AMENDMENT TO JOHN HANCOCK CLOSED-END FUNDS SERVICE AGREEMENT FOR TRANSFER AGENT SERVICES
EXHIBIT (2)(k)(4)(j)
AMENDMENT TO
XXXX XXXXXXX CLOSED-END FUNDS
FOR
TRANSFER AGENT SERVICES
THIS AMENDMENT (“Amendment”) dated July 1, 2018 to the Service Agreement for Transfer Agent Services (the “Agreement”) dated June 1, 2002, as amended by and between Computershare Inc., a Delaware corporation, successor-in-interest to Computershare Shareowner Services LLC (“Agent”), and Xxxx Xxxxxxx Financial Opportunities Xxxx, Xxxx Xxxxxxx Hedged Equity & Income Xxxx, Xxxx Xxxxxxx Income Securities Trust, Xxxx Xxxxxxx Investors Trust, Xxxx Xxxxxxx Preferred Income Xxxx, Xxxx Xxxxxxx Preferred Income Fund II, Xxxx Xxxxxxx Preferred Income Fund XXX, Xxxx Xxxxxxx Premium Dividend Xxxx, Xxxx Xxxxxxx Tax-Advantaged Dividend Income Fund and Xxxx Xxxxxxx Tax-Advantaged Global Shareholder Yield Fund, each a Massachusetts Business Trust (collectively, the “Clients”) .
WHEREAS, Agent and the Clients desire to amend the Agreement as provided in this Amendment;
NOW THEREFORE, in consideration of the mutual conditions and agreements set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the patties hereto agree as follows;
1. | Amendments to Agreement. The Agreement is hereby amended as follows: |
(a) | All references in the Agreement to “Mellon” shall now be referred to as “Agent”. |
(b) | Section 2(a) of the Agreement is hereby amended and restated in its entirety as follows: |
“(a) Effective July 1, 2018, the Agreement shall continue through June 30, 2021; provided, however, the Clients may terminate this Agreement at any time and without penalty upon sixty (60) days written notice to Agent.”;
(c) | Exhibit D is hereby deleted in its entirety and replaced it with the new Exhibit D attached hereto; and |
(d) | Exhibit E attached hereto is hereby added to the Agreement. |
2. | Term of the Amendment. This Amendment shall become effective upon due execution and delivery by the parties hereto, and shall remain in effect for so long as the Agreement shall remain in effect. |
3. | Ratification. Except as expressly set forth herein, the Agreement is not modified hereby and shall remain in full force and effect in accordance with the respective provisions thereof and is in all respects ratified and affirmed. |
4. | Partial Invalidity. If any provision of this Amendment is held to be invalid or unenforceable, such invalidity or unenforceability shall not invalidate this Amendment as a whole, but this Amendment shall be construed as though it did not contain the particular provision held to be invalid or unenforceable and the rights and obligations of the patties shall be construed and enforced only to such extent as shall be permitted by applicable law. |
5. | Counterparts. This Amendment may be executed in any number of counterparts and each of such counterparts shall for all purposes be deemed to be an original, and all such counterparts shall together constitute but one and the same instrument. A signature to this Amendment executed and/or transmitted electronically shall have the same authority, effect, and enforceability as an original signature. |
2
IN WITNESS WHEREOF, the parties hereto have caused these presents to be duly executed as of the day and year first above written.
Computershare Inc.
By: | /s/ Xxxxxx RI. Rothbloom | |
Name: | Xxxxxx RI. Rothbloom | |
Title: | CEO, Computershare U.S. |
Xxxx Xxxxxxx Financial Opportunities Fund
Xxxx Xxxxxxx Hedged Equity & Income Fund
Xxxx Xxxxxxx Income Securities Trust
Xxxx Xxxxxxx Investors Trust
Xxxx Xxxxxxx Preferred Income Fund
Xxxx Xxxxxxx Preferred Income Fund II
Xxxx Xxxxxxx Preferred Income Fund III
Xxxx Xxxxxxx Premium Dividend Fund
Xxxx Xxxxxxx Tax-Advantaged Dividend Income Fund
Xxxx Xxxxxxx Tax-Advantaged Global Shareholder Yield Fund
By: | ||
Name: | Xxxxxxxxx Xxxxxxxxx | |
Title: | Treasurer of the Funds listed Above |
3
Exhibit D
STOCK TRANSFER FEE SCHEDULE
Effective July 1, 2018
Fees are not subject to increase during the term set forth in Section 2(a) of the Agreement.
Term Set Forth in Section 2(a) of the Agreement: | 3 Years |
Fees Not Subject to Increase | 3 Years |
Administration & Account Maintenance
Agent will assign a Client Service Manager to consult with Client on all facets of stock transfer administration, including, but not limited to, securities regulations, transfer requirements, structuring of annual meetings, cash and stock dividends, etc.
