and 3-year basis
  - In making this claim, the Board utilized median TSR performance, not average utilizing the average is a widely accepted practice and reveals severe underperformance of OSPN stock
  - Peer set used is derived from the Company's proxy statement (for compensation analysis), not the TSR performance peer set from its Fiscal 2020 Form 10-K – this change conveniently omits the two highest performing peers from the Fiscal 2020 Form 10-K peer set
- Misleading Claim #2: OSPN stock "doubled over the past 3 years" and beat the NASDAQ
  - The Board randomly picked 4/16/21 as its end date in order to anchor this misleading claim which has only held true on ∼5% of the 760 days since Legion invested in OSPN
- Misleading Claim #3: "Our management team and Board have engaged extensively with Legion"
  - Nearly all of our 40+ meetings and calls were with OneSpan's management team and primarily consisted of Legion representatives educating the Company on basic software metrics and valuation concepts
  - Our interactions with the Board have been very limited over the past 3 years other than three short phone calls in early 2020, and a brief, ad hoc meeting with Chairman Fox at the Company's Investor Day, no independent director has been willing to directly discuss Legion's concerns



# We Believe Multiple Issues Weigh on OSPN's Valuation

# The Board has been unable or unwilling to oversee an evolution of relevant skillsets that align with the Company's go-forward strategy

- No Credible Plan to Fix Valuation: We believe refusal to acknowledge OSPN's discounted valuation in the public markets has led to resistance in addressing the problem, including a refusal to provide segment-level financials
- Confusing Investor Communications: Apparent lack of understanding of software public company metrics and investor communications led to the stock crashing 40% in a single day following the Q2 2020 earnings release when the Company announced missed earnings and pulled full year guidance primarily due to Hardware weakness despite an acceleration in ARR
- Questionable Capital Allocation: Unbalanced capital allocation, primarily focused on M&A, has not resulted in long-term accretive returns
- Poor Strategic Oversight: Lost leadership position in Hardware while overseeing a heavily delayed transition to Software has left Company with a dilapidated IT infrastructure and bloated cost structure
- Misaligned Executive Compensation: Outdated executive compensation programs appear to drive perverse incentives toward legacy solutions that are inconsistent with the Company's transition toward becoming a recurring revenue cloud-first software company

#### At its core, this is a failure in governance



# Poor Oversight Has Led to a Significantly Delayed Transition

While the actual transition to recurring revenue began in earnest a few years ago, the Company has been attempting this transition for well over a decade but seemingly did not understand what that meant or entailed

 Despite the Company's aggressive organic and inorganic growth strategy, Software revenues merely shifted from 17% of total revenues in 2007 to 22% in 2015





# **Hardware Overshadows Steady Software Performance**

Hardware revenue declined 36% in 2020, creating an ugly consolidated picture that likely dissuades many investors from buying the stock





Source: SEC Filings

# **Hardware – Volatile and Long-Term Secular Decline**

While Hardware experiences occasional annual growth due to refresh cycles (typically every 5-7 years) or regulatory-driven demand, OneSpan acknowledges the segment's long-term secular decline





## Legion Has Counseled Management in Absence of Board Leadership

In an effort to help OSPN management better highlight the Company's value in the public markets, Legion has spent considerable time and effort advising management on how to communicate a modern software story to investors

- Legion has sent seven letters, four presentations and investor materials from twelve modern software public peers to outline recommendations on disclosures and investor communications
- OneSpan's CFO has <u>proactively</u> reached out to Legion for advice on these topics
- Legion introduced three of the four sellside firms that have most recently initiated research coverage
- Two sellside firms have adopted a sum-of-the-parts valuation approach following Legion's public letters – we believe this has led to significant price target increases
- Management has begun disclosing key software-oriented metrics per Legion's recommendations, though many of these disclosures arrived months, if not years, following our initial recommendation
- Lastly, OneSpan's financial disclosures remain arguably incomplete for public markets investors to fully understand, appreciate and value OneSpan's assets – segment-level profitability is needed

While the Board appears unwilling and unable to perform its basic duties in advising OSPN management, one of Legion's nominees has been actively advising management, who we believe can be even more impactful from within the boardroom



# **Capital Allocation Experience is Critically Needed**

# The Board has had a strong historical preference for M&A, though we have not witnessed a clear justification for this focus nor has the Board demonstrated long-term accretive returns to stockholders from these acquisitions

- 97% of capital allocated from 2005-2020 went to M&A the Board only recently announced a \$50mm share repurchase program after Legion's private and public recommendation over the past three years
  - o Prior to Q4 2020, the Company did not repurchase shares since 1998 despite OSPN's persistently low valuation
- Since 1998, OSPN has completed 13 acquisitions as a public company, including some that were outright failures
  - Within 10 months of acquiring DigiNotar (in 2011), the business suffered a major cyberattack and entered bankruptcy this acquisition was overseen by Chairman John Fox and Director Jean Holley
- This Board has not provided sufficient information regarding post-merger integration progress, financial performance, or ROI disclosures and has generally failed to achieve fair value in the public markets for many of these acquisitions
- The Board lacks pertinent capital allocation expertise Marc Zenner, Chair of the Finance & Strategy Committee, and Matthew Moog, member of the Finance & Strategy Committee, are not the answer
  - Dr. Zenner appears to have never been a public company executive, public equities investor, or a public company director at a technology company – we struggle to understand how his experience is relevant to OSPN's challenges
  - o "I mean, doing acquisitions or other kind of things like that are much more difficult when you're public because of the required disclosures." Matthew Moog
- The Company recently filed a \$300mm shelf registration is there another deal on the horizon?

It is imperative to add directors with strong capital allocation skills and direct experience in acquiring and integrating software and cybersecurity companies, particularly in light of OSPN's robust cash balance and bloated cost structure



# **G&A Appears Bloated – A Legacy of Poor Oversight?**

G&A expenses appear high relative to Cybersecurity Peers, and we believe poorly integrated acquisitions and Hardware are causing an overly complicated corporate structure





## **Poorly Designed Executive Compensation Seems Like a Key Culprit**

OSPN's executive compensation plan seems to incentivize Hardware and legacy perpetual licensing revenue over recurring Software revenue – inconsistent with the Company's transition Chairman John Fox has been Chair of the Compensation Committee for <u>15 years</u>

| 2018-2020 Long-Term Incentive Plan               |     |                 |                 |        |  |  |  |
|--------------------------------------------------|-----|-----------------|-----------------|--------|--|--|--|
| Performance Metric Weight % Target Actual Result |     |                 |                 |        |  |  |  |
| Hardware Revenue                                 | 50% | \$260.0 million | \$314.7 million | 144.2% |  |  |  |
| Software Revenue                                 | 50% | \$408.0 million | \$367.0 million | 50.1%  |  |  |  |
| Total Plan Award                                 |     |                 |                 | 97.1%  |  |  |  |

- Management awarded ~100% payout as Hardware outperformance offset weak Software performance
- Equal weighting despite transition well underway
- GAAP revenue focus incentivizes legacy revenue streams as recurring revenue is recognized ratably
- · No emphasis on profitability or TSR
- TSR underperformed during this period

| Legion's Recommended Long-Term Incentive Plan |          |                                                        |  |  |  |  |
|-----------------------------------------------|----------|--------------------------------------------------------|--|--|--|--|
| Performance Metric                            | Weight % | Rationale                                              |  |  |  |  |
| Hardware FCF                                  | ~5-10%   | Optimize cash flow generation given asset in decline   |  |  |  |  |
| ARR                                           | ~35-45%  | Primary indicator for topline recurring revenue health |  |  |  |  |
| Software FCF                                  | ~25-35%  | Ensure efficiency of Software growth                   |  |  |  |  |
| TSR                                           | ~20-30%  | Encourage absolute and relative outperformance         |  |  |  |  |

- We would incorporate the Rule of 40 to drive <u>efficient growth</u>, not "growth at all costs"
- We recommend granting management equity awards with premium triggers at \$40, \$50 and \$60 per share
- We recommend performance-based awards be at least 75% of grants

We believe the Board's reactive, incremental changes to executive compensation following Legion's public criticism remain insufficient in driving long-term value – our nominees will seek to redesign executive compensation to better align with performance



# To Fix the Stock, We Must Fix the Board

We are seeking to replace FOUR incumbent directors, the majority of whom have presided over long periods of underperformance and appear to lack experience at modern software and hardware public companies



John Fox (77)
Chairman &
Chair of Compensation
Committee
Director since 2004 (16 Yrs.)



Matthew Moog (51)
Member of Corporate
Governance & Nominating and
Finance & Strategy Committees
Director since 2012 (8 Yrs.)



Jean Holley (62)
Chair of Corporate Governance
and Nominating Committee
Director since 2006 (14 Yrs.)



Marc Zenner (58)
Chair of Finance & Strategy
Committee

Director since 2019 (2 Yrs.)

- No comparable operating experience at a software or hardware company
- No board experience at any other public software or hardware company
- No apparent investment experience in public software or hardware companies
- No cybersecurity technical experience
- Average tenure of 10 years (longest tenure 16 years)
- Less than 1% collective ownership in OSPN
- No apparent plan to fix OneSpan's valuation

# OneSpan Stakeholders Deserve New Board Leadership

We believe OneSpan management, employees, customers and stockholders all deserve new leadership that is highly experienced in leading and overseeing modern public software and hardware companies

#### C-Level Operational Experience

To help successfully complete the transition and assess the Company's overall operational efficiency as a cloud-first recurring revenue software business

#### Technical / Cybersecurity Experience

To assess OneSpan's product roadmap, engineering capabilities, and any technically complex acquisitions

#### Capital Allocation (M&A) and Capital Markets Experience

To advise on software-oriented financial metrics, software market valuations, capital allocation (including M&A), and to effectively communicate a software story to investors

#### Governance and Investment Experience

To align OneSpan's governance practices, strategic objectives and executive compensation programs with long-term value creation, in addition to overseeing potential strategic review processes

It should not be too much to ask that a modern public software company be led by leaders with modern software experience

# Our Nominees Bring the Right Skills Sets to OSPN

OneSpan's incumbent directors are far outmatched by Legion's nominees' backgrounds and experiences pertinent to the Company's go-forward strategy

|                    |                                                                                            |                   |                                                     |                        | Modern Software Experience |           |               |                                     |
|--------------------|--------------------------------------------------------------------------------------------|-------------------|-----------------------------------------------------|------------------------|----------------------------|-----------|---------------|-------------------------------------|
| Incumi<br>Positio  | pent Director, Age<br>on                                                                   | Tenure<br>(Years) | Industry<br>Background                              | Hardware<br>Experience | C-Level<br>Executive       | Technical | Public<br>M&A | Other Public<br>Board /<br>Investor |
|                    | John Fox, 77<br>Chairman and Chair of<br>Compensation Committee                            | 16                | Professional<br>Services                            |                        |                            |           |               |                                     |
|                    | Jean Holley, 62<br>Chair of Corporate Governance<br>and Nominating Committee               | 14                | Logistics;<br>Telecom Equip.;<br>Building Materials |                        |                            |           |               |                                     |
|                    | Matthew Moog, 51 Member of CG&N and F&S Committees                                         | 8                 | Radio;<br>Consumer Internet                         |                        | ✓                          |           |               |                                     |
|                    | Marc Zenner, 58<br>Chair of Finance & Strategy<br>Committee                                | 2                 | Investment Banking<br>(Generalist)                  |                        |                            |           |               |                                     |
| Legion<br>Position | Nominee, Age<br>n                                                                          |                   |                                                     |                        |                            |           |               |                                     |
|                    | Sarika Garg, 45 Former Chief Strategy Officer, Tradeshift                                  |                   | Enterprise Software<br>/ Fintech                    |                        | ✓                          | ✓         | ✓             |                                     |
|                    | Sagar Gupta, 33 Senior Analyst at Legion Partners (6.9% stockholder of OSPN)               |                   | Technology<br>Investor                              |                        |                            |           | ✓             | ✓                                   |
|                    | Michael McConnell, 54  Board Director, Executive and Investor at numerous technology firms |                   | Tech Executive,<br>Board Director and<br>Investor   | <b>✓</b>               | ✓                          |           | ✓             | ✓                                   |
|                    | Rinki Sethi, 38 Chief Information Security Officer, Twitter                                |                   | Cybersecurity<br>Software                           | <b>✓</b>               | <b>✓</b>                   | <b>✓</b>  | ✓             |                                     |

## We Question the Qualifications and Fit of Recent Additions

The Board will tout their most recent additions as "cloud leaders" though most come from low-growth, legacy technology firms, have duplicative backgrounds and have prior connections to existing Board members

|                                         |                                   | Added OSPN<br>(Appointment |                               |                                                                                                                                                                                                                                                                                         |  |  |  |  |
|-----------------------------------------|-----------------------------------|----------------------------|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|
| Current / Former Company                | Marianne<br>Johnson<br>(Mar 2020) | Al Nietzel<br>(Nov 2020)   | Garry<br>Capers<br>(Apr 2021) | Overlap / Relevance                                                                                                                                                                                                                                                                     |  |  |  |  |
| <b>EQUIFAX</b>                          | ✓                                 |                            | ✓                             | <ul> <li>Credit bureau that suffered a major cyberattack</li> <li>Low-single-digit organic growth; founded in 1899</li> <li>Ms. Johnson and Mr. Capers have a 4-year overlap at Equifax in the Strategy group</li> </ul>                                                                |  |  |  |  |
| COX<br>AUTOMOTIVE Global                | ✓                                 | ✓                          |                               | <ul> <li>Legacy software for automotive dealerships</li> <li>CDK has low-single-digit organic growth; Cox is private</li> <li>Ms. Johnson and Mr. Nietzel bring a combined 6 years of experience from this space</li> </ul>                                                             |  |  |  |  |
| APP.                                    |                                   | ✓                          | ✓                             | Legacy payroll processor and HR company     Low-single-digit organic growth; founded in 1949     Messrs. Nietzel and Capers bring a combined 13 years of experience working at ADP                                                                                                      |  |  |  |  |
| deluxe.                                 |                                   |                            | ✓                             | Physical check printing company Low-single-digit organic growth; founded in 1919  Mr. Capers currently leads the "Cloud Solutions" segment, which is <15% of total 2020 Deluxe revenues and offers web hosting and design, logo design, reporting, incorporation and marketing services |  |  |  |  |
| Prior Connections to Existing Directors | ✓                                 |                            | ✓                             | <ul> <li>Mses. Holley and Johnson are members of same non-profit and participated in events together</li> <li>We are highly confident Ms. Johnson recruited Mr. Capers to the Board</li> <li>Mses. Holley and Johnson and Mr. Capers all reside in the Atlanta area</li> </ul>          |  |  |  |  |



# **Board's Engagement Has Been Minimal and Disingenuous**

# The Board has rejected numerous high-quality, diverse candidates and seems to have disingenuously engaged with Legion for years

| Logian Condidate /                                           |                                                                                                                 |                                                                           | Candio   | late Diversity |
|--------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|----------|----------------|
| Legion Candidate /<br>Year Introduced                        | Company / Industry Background                                                                                   | <b>Board Response</b>                                                     | Gender   | Racial/Ethnic  |
| Candidate #1<br>2018                                         | Former head of M&A at prominent public cybersecurity software company (\$30bn+ market cap)                      | Offered to include candidate in grossly unreasonable settlement agreement |          |                |
| Candidate #2<br>2018                                         | CFO of prominent public cybersecurity SaaS company (\$3bn+ market cap)                                          | Rejected after short video interview                                      | ✓        | ✓              |
| Candidate #3 –<br>Nominee Michael McConnell<br>2018          | Board director and former executive at numerous public technology/software companies; private investor          | Rejected after short video interview                                      |          |                |
| Candidate #4<br>2019                                         | Chief Information Security Officer at prominent public fintech SaaS company (\$100bn+ market cap)               | Rejected after short phone interview                                      | ✓        | ✓              |
| Candidate #5<br>2019                                         | Former COO at an enterprise SaaS company; board director at public software company (\$2bn+ market cap)         | Rejected after in-person interview                                        | ✓        |                |
| Candidate #6 –<br>Nominee Sarika Garg<br>2019                | Former Chief Strategy Officer at Tradeshift; former top exec. in Office of the CEO at SAP (\$150bn+ market cap) | Rejected after in-person interview                                        | <b>✓</b> | ✓              |
| Candidate #7 –<br>Nominee Sagar Gupta<br>2020 (as candidate) | Senior Analyst at Legion Partners; technology-focused public investor formerly at KKR and Balyasny              | Declined opportunity to interview in 2020                                 |          | ✓              |

Despite interviewing two Legion nominees previously, and rejecting the opportunity to interview a third, the Board contacted all four Legion nominees in March 2021 to "request an interview" – we believe this was another disingenuous tactic ahead of appointing Garry Capers who was recommended by an incumbent director



## **Concentration of Power Remains a Problem**

Longstanding Board members controlled key leadership positions for decades – though Legion's public involvement sparked a flurry of rushed and defensive actions, the real power in the boardroom has not changed and, most importantly, performance has not improved





