Common use of INSPECTION AND AUDIT Clause in Contracts

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor shall submit such certification by such Auditors to the Bank. The vendor and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. 13.2 Where any deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or any regulatory authority required for conducting the audit. The Bank reserves the right to call and/or retain for any relevant material information / reports including audit or review reports undertaken by the Service Provider (e.g., financial, internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bank.

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the auditauthority(ies). The Bank reserves the right to call for and/or retain for any relevant material information / audit reports including audit or review reports on financial and security reviews with their findings undertaken by the Service Provider. However, Service Provider shall not be obligated to provide records/ data not related to Services under the Agreement (e.g., financial, e.g. internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bankcost breakup etc.).

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the auditauthority(ies). The Bank reserves the right to call for and/or retain for any relevant material information / audit reports including audit or review reports on financial and security reviews with their findings undertaken by Service Provider. However, Service Provider shall not be obligated to provide records/ data not related to Services under the Agreement (e.g. internal cost breakup etc.). 13.4 Service Provider shall grants unrestricted and effective access to a) data related to the Services; b) the relevant business premises of the Service Provider (e.g.Provider; subject to appropriate security protocols, financial, internal control and security reviews) and findings made on for the Service Provider in conjunction with the services provided to purpose of effective oversight use by the Bank, their auditors, regulators and other relevant Competent Authorities, as authorised under law.

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor shall submit such certification by such Auditors to the Bank. The vendor and or his / their outsourced agents / sub /sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. 13.2 Where any deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or any regulatory authority required for conducting the audit. The Bank reserves the right to call and/or retain for any relevant material information / reports including audit or review reports undertaken by the Service Provider (e.g., financial, internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bank.

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the audit(ies). The Bank reserves the right to call for and/or retain for any relevant material information / audit reports including audit or review reports on financial and security reviews with their findings undertaken by the Service Provider. However, Service Provider shall not be obligated to provide records/ data not related to Services under the Agreement (e.g., financial, e.g. internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bankcost breakup etc.).

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties Parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the audit(ies). The Bank reserves the right to call for and/or retain for any relevant material information / information/ audit reports including audit or on financial and security review reports with their findings undertaken by Service Provider. However, Service Provider shall not be obligated to provide records/data not related to Services under the Agreement (e.g. internal cost break-ups etc.). 13.4 Service Provider shall grants unrestricted and effective access to a) data related to the Services; b) the relevant business premises of the Service Provider (e.g.Provider; subject to appropriate security protocols, financial, internal control and security reviews) and findings made on for the Service Provider in conjunction with the services provided to purpose of effective oversight use by the Bank, their auditors, regulators and other relevant Competent Authorities, as authorised under law.

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties Parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the audit(ies). The Bank reserves the right to call for and/or retain for any relevant material information / information/ audit reports including audit or on financial and security review reports with their findings undertaken by the Service Provider. However, Service Provider shall not be obligated to provide records/data not related to Services under the Agreement (e.g., financial, e.g. internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bankcost break-ups etc.).

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor shall submit such certification by such Auditors to the Bank. The vendor and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. 13.2 Where any deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials off icials of the Bank/ Reserve Bank of India and or any regulatory authority required for conducting the audit. The Bank reserves the right to call and/or retain for any relevant material information / reports including audit or review reports undertaken by the Service Provider (e.g., financial, internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bank.

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited may be subject to audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the auditauthority(ies). The Bank reserves the right to call for and/or retain for any relevant material information / audit reports including audit or review reports on financial and security reviews with their findings undertaken by Service Provider. However, Service Provider shall not be obligated to provide records/ data not related to Services under the Agreement (e.g. internal cost breakup etc.). 13.4 Service Provider shall grants unrestricted and effective access to a) data related to the Services; b) the relevant business premises of the Service Provider (e.g.Provider; subject to appropriate security protocols, financial, internal control and security reviews) and findings made on for the Service Provider in conjunction with the services provided to purpose of effective oversight use by the Bank, their auditors, regulators and other relevant Competent Authorities, as authorised under law.