Included in the Monthly fee below are: Monthly OFAC Reporting, New Account Mailings and all Annual Meeting Administrative costs, including:
• | Notice and Access | |
• | Search and Distribution- the preparation and mailing of the notice and inquiry required by Rule 14a-13 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), and the mailing or delivery of proxy solicitation materials | |
• | Balancing and reconciling the DTC positions | |
• | Provide tabulation reports | |
• | Provide direct links to Broadridge to system for voting | |
• | Vote monitoring to ensure that no phone calls are required to obtain vote |
International Currency Exchange
• | Agent may, at its option, offer a currency conversion service (“ICE Service”) to certain shareholders whereby any such shareholder can elect to receive payments in a currency other than U.S. Dollars. The ICE Service is voluntary and will only be provided to a shareholder who selects such ICE Service and who agrees to the ICE Service terms and conditions. Agent shall charge a processing fee to the shareholder and may receive compensation from the currency conversion service provider. Clients will not incur fees resulting from the ICE Service. |
Shareholder Communications
• | Provide Clients-specific shareholder contact number | |
• | Provide Interactive Voice Response (IVR) 24/7 (subject to system maintenance) | |
• | Respond to shareholder inquiries (written, e-mail and web) | |
• | Record shareholder calls | |
• | Scan and image incoming correspondence from shareholders |
1 Subject to Section 2(a) of the Agreement
• | Solicit, collect and record consents and U.S mobile telephone numbers from shareholders for Agent to send text messages. Such consents and information may be collected via IVR, Investor Center, shareholder calls, or in writing. | |
• | For consented Accounts, provide text message notifications for: | |
• | various transactions (not to replace legally required notifications) | |
• | action to be taken on an Account (e.g., uncashed checks, uncertified TIN) | |
• | Receive and record requests to stop text messages | |
• | Administer text message campaigns (as agreed upon between Clients and Agent, and which may be subject to additional fees) |
Fund Name | Administration & Account Maintenance (per month) 2018/2019 |
Administration & Account Maintenance (per month) 2019/2020 |
Administration & Account Maintenance (per month) 2020/2021 |
Xxxx Xxxxxxx Bank & Thrift (“BTO”) | $2,069.00 | $1,994.00 | $1,994.00 |
Xxxx Xxxxxxx Hedged Equity & Income Fund | $1,371.00 | $1,322.00 | $1,322.00 |
Xxxx Xxxxxxx Income Securities Trust (“Income Securities”) | $4,672.00 | $4,503.00 | $4,503.00 |
Xxxx Xxxxxxx Investors Trust (“Investors Trust”) | $3,671.00 | $3,538.00 | $3,538.00 |
Xxxx Xxxxxxx Preferred Income Fund (“Preferred Income”) | $1,803.00 | $1,737.00 | $1,737.00 |
Xxxx Xxxxxxx Preferred Income Fund II (“Preferred Income II”) | $1,803.00 | $1,737.00 | $1,737.00 |
Xxxx Xxxxxxx Preferred Income Fund III (“Preferred Income III”) | $1,803.00 | $1,737.00 | $1,737.00 |
Xxxx Xxxxxxx Premium Dividend Fund (“Patriot Prem Div”) | $7,968.00 | $7,679.00 | $7,679.00 |
Xxxx Xxxxxxx Tax-Advantaged Dividend Income Fund Tax-Adv. Div Income”) | $1,668.00 | $1,608.00 | $1,608.00 |
Xxxx Xxxxxxx Tax-Advantaged Global Shareholder Yield Fund (“Tax-Adv. Global S/H Yield”); | $1,568.00 | $1,511.00 | $1,511.00 |
Stock Transfer
Fee Schedule – Page 2
The Administration and Account Maintenance fees cover all of the services and are subject to the allowances listed below.