# A Pattern of Reactive Maneuvers Appears Due to Legion Pressure

| Legion Actions                                                                                                                                                                | OneSpan Board Reactions                                                                                                                                                                                                                                                                                         |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Over past three years, introduced seven high-quality director candidates and offered four settlement agreements                                                               | Rejected Legion candidates and defensively added new directors with questionable qualifications                                                                                                                                                                                                                 |
| Beginning in June 2018, pushed management to disclose software-<br>oriented metrics and segment-level financials                                                              | In late 2020, published ARR and DBNE metrics, but has not provided Software profitability                                                                                                                                                                                                                       |
| In June 2018, requested Company to host an Investor Day                                                                                                                       | In December 2019, Company hosts an Investor Day                                                                                                                                                                                                                                                                 |
| In August 2020, publicly demanded Founder Ken Hunt's resignation from the Board after he sold significant stock one day prior to OSPN pulling guidance and stock crashing 40% | In September 2020, Mr. Hunt announces his "retirement"                                                                                                                                                                                                                                                          |
| In August 2020, publicly called for segment-level financials and a strategic review of the Hardware and eSignature businesses, as well as the whole Company                   | In September 2020, the Board forms a Finance & Strategy Committee. In December 2020, the Board hires an investment bank to run a strategic review of the eSignature business. On May 10, 2021, Company discloses it conducted a "strategic review" of Hardware, yet refuses to provide segment-level financials |
| In January 2021, requested OneSpan's director questionnaire ahead of publicly nominating candidates                                                                           | In February 2021, Michael Cullinane, a 23-year veteran on the Board, discloses his "retirement" at the upcoming Annual Meeting                                                                                                                                                                                  |
| In February 2021, publicly criticized Mr. Cullinane's track record and background who served as Chair of the Audit Committee for 20 years                                     | In April 2021, Al Nietzel is appointed the new Chair of the Audit<br>Committee                                                                                                                                                                                                                                  |
| In March 2021, publicly criticized executive compensation programs and recommended use of ARR as a performance metric                                                         | In April 2021, the Board discloses that the 2021 annual incentive program will utilize ARR as a performance metric                                                                                                                                                                                              |

These incremental changes appear to have failed to reverse years of prolonged underperformance – we believe more change is needed to ensure a sustainable, positive future



# We Believe New Leadership Can Unlock Tremendous Value

## We believe our four nominees will take a holistic approach towards closing the persistent valuation gap that has plagued OSPN's stock



Achieving full and fair value for all of OneSpan's segments is not "financial engineering" – it is the Board's responsibility



# The Time Has Come to #ProtectOneSpan

# We urge fellow stockholders to vote the WHITE proxy card to elect strong and proven technology leaders to the Board

- Our nominees will seek to apply a holistic approach to fixing OSPN's valuation:
  - ✓ Improve financial disclosures, including separating Software gross & operating margins from Hardware, to better enable an SOTP valuation approach in the public markets
  - ✓ Form a detailed capital allocation framework and diligently oversee all capital deployment, including potential M&A
  - ✓ Improve strategic oversight to ensure Hardware mistakes are not repeated with Software
  - ✓ Redesign executive compensation to align with long-term stockholder value creation
  - ✓ Implement best practices in governance, improve Board diversity, and establish broader ESG frameworks
  - √ Objectively evaluate all strategic alternatives

The Board has failed to present any credible plan to drive long-term, sustainable value – without the spotlight of pressure and more substantive Board refreshment, we fear that OSPN stockholders will continue to suffer



# **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
| 8 | Appendix                                               |



# **OneSpan's TSR Has Severely Underperformed**

OSPN stock has underperformed several pertinent peer groups, including the Company's self-selected Fiscal 2020 Form 10-K peer group, and broader market indices over multiple time periods through the Unaffected Date (2/24/21)

| OSPN Relative Total Shareholder Returns vs. Major Benchmarks and F |        |        |        |        |         |         |
|--------------------------------------------------------------------|--------|--------|--------|--------|---------|---------|
| OSPN vs.                                                           | 1 Year | 2 Year | 3 Year | 5 Year | 10 Year | 15 Year |
| Cybersecurity Peers                                                | (50%)  | (56%)  | (50%)  | (245%) | (106%)  | (346%)  |
| Direct Software Peers                                              | (93%)  | (162%) | (127%) | (395%) | (382%)  | (450%)  |
| Company Peers                                                      | (92%)  | (79%)  | (51%)  | (254%) | (304%)  | (354%)  |
| Russell 3000                                                       | 9%     | (25%)  | 47%    | (40%)  | (38%)   | (79%)   |
| MSCI ACWI/Software Index                                           | (3%)   | (65%)  | (17%)  | (208%) | (292%)  | (482%)  |
| IGV                                                                | (13%)  | (60%)  | (20%)  | (234%) | (346%)  | (669%)  |
| NASDAQ                                                             | (13%)  | (62%)  | 8%     | (129%) | (230%)  | (357%)  |

Source: SEC Filings, Capital IQ

# **OSPN TSR Ranks Poorly vs. All Cybersecurity Peers**





# **OSPN TSR Ranks Poorly vs. All Direct Software Peers**




#### OneSpan's Own TSR Scorecard Appears to be an "F"

#### The Company's TSR analysis from their Fiscal 2020 Form 10-K



OSPN stock has severely underperformed the Company's own handselected peers and indices

Source: OSPN 2020 10-K

#### **Incumbent Directors Have Poor TSR Track Records**

|                           |                                                                     |                   | OSPN Relative TSR over Tenure vs. |                             |                  |                 |                            |        |        |
|---------------------------|---------------------------------------------------------------------|-------------------|-----------------------------------|-----------------------------|------------------|-----------------|----------------------------|--------|--------|
| Director, Age<br>Position |                                                                     | Tenure<br>(Years) | Cyber-<br>security<br>Peers       | Direct<br>Software<br>Peers | Company<br>Peers | Russell<br>3000 | MSCI<br>ACWI /<br>Software | IGV    | NASDAQ |
|                           | John Fox, 77 Chairman and Compensation Committee Chair              | 16                | (637%)                            | (635%)                      | (324%)           | 12%             | (437%)                     | (640%) | (332%) |
|                           | Jean Holley, 62 Corporate Governance and Nominating Committee Chair | 14                | (507%)                            | (412%)                      | (377%)           | (47%)           | (498%)                     | (716%) | (384%) |
|                           | Matthew Moog, 51<br>Member of CG&N<br>and F&S<br>Committees         | 8                 | (335%)                            | (359%)                      | (324%)           | 26%             | (240%)                     | (284%) | (145%) |
|                           | Marc Zenner, 58 Finance & Strategy Committee Chair                  | 2                 | (7%)                              | (83%)                       | (28%)            | 35%             | 9%                         | 3%     | 1%     |

#### We Believe the Board is Misrepresenting its TSR Track Record

The Company claims that "over the last three years, our stock price has more than doubled" and outperformed the NASDAQ – however, we see no significance of the date the Board used for this calculation (4/16/21)

|                                                                     | OSPN Relative TSR vs. NASDAQ |        |               |        |         |         |  |  |
|---------------------------------------------------------------------|------------------------------|--------|---------------|--------|---------|---------|--|--|
| As of                                                               | 1 Year                       | 2 Year | 3 Year        | 5 Year | 10 Year | 15 Year |  |  |
| 12/31/2020<br>Most Recent Fiscal Year End                           | (23%)                        | (35%)  | (38%)         | (134%) | (231%)  | (375%)  |  |  |
| 2/24/2021<br>Unaffected Date                                        | (13%)                        | (62%)  | 8%            | (129%) | (230%)  | (357%)  |  |  |
| 4/16/2021<br>Company Selected Date                                  | 17%                          | (16%)  | <b>3%</b> 13% | (119%) | (287%)  | (311%)  |  |  |
| <b>4/19/2021</b> Next Trading Day after 4/16/21                     | 13%                          | (12%)  | (13%)         | (120%) | (284%)  | (303%)  |  |  |
| 4/23/2021 One Trading Day Prior to Company's Letter to Stockholders | 6%                           | (13%)  | (12%)         | (123%) | (286%)  | (291%)  |  |  |

4/16/21 is the only day above where OSPN stock more than doubled over the last 3 years

OSPN stock has severely underperformed the NASDAQ when using pertinent end dates and measuring relative performance across multiple time periods



## Cherry-Picked Date Seems to be Only Way to Support Board's Outperformance Claim

Company's selection of 4/16/21 to claim it outperformed the NASDAQ is true during ~5% of the 760 days since Legion invested in OSPN

719 Trading Days where OSPN neither outperformed the NASDAQ nor doubled versus 3 years prior

41 Trading Days where OSPN outperformed the NASDAQ and doubled versus 3 years prior

We question how much of OSPN's outperformance on 4/16/21 benefited from Sidoti's upgrade to a "Buy" rating the prior day



#### **Investors Seem Excited for Change**

The Company's randomly selected TSR date of 4/16/21 appears to have benefited greatly from the launch of Legion Partners' public campaign



TSR since Launch of Legion's Campaign **OSPN** 17% **MSCI** Colliers 6% ACWI/Software Russell 3000 6% "The [Company's] letter further urges stockholders to not appoint the Board **NASDAQ** 3% candidates nominated by the activist group Legion Partners. However, we believe the company could use a fresh perspective such as that offered by Legion Partners' **IGV** proposed candidates." 4/26/2021



Note: 2/24/2021-4/16/2021 Source: SEC Filings, Capital IQ, Colliers Research

#### The Board Believes it Has Delivered Value for Legion Partners

The Company claims that "from the time Legion first invested, in April 2018, we have outperformed our peers from a TSR perspective" – however, the Board utilized median TSR performance, not average – utilizing the average is a widely accepted practice and reveals severe underperformance of OSPN stock



Peer set used is derived from the Company's <u>proxy statement</u> (for compensation analysis), not the Company Peers used for TSR comparison in its Fiscal 2020 Form 10-K – this change conveniently <u>omits the two highest performing peers</u> from the Company Peers



#### The Board Believes its Underperformance is "Admirable"

The Company claims that "for the rest of our stockholders, we have performed <u>admirably</u> over the one-, two- and three-years ended April 30, 2021" – the Company again uses the peer median from the Proxy Statement Peers, not peer average from the Company Peers, which demonstrates that <u>OSPN stock underperformed</u>

|                                       | OSPN Relative TSR as of 4/30/21 |               |        |  |  |  |  |
|---------------------------------------|---------------------------------|---------------|--------|--|--|--|--|
| OSPN vs.                              | 1 Year                          | 2 Year        | 3 Year |  |  |  |  |
| Proxy Statement Peers Peer Median     | 4%                              | (5%)          | 4%     |  |  |  |  |
| Proxy Statement Peers Peer Average    | (102%)                          | (102%) (139%) |        |  |  |  |  |
| Company Peers (per 10-K) Peer Median  | (11%)                           | (6%)          | (21%)  |  |  |  |  |
| Company Peers (per 10-K) Peer Average | (197%)                          | (58%)         | (70%)  |  |  |  |  |

The Board appears to have been forced to torture the TSR calculation method and end dates to find some methodology of producing a positive result



#### OSPN vs. Cybersecurity Peers – 2021E EV / Revenue

Despite the transition nearing completion, OneSpan continues to trade near the bottom of Cybersecurity Peers at a ~70% discount to the average



OKI SEND TO THE SEN FIRN SED OF SELL SAB SEND SEND SHE SHE WILL WILL



0.0x

#### **OSPN** Recurring Revenue vs. Direct Software Peers – EV / ARR

We believe backing out the value of all legacy and non-recurring revenue (Hardware, perpetual licensing and professional services) implies a steep ~70% discount in EV / ARR relative to direct recurring revenue software peers

OSPN Direct Software Peers
ARR Y/Y Growth % and EV / ARR





### **Direct Comparison to Select Recurring Revenue Peers**

## Diving deeper into the operating performance and valuation of OneSpan's most comparable peers further reveals a disconnected valuation

| Company             | OneSpan OneSpan (OSPN)                                                              | DocuSign<br>DocuSign<br>(DOCU)                                | nCino<br>nCino<br>(NCNO)                                                                      | Alkami<br>Alkami<br>(ALKT)                                                       | VARONIS Varonis (VRNS)                                                                  | <b>⊘</b> dynatrace<br><b>Dynatrace</b><br>( <b>DT</b> )                                            | Qualys. Qualys (QLYS)                                                          |
|---------------------|-------------------------------------------------------------------------------------|---------------------------------------------------------------|-----------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|
| Technology<br>Focus | Cybersecurity and eSignatures                                                       | eSignatures                                                   | Banking SaaS                                                                                  | Banking SaaS                                                                     | Cybersecurity                                                                           | Enterprise Cloud                                                                                   | Cybersecurity                                                                  |
| Industry<br>Focus   | Financial<br>Services and<br>Enterprise                                             | Various                                                       | Financial<br>Services                                                                         | Financial<br>Services                                                            | Enterprise                                                                              | Enterprise                                                                                         | Enterprise                                                                     |
| Business<br>Model   | SaaS and Term-<br>Based Licensing                                                   | SaaS                                                          | SaaS                                                                                          | SaaS                                                                             | Term-Based<br>Licensing                                                                 | SaaS and Term-<br>Based Licensing                                                                  | SaaS                                                                           |
| ARR (\$mm)          | \$108                                                                               | \$1,641                                                       | \$180                                                                                         | \$134                                                                            | \$307                                                                                   | \$774                                                                                              | \$387                                                                          |
| ARR Y/Y<br>Growth % | 29%                                                                                 | 59%                                                           | 43%                                                                                           | 39%                                                                              | 39%                                                                                     | 32%                                                                                                | 12%                                                                            |
| DBNE                | 119%                                                                                | 123%                                                          | 155%                                                                                          | 117%                                                                             | NA                                                                                      | 120%+                                                                                              | NA                                                                             |
| EV / ARR            | 6.6x                                                                                | 23.9x                                                         | 24.4x                                                                                         | 16.1x                                                                            | 14.0x                                                                                   | 17.2x                                                                                              | 9.0x                                                                           |
| Pertinence          | Worst valuation<br>multiple in<br>group despite<br>comparable<br>growth and<br>DBNE | Direct<br>competitor,<br>though larger<br>scale and<br>growth | OSPN strategic<br>partner of similar<br>size that is also<br>focused on<br>financial services | Most similar in<br>size; lower<br>DBNE; also<br>focused on<br>financial services | Cybersecurity peer with similar growth; transitioned from perp. licensing to term-based | Revenue base<br>also mix of SaaS<br>and term-based<br>licensing with<br>similar growth<br>and DBNE | Cybersecurity peer with far lower growth and implied DBNE, yet higher multiple |



#### Why is OSPN Trading at a ~70% Discount to Peers?

#### We believe there are several reasons behind OSPN's discounted valuation:

- We believe the Company has low credibility with investors given recent debacles on earnings calls, including a 40% drop in the stock price in a single day following Q2 2020 earnings when the Company announced missed earnings and pulled full year guidance primarily due to Hardware weakness despite an acceleration in ARR
- The declining Hardware segment is a substantial drag on consolidated financials, experiences high volatility quarter-to-quarter, and overshadows the high-growth, high-margin Software segment
- Financial reporting remains confusing as Hardware and Software revenue and margins are mixed together in the GAAP income statement, making it difficult for analysts to value them separately
- OneSpan Sign ("OSS") performance is not clearly disclosed, making it difficult to compare to public eSignature peers and precedent transactions
- Few sellside analysts cover the stock and many appear unwilling to initiate coverage given the issues described above
- A self-driven refresh, ignoring the input of a large stockholder, has led to insufficient modern software public company experience on the Board which we believe has manifested in poor oversight of investor communications and financial disclosures

We believe the Company's valuation issues all stem from a Board that lacks the right mix of skillsets – once stockholders fix the Board, we believe a new Board will fix the stock



#### **Case Study: Nuance (NUAN)**

Nuance divested its legacy, declining and low-margin divisions to become a pure-play, growing software company focused on conversational artificial intelligence technology – following board refreshment and the strategic moves, the growth profile of the company vastly improved which led to a tremendous rerating of the stock, culminating in an attractive sale to Microsoft



We believe OneSpan is plagued by many of the same issues that historically depressed valuation at Nuance – legacy, declining segments overshadowing attractive, growing software businesses, all overseen by an outdated board

#### We Believe a ~40% Discount to Peers Implies ~75% Upside

Average ARR growth for direct software peers is 40%, resulting in an average EV / ARR of 21.7x – given OSPN ARR is growing roughly 30% per annum, we conservatively assign a ~40% discount, 13.5x EV / ARR, as profitability is unclear

2021E Sum-of-the-Parts Analysis \$50.00 \$2.88 \$45.00 \$2.57 \$40.00 \$35.00 Little value derived \$30.00 from legacy Hardware \$25.00 segment \$44.01 \$20.00 \$36.63 \$15.00

ARR

Perpetual

Licensing &

Prof. Services

@ 4.0x EV / LTM Revenue

Hardware

@ ~4.0x '21E

EV / EBITDA



\$10.00

\$5.00

\$0.00

\$25.33

Current Price

\$24.03

Unaffected

Date

Implied Price

Cash

### We Believe a ~20% Discount to Peers Implies ~120% Upside

However, by using a 17.5x EV / ARR, which assumes comparable long-term economics to peers and is closer to the peer average (but still a  $\sim$ 20% discount), we see additional significant upside in the near term





Note: Peer average EV / ARR of 21.7x; all OSPN figures as of 3/31/21 other than Hardware 2021E Revenue of ~\$77mm (with ~25% EBITDA margin)

#### Long-Tenured Directors Have Been Net Sellers at Low Prices

While Founder Ken Hunt was on the Board, he was an aggressive seller of OSPN stock – in addition, it does not appear that Chairman John Fox and Directors Jean Holley and Matthew Moog have <u>ever</u> purchased OSPN stock in the open market



Stockholders have witnessed significant and persistent insider net selling and the average sale price for insiders since 2017 is <\$19/share –

is the Board aware of OneSpan's intrinsic value?