INSPECTION AND AUDIT. 13.1 It is agreed 14.1 The Selected Bidder (Service Provider) shall be subject to annual audit by and between the parties that the Service Provider shall get itself annually audited by internal/internal/ external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ softwareSoftware) and services etc. provided to the Bank and the vendor shall Service Provider is required to submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. same The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such the Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank.. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours 13.2 14.2 Where any deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ correct/resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies. It is also agreed that The resolution provided by the Service Provider shall provide certification of the auditor require to the Bank regarding compliance of the observations made be certified by the auditors Auditors covering the respective risk parameters against which such deficiencies have been observed. 13.3 14.3 Service Provider further agrees that shall, whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Bank/Reserve Bank of India and or any regulatory authority required for conducting the auditauthority. The Bank reserves the right to call and/or retain for any relevant material information / reports /reports including audit or review reports undertaken by the Service Provider service provider (e.g., financial, internal control and security reviews) and findings made on the Service Provider Selected Bidder in conjunction with the services provided to the Bank.

INSPECTION AND AUDIT. 13.1 ‌ 12.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub /sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 12.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 . Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the auditauthority(ies). The Bank reserves the right to call for and/or retain for any relevant material information / audit reports including audit or review reports on financial and security reviews with their findings undertaken by the Service Provider. However, Service Provider shall not be obligated to provide records/ data not related to Services under the Agreement (e.g., financial, e.g. internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bankcost breakup etc.).

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties Parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor Service Provider shall submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or and/or any regulatory authority required for conducting the audit(ies). The Bank reserves the right to call for and/or retain for any relevant material information / information/ audit reports including audit or on financial and security review reports with their findings undertaken by Service Provider. However, Service Provider shall not be obligated to provide records/data not related to Services under the Agreement (e.g. internal cost break-ups etc.). 13.4 Service Provider shall grants unrestricted and effective access to a) data related to the Services; b) the relevant business premises of the Service Provider; subject to appropriate security protocols, for the purpose of effective oversight use by the Bank, their auditors, regulators and other relevant Competent Authorities, as authorised under law. 13.5 Service Provider (e.g.shall have obligation to comply with Bank’s IS policy, financial, internal control Cyber Security Policy and IT Policy and regulatory requirements and implement all the recommendations/close all the vulnerabilities reported in the various information security reviews) and findings made on , IS audit, UAT etc. conducted by the Service Provider in conjunction with Bank, bank appointed third party professionals, Regulators during the services provided contact period without any additional cost to the Bank. 14.1 Service Provider shall be paid fees and charges in the manner detailed in hereunder, the same shall be subject to deduction of income tax thereon wherever required under the provisions of the Income Tax Act by the Bank. The remittance of amounts so deducted and issuance of certificate for such deductions shall be made by the Bank as per the laws and regulations for the time being in force. Nothing in the Agreement shall relieve Service Provider from his responsibility to pay any tax that may be levied in India on income and profits made by Service Provider in respect of this Agreement. 14.1.1 The successful bidder will supply the SBI FASTags to the location/Office(s) as directed by the bank/bank’s authorized partner(s). On receipt of the SBI FASTags, the receiving office/bank’s authorized partner will issue acknowledgement. The successful bidder will raise invoices on monthly basis along with copies of the acknowledgements of receipts of the SBI FASTags by various offices/bank’s authorized partners. If any discrepancies are reported by bank, then successful bidder need to correct the discrepancies within 7 days. The payment will be made within 30 days of receipt of correct monthly invoices after due verification. 14.2 All duties and taxes, if any, which may be levied, shall be borne by Service Provider and Bank shall not be liable for the same. All expenses, stamp duty and other charges/ expenses in connection with execution of this Agreement shall be borne by Service Provider. Any other tax imposed by the Government in lieu of same shall be borne by the Bank on actual upon production of original receipt wherever required.