-------------------- All allowances are on a per fund basis --------------------
Fee | BTO (a) | Hedged Equity & Income Fund | Income Securities | Investors Trust | Premium Div Fund (b) | Preferred Income | Preferred Income II | Preferred Income III | Tax-Adv. Div Income | Tax-Adv. Global S/H Yield (c) | |
No. of Active Accounts Maintained | $2.50 / Year | 1,800 | 1,000 | 5,300 | 4,700 | 4,600 | 500 | 500 | 500 | 500 | 1,000 |
No. of Inactive Accounts | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
No. of Dividend Reinvestment Accounts Maintained | $4.00 | 1,400 | 100 | 1,500 | 1,050 | 2,300 | 100 | 100 | 100 | 100 | 100 |
No. of Legal Review Items Processed | $50.00 | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
No. of Certificates Issued & Book Entry Credits | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
No. of Certificates Cancelled & Book Entry Debits | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
No. of Additional Mailings per Year (including one enclosure) | See Below | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
No. of Reports, Analyses, Lists, or Labels | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
No. of Inspectors of Election | $1,500.00 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
No. of Respondent Bank Omnibus Proxies | $150.00 | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
No. of S/H Telephone Calls Handled by IVR System (d) | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
No. of S/H Telephone Calls Transferred from IVR to CSR (d) | $5.25 | 500 | Unlimited | 2,075 | 1,700 | 2,600 | 310 | 310 | 310 | 310 | Unlimited |
No. of Correspondence Items Responding to S/H Inquiries | $15.00 | 100 | Unlimited | 250 | 250 | 500 | 60 | 60 | 60 | 60 | Unlimited |
No. of on line Transactions (e) | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
(a) | IVR = Interactive Voice Response; CSR = Customer Service Representative |
(b) | On Line Transactions are defined as any shareholder transaction initiated through the web, including, but not limited to, share sales or purchases, duplicate statement or tax form requests, address or pin changes, account changes or updates and certificate requests. |
-------------------- All allowances are on a per fund basis --------------------
Stock Transfer
Fee Schedule – Page 3
No. of SEC Mandated Lost S/H Database Searches | $2.50 per a/c $250 min | 25 | 25 | 25 | 25 | 25 | 25 | 25 | 25 | 25 | 25 |
E delivery Administration Fee (Electronic delivery of meeting materials) | As appraised | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
Evote Administration Fee | As appraised | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Telephone Votes | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
Internet | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited | |
Investor / Broker Directed Movement of Shares | $3.00 | 50 | 50 | 50 | 50 | 50 | 50 | 50 | 50 | 50 | 50 |
(a) | JH Bank & Thrift charges $1.50 per S/H telephone calls transferred from IVR to a CSR. |
(b) | JH Patriot Premium Dividend II the Number of certificates issued / cancelled and book entry credits / debits in included for no additional fee. |
Stock Transfer
Fee Schedule – Page 4
Dividend Disbursement Fee
Number of dividends processed per year. The dividend disbursement fee includes all of the services listed below.
Fund Name | Included |
Financial Opportunities Fund | 4 |
Hedged Equity & Income Fund | 4 |
Income Securities | 4 |
Investors Trust | 4 |
Patriot Premium Dividend Fund | 12 |
Preferred Income | 12 |
Preferred Income II | 12 |
Preferred Income III | 12 |
Tax-Adv. Global S/H Yield | 12 |
Tax-Adv. Div Income | 12 |
• | Preparing and mailing checks |
• | Reconciling checks |
• | Preparing payment register in list form |
• | Withholding and filing taxes for non-resident aliens and others |
• | Filing federal tax information returns |
• | Processing “B” and “C” notices received from the IRS |
• | Mailing required statements (Form 1099DIV or Form 1042) to registered holders |
• | Maintaining stop payment files and issuing replacement checks |
• | Maintaining separate dividend addresses |
• | Receiving, verifying and posting funds to cover entire dividend distribution on mailing date of checks |
Stock Transfer
Fee Schedule – Page 5
INVESTOR PLAN SERVICES FEE SCHEDULE
Item | Amount | Note | Paid By 1 |
Plan Set Up Fee | $2,500 | Per Fund | Clients |
Fulfillment Processing | $5.50 | Per request | Clients |
Reinvestment Trading Fee | $.05 | Per share | Participant |
Purchase of Additional Shares By check By Electronic Transfer Trading Fee |
$5.00 $2.00 $.05 |
Per investment Per investment Per share |
Participant |
Sale of Shares 2 Trading Fee |
$5.00 $.05 |
Per share | Participant |
Safekeeping | No Charge | ||
Duplicate Statement – Prior Year | No Charge | ||
Insufficient Funds or Rejected Automatic Debit | $35.00 | Per check or debit | Participant |
Other services including (but not limited to): Certificate Issuance Transfer of Shares |
Per Stock Transfer Agency Contract | Clients | |
Expenses including (but not limited to): Forms/Brochures, Postage, 800 Number, etc. |
As incurred | Clients |
Note 1 | Fees could be: “P”, Participant Paid or “C”, Clients Paid |
Note 2 | Including sales of fractional shares upon termination from plan. |
Escheatment Services | |
Annual Compliance Services | Included |
SEC Mandated Electronic Database & New Address Retrieval Mailing (subject to the following minimum) |
$3.00 per account $250.00 |
Each state mandated due diligence mailing (subject to the following minimum) |
$2.50 per account $250.00 |
In-Depth Search and Location Services (Annual compliance services include all of the services listed below) |
No charge to Clients |