Source: SEC Filings

### **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
| 8 | Appendix                                               |



### **Two Transitions Both Poorly Communicated**

# We believe OneSpan has failed to clearly communicate its results, guidance, the overall business model and the transition story

- OneSpan is a transition story that contains two distinct transitions
  - The legacy Hardware authenticator token business is in secular decline revenue is shifting towards software-based solutions
  - Within the software base, the Company is transitioning from perpetual licenses towards recurring revenue, such as term-based licensing and SaaS
- These transitions have been underway for more than 5 years, but the Board kept investors in the dark about their progress given the historical lack of software-oriented disclosures
  - Recurring revenue sources are recognized ratably over the duration of the contract vs. the Company's legacy solutions (Hardware, perpetual licensing) are recognized entirely upfront
  - This causes a GAAP headwind to revenue and profits as the transition progresses
  - In addition, the Company only provided guidance on consolidated GAAP revenue and Adj. EBITDA which provided little insight into expected operating performance of Hardware vs. Software
- OneSpan continues to mix Hardware and Software revenue and profits on its GAAP income statement, creating significant confusion regarding the Company's long-term economics

Many sellside and buyside analysts appear unable or unwilling to invest the time needed to properly understand OneSpan's confusing financials, which we believe has led to a severely discounted valuation vs. peers



#### **OneSpan's Financials are Still Messy**

Hardware and Software is mixed on the GAAP income statement – while the Company began supplemental disclosures to further declassify software licensing revenue, there is still no transparency on overall Software profitability

\$ 152,054

59.282

211.336

50,706

14,107

64,813

146,523

63,805

32,197

70,171

253,484

63.393

18,569

81.962

171.522



Gross profit only reported under antiquated revenue classifications that mix Hardware and Software no breakdown provided in supplemental disclosures

No additional breakdown in operating profits between Hardware and Software

#### Revenue by major products and services (in thousands, unaudited):

|                                | Three months ended December 31, |        |    |          | 1  | Twelve months ended December 31, |    |          |  |
|--------------------------------|---------------------------------|--------|----|----------|----|----------------------------------|----|----------|--|
|                                | 2020                            |        |    | 2019 (1) |    | 2020                             |    | 2019 (1) |  |
| Hardware products              | \$                              | 16,236 | \$ | 31,649   | \$ | 81,849                           | \$ | 127,005  |  |
| Term-based software licenses   |                                 | 8,132  |    | 6,399    |    | 24,602                           |    | 16,095   |  |
| Perpetual software licenses    |                                 | 4,725  |    | 12,590   |    | 26,535                           |    | 40,213   |  |
| Product and license            | \$                              | 29,093 | \$ | 50,638   | \$ | 132,986                          | \$ | 183,313  |  |
|                                |                                 |        |    |          |    |                                  |    |          |  |
| Subscription                   |                                 | 8,502  |    | 6,117    |    | 27,788                           |    | 22,280   |  |
| Professional services          |                                 | 1,589  |    | 1,764    |    | 5,689                            |    | 5,759    |  |
| Maintenance, support and other |                                 | 13,744 |    | 12,012   |    | 49,228                           |    | 42,132   |  |
| Services and other             | \$                              | 23,835 | \$ | 19,893   | \$ | 82,705                           | \$ | 70,171   |  |
|                                |                                 |        |    |          |    |                                  |    |          |  |
| Total revenue                  | \$                              | 52,928 | \$ | 70,531   | \$ | 215,691                          | \$ | 253,484  |  |

Source: SEC Filings

#### **Hardware Overshadows Steady Software Performance**

Hardware revenue declined 36% in 2020, creating an ugly consolidated picture that likely dissuades many investors from buying the stock





Source: SEC Filings

#### Hardware – Volatile and Long-Term Secular Decline

While Hardware experiences occasional annual growth due to refresh cycles (typically every 5-7 years) or regulatory-driven demand, OneSpan acknowledges the segment's long-term secular decline





#### **Hardware – Quarterly Volatility**

# While there is some degree of "seasonality" to Hardware revenue, the segment is incredibly volatile and unpredictable



Q2'16 Q3'16 Q4'16 Q1'17 Q2'17 Q3'17 Q4'17 Q1'18 Q2'18 Q3'18 Q4'18 Q1'19 Q2'19 Q3'19 Q4'19 Q1'20 Q2'20 Q3'20 Q4'20



Source: SEC Filings

#### **Hardware Volatility Drives Stock Price Volatility**

The Board has overseen numerous precipitous drops in the stock price, even when the Company produces commendable Software results, given Hardware's quarter-to-quarter unpredictability which has an outsized near-term impact to GAAP Revenue and Adj. EBITDA





#### Legion Has Counseled Management in Absence of Board Leadership

In an effort to help OSPN management better highlight the Company's value in the public markets, Legion has spent considerable time and effort advising management on how to communicate a modern software story to investors

- Legion has sent seven letters, four presentations and investor materials from twelve modern software public peers to outline recommendations on disclosures and investor communications
- OneSpan's CFO has <u>proactively</u> reached out to Legion for advice on these topics
- Legion introduced three of the four sellside firms that have most recently initiated research coverage
- Two sellside firms have adopted a sum-of-the-parts valuation approach following Legion's public letters – we believe this has led to significant price target increases
- Management has begun disclosing key software-oriented metrics per Legion's recommendations, though many of these disclosures arrived months, if not years, following our initial recommendation
- Lastly, OneSpan's financial disclosures remain arguably incomplete for public markets investors to fully understand, appreciate and value OneSpan's assets – segment-level profitability is needed

While the Board appears unwilling and unable to perform its basic duties in advising OSPN management, one of Legion's nominees has been actively advising management, who we believe can be even more impactful from within the boardroom



#### Legion Recommendation: ARR Disclosure

Annual Recurring Revenue is a commonly used software revenue metric which annualizes the total contract value of all recurring contracts (>1 year in length) – this figure is critical for software investors as it helps cut through GAAP messiness of differing revenue recognition schedules and serves as a key indicator of fundamental topline performance

Legion Pres. #3: Sample Quarterly Earnings Deck
Sent to OSPN on 8/21/20



#### Company's Investor Presentation Published on 9/15/20



OSPN's ARR disclosure is particularly critical – it helps analysts conduct a SOTP analysis to value Software recurring revenue <u>separately</u> from legacy Hardware and perpetual licensing by utilizing an EV / ARR multiple on ARR



#### Legion Recommendation: DBNE Disclosure

Dollar-based Net Expansion Rate represents the increase in ARR from existing customers a year prior, net of dollar-based churn – this figure showcases how much growth is coming from existing customers, thus providing a sense of growth sustainability





#### Company's Q3 2020 Quarterly Earnings Presentation Published on 11/2/20





### Legion Recommendation: Key Quarterly Software Stats

## We recommended a clean summary page that highlights key Software metrics' performance



Company's Q4 2020 Quarterly Earnings Presentation Published or 2/23/21



#### **Legion Recommendation: Product Penetration**

#### Product penetration within the customer base can showcase the crosssell opportunity and its progress



#### Company's Q3 2020 Quarterly Earnings Presentation Published on 11/2/20





#### **Legion Recommendation: Customer Penetration**

Demonstrating "wallet growth" with a single customer can showcase the significant expansion opportunity, especially after new product launches



Company's Investor Day Presentation
Published or 12/4/19





#### **Legion Recommendation: TAM**

Total Addressable Market, or essentially the market size for a company's solutions, is an important figure as it provides insight on the opportunity size and long-term growth runway



### Company's Investor Presentation Published in 9/2018





#### **Legion Recommendation: State of Transition**

Given the Company's financials have been presented in a confusing manner, showcasing the Company's transition at a high level would be helpful to investors in understanding what "inning" we are in



Company's Q3 2020 Quarterly Earnings Presentation Published or 11/2/20





#### Legion Recommendation: Customer Base

OneSpan has an impressive roster of top customers – communicating this to investors helps serve as validation of the technology



Company's Investor Presentation Published in 9/2018



#### **Legion Recommendation: Guidance Format**

It is critical to provide guidance on software metrics that actually matter to software-oriented investors, such as ARR, as well as key commentary – this refocus will help combat the negativity associated with Hardware



Company's Q4 2020 Quarterly Earnings Presentation
Published or 2/23/21





#### **Sellside Has Reacted Positively to New Disclosures**

Following Legion's public letters and OSPN's new disclosures that followed some of Legion's advice, some sellside analysts have adopted a sum-of-the-parts valuation approach and arrived at \$38 to \$39 price targets





#### **Board Lacks Pertinent Capital Markets Experience**

## Despite adding new directors to the Board, the Board appears to lack pertinent capital markets experience in overseeing modern software public companies

- We believe the Board has failed to effectively communicate the Company's transitions and the value of the growing Software business
  - The Board appears to lack sufficient experience and knowledge of commonly used modern software public company metrics (ARR, DBNE, etc.) to understand the importance of guiding investors based on such metrics
  - When the Company finally began disclosing ARR, they buried it in the appendix of a Company presentation – many analysts we spoke to did not see it until we highlighted it
  - The Board appears unaware of basic public software company valuation frameworks and therefore underappreciates the importance of providing key software-oriented and profitability disclosures
  - OneSpan financials are still messy Hardware and Software are still mixed on the GAAP income statement, and Software profitability is not disclosed
  - The Company has made no upgrades to in-house Investor Relations personnel
  - The Company has seemingly failed to encourage the majority of its sellside analysts to adopt an SOTP valuation approach

Despite OSPN's substantial valuation discount to peers, the Board appears unwilling or unable to address the Company's poor investor communications



### **Board Seems to Lack Basic Understanding of Software Metrics**

# We believe outdated metrics and confusing consolidated guidance led to a 40% crash in the stock price in a single day

- OSPN's 2020 full year guidance format was based on consolidated Revenue and total Adj. EBITDA
  - Did not break out Hardware and Software expectations despite their vastly differing operating profiles
- During Q2 2020 earnings, OSPN pulled full year guidance due to a massive revision in Hardware revenue expectations, though expectations for recurring Software growth were unchanged and ARR growth accelerated
  - "We also expect hardware revenue will decline at a 20% to 25% rate this year rather than our initial estimate of a mid-teens decline as banks worked on inventory they accumulated last year in anticipation of PSD2 and delays to hardware upgrade projects in favor of mobile security." – CEO Scott Clements (8/11/20)
  - The Company began disclosing ARR in Q2 2020, but buried it in the appendix of a Company presentation
- Instead of providing guidance for Hardware and Software independently, the Company's action of pulling <u>consolidated</u> guidance primarily due to Hardware weakness <u>sent the stock tumbling 40%</u> <u>the following day</u>
- But what was most troubling to OSPN stockholders is that the Company reinstated full year guidance in the Q3 2020 earnings release with an even <u>lower</u> projection for Hardware revenue but <u>still did not provide formal ARR guidance</u> in the earnings release despite ARR clearly on track to finish in the long-term target range of 25-30%
  - This sent the stock crashing 19% the following day



#### Self-Inflicted Disasters: Q2 2019 Earnings Call

## Despite reporting in-line figures and reiterating full year guidance, OSPN shares reacted negatively due to suboptimal messaging on the Q2'2019 earnings call

#### **Q1 2019 CEO Commentary**

"So we will see an improved mix and higher margins certainly in the second half..."

"Hardware probably will be up a little bit this year..."

"We affirm our full-year 2019 revenue and adjusted EBITDA guidance with revenue expected to be in the range of \$229 million to \$237 million..."

#### **Q2 2019 CEO Commentary**

"Q3 will look a little more like Q1, and then Q4 will look more like Q2 or in that neighborhood..."

"We expect double-digit revenue growth for both software and hardware for the full year 2019."

"We affirm our full year 2019 revenue and adjusted EBITDA guidance. Revenue is expected to be in the range of \$229 million to \$237 million..."

#### **Implication for Investors**

Gross margin effectively guided down to <70% relative to street expectations of >70% for 2H'19

Positive change in Hardware revenue outlook for 2019

Yet without any change to revenue guidance, investors likely assumed that Software growth is worse given heavier Hardware mix and lower gross margins for 2H'19

OSPN stock opened down (16%) and closed down (6%) during the subsequent trading day


### Self-Inflicted Disasters: Q2 2020 Earnings Call

# OneSpan pulled annual guidance on the Q2 2020 earnings call due to Hardware weakness despite an acceleration in ARR to 29% y/y growth

- 2020 full year guidance format in earnings release based on consolidated GAAP Revenue and consolidated Adj. EBITDA
- Founder Ken Hunt sells \$1.6mm worth of stock one day prior to Q2 2020 earnings call
- 10-Q delayed a few days due to immaterial revenue misstatement
- Full year guidance pulled primarily due to Hardware weakness while Software witnessed continued strong demand
- ARR accelerated from 27% y/y in Q1 2020 to 29% y/y in Q2 2020 – however, Company did not provide any formal guidance on Software
- Company discloses ARR for first time, but buries the metric in appendix of investor presentation





### The Q2 2020 Earnings Call Left Stockholders Infuriated

The Company also delayed its Q2 2020 10-Q filing – the Board, including Ken Hunt, must have been fully aware but Mr. Hunt still sold stock one day prior to Q2 2020 earnings, <u>further highlighting the Board's historical lack of controls and policies around stock trades</u>

One stockholder called into the Q&A portion to express his frustration:



#### Q2 2020 OneSpan Earnings Conference Call

August 11, 2020 4:30 PM EST

**STOCKHOLDER:** I guess I'd like you guys to address the term 'immaterial' in the context of your revenue misstatement. And I guess, I look back and I see you guys [are restating] revenue estimates by \$2.4 million over the last 9 quarters. And your Chairman sold \$23 million of stock subsequent to the end of the quarter, at the end of Q1, and your stock is down 30% after hours. So for a long time shareholder, maybe you could define the term 'immaterial'?

MARK HOYT (CFO): [addresses accounting question]

**STOCKHOLDER:** I understand saying that. But I guess if you're sure enough about those numbers, you would be able to file your 10-Q on time. And I guess, you've lost a certain amount of trust here. And again, I guess I'd like you to address the \$23 million of stock sold by your former Chairman since the end of March?

SCOTT CLEMENTS (CEO): So I'll take that one. <u>I think -- well</u>, first of all, yes, you corrected that. He's not -- he is no longer our Chairman. He remains a member of the Board. He was the founder of the company, and he is 75 or 76 years old, roughly. And so he has a long-term plan, estate plan. I'm not knowledgeable necessarily about all the particulars of it, but I think he has been executing his estate plan over -- really over a couple of year period now. So I don't think it really anything more...

STOCKHOLDER: Well he certainly accelerated it since the end of March. That's clear.

SCOTT CLEMENTS (CEO): I would assume -- I think that probably is the case that he has sold more in that time frame. But that's obviously his right to do that. And we obviously work very closely with our Board and all of our executives to ensure that trading takes place only when it's appropriate. And I believe that, that is the way Ken has handled it. And I think that -- I'm not sure what else say about it. These are his personal decisions around his estate planning that -- we don't have a whole lot to do with.

STOCKHOLDER: And I'm obviously a disappointed shareholder. So...

SCOTT CLEMENTS (CEO): I totally understand. Absolutely.



And I'm obviously a disappointed shareholder. So...