INSPECTION AND AUDIT. 13.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited by internal/external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ software) and services etc. provided to the Bank and the vendor service provider shall submit such certification by such Auditors to the Bank. . 13.2 The vendor service provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the samesame (As mentioned in 13.1). The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank. 13.2 13.3 Where any deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies observed. 13.3 13.4 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve Bank of India and or any regulatory authority required for conducting the audit. The Bank reserves the right to call and/or retain for any relevant material information / reports including audit or review reports undertaken by the Service Provider (e.g., financial, internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bank.

INSPECTION AND AUDIT. 13.1 It is agreed 14.1 The Selected Bidder (Service Provider) shall be subject to annual audit by and between the parties that the Service Provider shall get itself annually audited by internal/internal/ external empanelled Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ softwareSoftware) and services etc. provided to the Bank and the vendor shall Service Provider is required to submit such certification by such Auditors to the Bank. The vendor Service Provider and or his / their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same. same The Bank can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such the Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the Bank.. Except for the audit done by Reserve Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours 13.2 14.2 Where any deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ correct/resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies. It is also agreed that The resolution provided by the Service Provider shall provide certification of the auditor require to the Bank regarding compliance of the observations made be certified by the auditors Auditors covering the respective risk parameters against which such deficiencies have been observed. 13.3 14.3 Service Provider further agrees that shall, whenever required by the Bank, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Bank/Reserve Bank of India and or any regulatory authority required for conducting the auditauthority. The Bank reserves the right to call and/or retain for any relevant material information / reports /reports including audit or review reports undertaken by the Service Provider service provider (e.g., financial, internal control and security sec urity reviews) and findings made on the Service Provider Selected Bidder in conjunction with the services provided to the Bank.

INSPECTION AND AUDIT. 13.1 14.1 It is agreed by and between the parties that the Service Provider shall get itself annually audited be subject to annual audit by internal/external empanelled Auditors appointed by the Bank/ Organisation/ inspecting official from the Reserve Bank Organisation of India or any regulatory authority, covering the risk parameters finalized by the Bank/ Organisation/ such auditors in the areas of products (IT hardware/ softwareSoftware) and services etc. provided to the Bank Organisation and the vendor Service Provider shall submit such certification by such Auditors to the BankOrganisation. The vendor Service Provider and or his / their outsourced agents / sub /sub – contractors (if allowed by the BankOrganisation) shall facilitate the same. The Bank Organisation can make its expert assessment on the efficiency and effectiveness of the security, control, risk management, governance system and process created by the Service Provider. The Service Provider shall, whenever required by such Auditors, furnish all relevant information, records/data to them. All costs for such audit shall be borne by the BankOrganisation. Except for the audit done by Reserve Organisation of India or any statutory/regulatory authority, the Organisation shall provide reasonable notice not less than 7 (seven) days to Service Provider before such audit and same shall be conducted during normal business hours. 13.2 14.2 Where any deficiency Deficiency has been observed during audit of the Service Provider on the risk parameters finalized by the Bank Organisation or in the certification submitted by the Auditors, it is agreed upon by the Service Provider that it shall correct/ resolve the same at the earliest and shall provide all necessary documents related to resolution thereof and the auditor shall further certify in respect of resolution of the deficienciesDeficiencies. It is also agreed that the Service Provider shall provide certification of the auditor to the Bank Organisation regarding compliance of the observations made by the auditors covering the respective risk parameters against which such deficiencies Deficiencies observed. 13.3 14.3 Service Provider further agrees that whenever required by the BankOrganisation, it will furnish all relevant information, records/data to such auditors and/or inspecting officials of the Bank/ Organisation/ Reserve Bank Organisation of India and or and/or any regulatory authority required for conducting the audit(ies). The Bank Organisation reserves the right to call for and/or retain for any relevant material information / information/ audit reports including audit or on financial and security review reports with their findings undertaken by the Service Provider. However, Service Provider shall not be obligated to provide records/data not related to Services under the Agreement (e.g., financial, e.g. internal control and security reviews) and findings made on the Service Provider in conjunction with the services provided to the Bankcost break-ups etc.).