• | Assist in establishing compliance with the unclaimed property requirements of all jurisdictions that may have a claim on escheatable property held by your organization | |
• | Processing records and property subject to reporting based upon current state statutes, rules, and regulations | |
• | Identifying property that has become escheatable since the last filing date | |
• | Review state regulations to determine if there have been any changes in reporting procedures | |
• | Reporting and remitting property to states |
ISSUER ONLINE System Access | Included |
• | Providing client access to Agent’s mainframe inquiry and internet based system for management reporting and shareholder records | |
• | Providing daily data on registered shareholders | |
• | Providing daily access to proxy tabulation file during proxy season |
Stock Transfer
Fee Schedule – Page 6
DIRECT REGISTRATION/PROFILE SYSTEM | |
Enrollment Fee | Included |
Annual Surety Fee | Included |
Stock Distribution Event – full, full and fractional shares | $3.50 |
DRS Fee, per statement | $0.25 |
Investor directed movement of shares, each | $3.00 |
Broker directed movement of shares, each | $3.00 |
DRS/Profile reject fee, each | $5.00 |
DRS/Profile Broker Authorization Form, each | $1.50 |
ACH/DIRECT DEPOSIT SERVICES | |
Initial Setup Fee | Included |
Annual Maintenance Fee | Included |
ACH file transmission, each distribution, per item | Included |
Placement of Stop Payment Order | $10.00 |
Returns/Reversals, per occurrence (Annual Maintenance includes all of the services listed below) |
$10.00 |
• | Processing returned authorization forms |
• | Posting bank information to accounts |
• | Creating pre-note transactions and sending to clearinghouse |
• | Following up on rejects |
• | Produce and mail checks for returned items |
ADDITIONAL SERVICES AVAILABLE UPON REQUEST
STANDARD MAILING SERVICES Minimum charge for each of the below services |
$500.00 |
Addressing mailing medium, per name | $0.05 |
Affixing labels, per label | $0.04 |
Machine Inserting 1st Enclosure, per piece 2nd Enclosure, per piece Each Enclosure thereafter, per piece |
$0.05 $0.04 $0.03 |
Manual Inserting | By Appraisal |
Stock Transfer
Fee Schedule – Page 7
OTHER SERVICES | |
Confidential Proxy Voting | By Appraisal |
Dividends – Special Cash Dividends | By Appraisal |
Electronic Distribution of Materials | By Appraisal |
Foreign Tax Re-claim | By Appraisal |
Householding of Annual Meeting and Other Materials | By Appraisal |
Interactive Online Meeting Services | By Appraisal |
Logistics Services (including document transportation, fulfillment, printing and media placement) | By Appraisal |
Mailing Quarterly or Periodic Reports | By Appraisal |
Maintaining Mail Lists | By Appraisal |
Secondary Offerings or Closings | By Appraisal |
Stock Splits and Stock Dividends | By Appraisal |
Special Meetings | By Appraisal |
Survey Tabulation | By Appraisal |
Stock Transfer
Fee Schedule – Page 8
ADDITIONAL SERVICES PROVIDED BY AGENT
In addition to transfer agent services. Agent also provides the following related services. Contact your Sales Representative or Client Service Manager for additional information. Bank/Broker Distributions Corporate Stock Buy-Back Services Custodial Services Employee Stock Option Plan Administration Employee Stock Purchase Plan Administration Escrow Services Exchange or Tender Offer Processing Financial Planning Services Odd-Lot Program Administration Proxy Solicitation StockWatch (beneficial owner identification) Subscription Agent Services Rights Agency Warrant Agency |
Stock Transfer
Fee Schedule – Page 9
EXPENSES AND OTHER CHARGES
Fees and Expenses: The cost of stationery and supplies, including but not limited to transfer sheets, dividend checks, envelopes, and paper stock, together with any disbursement for telephone, postage, mail insurance, travel for annual meeting, link-up charges for ADP and tape charges from DTC are billed in addition to the above fees. All charges and fees, costs, expenses and disbursements of Agent are due and payable by Client upon receipt of an invoice from Agent.
With respect to any shareholder mailing processed by Agent, Client shall, at least one business day prior to mail date, provide immediately available funds sufficient to cover all postage due on such mailing. For any dividend mailing, Client shall, at least one business day prior to the mail date, also provide immediately available funds sufficient to pay the aggregate amount of dividends to be paid.
Offering Administration Fee: A minimum fee of $5,000 will be imposed for activities associated with initial public offerings (IPO’s), secondary offerings and / or closings. The fee covers the coordination of efforts necessary between Agent, the Client’s underwriters, the banknote company and DTC in order to effect the closing. This fee will cover the issuance of up to 200 certificates and / or book-entry credits. Certificates and /or book-entry credits over this amount will be billed at $2.00 each. This fee is in addition to any fees Agent may charge for coordination of selling shareholders, custody services and / or escrow services.
Conversion: If an out-of-proof condition exists at the time of conversion, and such condition is not resolved within 90 calendar days of such conversion, Client agrees to provide Agent with funds or shares sufficient to resolve the out-of-proof condition promptly after the expiration of such 90 day period.
Deconversion: Upon expiration or termination of this Agreement, Clients shall pay Agent a fee for deconversion services (e.g., providing shareholder lists and files, producing and shipping records, answering successor agent inquiries). This fee shall be based on Agent’s then-current deconversion fee schedule.