## Self-Inflicted Disasters: Q3 2020 Earnings Call

Once again, the Company overly focused investor communications on the impact of Hardware weakness to near-term GAAP financials, causing the stock to crash despite steady recurring revenue Software trends

- Given the Company was clearly struggling with investor communications, Legion privately sent a sample quarterly earnings presentation and offered to collaborate on a joint search for director candidates – the Board rejected our offer yet failed to improve OSPN's investor communications on the Q3 2020 earnings call
- 2020 full year guidance was reinstated but updated figures implied even lower Hardware revenue for full year
- 2020 Hardware revenue expectations were revised down from "mid-single digits" to "down 20-25%" on the Q2 2020 earnings call – but on the Q3 2020 earnings call, Hardware revenue was revised again to down ~40% for full year 2020
- "The biggest impact of the pandemic on our business has been a sharp drop in demand for hardware authentication products."
   CEO Scott Clements (11/2/20)





## **Board Appears Unaware of Basic Software Valuation Concepts**

In the Board's 4/26/21 letter to stockholders, the Company claims that its "investors and sellside analysts can fairly value OneSpan using a sum-of-the-parts approach or other methodologies"

- We do not believe the Board understands the basics of valuation frameworks commonly used for modern public software companies – while many investors will utilize a valuation multiple based on revenue or ARR, these multiples are assigned based on long-term efficiency and profitability
  - For example, many software investors utilize the "Rule of 40" which combines revenue growth <u>and</u> profit
    margin together to measure the overall efficiency of a software business the Rule of 40 metric tends to
    strongly correlate with a software company's forward EV / Revenue valuation multiple
  - In addition, many software investors will conduct long-term discounted cash flow (DCF) analyses on a software company by forecasting many years until steady profitability is achieved – the implied forward EV / Revenue based on the DCF's calculated net present value is typically compared to peers with similar operating profiles and assumptions
- Providing only segment revenue, but not segment profitability, may limit OneSpan's ability to achieve a full valuation multiple in line with peers for its Software segment
- In addition, only two sellside analysts (out of five total) utilize a sum-of-the-parts valuation approach, and this was only after Legion published letters including such an analysis

Without understanding the long-term economics of a business, including gross, operating and free cash flow margins, utilizing an EV / Revenue or EV / ARR multiple approach may have its limitations



#### **Better Financial Clarity Could Avert Need for Strategic Action**

We believe the high-growth and high-margin profile of OneSpan's Software business remains underappreciated given the lack of profit disclosures, thus contributing to OSPN's discounted valuation

- We believe an SOTP valuation approach can work in the public markets if investors are provided with sufficient financial disclosures
- Given Hardware's ongoing and negative optical impact to consolidated growth and margins, we believe the lack of segment-level profitability disclosures may be preventing investors from utilizing a full and fair valuation multiple, and instead assigning a discounted multiple, for OneSpan's Software business (in an SOTP analysis) as its long-term economics are unclear
- Software is not only growing significantly faster than Hardware (which is declining), it carries
   ~30-40 points higher gross margins per our estimates
- The Company has not provided gross and operating margin disclosures for Software, previously citing the burden of a \$500,000 audit expense for goodwill analysis this is truly unacceptable

With enhanced financial disclosures, public markets investors may be better able to value OSPN's Software segment in an SOTP framework, which in turn could help avert the need for any strategic action on the legacy Hardware segment



## **Case Study: PAR Technologies (PAR)**

The majority of sellside analysts covering PAR utilize an SOTP approach to value PAR shares by applying (1) an EV / EBITDA multiple to the non-core government segment's profits, (2) an EV / Revenue multiple to the legacy software segment, and (3) an EV / ARR multiple to PAR's fast-growing recurring revenue

 As PAR provides adequate segment-level disclosures, investors can feel confident in not only valuing the non-core segment separately based on its standalone profitability, but also utilizing a full and fair EV / ARR multiple to the company's fast-growing recurring revenue, knowing the long-term economics of that business are healthy



An SOTP approach has seemingly worked for PAR's public stockholders – we believe our nominees can help to better communicate a similar story for OSPN stock



#### Marc Zenner is Not the Answer

# The Board will tout the addition of Dr. Marc Zenner as a "capital markets expert," though his expertise seems irrelevant to the issues facing OSPN

- Director Marc Zenner was appointed to the Board in June 2019, prior to the major debacles in 2019 and 2020 detailed on prior pages
- The Board has touted his expertise in "capital markets," "capital allocation" and "capital structures," though we fail to see his impact to OSPN considering these disasters occurred during his tenure
- Dr. Zenner appears to have never been a public company executive, public equities investor, or a public company director at a technology company – we do not believe his background and experience are relevant to addressing OneSpan's challenges
- Lastly, OneSpan's balance sheet is not complicated as there is a sufficient cash balance and no debt – we are unsure as to how his "capital structure" expertise is particularly relevant to OneSpan's situation
- Despite Dr. Zenner's lack of relevancy to OneSpan, the Board formed a "Finance & Strategy Committee" of which he is chair – a worrisome development considering his apparent lack of experience in the technology and software space



Marc Zenner
Chair of Finance & Strategy
Committee (since 2020)
Director (since 2019)

We believe Dr. Zenner and the Board have failed to make an impact on OSPN's investor communications – without substantive change to the Board, we fear OSPN stockholders will continue to suffer long-term suboptimal valuation

## **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
|   |                                                        |



## **Ineffective Strategic Oversight**

#### We believe the Board's lack of critical skill sets, particularly relevant to the go-forward strategy, has led to multiple strategic failures and a structural overhang to OSPN's valuation

- Significant delays in operational undertakings, including the transition to Software
- Unbalanced capital allocation, primarily focused on M&A, has not resulted in longterm accretive returns
- In their own words, dated information technology ("IT") infrastructure seemed illprepared for a transition
- Bloated General & Administrative ("G&A") expenses versus peers
- Failure to innovate, including utilizing new form factors, has led to newer competitors overtaking OneSpan – lack of hardware experience on Board likely unhelpful
- Apparent unwillingness to objectively explore all strategic options to enhance OneSpan's value as we believe the Board has ignored inbound interest regarding a strategic transaction



#### Poor Oversight Has Led to a Significantly Delayed Transition

While the actual transition to recurring revenue began in earnest a few years ago, the Company has been attempting this transition for well over a decade but seemingly did not understand what that meant or entailed

 Despite the Company's aggressive organic and inorganic growth strategy, Software revenues merely shifted from 17% of total revenues in 2007 to 22% in 2015





### **Transition Appeared to Have Relied on M&A**

The Board has had a strong historical preference for M&A, though we have not witnessed a clear justification for this focus as the Board has failed to prove long-term accretive returns to stockholders

- The Company has a robust cash balance, but OSPN stockholders are left wondering what the Company will do with it considering the lack of information around:
  - Decision-making criteria to balance allocation between various deployment options
  - Risk-adjusted ROI considerations and thresholds
  - M&A criteria (strategic focus, size, and financing)
  - Ideal cash reserve needs for working capital and "rainy day" situations
- The Board only recently announced a \$50mm share repurchase program after Legion's private and public recommendation over the past three years
  - Prior to Q4 2020, the Company did not repurchase shares since 1998 despite OSPN's persistently low valuation





As far as we can tell, the Board does <u>not</u> have a detailed capital allocation policy



#### **Long-Tenured Directors Have Approved Questionable Acquisitions**

OneSpan has made 13 acquisitions as a public company (since 1998) to help diversify the Company beyond Hardware authentication, but multiple acquisitions outright failed

|                                         |              |          |                                 |                                                                                                         | On Board When Approved? |                |                 |
|-----------------------------------------|--------------|----------|---------------------------------|---------------------------------------------------------------------------------------------------------|-------------------------|----------------|-----------------|
| Recent Non-<br>Hardware<br>Acquisitions | Date         | Amount   | Company Focus                   | Outcome                                                                                                 | John<br>Fox             | Jean<br>Holley | Matthew<br>Moog |
| Able N.V.                               | October 2006 | \$6.3mm  | Unified Threat<br>Management    | Sold to employee for "de minimis" amount                                                                | ✓                       | <b>✓</b>       |                 |
| DigiNotar B.V.                          | January 2011 | \$12.9mm | Certificate Authority           | Suffered major cyberattack and went bankrupt                                                            | ✓                       | <b>✓</b>       |                 |
| Alfa & Ariss<br>B.V                     | April 2011   | \$1.4mm  | Identity & Access<br>Management | Acquired for its close ties to DigiNotar – financial impact unknown                                     | ✓                       | <b>✓</b>       |                 |
| Silanis                                 | October 2015 | \$85mm   | eSignature                      | Financial impact unknown; appears deeply undervalued in public markets; strategic review process failed | ✓                       | <b>✓</b>       | <b>✓</b>        |
| Dealflo                                 | May 2018     | \$53.9mm | Agreement<br>Automation         | Financial impact unknown                                                                                | ✓                       | <b>✓</b>       | <b>✓</b>        |

The Board has generally failed to provide any disclosures regarding the performance of their acquisitions post-integration – unless the business goes completely bankrupt or is sold for a "de minimis" amount



#### Able N.V. – Sold to Employee for Peanuts

# The 2006 acquisition of Able was OSPN's attempt at expanding into the broader enterprise security market by adding a unified threat management ("UTM") offering

- At the time of acquisition, the Board was very excited about the addition of Able:
  - "We believe that the UTM market will grow significantly in the coming years and we believe that Able's product line will enable [OneSpan] to win a substantial part of the SME market."
    - Ken Hunt, Founder, Former Chairman and CEO (10/26/06 OSPN Press Release)
- Given OneSpan's longstanding history as a user authentication cybersecurity vendor, we fail to understand the strategic rationale of aggressively expanding into enterprise security with a completely different product area
- After over a decade of attempting to grow their UTM business, OneSpan was nowhere on the map in this space – Gartner did not even recognize them as a niche player in their UTM Magic Quadrant
- Able was sold to an employee for "a de minimis" amount in August 2017 per OSPN's 2018 10-K, culminating in a quiet end for this seemingly failed acquisition





### **DigiNotar – A National Crisis and Disaster for OSPN**

Within 10 months of announcing the acquisition, DigiNotar suffered a severe cyberattack that effectively rendered its certificates useless and forced the subsidiary into bankruptcy, resulting in millions in losses

- After suffering a major cyberattack, DigiNotar had been taken over by the Dutch government

   the Dutch Minister of the Interior and Kingdom Relations held an emergency press conference in early September 2011 to discuss one of the most consequential cyberattacks Europe had ever seen
  - By mid-September 2011, DigiNotar had filed for bankruptcy
- Following a third-party audit, it appeared that DigiNotar failed to follow basic cybersecurity protocols, such as installing anti-virus software on its servers
- The Board and Company seems to have failed to do any basic technical due diligence
- In total, OneSpan suffered a ~\$17mm loss from the DigiNotar deal (assuming the purchase price plus subsequent losses)



"[The] acquisition of DigiNotar will also yield a return to our stockholders...we are a stronger company and more competitive than ever."

#### **Ken Hunt**

Founder and Former Chairman (1998-2020) and CEO

| ≡ MIHED | BACKERAMANIA BUSINESS CRATHER GEAR IDEAS SCIENCE SECURITY                                                                                            |
|---------|------------------------------------------------------------------------------------------------------------------------------------------------------|
|         | UN ACTUAL SECURITY 89.28.2011 80.05 FM                                                                                                               |
|         | DigiNotar Files for Bankruptcy in Wake of Devastating Hack                                                                                           |
|         | A Dutch certificate authority that suffered a major back attack this summer has been unable to recover from the blow and filed for bankruptcy this w |



### **Expensive Acquisitions Have Not Improved TSR**

Alfa & Ariss, Silanis and Dealflo represent ~75% of capital spent on M&A over the past 15 years, but the Board has seemingly failed to detail their financial impact or achieve a fair value for these assets in the public markets

- The Company's latest acquisition, Dealflo, was acquired for 11.5x LTM EV / Revenue in May 2018 which at the time appeared rather expensive relative to OSPN's LTM EV / Revenue of 3.4x
- Dealflo negatively impacted 2018 Adj. EBITDA guidance by \$6mm but only included 7 months of impact, implying heavy investment into the business given it produced ~\$6mm in operating losses for all of 2017
  - FY2018 Adj. EBITDA guidance was revised downward from \$21-25mm to \$15-19mm despite producing ~\$5mm of EBITDA outperformance vs. consensus estimates in 1H 2018
- Other than stating Dealflo performance "met our expectations" a couple quarters following the acquisition, the Company has provided no further disclosure on this business's performance
- Similarly, the Company had not disclosed post-merger performance of Alfa & Ariss, which is concerning as the asset had close ties to DigiNotar, leaving stockholders to wonder whether this asset was impacted as well
- Lastly, we believe the Board has failed to sufficiently disclose OSS's fundamentals, which has its heritage in the Silanis
  acquisition, resulting in a seemingly discounted valuation in the public markets
  - The Board's recent strategic review of OSS failed
  - Considering numerous precedent eSignature M&A transactions and a direct public peer, DocuSign (DOCU), provide signposts for valuing the asset, we question the credibility of the strategic review process in light of the ongoing proxy contest

The Company filed a \$300mm shelf registration which the Board described as "good governance" – is there another expensive acquisition on the horizon?



### **Share Repurchases Only a Recent Phenomena**

# Only until after the Q2 2020 earnings debacle did OSPN heed our years-long recommendation to utilize excess cash towards share repurchases given its persistently low valuation

 No share repurchases for 22 years – instead, the Board focused almost exclusively on M&A despite a \$100mm+ cash balance sitting idly for some time with plenty of opportunity to repurchase shares below the average cost basis incurred for the \$5mm repurchased in Q4 2020 (\$20.10/share)



We believe the Board's resistance towards share repurchases stems from their lack of understanding of OSPN's intrinsic valuation



#### **Board Appears Incapable of Sound Capital Allocation**

With no detailed capital allocation policy, an unbalanced approach towards capital deployment, and little disclosures regarding M&A performance, there appears to be little accountability at the Board level

- The Company has a history of not disclosing a target's performance post-acquisition as the Board likely feels it has no obligation to and/or is unable to understand the importance to investors
- The Board has rarely, if ever, detailed synergy targets or provided updates on post-merger integration processes – we believe this is because synergies were rare, and few acquisitions were ever truly integrated
- Given the messiness of OSPN's disclosures, it is difficult to understand whether many of OneSpan's recent acquisitions have grown meaningfully and/or efficiently, or if these assets are producing hefty losses
- We do not believe the newly formed Finance & Strategy Committee is qualified to oversee OneSpan's capital allocation given Chair Marc Zenner and member Matthew Moog lack public software M&A experience



"I mean, doing acquisitions or other kind of things like that are much more difficult when you're public because of the required disclosures."

#### **Matthew Moog**

Member of Finance & Strategy Committee

Director (since 2012)

Approved Dealflo acquisition alongside Chairman John Fox and Director Jean Holley

Without substantive change to the Board, we fear stockholders will continue to witness questionable and value destructive capital allocation decisions



## Dilapidated IT Infrastructure Could Not Handle Software Business

Several questionable acquisitions and a lack of post-merger integration seemingly left the Company's IT infrastructure in a dilapidated state that was unable to process new types of revenue streams (like software)

- In fact, OSPN's CEO and CFO spent their first few years "replacing every single IT system in the entire company"
  - "Three years ago, the company simply did not have the IT and system infrastructure to support the growth of the company or support the new revenue models and the new business models that we're beginning to deploy."
    - CEO Scott Clements, Investor Day (12/4/19)
- Given the Company had been attempting to shift to Software recurring revenue as early as 2007, we are surprised that it took roughly a decade to begin fixing seemingly obvious, core IT infrastructure problems so the Company could begin processing software revenue

OneSpan has been long overseen by a career consultant (John Fox), longtime CIO (Jean Holley), and a "software leader" (Matthew Moog) – with an average tenure of 13 years, how could they have underperformed this poorly for so long?



### **G&A Appears Bloated – A Legacy of Poor Oversight?**

OSPN's G&A expenses appear very high relative to Cybersecurity Peers, and we believe poorly integrated acquisitions and Hardware are causing an overly complicated corporate structure – while OSPN's CEO has openly discussed the opportunity to reduce structural costs, the Board should have been more proactive to reduce corporate spending as Hardware declined





### **Large Global Footprint Likely Increases Costs**

With 18 locations across 14 countries, OneSpan has a complex international footprint relative to its size, which likely contributes to unnecessarily complex legal and accounting requirements, thereby driving up G&A expense – we believe it is possible to reduce the number of countries in which OneSpan operates through improved operational efficiency and/or strategic action





#### **Operational Review – Announced Just Months Ago**

OSPN recently embarked on an operational review of the Hardware segment, which could partially address the bloated G&A structure – it's apparent that this process could have commenced years ago under previous management, but the Board seems to have never pushed for it

- During a virtual meeting in November 2020 with CEO Scott Clements, he informed us that the opportunity to rightsize the Hardware segment had existed for some time, though his team has only begun the process in 2020 as 2019 was a relatively busy year for Hardware
  - o "It's been obvious that there were some opportunities to optimize that value chain. It's a value chain that's distinct from the software part of the company. We couldn't do that last year because we were just fighting to meet demand. We've named a guy to be leader of that product line and given him the charter to look at the whole value chain, SKU reduction, automating provisioning and configuration (as each hardware authenticator needs to be provisioned and that process can be better, faster), and shifting manufacturing from southern China to Eastern Europe. Up until now all of it was in China." CEO Scott Clements (11/3/2020)
- In addition, as of 2021 the Company has separated the Hardware sales effort into a small, dedicated team
  whereas the rest of the Company's sales force is now exclusively focused on Software recurring revenue
- We are supportive of this operational review, though disappointed it has taken this long to occur given the Company's decade-long effort to shift to Software and Hardware's longstanding issues have been long-known (volatile quarterly results, low visibility, and a declining topline)

Instead of pushing for operational excellence, long-tenured directors seemed content with subpar operating practices that have resulted in a poor TSR track record



### Hardware: In Secular Decline...and Poor Management?

# We believe long-tenured directors have failed to effectively manage the Hardware segment's long-term performance

- The Company believes Hardware token authentication has a \$400mm TAM and with ~\$100mm in historical annual revenue, OneSpan was a major player
- Just a few years ago in 2015, Hardware was ~80% of total revenue and OSPN had a huge portion of the market
- OSPN was considered a leader alongside Gemalto (Thales) and RSA; the latter became far less competitive following its acquisition by Dell and then private equity
- But now the Company states the Hardware segment is in long-term secular decline
- However, we believe the Board missed a major opportunity that was successfully exploited by a competitor

## Gartner Magic Quadrant User Authentication (December 2013)





#### **Hardware: From First to Worst**

# While Chairman John Fox and Directors Jean Holley and Matthew Moog have watched Hardware decline for years, newer private competitor Yubico has witnessed tremendous success, greatly surpassing OneSpan

- Yubico, a hardware token authentication firm founded in 2007, has reportedly surpassed \$200 million in revenue in 2020 and expects to grow 70% year-over-year in 2021, counting large governments and global banks as customers
- Utilizes USB and biometric form factors
- Established numerous strategic partnerships with pure play software identity/authentication cybersecurity firms
- We believe there is no reason why OneSpan could not have capitalized on the same opportunity







We believe the Board's lack of overall modern technology experience and poor oversight caused them to miss a huge opportunity



## **Long-Tenured Directors Lack Hardware Technology Expertise**

While the Board claims its longer-tenured directors have critical hardware-centric experience, we believe Hardware's "secular decline" is a result of a lack of sufficient hardware technology / cybersecurity experience

- In the Board's 4/26/21 letter to stockholders, the Company claims that its "*longer-serving directors…have critical experience with our hardware-centric business*"
- However, none of the four directors we are targeting to replace appear to have <u>any</u> experience in the hardware technology / cybersecurity space (other than serving on OneSpan's Board)
- In fact, the only independent director who possesses such experience, Marc Boroditsky, was only added to the Board in 2019 – well after Hardware entered "secular decline"
- We believe the Board's lack of sufficient hardware technology/cybersecurity experience is a key reason for Hardware's lack of innovation, operational underperformance, and "secular decline"
- We do not believe that a Board, particularly its long-tenured directors, that has overseen such poor Hardware performance has the credibility to make a strategic judgment on the fate of the business

We believe the Board's claim of longer-tenured directors possessing "hardware-centric experience" while touting the strategic importance of Hardware is a mere ploy to defend their unnecessarily prolonged and poor track records



#### Our Campaign will Improve, not Harm, Hardware Oversight

Whether to oversee its continued operations, or to make a sound strategic judgment on the business, we believe the Board will be better positioned to oversee Hardware if our campaign is successful

- CEO and Director Scott Clements has hardware-centric experience in his role as OSPN CEO and prior roles such as Chief Technology Officer of Tyco, a hardware-centric security firm
- Director Marc Boroditsky was the Founder of Numera, a hardware-centric authentication company
- Nominee Rinki Sethi is the Chief Information Security Officer of Twitter and the former VP of Security Operations & Strategy at Palo Alto Networks, a software and hardware cybersecurity company (cloud and appliance-based firewalls)
- Nominee Michael McConnell currently serves on the board of Adacel, a hardware and software solutions company, and formerly served on the board of Guidance Software, a cloud SaaS, on-premise software and hardware cybersecurity company

#### **Directors Targeted for Replacement**









No Hardware Technology / Cybersecurity Experience

#### **Continuing Directors**











**Hardware Technology / Cybersecurity Experience** 

The Board will gain two directors with hardware technology / cybersecurity experience following the success of Legion's campaign – and lose none



### An 11th Hour "Strategic Review" of Hardware

# On May 10, 2021, the Board discloses that it "explored potential strategic alternatives" of Hardware, raising far more questions than it answers

- When did this strategic review occur, and how long did the process take?
- Were the Company's financial advisors involved, or did the Board complete this "review" on its own?
- Why did the Board not provide any details of this strategic review process, such as the number of parties interested and bids received (as it did for the OSS strategic review)?
- As part of this process, did the Board respond to the inbound interest it received in late 2020 regarding a strategic transaction for Hardware? Did the Board speak with any third parties?
- If the Board completed a genuine strategic review of Hardware, it should possess standalone Hardware financials – so why has the Board refused to disclose segment-level financials?
- Why is a sale of the economic rights to Hardware "not feasible"?
- Why did the Board wait until May 10, 2021, in the middle of an ongoing proxy contest, to communicate such critical news to OSPN stockholders?

While the Board continues to criticize Legion's ideas, the Board has failed to present any credible plan to drive long-term, sustainable value



#### The Board is Misrepresenting Legion's Plan to Unlock Value

The Board has characterized Legion's plan as solely focused on an asset sale of Hardware – as we have stated privately and publicly, there are multiple paths towards achieving full and fair value for stockholders

- Improve Financial Disclosures the Company should immediately begin providing segment-level gross and operating margins between Hardware and Software this would better enable public markets investors to conduct an SOTP valuation analysis, which in turn may avoid the need for any strategic action on Hardware
- Explore Strategic Partnerships we believe that there are a range of strategic partnership ideas
  that could potentially maximize Hardware's value and revenue opportunity
- Explore Alternative Paths Toward Monetizing Hardware while an outright asset sale could be considered, another alternative could be the sale of the economic rights of Hardware, where nothing "on the ground" would change, merely the cash flows generated from the Hardware segment would be remitted to the new owner (less any management fee or profit share paid to OneSpan)

We believe there are a range of options for unlocking the value of all OneSpan segments, many of which could minimize operational disruptions and maintain synergies between Software and Hardware



### Many OneSpan Stakeholders Concur with Legion

While a refreshed Board may logically conclude to keep the Hardware segment, many key OneSpan stakeholders concur that the legacy segment not only weighs on the Company's valuation, but can operate and possibly perform better independently with greater opportunities for strategic partnerships



The declining revenue should alleviate some pressure on gross margin, but without an imminent sale of the business, multiple expansion will likely remain limited.

**D.A. Davidson** (3/30/2021)



Another approach is looking to an external supplier and enter into an outsourcing strategic partnership contract – Blackberry example.

OneSpan Customer with ~\$5mm Annual Spend (11/10/2020)



As long as they support Hardware until end of life, we don't care if they own it or not.

OneSpan Customer with ~\$1mm Annual Spend (11/9/2020)



The potential divesting of the Hardware segment would allow the stock to be re-rated on the more valuable Software segment.

Colliers (4/12/2021)



Their argument is nonsense – you can sell it off.

CEO of Switzerland-based Cybersecurity Consultancy (4/27/2021)



The fundamental question of whether or not Hardware can be decoupled – the answer is yes. As long as they pick the right company to sell to, then it's not a problem at all. I would imagine it's a good thing to get it off their books financially.

OneSpan Customer with ~\$5mm Annual Spend (11/10/2020)



## We Believe our Nominees Will Help Drive Better Accountability

Until key long-tenured and underqualified directors are replaced, we do not believe the Board has the right mix of skillsets to oversee OneSpan's long-term strategy, operations and capital allocation

- In light of CFO Mark Hoyt's pending departure, we believe it is more important than ever to have strong technology leaders on the Board that can ensure an appropriate successor is named
- We believe the Board's lack of modern technology experience has led to a failure in accountability for Hardware's operational underperformance, as well as the high profile, expensive failures in M&A
- Hardware is a far simpler business than Software if the Board cannot manage the former, whether operationally or strategically, how can stockholders trust them with the latter?
- We believe the Board's attempt to associate its longer-tenured directors with the Hardware segment is a disingenuous effort to justify their continued presence on the Board – this could also explain why the Board ignored credible inbound interest in the Hardware asset during late 2020
- Simply put, this Board has failed to capitalize on key strategic opportunities in a timely manner the time has come for a refreshed Board elected by stockholders with the right skill sets to close the persistent valuation gap that has plagued OSPN's stock

Despite OneSpan's continued valuation discount to peers, the Board has taken action only when continually pressured by a large stockholder



## **Table of Contents**

| 1      | Executive Summary                                                                              |
|--------|------------------------------------------------------------------------------------------------|
| 2      | TSR Performance and Relative Valuation                                                         |
| 3      | Poor Investor Communications and Financial Disclosures                                         |
| 4      | Ineffective Strategic Oversight and Capital Allocation                                         |
|        |                                                                                                |
| 5      | Inadequate Self-Refreshment and Governance Concerns                                            |
| 5<br>6 | Inadequate Self-Refreshment and Governance Concerns  Misaligned Executive Compensation Program |
|        | •                                                                                              |



#### **Problematic Board Refreshment Process**

# The Board has largely dismissed high-quality candidates while reactively adding directors with tangential software experience

- High-quality, cloud-first software talent does not seem to be a top priority for the Board
- Connections with existing directors and "cultural fit" seemed to be highly desirable traits
- Resistance to stockholder input despite Legion's numerous attempts to bring highly qualified candidates to the Board and multiple offers to reach a settlement agreement
- Underqualified directors with decades-long tenures and poor TSR records only resigned after Legion's public pressure
- Power remains concentrated amongst longest-tenured and least qualified directors despite irrelevant backgrounds and poor historical strategic oversight

OneSpan's reactive self-refreshment has not improved OSPN's TSR or valuation – we believe a transformation of the Company requires a transformation of the Board



Source: SEC Filings, Legion Partners

#### **But Don't Take Our Word For It...**

Below are excerpts from a troubling interview Director Jean Holley, Chair of the Corporate Governance and Nominating Committee, provided to CIO Magazine detailing her experience joining the Board



FEATUR

How one CIO became a corporate board director

INTERVIEWER: How did you learn about the [OneSpan] board opportunity?

**HOLLEY:** I knew someone who knew someone who knew someone. I was not introduced to a board member right away. I had labeled myself a board director wannabe and spread the word to my networks. If I had done someone a favor, and they asked what they could do for me, I would say, "Well, I'm looking for a board position." This is an important point. Board positions are typically not one degree of separation away, they are more like three or four.

#### INTERVIEWER: What was the interview process like?

HOLLEY: First, I had a conversation with [OneSpan]'s CEO. He was just checking me out to see if I had the basic knowledge and presence to be on the board. That went well, so he recommended that I have lunch with two board members, one of whom who headed up the governance committee. That also went well, so I met the rest of the board. While all of the board members had questions about my skills and experience, they were most interested in how well I would fit into the culture. Once they had decided, early on in the process that I had the basic credentials, they spent the rest of the interviews focused on culture.

#### INTERVIEWER: What questions did they ask you?

**HOLLEY:** They really wanted to see how I would work with each of the board members.



I knew someone who knew someone who knew someone.



If I had done someone a favor, and they asked what they could do for me, I would say, "Well, I'm looking for a board position."



First, I had a conversation with [OneSpan]'s CEO... That went well, so he recommended that I have lunch with two board members, one of whom who headed up the governance committee.



...they were most interested in how well I would fit into the culture.



### **Director Recruitment Process Appears to Lack Objectivity**

Based on past practice and Jean Holley's interview, we are concerned the Board's nomination and re-nomination processes are not aligned with obtaining the best Board possible relative to the Company's needs

- Many new director recruits have come from incumbent directors' existing contacts – not through a search process
- The director interview process seems to begin with the CEO whom the Board supposedly oversees – not an independent board member
- The overwhelming criteria for board qualification appears to have been whether the candidate would fit into their "culture" – not business skills and experiences

We believe stockholders should no longer trust this Board to pick new directors – it's time for OSPN stockholders to decide



#### **Biased Practices Reflected in New Additions**

In conjunction with rejecting Legion's highly-qualified independent director candidates, the Board has reactively added new directors over the past couple years as a defensive measure, three of which had prior connections to the Board

Marc Boroditsky
Director (since 2019)

Works at Twilio

Jean Holley

Chair of Gov./Nom. Comm. (since 2013) Director (since 2006)

Led recruitment process of all recently added directors

Naureen Hassan

Director (March 2020 – March 2021)

Informed Legion that a mutual friend connected her to Jean Holley

Informed Legion she previously knew Mr. Boroditsky as she served on the Customer Advisory Board for Twilio **Marianne Johnson** 

Director (since March 2020)

Informed Legion she was connected to Jean Holley through "the Atlanta tech community"

Mses. Holley and Johnson are members of same non-profit and participated in events together **Garry Capers** 

Director (since April 2021)

Overlapped at Equifax with Ms. Johnson from 2007-2011

Company's proxy statement acknowledges recruitment through existing connection:

"Mr. Capers was recommended by another independent member of our Board."

While these prior relationships are not outright disqualifiers (we supported Ms. Hassan's nomination to the Board), this recruitment practice certainly does not result in the widest pool of objectively high-quality and diverse candidates



#### **Overlapping Connections Extend to Executive Team**

# Many of the Company's senior executives worked at companies led and overseen by OneSpan directors

Marc Boroditsky

Director (since 2019)

Former VP of Identity Management, Oracle (2011-2014)

#### Michael Cullinane

Director (since 1998, retiring June 2021)

Former CFO at SilkRoad Technologies (2008-13)

Former CFO at Lakeview Technology (2005-07)

Former CFO at Divine (1999-2003)

Former CFO at Platinum Technology (1998-99)

#### Marc Zenner

Director (since 2020)

Former Director at InnerWorkings (INWK) (2019-20)

Ajay Keni OSPN CTO since 2020

3-year overlap with Mr. Boroditsky at Oracle as VP of Identity Governance

John Bosshart
OSPN CAO since 2020

1-year overlap with Dr. Zenner at InnerWorkings as former CAO (2019)

3-year overlap with Mr. Cullinane at Divine as a Finance Manager (2000-03)

1-year overlap with Mr. Cullinane at Platinum Technology as Director of Finance (1999-2000)

#### Steven Worth

OSPN General Counsel since 2016

2-year overlap with Mr. Cullinane and 3-year overlap with Ms. McCarthy at SilkRoad Technologies as former General Counsel (2011-16)

#### Tracy McCarthy

OSPN Chief HR Officer since 2017

3-year overlap with Messrs. Cullinane and Worth at SilkRoad Technologies as Chief HR Officer (2010-14)

<1-year overlap with Mr. Cullinane at Lakeview Technology as VP of HR (2000-05)

It appears the Board's practice of recruiting personal connections runs through the Company and executive hires



## **High Geographic Proximity Amongst Board Members**

Board members are concentrated in the Chicago (OSPN HQ) and Atlanta areas, which appears to reflect a recruitment process focused on local networks – notably, Ms. Holley lived in the Chicago area when she joined the Board and subsequently moved to the Atlanta area (which preceded the recruitment of Ms. Johnson and Mr. Capers)




#### **Questionable Self-Evaluation Process**

- Following the Q2 2020 earnings call debacle, we had communicated to the Board that Founder Ken Hunt should resign immediately, particularly in light of his stock sale one day prior to OSPN stock crashing 40% after the Company announced an earnings miss and pulled full year guidance
- The Company's response, which was delivered through their counsel as they did not appear interested in communicating with us directly, was that they "cannot force a director to resign"
- We then published a letter to the Board dated August 18, 2020, calling for the immediate removal of Mr. Hunt while highlighting his exceptionally poor TSR and operational track record during the course of his 23-year tenure on the Board
- Shortly thereafter the Company implemented a 2-year ban on insider stock sales and Mr. Hunt "retired"
- While Mr. Hunt's departure was the beginning of a much-needed Board refreshment process that, in our opinion, requires the <u>replacement</u> of long-tenured unqualified directors (not merely additions), the episode highlighted to us the Board's deep dysfunction

A well-functioning self-evaluation process would not require public demands or a ban on insider stock sales to replace an underqualified, long-tenured director such as Ken Hunt



## Why Did it Take So Long to Remove Michael Cullinane?

#### Director Michael Cullinane served as Chair of the Audit Committee for 20 years despite overseeing a "high profile financial mess" while serving as a public company CFO that invited a federal grand jury investigation

- Mr. Cullinane notified the Board of his intention to retire and not stand for re-election at the 2021 Annual Meeting shortly after Legion Partners submitted a request for a director questionnaire
  - Mr. Cullinane was also Chair of the Audit Committee from 2001 through April 2021, a key leadership position that was recently passed to new Director Al Nietzel only after we announced our public nomination
- However, given Mr. Cullinane's colorful background, we are shocked he was not replaced sooner:
  - Mr. Cullinane's most recent public company role was as the Chief Financial Officer of Divine. Inc. from 1999 to 2003, where he also served as a board director
  - As a prolific acquirer of roughly 30 companies, some of which were in very poor financial health. Divine was ensnared in a variety of scandals, including defrauding libraries across the country, which led to multiple lawsuits and a federal grand jury investigation into widescale fraud that allegedly involved Mr. Cullinane – Divine eventually entered bankruptcy in 2003
- This colorful episode occurred during Mr. Cullinane's tenure on the Board, yet the Board apparently never felt the need to reassess his directorship at any time over 20 years and allowed him to continue serving in an important financial oversight role as Chair of the Audit Committee

## Chicago Tribune

#### **DIVINE:**

#### RoweCom seeks return of millions

CONTINUED FROM PAGE 1

tech collapse.

What ensued did not come close to Filipowski's plan.

Bankrupt RoweCom's problems now threaten Divine's future and spotlight the Chicago company as a culprit in a highprofile financial mess.

"This is unquestionably the biggest financial collapse America's libraries have had to deal with," says American Library Association Executive

This is unquestionably the biggest financial collapse America's libraries have had to deal with

Page after page, the Divine document is filled with cushy insider deals, an unpromising financial picture and an unwieldy corporate structure. It's got more hocus-pocus and scary stories than the new Harry Potter book

## Divine faces federal probe

#### Grand jury wants to determine fate of libraries' cash

By Barbara Rose Tribune staff reporter

tigating Divine Inc., Chicago's ary says it collected last year one-time technology darling, to from libraries across the coundetermine what happened to \$65 try to forward to publishers for million in customer payments, magazine subscriptions. documents obtained by the Tribune show.

threatens to complicate the difficult legal and financial problems facing Divine and its chief executive, Andrew "Flip" Fil-

Divine filed for bankruptcy Feb. 25 and is trying to sell its major businesses

The \$65 million is money that A federal grand jury is inves- Divine's RoweCom Inc. subsidi-

But librarians were alerted to a problem in December when The criminal investigation they began missing issues and

about lapsed subscriptions.