Legal Expenses, System Modifications: Certain expenses may be incurred in resolving legal matters that arise in the course of performing services hereunder. This may result in a separate charge to cover Agent’s expenses (including the cost of external or internal counsel) in resolving such matters; provided that any legal expenses charged to the Clients shall be reasonable.
In the event any federal, state or local laws, rules or regulations are enacted that require Agent to (i) make any adjustments and/or modifications to its current system, or (ii) provide additional services to Client for which Agent is not being compensated hereunder, then Clients shall compensate Agent (a) on a pro rata basis proportionate to the Clients’ registered shareholder base, for the costs associated with making such required adjustments and/or modifications, or (b) according to Agent’s standard fees established, in good faith, with respect to such additional services.
Other Services: Fees for any services provided to Clients by or on behalf of Agent hereunder that are not set forth above will be based on Agent’s standard fees at the time such services are provided or, if no standard fees have been established, an appraisal of the work to be performed.
Bank Account: All funds received by Agent under this Agreement that are to be distributed or applied by Agent in the performance of Services (the “Funds”) shall be held by Agent as agent for Clients and deposited in one or more bank accounts to be maintained by Agent in its name as agent for Clients. Until paid pursuant to this Agreement, Agent may hold or invest the Funds through such accounts in: (a) obligations of, or guaranteed by, the United States of America; (b) commercial paper obligations rated A-1 or P-1 or better by Standard & Poor’s Corporation (“S&P”) or Xxxxx’x Investors Service, Inc. (“Moody’s”), respectively; (c) AAA rated money market funds that comply with Rule 2a-7 of the Investment Company Act of 1940; or (d) demand deposit accounts, short term certificates of deposit, bank repurchase agreements or bankers’ acceptances, of commercial banks with Tier 1 capital exceeding $1 billion or with an average rating above investment grade by S&P (LT Local Issuer Credit Rating), Xxxxx’x (Long Term Rating) and Fitch Ratings, Inc. (LT Issuer Default Rating) (each as reported by Bloomberg Finance L.P.). Agent shall have no responsibility or liability for any diminution of the Funds that may result from any deposit or investment made by Agent in accordance with this paragraph, including any losses resulting from a default by any bank, financial institution or other third party. Agent may from time to time receive interest, dividends or other earnings in connection with such deposits or investments. Agent shall not be obligated to pay such interest, dividends or earnings to Clients, any shareholder or any other party.
Stock Transfer
Fee Schedule – Page 10
Exhibit E
Privacy and Information Security Addendum
This Privacy and Information Security Addendum (“Security Addendum”) comprises additional obligations of Agent to Clients and are incorporated into and constitute a material part of the Agreement. All capitalized terms not otherwise defined in this Security Addendum shall have the meaning given to them in the Agreement. Agent and Clients agree as follows:
1. Personal Information. As between Agent and Clients, all non-public information about living individuals received from Clients. otherwise obtained by Agent in connection with the Agreement, or to which Agent has access in the course of performing the services (“Personal Information”) is the sole and exclusive property of Clients. including without limitation names. signatures, addresses. email addresses. telephone numbers, account numbers and information. social security numbers and other personal identification numbers. financial data. date of birth. transaction in formation , user names, passwords. security codes, employee ID numbers, and identity photos .
2. Use of Personal Information. Agent may access. collect, use, disclose. and store Personal Information only as reasonably necessary to perform its obligations under the Agreement and for no other purpose. unless it obtains prior written (including in electronic format) consent from Clients or the individual. Without limiting its other obligations hereunder. Agent (a) will treat all Personal Information as Confidential Information of Clients: and (b) except as otherwise set forth in the Agreement, may disclose Personal Information to its affiliates, agents and subcontractors as reasonably necessary to perform its obligations under the Agreement. Agent may not disclose Personal Information to any other third party without Clients’ prior written consent.
3. U.S. Privacy Regulations. The Agreement or the services may be governed by one or more U.S. privacy laws or regulations (collectively, the “U.S. Privacy Regulations”) including, without limitation. the Xxxxx-Xxxxx-Xxxxxx Act of 1999, CAL. CIV. CODE §1798.82. and MA 201 C.M.R. §1 7.00. If so governed, then (a) the term.. Personal Information .. shall further include all Nonpublic Personal Information. Personal Information. material nonpublic in format ion, and similar terms. as each of those terms is defined in or by application of each respective U.S. Privacy Regulation: and (b) Agent will comply with all requirements of the U.S. Privacy Regulations applicable to Personal Information actually received by Agent. If a U.S. Privacy Regulation applicable to Agent under the Agreement is amended. and/or if any other state or federal law or regulation is effected such that a more restrictive standard of confidentiality or obligation of privacy or security is imposed with respect to an applicable component of the Personal Information portions of the Confidential Information. then such more restrictive standard shall prevail over the provisions of the Agreement with respect to those portions.