Divine placed RoweCom in bankruptcy in late January, and the subsidiary sued Divine for alleged fraud, charging that its parent had illegally diverted millions from its business

Divine, which denied the charges, said it spent the libraries' money on RoweCom's operations and debt and couldn't arrange a loan to pay publishers.

In February, libraries began receiving federal subpoenas for



### John Fox Possesses No Modern Technology Experience

Chairman John Fox retired from Deloitte in 2003 and joined the OneSpan Board in 2005 – he has gained the bulk of his technology "experience" prior to the proliferation of the Internet and cloud computing



We do not believe John Fox has the right experience and background to lead a modern technology company

111

Source: SEC Filings, Wikipedia CONFIDENTIAL & PROPRIETARY

#### Moog's Private SaaS Experience Lacks Relevance to OSPN

We do not believe Mr. Moog's experience as CEO of PowerReviews, a private SaaS company focused on online reviews, is pertinent to OSPN given its small scale (~\$25mm revenues), product / industry focus and questionable culture



- From 2014-2020, Matthew Moog served as CEO of PowerReviews, a small private SaaS company focused on online reviews
- While this does qualify as cloud-first recurring revenue C-level experience, his tenure as CEO appears controversial and unfitting for a professional, enterprisefocused public company such as OneSpan



#### **Anonymous Reviews from PowerReviews Employees (Glassdoor)**

"The culture that everyone raves about is just a giant frat party. Is it fun to drink at work? Yes. Is it fun to be around a sales team that is loud, obnoxious and can literally say ANYTHING without ever getting reprimanded? If that's what you consider culture, then this is the place for you. I wasn't interested in working with a bunch of dudes who felt like they could do or say anything they wanted to in the office." (5/22/15)

"Quite possibly the **most unprofessional work environment** I have ever had the displeasure of being a part of complete with incompetent managers, **a frat-house like company culture** and backstabbing coworkers who will throw you under the bus to get ahead." (11/19/19)

"Company is falling apart. Customer service is lacking, internal processes slow things down, heavy turnover this year, lack of marketing support." (12/10/19)

"Don't believe the positive reviews written by HR and the recruitment team. **This is a sinking ship, just look at the mass attrition as of late. The product can not compete with Bazaarvoice and they are struggling to stay afloat.** Save yourself the trouble and avoid at all costs." (11/19/19)



## Matthew Moog Lacks Scaled, Public Tech Experience

## Director Matthew Moog has held a variety of senior positions at small and/or private companies and non-profits in the consumer internet and radio sectors

- Mr. Moog's only public company experience (aside from serving on OSPN's Board) was serving as CEO of CoolSavings, Inc. (ticker: CSAV, later renamed Q Interactive), a microcap internet company focused on coupons and traded on the pink sheets
  - Mr. Moog served as CEO from 2001 to 2006, during which the company was acquired by a strategic partner, Landmark Communications, at a "\$200mm+ valuation" according to his LinkedIn profile though the common equity value at takeout appears to be less than \$50mm<sup>1</sup>
- Mr. Moog currently serves as a board director and interim CEO of Chicago Public Media (WBEZ-Chicago 91.5 FM), a non-profit radio station that serves as the primary National Public Radio (NPR) member organization for Chicago
- While as a board director at Chicago Public Media, the organization teamed up with NPR and New York Public Radio to acquire a private podcast app company called PocketCasts in 2018
  - Matthew Moog stepped in as Executive Chairman and interim lead following the ouster of PocketCasts CEO
  - In December 2020, the owners announced a sale of their ownership in PocketCasts as it appears Mr. Moog had failed to turnaround the company despite the ever-growing popularity of podcasts



WBEZ 91.5 FM

Chicago Public Radio.



#### Marc Zenner's Background Appears Irrelevant

## Director Marc Zenner is a career investment banker and served on two public company boards with little relevance to OSPN and poor results

- While Dr. Zenner has a long career as a generalist investment banker advising companies across many sectors, we believe he lacks experience working with public technology companies
- Dr. Zenner has served on two public company boards with poor results, and neither were technology companies
  - From August 2019 through September 2020, Dr. Zenner was a director at InnerWorkings (INWK), a marketing execution company
  - INWK shares traded at ~\$4.50 at the time of his appointment, yet the company was acquired by a private equity firm for \$3/share in October 2020
  - From 2017 to 2019, Dr. Zenner was a director at Sentinel Energy Services (STNL), a SPAC focused on the oil field services sector
  - STNL failed to acquire an operating asset and subsequently liquidated



**INWK Stock Price Chart** 



We do not believe the Board needs another "advisory" perspective – the Board needs a tech investor's perspective, particularly that of a OSPN stockholder



#### Improve Board Governance for Sustainably Better Results

As a 14-year veteran of the Board, and Chair of the Corporate Governance and Nominating Committee for 8 years, we believe Jean Holley has been a large part of the reason the Board has failed to evolve with the Company's strategy, indicating an insular and self-perpetuating culture

- The Board has the ultimate responsibility to upgrade and evolve its skill sets with the Company's strategy transformation
  - It's a fundamentally different business model, and it requires a fundamentally different Board
- However, the Board has seemed reactive and appears to favor directors with personal connections over adding the needed skills, experience and leadership
- As detailed on the following page, we do not believe Ms. Holley possesses modern technology experience relevant to OSPN



"If I had done someone a favor, and they asked what they could do for me, I would say, 'Well, I'm looking for a board position."

#### **Jean Holley**

Chair of Corporate Governance and Nominating Committee (since 2013)

Director (since 2006)

We believe a new Chair of the Corporate Governance and Nominating Committee can address the Company's incomplete self-refreshment



## Jean Holley's Tumultuous Career

It appears that Director Jean Holley "resigned" or was terminated from three of her last four full-time positions, and the fourth company went bankrupt while she was part of the executive management team – none of these roles provided her with direct experience in leading or developing modern technology

- Ms. Holley has worked as a Chief Information Officer (CIO) at a number of non-technology firms as detailed below
- Former CIO at Brambles (2011-2017), a supply chain logistics company
  - In February 2017, Brambles issued revised annual guidance, sending its shares down roughly 27%; a major restructuring ensued, and Ms. Holley was replaced by July 2017
- Former Executive Vice President & CIO at Tellabs (2004-2011), a telecommunications services company
  - In January 2011, Tellabs issued weak results and guidance, sending shares down roughly 20%; however, four days prior, Ms. Holley and several other executives sold substantial amounts of Tellabs stock
  - In July 2011, Tellabs issued another weak earnings report, sending shares down roughly 9%; however, earlier that month, Ms. Holley and other executives sold substantial amounts of Tellabs stock
  - Tellabs announced a restructuring in July 2011 which coincided with Ms. Holley's departure
- Former CIO at USG Corp. (1999-2003), a buildings materials company that filed for bankruptcy in 2001 to resolve an asbestos lawsuit
- Former Senior IT Director at Waste Management (1997-1998)
  - Waste Management merged with USA Waste Services in 1998 and Ms. Holley was terminated during post-merger restructuring

We do not believe the experience of purchasing and implementing technology from others is commensurate with working at an actual technology company



## **Poor Engagement with Stockholders**

# The Board does not appear to have an interest in communicating with stockholders, let alone soliciting feedback

- Although we have held 40+ calls and meetings with the Company, almost all were with management

   our only in-person interaction with the Board was a single unplanned and short meeting with
   Chairman John Fox at OSPN's Investor Day, and other than three short phone calls in early 2020,
   no independent director was willing to meet with Legion over the past three years
  - The Board often communicated through counsel instead
- Rejected multiple offers for a settlement agreement, including most recently in March 2021 and October 2020, without indicating any interest in negotiating terms
- At the 2020 Annual Meeting of Stockholders, the Board recommended a continuation of the Company's 3-year say-on-pay frequency despite the widely accepted governance practice of having an annual frequency
  - Stockholders rejected the Board's recommendation; the say-on-pay frequency is now annual
- No formal stockholder outreach program
  - No fellow stockholder we have spoken to has ever been proactively contacted by an independent member of the Board

A proactive and engaged Board should welcome director communication with its stockholders – not shy away from them



#### Legion's Engagement on Board Refreshment

| 20  | 2018                        |                                                        |                                                                                                                       | 2019                                                                                |                                                                                                                                                                                   |                                                               |                                                                                                                                                       |                                                        |                         |                                                                                                                                                           |  |  |
|-----|-----------------------------|--------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| inv | egion<br>vests in<br>neSpan | Legion<br>delivers<br>presentation<br>#1 at OSPN<br>HQ | Legion offers<br>to collaborate<br>on Board<br>refreshment;<br>sends three<br>candidates<br>under no<br>preconditions | John Fox<br>appointed<br>Chairman<br>and<br>Director<br>Art<br>Gilliland<br>resigns | Board interviews Legion candidates, including Nominee Michael McConnell, and offers grossly unreasonable settlement for one candidate (rejects Mr. McConnell and other candidate) | Board<br>appoints<br>Marc<br>Boroditsky<br>and Marc<br>Zenner | Legion meets with CEO, expresses interest in further collaboration on Board refreshment  Sends letter #1 to Board given no response following meeting | Legion<br>delivers<br>presentation<br>#2 at OSPN<br>HQ | OSPN<br>Investor<br>Day | Legion meets with Chairman at OSPN Investor Day, offers to collaborate on Board refreshment  Sends letter #2 with three candidates under no preconditions |  |  |

| 0   | n  | 6  | a   |
|-----|----|----|-----|
| - 2 | U, | 74 | U J |
|     |    |    |     |

Board interviews Legion candidates, including Nominee Sarika Garg Legion interviews two Company candidates, approves of Naureen Hassan

Board rejects all Legion candidates, appoints Ms. Hassan and Marianne Johnson Legion exchanges multiple emails and conducts numerous video meetings and calls with management to discuss investor communications and valuation analyses

Company reports Q2 2020 Earnings Company and discloses Ken Hunt sold stock one day prior to 40% drop

Legion held video meeting with management, requested Ken Hunt to resign Legion publishes letter #3 outlining key concerns and demanding Ken Hunt's resignation

Privately sends presentation

#3, a sample quarterly earnings
deck, to management

Company implements 2year ban on insider sales, Ken Hunt "retires" from the Board

|                                                                                                                                        | _                                                                                                |                                    | 2021                                            |                                                            |                                                            |                                                        |                                                                                      |                                      |                                  |                              |                                                                 |
|----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------|------------------------------------|-------------------------------------------------|------------------------------------------------------------|------------------------------------------------------------|--------------------------------------------------------|--------------------------------------------------------------------------------------|--------------------------------------|----------------------------------|------------------------------|-----------------------------------------------------------------|
| Legion sends letter #4 to Board, recommends appointment of Nominee Sagar Gupta and offer to collaborate on joint search for candidates | Company rejects opportunity to interview Mr. Gupta and offer to collaborate on Board refreshment | Board<br>appoints<br>Al<br>Nietzel | Legion<br>requests<br>director<br>questionnaire | Michael Cullinane announces retirement  Ms. Hassan resigns | Legion<br>publicly<br>nominates,<br>publishes<br>letter #5 | Legion<br>provides<br>settlement<br>offer<br>framework | Jean Holley emails Legion's nominees requesting interviews, Board rejects settlement | Board<br>appoints<br>Garry<br>Capers | Legion<br>publishes<br>letter #6 | Board<br>publishes<br>letter | Legion<br>publishes<br>letter #7<br>and<br>presen-<br>tation #4 |



Sent Candidates







## **Board Rebuffed Legion's Multiple Attempts to Engage Constructively**

# Consistently, the Board has rejected meaningful change not on their terms, including four settlement proposals and an offer to collaborate on a joint effort to identify director candidates

| Timeframe           | Legion's Engagement / Settlement Offer                                                                                                                                                                                                                                                                                                                                                                                               | Board's Reaction                                                                                                                                                                                                                                                                                                                                                                        |
|---------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 12/2018 –<br>3/2019 | <ul> <li>Legion introduces three candidates under no preconditions</li> <li>Offers a settlement agreement for two additions with no departures</li> </ul>                                                                                                                                                                                                                                                                            | Rejects two Legion candidates, including nominee Michael McConnell     Offers grossly unreasonable settlement agreement for one Legion director and one Company-sourced director – two-year standstill and requirement to compel Legion director to immediately resign upon standstill termination, among other unwarranted terms     Appoints Marc Zenner and Marc Boroditsky to Board |
| 12/2019 –<br>3/2020 | <ul> <li>Legion introduces three candidates under no preconditions</li> <li>Both parties enter into an NDA for Legion to interview two Company-sourced candidates, including Naureen Hassan</li> <li>Legion interviews both and approves of Ms. Hassan's nomination to the Board</li> <li>Offers settlement agreement to add Ms. Hassan and one of Legion's candidates with no departures</li> </ul>                                 | Rejects all three Legion candidates, including nominee Sarika Garg     Appoints Naureen Hassan and Marianne Johnson to Board                                                                                                                                                                                                                                                            |
| 9/2020 —<br>12/2020 | Legion recommends Nominee Sagar Gupta's appointment<br>to Board and offers to collaborate on a joint effort with<br>Company to identify two additional independent candidates                                                                                                                                                                                                                                                        | <ul> <li>Declines opportunity to interview Mr. Gupta and rejects offer to collaborate on a joint effort to identify additional candidates</li> <li>Appoints Al Nietzel to Board</li> </ul>                                                                                                                                                                                              |
| 2/2021 –<br>3/2021  | <ul> <li>Legion publicly nominates four nominees to the Board</li> <li>Board contacts Legion's nominees to request interview despite having previously interviewed Mr. McConnell and Ms. Garg, and rejected opportunity to interview Mr. Gupta</li> <li>Legion proposes settlement framework to avoid proxy contest and allow Board to interview its nominees: three Legion nominees appointed, and size reduced to eight</li> </ul> | <ul> <li>Rejects settlement offer with seemingly no interest in negotiating</li> <li>Appoints Garry Capers to Board</li> </ul>                                                                                                                                                                                                                                                          |



#### **OneSpan Must Improve its ESG Disclosures**

We believe a substantively refreshed Board can begin improving the Board's overall governance practices, start Sustainability Accounting Standards Board ("SASB") and Global Reporting Initiative ("GRI") reporting, and establish a materiality matrix to determine optimal alignment between the Company's business objectives and its stakeholders

**Example Materiality Matrix from a Cloud-First Software Public Company** 





## **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
| 8 | Appendix                                               |
|   |                                                        |



## **OneSpan's Outdated Executive Compensation Programs**

OneSpan's executive compensation programs have historically failed to reflect the transition to Software recurring revenue, and instead appear to perversely incentivize legacy solutions

- Annual and long-term compensation programs were effectively unchanged for multiple years (2017, 2018, 2019) and failed to include basic measures for profitability, efficient growth, TSR, and incentives to drive Software recurring revenue
  - This is despite Software reaching 50% of total revenue in 2018
- Following Legion's involvement in 2018, the Compensation Committee finally began
  to adopt some profitability and software-oriented metrics for 2020, but the programs
  overall continue to weigh too heavily towards consolidated metrics that incentivize
  legacy solutions like Hardware and perpetual licenses
- The executive compensation program has only changed reactively to our pressure but remains inadequate in aligning management with long-term value creation

Given Chairman John Fox's lack of modern software public company experience, it is unsurprising that as Chair of the Compensation Committee for 15 years, OneSpan's executive compensation programs remain antiquated



## **GAAP** Revenue Recognition – Illustrative Examples

Legacy Hardware and perpetual licensing have an outsized immediate impact on GAAP revenue and profits given upfront recognition vs. ratably with SaaS



Though the recurring revenue (SaaS) contract generates higher cumulative revenue and profits over time, near-term GAAP metrics are negatively impacted



## **Summary of Annual Executive Compensation Program**

Considering Hardware and perpetual licensing drive near-term GAAP Revenue and EBITDA, legacy solutions appear heavily incentivized over recurring software revenue for several years despite Software reaching 50% of total revenue by 2018



Following Legion's preliminary proxy statement filing, which advocated for the adoption of ARR as a performance metric in OSPN's executive compensation plans, the Company filed a proxy statement with its intention to do so for 2021



### **Summary of Long-Term Executive Compensation Program**

OneSpan's long-term executive compensation program contains many duplicative measures (within the program and vs. annual program), lack performance metrics specific to recurring software revenue, and for years lacked TSR, ROIC and profitability performance metrics



OneSpan's recent proxy statement declares that "subscription (SaaS) and license revenue" will be incorporated as a long-term performance metric beginning in 2021 – years after the transition started and is now nearing completion



#### **Compensation Programs Appear to Drive Perverse Incentives**

Due to the differing revenue recognition schedules between legacy Hardware and perpetual licensing vs. recurring revenue, antiquated performance metrics can fail to incentivize OneSpan's valuable transition