4. Security Safeguards. Agent will establish and maintain administrative. physical and technical safeguards designed to protect against unauthorized access, use, disclosure, alteration or destruction of Personal Information. including . without limitation. a written information security program (“Information Security Program”) that complies with the Privacy Regulations. The Information Security Program shall include the maintenance of policies and procedures. and technical, physical, and administrative safeguards, designed to (a) ensure the security and confidentiality of the Confidential Information. (b) protect against any anticipated threats or hazards to the security or integrity of Confidential Information, (c) protect against unauthorized access to or use of such in format ion. and (d) ensure appropriate disposal of the Confidential Information. Without limiting the foregoing. Agent shall comply with the Information Security Controls attached to this Security Addendum as Attachment 1. Agent certifies that its Information Security Program is and shall be in compliance with MA 201 C.M.R. § 1 7.00. In furtherance of the foregoing. the parties will exchange all electronic data in accordance with Agent’s then-current security protocols and policies. including without limitation, minimum encryption and password requirements.
5. Security Breach. Agent will promptly (but in no event more than seventy-two (72) hours) notify Clients in writing following Agent’s confirmation that there has been an unauthorized acquisition, use. or disclosure of. or access to. Personal Information (“Security Breach”). After providing such notice, Agent will investigate the Security Breach. take commercially reasonable steps to eliminate or contain the exposures that led to such Security Breach, and keep Clients advised of the status of such Security Breach and all matters related thereto. Agent further agrees to provide reasonable assistance and cooperation requested by Clients, in the furtherance of any correction. remediation, or investigation of any such Security Breach and/or the mitigation of any damage. including. without limitation. any notification that Clients may determine appropriate to send to individuals impacted by the Security Breach, and/or the provision of any credit monitoring services that Clients deems appropriate to provide to such individuals. The costs of all such assistance. cooperation, correction, remediation or investigation shall be allocated between Clients and Agent as agreed in writing between the parties prior to the time such actions are to be implemented. Unless required by law. Agent shall not notify any individual or any third party other than law enforcement of any Security Breach involving Personal Information without first consulting with. and obtaining the permission of. Clients. In addition. within thirty (30) days of identifying a confirmed Security Breach. Agent shall develop and execute a plan, to the extent practical. that reduces the likelihood of a recurrence of such Security Breach.
6. Return or Destruction of Personal Information. Promptly upon expiration or termination of Agent’s obligations to provide services under the Agreement, or such earlier time as Clients reasonably requests with respect to Personal Information that is no longer necessary for Agent to provide the services. Agent shall return to Clients, or securely destroy (or render unreadable or undecipherable if return is not reasonably feasible or desirable by Clients), each and every original and copy in every media of all Personal Information in Agent‘s possession. custody or control. Notwithstanding the foregoing. if applicable law or Agent’s standard or customary record retention policies or procedures do not permit Agent to return or destroy the Personal In format i on, or if such return or destruction is commercially unreasonable under the circumstances. Agent will retain such Personal Information (but only so long as required by such policies or procedures. or for so long as such commercial unreasonability continues). and will continue to maintain the confidentiality of the Personal Information in accordance with the Agreement.
7. Business Continuity Plan. Agent shall maintain plans for business continuity. disaster recovery. and backup capabilities and facilities designed to ensure Agent’s continued performance of its obligations under this Agreement. including without limitation loss of production. loss of systems. loss of equipment. failure of carriers and the failure of Agent‘s or its suppliers’ equipment. computer systems or business systems (“Business Continuity Plan’“). Such Business Continuity Plan shall include, but not be limited to, testing, accountability. and corrective actions designed to be immediately implemented, if necessary. Agent will provide a summary of such Business Continuity Plan to Clients upon request. Agent shall test its Business Continuity Plan a minimum of once each calendar year.
8. Annual Operational Controls Audits. Agent will engage a certified public accounting firm to conduct an SSAE 18. ISAE 3402. AT-C Section 205 (Criteria set forth in TSP Section 100. 2017 Trust Services Criteria for Security. Availability. Processing Integrity. Confidentiality, and Privacy (SOC 2)J, or equivalent audit of Agent’s control environment as applicable to the services provided hereunder and prepare a report on an annual basis. Agent shall make available to Clients a copy of such report prepared in connection with such audit. within a reasonable amount of time after request by Clients. Clients will pay a fee for the report in accordance with Agent’s tee schedule in effect at such time.
9. Transition Cooperation. Upon receipt of written notice of termination. the parties will use commercially reasonable efforts to effect an orderly termination of this Agreement. Without limiting the foregoing. Agent will deliver Clients’ records in industry standard format to Clients or the successor agent designated by Clients in accordance with Clients’ request.