- Hardware and perpetual licensing revenue and profits are recognized entirely upfront
- Term-based licensing and SaaS revenue is recognized ratably over their contracts, but associated operating expenses are not, thus creating optically lower revenue and profitability in the near-term when shifting towards recurring revenue
- However, long-term value will be driven by an efficient shift towards recurring revenue as cumulative economic value earned should be equal or greater under these contracts as compared to legacy revenue streams
- By failing to update the executive compensation programs' performance metrics and weightings, we believe the Board has created a perverse incentive for management to push legacy revenue streams as much of their compensation remains weighted heavily towards GAAP revenue and Adj. EBITDA

Stockholders have witnessed OSPN management handsomely rewarded for Hardware outperformance despite Software underperformance, thus representing the opposite of the Company's long-term strategic objectives



#### Pay for "Performance"?

Results from the 2018-2020 long-term incentive plan show Hardware greatly surpassed the "target" level, while Software <u>barely</u> met the lower "threshold" level yet is the key driver for long-term value creation

In February 2021, the Management Development and Compensation Committee determined that the three-year PSUs granted in 2018 would vest based on Company performance for the period of 2018 - 2020. The following table sets forth the performance goals and the Company's results with respect to the 2018 - 2020 performance period:

| Performance Level | Performance Level              |                                           |
|-------------------|--------------------------------|-------------------------------------------|
|                   | (2018 - 2020 Hardware Revenue) | Level of Payout as a Percentage of Target |
| Below Threshold   | Less than \$260 million        | 0%                                        |
| Threshold         | \$260 million                  | 50%                                       |
| Target            | \$289 million                  | 100%                                      |
| Maximum           | \$318 million or higher        | 150%                                      |
| Actual Results    | \$314.7 million                | 144.2%                                    |

| Performance Level          | Performance Level                |                                           |
|----------------------------|----------------------------------|-------------------------------------------|
|                            | (2018-2020 Non-Hardware Revenue) | Level of Payout as a Percentage of Target |
| Below Threshold            | Less than \$367 million          | 0%                                        |
| Threshold                  | \$367 million                    | 50%                                       |
| Target                     | \$408 million                    | 100%                                      |
| Maximum                    | \$449 million or higher          | 150%                                      |
| Actual Results             | \$367.0 million                  | 50.1% <sup>(1)</sup>                      |
| (1) Result due to rounding |                                  |                                           |

Based on the performance above, the NEOs vested in the PSUs at 97.1% of target as follows:

| NEO               | 2018 - 2020 Target Shares | 2018 - 2020 Earned Shares |
|-------------------|---------------------------|---------------------------|
| Scott M. Clements | 62,308                    | 60,526                    |
| Mark S. Hoyt      | 27,945                    | 27,146                    |

Given the significant outperformance of Hardware, management was granted nearly 100% of the targeted payout despite notably underperforming on Software – during this period, OSPN's TSR severely underperformed

127

Source: SEC Filings, Capital IQ CONFIDENTIAL & PROPRIETARY

## **Our Recommendations on OSPN Executive Compensation**

# Management should be incentivized to drive <u>efficient</u> Software recurring revenue growth as this is the key driver for long-term value

- Focus should be on <u>efficient</u> growth, not "growth at all costs"
- Utilize software-oriented recurring revenue metrics such as ARR in conjunction with profitability
- "Rule of 40" approach: add Software revenue growth and Software free cash flow ("FCF") margin together (should equal 40 or better)
  - FCF component would ensure well-managed working capital and disciplined capital expenditures, including any capitalized R&D
- Hardware FCF should be key metric for this segment given state of managed decline
- With these changes, consolidated GAAP revenue and Adj. EBITDA should no longer be needed
  - Elimination would reduce perverse incentives stockholders have witnessed for years
- Shift mix of long-term equity awards to be more performance-based (and less time-based)
- Reduce duplicative components between annual and long-term plans
- Review the Company's peer group to ensure appropriate comparableness
- Ensure all performance hurdles are appropriately set, including the newly introduced TSR component



### **Board's Failed Say-on-Pay Frequency Proposal**

Why did the Board expedite a say-on-pay frequency vote and recommend 3 years? Was it to lock in a 3-year frequency given Ken Hunt's dwindling ownership?



With Ken Hunt's influence waning, stockholders overcame the Board's 3-year frequency recommendation and forced OneSpan to adopt an annual frequency



### John Fox: Chair of Compensation Committee for 15 Years

We believe Mr. Fox should be held principally responsible for overseeing an executive compensation program that is not properly aligned with value creation

- We believe an effective and appropriate executive compensation program requires independent oversight and extensive governance, investment and capital markets experience in the modern software sector – skills we believe John Fox is lacking
- Reliance on third-party independent compensation consultants are costly and too often we have found that they typically do not possess the in-depth expertise needed to accurately devise a program for a modern software public company
- The Board's recent attempt to apparently "lock in" another say-on-pay frequency approval (for every 3 years) does not suggest a strong commitment to holding management accountable annually



Chairman John Fox
Chair of Compensation
Committee (since 2006)
Director (since 2005)

Our nominees possess significant governance and investment experience at modern software public companies – if elected, they would seek to better align OSPN's compensation programs with long-term value creation

## **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
| 8 | Appendix                                               |



#### Legion Partners' Nominee: Sarika Garg

# We believe Ms. Garg will bring significant software operational, sales, technology and M&A leadership experience to the Board







#### Career History

- Chief Strategy Officer, Tradeshift (2018-2020)
- Various Senior Roles, Tradeshift (2005-2018)
- o Office of the CEO, SAP (2001-2015)
  - Head of Ariba Network, Product Management, Ariba (an SAP company)
  - Senior Director, Product Management, SAP
  - Director, Product Management, SAP
  - Product Development, SAP

#### Experiences

- Ms. Garg is widely considered a world-renowned expert on SaaS operations, sales and architectures, particularly in the fintech space, and was featured in the WSJ and as a speaker at the World Economic Forum in Davos on leadership in the tech industry
- Tradeshift is the largest business commerce company in the world providing a global commerce SaaS platform that connects and enables payments between buyers and sellers – as the former Chief Strategy Officer, Ms. Garg led corporate strategy (organic and inorganic growth, including four acquisitions), brand and product innovation, go-tomarket strategy, and marketing & communications
- At SAP, Ms. Garg played a leading role in the post-merger integration of the \$3.4 billion acquisition of SuccessFactors
- In addition, Ms. Garg was tapped to lead product management for Ariba Network following its \$4.3 billion acquisition by SAP and drove over \$200mm+ in cloud revenue
- Top 50 Women Leaders in SaaS in The Software Report (2018 and 2019)



#### The Board Needs True Cloud-First Operations Experience

- Ms. Garg why are you excited to potentially join OneSpan's Board?
  - o "The company is in a really exciting space and the market opportunity for OneSpan is vast. While the Company has a roster of leading clients, I believe the Company's revenues have the potential to grow much faster. At a high level, there appear to be opportunities to dramatically increase sales productivity and effectuate a better go-to-market strategy through the use of partners and building out a true customer success team in order to drive net retention rates higher."
- How do your qualifications and experiences apply to OneSpan?
  - o "I've spent over a decade at SAP, including in the Office of the CEO, and witnessed firsthand the company's transition from perpetual licensing to a cloud-based business model. Given the tremendous size of the company, I was involved in nearly every aspect of the transition architecture design, new product development, go-to-market strategy revamps, sales force reorganizations, and M&A. We acquired several billion-dollar-plus cloud companies and I was fortunate enough to play a key role in many of them. Given OneSpan is a much smaller company attempting a similar path, I believe I can quickly help implement best practices to ensure long-term growth."
  - "In my latest role as Chief Strategy Officer at Tradeshift, which is the largest global business commerce cloud-first SaaS platform, I worked closely with key executives from the top 100 largest financial institutions across North America, Europe, and APAC advising and partnering with them as they made their transition into the digital world. These companies were both strategic investors in and customers of Tradeshift. We built and marketed cloud software products with them. They were looking to partner with cloud-first startups like Tradeshift to shift their offerings to the digital world. I got to understand the deep disruption the financial services industry is facing and its challenges and needs. I believe my background here overlaps nicely with OneSpan's primary industry focus (financial services) across major geographies."

No targeted incumbent has operational experience at a modern software public company, and most newly added directors do not hail from modern, cloud-first software public companies



### Legion Partners' Nominee: Rinki Sethi

# We believe Ms. Sethi will bring significant cybersecurity software & hardware and technical M&A leadership experience to the Board





#### Career History

- o Chief Information Security Officer, Twitter (2020–Present)
- Chief Information Security Officer, Rubrik (2019-2020)
- Enterprise Chief Information Security Officer, IBM (2018-2019)
- Vice President of Security Operations & Strategy, Palo Alto Networks (2015-2018)
- o Director, Head of Product Security, Intuit (2012-2015)
- Chief of Staff & Sr. Manager of Global Fraud, Risk & Security, eBay (2009-2012)

#### Experiences

- Award-winning leader in security innovation with experience leading and developing innovative security infrastructure for Fortune 500 companies
- 16+ years of experience leading strategy and vision in product security, security operations and security architecture, including previously leading a technical team of over 500 engineers globally and its \$500 million budget
- Responsible for driving a world-class security operations center as well as identity and access management practice at IBM
- At Palo Alto Networks, she was responsible for creation, coordination and execution of the company's security strategy, and was deeply involved in the technical M&A due diligence of numerous acquisitions (LightCyber, Secdo and Evident.io)
- Won award for Senior Information Security Practitioner by ISC2, the most recognized non-profit security organization
- Member of ISACA, ISC2, SANS, IEEE and Infragard; in addition, she is certified in CISSP (#83820), GIAC GSEC, NSA-IAM, CEH, CISA and from Palo Alto Networks, ASE and ACE



### The Board Needs Technical Cybersecurity Expertise

- Ms. Sethi why are you excited to potentially join OneSpan's Board?
  - "Reputation matters in this industry and it's paramount for a cybersecurity firm's long-term success. I'm
    excited to help elevate OneSpan's profile within the industry, which should be an exciting and interesting
    challenge given its reputation as a trusted cybersecurity partner to the world's largest banks."
- How do your qualifications and experiences apply to OneSpan?
  - "My previous firms, Rubrik and Palo Alto Networks, had offered both hardware and software-based solutions, but quickly realized that cloud software was the future and aggressively transitioned – I believe these experiences will be very helpful to OneSpan given its similar transition."
  - "I started my career as an engineer and even though I'm part of the C-suite now, I am still an engineer at heart. The new Trusted Identity Platform that OneSpan has built resonates with the latest and greatest architectures I've come across at other leading cloud-based cybersecurity companies in Silicon Valley. There is serious technological and business potential at OneSpan, and I believe my deep technical and executive experience in the space can help ensure OneSpan remains competitive in this fast-changing space."
  - "I've been deeply involved in technical M&A due diligence at nearly every firm I've worked at, but particularly at Palo Alto Networks where I helped diligence and execute three successful acquisitions. Part of OneSpan's strategy appears to be acquiring other companies to expand their product portfolio – I feel I am well suited to oversee these transactions from the Board level and validate a target's technology."
  - "While most of my experience is dealing with software-based solutions, I've also worked on hardware-based cybersecurity solutions as a developer and buyer. Given OneSpan's historical position in the space, I believe I can help the Company explore new opportunities to responsibly expand its Hardware revenue as I would bring a technical and customer perspective to the boardroom."

Not a single director has technical cybersecurity skills comparable to Ms. Sethi



#### Legion Partners' Nominee: Michael McConnell

# We believe Mr. McConnell will bring extensive executive, operational, board, governance and investment experience, particularly in the technology & software space, to the Board











#### Career History

- Independent Director, Vonage (Ticker: VG) (2019-Present)
- o Chairman and Ind. Director, Adacel Technologies (Ticker: ASX:ADA) (2017-Present)
- o Independent Director, SPS Commerce (Ticker: SPSC) (2018-2019)
- o Independent Director, Guidance Software (Ticker: GUID) (2016-2017)
- Chairman and Interim CEO, Spark Networks (Ticker: LOV) (2014-2017)
- Managing Director, Head of Shamrock Activist Value Fund, Shamrock Capital, the Disney Family Office (1994-2007)

#### Experiences

- 20+ years of public company non-executive Board, CEO operating and public company investor experience – served on 15 public company boards, including technology/software
- Experience in all board capacities (board chair, chair of audit, nom./gov. and compensation committees, strategy committees, and led C-suite executive searches)
- Spark Networks and Guidance Software were both acquired during his board tenures
- During his board tenure, Vonage, an enterprise communications SaaS company, has hired a new CEO, CFO and COO, and held an Investor Day
- During his board tenure, SPS Commerce, a leading supply chain SaaS company, overhauled its sales strategy resulting in significant shareholder value creation
- Member of Executive Committee and head of \$1.4bn activist hedge fund at Shamrock Capital, participating in 34+ transactions totaling \$2.7bn+
- Speaker on corporate governance at conferences hosted by organizations such as the Council for Institutional Investors, SEC Small Company forum, Harvard Business School and University of Virginia's Darden Business School



#### The Board Needs to Focus on Value Creation

- Mr. McConnell why are you excited to potentially join OneSpan's Board?
  - "With its blue-chip customer base, the intrinsic value of OneSpan is significant and I've been a stockholder for some time. However, the Board exhibits many of the characteristics and practices that contribute to poor stockholder returns, including, but not limited to, the seeming lack of data-driven strategies and operational tactics, misaligned compensation plans, poor disclosures and transparency and reactive corporate governance. Importantly, and I have seen this many times, OneSpan most likely suffers from an entrenched Board tone at the top dominated by a few long-tenured directors unwilling to objectively diagnose the root causes of the Company's long history of dismal stockholder returns and its failing stewardship. In my experience, most outsiders underestimate the negative ongoing impact of this final point and it will not change without substantive stockholder-driven change at the Board level."
  - "OneSpan possesses an interesting mix of highly strategic, valuable assets. Given the stock's valuation discount to peers, I believe the Board should be open to all paths towards achieving fair value. As I learned years ago, if one tortures the data long enough, it will confess."
- How do your qualifications and experiences apply to OneSpan?
  - "I've served on 16 public company boards in a wide range of industries and foreign countries over the last 24 years. One accumulates pattern recognition over time and OneSpan appears to present many of the signs that signal chronic underperformance and the need for change. Additionally, I've served on several cloud software company boards and recognize critical elements that drive successful strategies and execution."
  - "Given my numerous Board roles, experiences as a sitting CEO at several public companies and tenure as an investment manager, I'm confident that with the additional directors proposed by Legion, a reconstituted OneSpan Board has more potential to deliver improved stockholder returns."

Only one other director has served on another public software company board (<2-year tenure)<sup>1</sup> – relative to the entire OneSpan Board, Mr. McConnell's public board experience is unmatched



#### Legion Partners' Nominee: Sagar Gupta

Legion Partners is the second-largest institutional investor in OneSpan – we believe our firm and Mr. Gupta are well-aligned with the broader stockholder base which deserves true, independent ownership representation on the Board









#### Career History

- Senior Analyst, Head of TMT Investing, Legion Partners (2018-Present)
- o Investor, TMT Long/Short Equities, Finchwood Capital (2015-2018)
- o Investor, TMT Long/Short Equities, Balyasny Asset Management (2014-2015)
- o Investor, Special Situations, KKR (2012-2014)
- o Investment Banker, Global Technology Group, UBS (2010-2012)

#### Experiences

- 10+ years advising and investing in public technology, media and telecommunications
   (TMT) companies and currently leads all TMT investing at Legion Partners
- Deep expertise in software public equities investing, including leading numerous successful software investments at Legion Partners and prior firms
- Led creation of all Legion Partners materials for OneSpan investment, including letters, presentations, and peer valuation analyses sent to Company
- Private angel investor in multiple software companies, including recently acquired Teachable, a SaaS platform for creators and educators, which was bought by Hotmart Technology in 2020 for over \$200mm



#### The Board Needs Stockholder Representation

#### Mr. Gupta – why are you excited to potentially join OneSpan's Board?

- "We've been involved with OneSpan for over three years and I've developed a great rapport with the management team. While it's been exciting to witness the progress, there is still a lot more work to be done. Specifically, the Company suffers from little awareness in the investment community, especially as a new software story, and I believe bringing an investor's perspective to the table can really help elevate the story and achieve a fair value reflective of all the hard work that's being done inside the firm."
- "As an investor, it's disappointing to witness Boards, who are supposed to represent stockholders, do everything but that. And while my firm, Legion Partners, has attempted to help OneSpan as much as possible from the outside, we believe that placing an actual stockholder representative in the boardroom will make a tremendous difference for the entire stockholder base. Boards should be aligned with their stockholders, and it's about time we fix that at OneSpan."

#### How do your qualifications and experiences apply to OneSpan?

- "Modern software public company financials and key metrics (ARR, DBNE, lifetime value, etc.) are like a foreign language to people that lack experience in the software sector. You have to 'speak the language' in order to effectively communicate the value of software assets. Unfortunately, after years of attempting to teach a Board that generally lacks modern software experience and has demonstrated little interest in learning, we believe the time has come to place a 'native speaker' in the boardroom to help improve OneSpan's subpar investor communications and achieve full and fair value for the Company's assets."
- "My firm, Legion Partners, prides itself on implementing sound governance at all of our portfolio companies. Combined with my 10+ year background in technology, I believe this unique combination of governance and technology capital markets expertise can help redesign the Company's executive compensation programs to ensure proper long-term alignment between OneSpan's Board, management team and all stockholders."