Attachment 1 to Privacy and Information Security Addendum
Information Security Controls
l. Scope. This Attachment I details the information security controls to be applied to Clients’ Confidential Information during the Term of the Agreement.
2. Definitions.
“Information Security Policy” means a high-level document containing a set of principles relating to information security that includes the Overall intention and direction as formally expressed and modified from time to time by management.
“Information Security Standard” defines the principles and minimum controls necessary for protecting Confidential Information and supporting the Information Security Policy.
“Technical Security Standards” means the technology platform specific security standards that detail the mandatory baseline and enhanced levels of security for Agent IT systems.
3. Information Security Controls. Agent has established and during the Term will maintain an Information Security Standard aligned with industry practice (such as the International Organization for Standardization’s standards: ISO/IEC 2700 I: 201 3). Information security responsibilities are defined in the Information Security Standard and the Information Security Policy is reviewed on a periodic basis and approved by senior management.
4. Information Security Questionnaire. Annually, upon request. Agent will complete and deliver to Clients a Standard Information Gathering (SIG) Questionnaire. If Clients have additional questions that are not covered in the SIG or by the scope of the most recent SSAE 18, ISAE 3402, AT-C Section 205 or equivalent audit report. Clients may contact its relationship or account manager , who will facilitate a conversation with Agent‘s Global Information Security & Risk Group.
5. Asset Management.
5.1. Agent will keep asset inventories up-to-date using manual and automated discovery processes and tools. where practical. and will protect asset inventories against unauthorized modification.
5.2. Information owners and information custodians will be assigned to all business applications with clear responsibilities defined in the Information Security Policy.
5.3. Information security risk assessments will be conducted against all applications on an annual basis. or in the event of material change.
5.4. All Agent employees are required to adhere to the information classification and labeling guidelines published in the Information Security Standard.
6. Human Resource Security.
6.1. All newly-hired employees will be subject to screening prior to employment. which may include drug screening and background checks in accordance with Schedule A (Hiring Criteria) attached hereto . The screening processes are conducted in accordance with relevant national laws and industry regulations and provide verification of identity. references and credentials.
6.2. Temporary employees will be evaluated in substantially the same manner as permanent employees. Agent reviews the screening processes of the contract staffing agencies through its supplier management program.
6.3. All employees will be required to complete an annual information security awareness program.
6.4. Violations and breaches of the Information Security Policy will be investigated and disciplinary actions may be taken in accordance with internal Human Resource policies.
6.5. Upon termination. transfer, or reassignment. as applicable. Agent will disable inactive accounts of users in a timely manner, require return of assets, and remove access rights.
7. Physical and Environment Security.
7.1. Physical access to Agent’s on-site data centers will be strictly controlled by proximity card access groups that are limited to the operations staff who require access to perform their contracted roles.
7.2. Agent’s on-site data centers will have strict controls to protect against environmental threats such as over-heating, flooding, fire, dust and chemical pollutants.
7.3. Agent’s on-site data centers will have dual power feeds. monitored Uninterruptible Power Supply (UPS) systems. back-up generators with on-site fuel store. redundant air conditioning systems, and a dual-path telecommunications infrastructure for critical communications systems.
7.4. Confidential Information will be securely erased using industry-standard data deletion utilities. physically destroyed. or returned to Clients. subject to the terms and conditions of the Agreement.
8. Communications and Operations Management.
8.1. All technology teams will maintain internal libraries of standard operating procedures that cover the installation, configuration. maintenance, and administration of the Agent systems. networks , and business applications.
8.2. Changes to production systems (e .g., upgrades and modifications to business applications emergency fixes. changes to systems and networks. new code deployments) will be subject to appropriate change management processes.
8.3. Segregation of duties will be maintained to minimize risk of theft. fraud. error. and unauthorized changes to information. unless mitigating controls are implemented ( e.g.. monitoring. log tile reviews. spot checks. audit trails).
8.4. Development. UAT, and handover environments are segregated.
8.5. Capacity planning activities are included in the system planning process and also in response to changing business requirements.
8.6. Documented operating procedures are maintained that include the scope, frequency. methods and technologies used in data back-up.
8.7. Network security controls are appropriately implemented and managed (e.g.. network gateways. switches. routers. firewalls. IDS. load balancers). The technical security controls for each core technology are documented in the relevant Agent Technical Security Standards and incorporate security architecture principles and security hardening guidelines.
8.8. Agent desktop and laptop computers are installed with data loss prevention software that is configured to prevent the copying of certain information types (e.g.. Shareholder Reference Numbers. Social Security numbers. National Insurance numbers. Confidential Information) to all removable media devices (e.g., CD. external hard-drive. USB flash drive).
8.9. Confidential Information stored on Agent IT systems is securely destroyed before the asset ts decommissioned, sold. or transferred to an external party.
8.10. All critical Agent IT systems, applications. and network devices are configured to generate and record security event logs and maintain the integrity of important security-related information.