Not a single OneSpan director has professional public company investment experience, and the Board collectively owns <2%



#### **Pro Forma Board Composition Impact**

We believe it is in the Board's social and economic interests to *genuinely* embrace a culture of diversity & inclusion



If Legion's nominees are elected, the Board's pro forma diversity would vastly improve, and the longest serving director would have a tenure of four years



#### Pace of Refreshment Has Been Inconsistent

The Board's low average tenure is due to a flurry of recent, defensive additions following Legion's involvement, which namely resulted in a net increase to the Board's size as long-tenured directors rarely departed



The defensive rush in refreshment over the last two years resulted in new directors that generally lack the skill sets required to oversee OSPN's evolution



## **Overall Board Generally Lacks Pertinent Experience**

## Modern software experience at a cloud-first company is rare amongst all of OneSpan's independent directors

|                    |                                                                              |                   |                                                             | Modern Softwa          | re Experience        |           |               |                                     |
|--------------------|------------------------------------------------------------------------------|-------------------|-------------------------------------------------------------|------------------------|----------------------|-----------|---------------|-------------------------------------|
|                    | Incumbent Director, Age Position                                             | Tenure<br>(Years) | Industry<br>Background                                      | Hardware<br>Experience | C-Level<br>Executive | Technical | Public<br>M&A | Other Public<br>Board /<br>Investor |
| Leaders            | John Fox, 77<br>Chairman and Chair of<br>Compensation Committee              | 16                | Professional<br>Services                                    |                        |                      |           |               |                                     |
|                    | Jean Holley, 62<br>Chair of Corporate Governance and<br>Nominating Committee | 14                | Logistics;<br>Telecom Equip.;<br>Building Materials         |                        |                      |           |               |                                     |
| Long-Tenured / Key | Matthew Moog, 51<br>Member of CG&N and F&S<br>Committees                     | 8                 | Radio;<br>Consumer Internet                                 |                        | ✓                    |           |               |                                     |
| Long-              | Marc Zenner, 58<br>Chair of Finance & Strategy<br>Committee                  | 2                 | Investment Banking<br>(Generalist)                          |                        |                      |           |               |                                     |
|                    | Marc Boroditsky, 57 Independent Director                                     | 2                 | Enterprise Software                                         | <b>✓</b>               | ✓                    |           | ✓             |                                     |
|                    | Marianne Johnson, 55 Independent Director                                    | 1                 | Legacy Software<br>(Auto Dealerships,<br>Credit Bureau)     |                        |                      |           |               |                                     |
|                    | Al Nietzel, 59<br>Chair of Audit Committee                                   | <1                | Legacy Software<br>(Auto Dealerships,<br>Payroll Processor) |                        |                      |           |               |                                     |
| _                  | Garry Capers, 44<br>Independent Director                                     | <1                | Physical Check<br>Printing; Legacy<br>Software              |                        |                      |           |               |                                     |



#### **Incumbents' Public Company Board Experience**

For most OSPN directors, OneSpan is their first and only public company board – prior public board experience has not been a prerequisite

| OSPN Director                               | John Fox | Jean<br>Holley | Matthew<br>Moog¹ | Marc<br>Zenner | Marc<br>Boroditsky | Marianne<br>Johnson | Al Nietzel | Garry<br>Capers | Scott<br>Clements |
|---------------------------------------------|----------|----------------|------------------|----------------|--------------------|---------------------|------------|-----------------|-------------------|
| OSPN is FIRST public board                  | X        | X              | X                |                | X                  | X                   |            | X               | X                 |
| OSPN is ONLY public board                   |          |                | X                |                | X                  | X                   |            | X               | X                 |
| Other tech/software public company board(s) |          |                |                  |                |                    |                     | CRNC       |                 |                   |
| Other public company board(s)               | стѕн     | TSX:ACD<br>HRI |                  | INWK<br>SNTL   |                    |                     |            |                 |                   |

Nominee Michael McConnell has more public company board experience than the entire OSPN Board combined



#### **Incumbent Directors' Other Boards Appear Irrelevant**

| OSPN Director            | Other Public Board       | Tenure at Other<br>Public Board | Comments                                                                                                                                                                                                                                                                                                                                                                                                                    |
|--------------------------|--------------------------|---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| John Fox<br>(CTSH)       | Cognizant                | 12/2007 – Present               | <ul> <li>Professional services firm that handles business process outsourcing for enterprise clients</li> <li>We do not view Cognizant, or professional services firms in general, as a technology company</li> <li>While Mr. Fox's career background at another major professional services firm, Deloitte, is relevant to Cognizant, neither his career or board service at Cognizant are pertinent to OneSpan</li> </ul> |
| Jean Holley<br>(HRI)     | <b>Herc</b> Rentals      | 8/2017 – Present                | Equipment rental company spun-off from Hertz Car<br>Rental – no pertinence to OneSpan                                                                                                                                                                                                                                                                                                                                       |
| Jean Holley<br>(TSX:ACD) | ACCORD                   | 5/2020 – Present                | Commercial lending company based in Canada     While in the financial services space, Accord is not a bank or a technology/software firm                                                                                                                                                                                                                                                                                    |
| Marc Zenner<br>(INWK)    | inwk                     | 8/2019 – 9/2020                 | Physical signage and packaging marketing execution company – no pertinence to OneSpan     Company was sold after facing fundamental issues                                                                                                                                                                                                                                                                                  |
| Marc Zenner<br>(SNTL)    | SENTINEL ENERGY SERVICES | 9/2017 – 12/2019                | SPAC focused on oil field services sector which failed<br>to complete an acquisition and subsequently<br>liquidated – no pertinence to OneSpan                                                                                                                                                                                                                                                                              |

We do not consider any of these companies as technology firms with any pertinence to OneSpan in terms of business model, industry focus, geographic focus, underlying technology, size, or any other financial characteristics



#### Nominee Michael McConnell has Pertinent Board Experience

Mr. McConnell has served on 16 public company boards, including many cloud-based SaaS, on-premise software, and hardware companies, including within the cybersecurity space

| Software and Hardware<br>Public Boards | Position and<br>Tenure                                       | Key Changes During<br>Tenure                                                                                          | Relevance to OSPN                                                                                                                                                                                                                                             |
|----------------------------------------|--------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| SPS COMMERCE INFINITE RETAIL POWER**   | Director<br>3/2018 – 5/2019                                  | Vastly improved sales productivity     ~\$3bn value created for shareholders since 3/2018                             | Cloud-first SaaS business model of similar size     Board had lacked technology / software skills and was unable to hold management accountable with regards to overall business efficiency                                                                   |
| <b>V</b> ONAGE                         | Director<br>3/2019 – Present                                 | Replaced CEO and CFO     Completed strategic review of legacy segment     New segment-level profitability disclosures | Cloud-first SaaS business model with two segments — one fast-growing with an enterprise focus, and one consumer-focused legacy segment in secular decline Enhanced investor communications and financial disclosures to better enable SOTP valuation approach |
| GUIDANCE G                             | Director<br>4/2016 – 10/2017                                 | Acquired by OpenText in 9/2017                                                                                        | Cybersecurity software & hardware company of similar size with on-premise perpetual licensing, cloud SaaS and hardware appliance business elements     Underwent strategic review of entire company                                                           |
| spark                                  | Chairman,<br>Director and<br>Interim CEO<br>6/2014 – 11/2017 | Merged with competitor     Affinitas in all-stock deal in     11/2017                                                 | Cloud-first SaaS business model of similar size     Conducted multiple smaller acquisitions during tenure     Underwent strategic review of entire company                                                                                                    |
| ADACEL                                 | Chairman and<br>Director<br>5/2017 – Present                 | Effectuated operational<br>turnaround with hiring of new<br>CEO, substantial increase in<br>profitability             | Integrated hardware and software systems,<br>complemented by recurring services revenues                                                                                                                                                                      |



## Case Study: SPS Commerce (SPSC), a SaaS Company

Legion Partners previously invested in SPSC and pursuant to a cooperation agreement, Mr. McConnell was appointed to the SPSC board



SPSC stock has nearly quadrupled since we first invested – we believe our involvement and Mr. McConnell's impact at the board level delivered significant, sustainable value creation



#### The Time Has Come to #ProtectOneSpan

# We urge fellow stockholders to vote the WHITE proxy card to elect strong and proven technology leaders to the Board

- Our nominees will seek to apply a holistic approach to fixing OSPN's valuation:
  - ✓ Improve financial disclosures, including separating Software gross & operating margins from Hardware, to better enable an SOTP valuation approach in the public markets
  - ✓ Form a detailed capital allocation framework and diligently oversee all capital deployment, including potential M&A
  - ✓ Improve strategic oversight to ensure Hardware mistakes are not repeated with Software
  - ✓ Redesign executive compensation to align with long-term stockholder value creation
  - ✓ Implement best practices in governance, improve Board diversity, and establish broader ESG frameworks
  - ✓ Objectively evaluate all strategic alternatives

The Board has failed to present any credible plan to drive long-term, sustainable value – without the spotlight of pressure and more substantive Board refreshment, we fear that OSPN stockholders will continue to suffer



### **Table of Contents**

| 1 | Executive Summary                                      |
|---|--------------------------------------------------------|
| 2 | TSR Performance and Relative Valuation                 |
| 3 | Poor Investor Communications and Financial Disclosures |
| 4 | Ineffective Strategic Oversight and Capital Allocation |
| 5 | Inadequate Self-Refreshment and Governance Concerns    |
| 6 | Misaligned Executive Compensation Program              |
| 7 | Legion's Nominees and the Path Forward                 |
| 8 | Appendix                                               |



## Please vote your WHITE proxy card today



If you have any questions, require assistance in voting your WHITE proxy card, or need additional copies of Legion's proxy materials, please contact:

Saratoga Proxy Consulting, LLC 520 8<sup>th</sup> Avenue, 14<sup>th</sup> Floor New York, NY 10018 (212) 257-1311

Stockholders call toll-free at (888) 368-0379 Email: info@saratogaproxy.com



#### **Legion Partners Public Correspondence and Contact Information**

#### All correspondence available at www.protectonespan.com

Letter to the Board of Directors
 August 18, 2020

Letter to OneSpan Stockholders
 February 25, 2021

Definitive Proxy Statement April 14, 2021

Letter to OneSpan Stockholders April 15, 2021

Letter to OneSpan Stockholders
 May 3, 2021



Legion Partners Asset Management 12121 Wilshire Blvd, Suite 1240 Los Angeles, CA 90025

www.legionpartners.com

info@legionpartners.com



#### Software Multiples Have Risen Over the Past 3 Years

Since we first invested in OSPN (April 2018) and filed a Schedule 13D (November 2018) which contained our original valuation analysis, multiples in the software space have risen tremendously

BVP NASDAQ Emerging Cloud Index Forward EV / Revenue





## **Historical Review of Executive Compensation Programs**

| Fiscal<br>Year | Annual Incentive Composition                                                                                                                                                                                                                     | Long-Term Incentive Composition                                                                                                                                                                                                                             | Legion Commentary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 2017           | Annual cash bonus,100%     performance-based:                                                                                                                                                                                                    | Performance-based equity awards (60%):  50% weighting: 3-year total revenue target  50% weighting: 3-year non-hardware revenue target  Time-based equity awards (40%) – vesting over 4 years                                                                | Total revenue inclusive of non-hardware revenue, making the two performance metrics duplicative Near-term targets overly weighted towards revenue Lack of long-term focus on overall profitability, ROIC and TSR No specific incentives to efficiently drive Software recurring revenue                                                                                                                                                                                                                                                            |
| 2018           | No change from 2017                                                                                                                                                                                                                              | No change from 2017                                                                                                                                                                                                                                         | Virtually no change from 2017 despite Software reaching ~50% of total revenue in 2018                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
| 2019           | Annual cash bonus,100%     performance-based:                                                                                                                                                                                                    | No change from 2018                                                                                                                                                                                                                                         | Annual program modified slightly by shifting 10% of weighting towards non-hardware revenue from total revenue     No independent consultant engaged                                                                                                                                                                                                                                                                                                                                                                                                |
| 2020           | <ul> <li>Annual cash bonus,100% performance-based:</li> <li>30% weighting: AACV</li> <li>40% weighting: software and services revenue</li> <li>20% weighting: Adj. EBITDA</li> <li>10% weighting: "discretionary strategic" component</li> </ul> | <ul> <li>Performance-based equity awards (60%):</li> <li>50% weighting: 3-year total revenue target</li> <li>25% weighting: 3-year Adj. EBITDA target</li> <li>25% weighting: TSR</li> <li>Time-based equity awards (40%) – vesting over 4 years</li> </ul> | <ul> <li>Announced adoption of Software-focused metrics, though legacy perpetual license sales remain incentivized in NT</li> <li>Announced adoption of Adj. EBITDA and TSR in long-term plan, though still heavily weighted towards total revenue with no specific incentives for Software recurring revenue</li> <li>Time-based equity awards now 40% of long-term plan</li> <li>Announced 2017 LT equity awards achieved performance targets (116% payout), but no disclosure on results</li> <li>New independent consultant engaged</li> </ul> |
| 2021           | <ul> <li>Adopted ARR as a performance<br/>metric</li> <li>Maintained total revenue, Adj.<br/>EBITDA, and "discretionary<br/>strategic component"</li> </ul>                                                                                      | For performance-based equity awards,<br>adopted 3-year targets for total<br>subscription and license revenue, Adj.<br>EBITDA and TSR                                                                                                                        | <ul> <li>Announced adoption of ARR following Legion's preliminary proxy statement recommending its use</li> <li>Program continues to lack measure for efficient Software recurring revenue growth</li> <li>Announced 2018 LT equity awards achieved performance targets (97%) payout, with disclosure provided on results</li> </ul>                                                                                                                                                                                                               |

#### **Disclaimer – Important Information**

The materials contained herein (the "Materials") represent the opinions of Legion Partners Holdings, LLC and its affiliates (collectively, "Legion Partners", "Legion" or "we") and are based on publicly available information with respect to OneSpan Inc. (the "Company"). Legion Partners recognizes that there may be confidential information in the possession of the Company that could lead it or others to disagree with Legion Partners' conclusions. Legion Partners reserves the right to change any of its opinions expressed herein at any time as it deems appropriate and disclaims any obligation to notify the market or any other party of any such changes. Legion Partners disclaims any obligation to update the information or opinions contained herein. Certain financial projections and statements made herein have been derived or obtained from filings made with the Securities and Exchange Commission ("SEC") or other regulatory authorities and from other third party reports. There is no assurance or guarantee with respect to the prices at which any securities of the Company will trade, and such securities may not trade at prices that may be implied herein. The estimates, projections and potential impact of the opportunities identified by Legion Partners herein are based on assumptions that Legion Partners believes to be reasonable as of the date of the Materials, but there can be no assurance or guarantee that actual results or performance of the Company will not differ, and such differences may be material. The Materials are provided merely as information and are not intended to be, nor should they be construed as, an offer to sell or a solicitation of an offer to buy any security.

Members of Legion Partners currently beneficially own, and/or have an economic interest in, securities of the Company. It is possible that there will be developments in the future (including changes in price of the Company's securities) that cause one or more members of Legion Partners from time to time to sell all or a portion of their holdings of the Company in open market transactions or otherwise (including via short sales), buy additional securities (in open market or privately negotiated transactions or otherwise), or trade in options, puts, calls or other derivative instruments relating to some or all of such securities. To the extent that Legion Partners discloses information about its position or economic interest in the securities of the Company in the Materials, it is subject to change and Legion Partners expressly disclaims any obligation to update such information.

The Materials contain forward-looking statements. All statements contained herein that are not clearly historical in nature or that necessarily depend on future events are forward-looking, and the words "anticipate," "believe," "expect," "potential," "opportunity," "estimate," "plan," "may," "will," "projects," "forecasts," "seeks," "could," and similar expressions are generally intended to identify forward-looking statements. The projected results and statements contained herein that are not historical facts are based on current expectations, speak only as of the date of the Materials and involve risks, uncertainties and other factors that may cause actual results, performance or achievements to be materially different from any future results, performance or achievements expressed or implied by such projected results and statements. Assumptions relating to the foregoing involve judgments with respect to, among other things, future economic, competitive and market conditions and future business decisions, all of which are difficult or impossible to predict accurately and many of which are beyond the control of Legion Partners. Although Legion Partners believes that the assumptions underlying the projected results or forward-looking statements are reasonable as of the date of the Materials, any of the assumptions could be inaccurate and therefore, there can be no assurance that the projected results or forward-looking statements included herein will prove to be accurate. In light of the significant uncertainties inherent in the projected results and forward-looking statements included herein, the inclusion of such information should not be regarded as a representation as to future results or that the objectives and strategic initiatives expressed or implied by such projected results and forward-looking statements will be achieved. Legion Partners will not undertake and specifically declines any obligation to disclose the results of any revisions that may be made to any projected results or forward-looking statem

Unless otherwise indicated herein, Legion Partners has not sought or obtained consent from any third party to use any statements, photos or information indicated herein as having been obtained or derived from statements made or published by third parties. Any such statements or information should not be viewed as indicating the support of such third party for the views expressed herein. No warranty is made as to the accuracy of data or information obtained or derived from filings made with the SEC by the Company or from any third-party source. All trade names, trademarks, service marks, and logos herein are the property of their respective owners who retain all proprietary rights over their use.