8.11. The logs generated by Agent IT systems. applications. and network devices are stored. retained and protected from unauthorized access. destruction, and modification in accordance with business requirements.
8.12. Where applicable. encryption is used to protect Confidential Information in transit (excluding such Confidential Information transmitted within Agent’s internal network) and at rest. including when stored on portable media and on de, ices outside of the Agent environment.
8.13. An appropriate non-disclosure agreement will be in place prior to transmission of Confidential Information outside of the Agent IT environment to a third-party supplier.
8.14. Processes to assess third-party service deli very. including the assessment of the information security status of each supplier, will be established at a frequency that is commensurate with the criticality rating of the supplier.
9. Internal Access Control to Agent Systems.
9.1. Allocation and use of privileges within the Agent systems will be restricted and controlled using appropriate procedures for authorization and control.
9.2. Appropriate mechanisms for user authentication and authorization will be maintained in accordance with a “least privilege” policy based on need to know for the role.
9.3. Controls will be maintained to enforce rigorous access restrictions for remote users. contractors and service providers.
9.4. Timely and accurate administration of user accounts and authentication management will be implemented. including a periodic recertification process. based on the criticality of the system.
9.5. The following processes will be maintained: processes to ensure assignment of unique IDs to each person with system access; processes to ensure Agent-supplied defaults for passwords and security parameters are changed and appropriately managed; processes to disable access to inactive accounts or accounts of terminated/transferred users in a timely manner.
10. Information Systems Development, Acquisition and Maintenance.
10.1. Due consideration of security issues is given during system and application development processes to provide assurance of the robustness and effectiveness of system security controls.
10.2. Correct processing is facilitated in applications by including controls around data input and output validation. message integrity, and controlled internal processing.
10.3. Confidential Information is exchanged in accordance with security protocols. including encryption.
10.4. Confidential Information stored on laptops is encrypted.
10.5. Change management procedures are in place for system changes within the operational environment. including the installation of software or patches.
10.6. Procedures for ensuring the security of system files will be maintained. including change management processes for operating software. mechanisms for protection of system test data. and access controls to program source code.
10.7. Robust controls will be maintained for the identification and management of technical vulnerabilities. including governance frameworks for the testing and deployment of system. software and security patches. and anti virus pattern and signature updates.
10.8. Agent will conduct monthly scans against Internet-facing operating systems and annual scans against internal endpoints with a current commercially available vulnerability assessment tool.
10.9. Agent. on its own or through its affiliate. conducts penetration tests against certain critical-rated applications identified by Agent on a periodic basis. Upon request, Agent will provide to its clients executive summary results of these scans. which will list the number and severity of issues found, as well as remediation timelines based on severity.
10.10. Agent. on its own or through its affiliate. conducts vulnerability assessments against its externally- facing network infrastructure on a periodic basis according to a schedule determined by Agent. Upon request. Agent will provide to its clients executive summary results of these scans. which will list the number and severity of issues found, as well as remediation timelines based on severity.
11. Information Security Incident Management.
11.1. All Agent employees are provided with training and guidance to identify and report information security events.
11.2. Robust procedures are maintained for governing the management of information security incidents.
12. Business Continuity Management.
12.1. Agent has a formal global process and provides a centralized toolset to allow business units to collect the information to build their Business Impact Analysis (BIA).
12.2. The Business Continuity program includes a plan to help ensure staff are trained and adequately prepared.
12.3. The Business Continuity plans are regularly updated and tested.
13. Logical Separation. Agent will maintain all customer information logically distinct from other information of Agent and its other customers.
Schedule A
Hiring Criteria
Background Check Requirements
Agent Background Check Criteria
Considering whether or not to hire an individual based on the individual’s prior conduct as evidenced by a conviction or other information provided to the employer, the recruiter must consider the following factors: (1) the nature and the gravity of the offense or offenses; (2) the time that has passed since the conviction and /or completion of the sentence ; and (3) the nature of the job sought.
Criminal Adjudication Criteria-Ten Year Check
Pass | Fail | |
No record found or clear | X | |
Court disposition of not guilty, nolle prosse, waived or dismissed | X | |
Any one misdemeanor conviction or misdemeanors pending court disposition for crimes involving financial matters or violent crimes against persons , weapons, burglary. theft. dishonesty and/or drugs within the last 3 years | X | |
Any one misdemeanor conviction or misdemeanors pending court disposition for crimes involving drugs within the last 3 years | X | |
Any three or more misdemeanor convictions within the last 3 years | X | |
Any felony conviction involving: financial matters. violent crimes against persons. weapons, burglary, dishonesty. theft and/or drugs | X | |
Any other felony conviction (will be individually evaluated ) | ||
Computer crimes: hacking, software infringement | X | |
Criminal conversion/fraud | X | |
Drunk driving or related charge (refer to MVR ) | X | |
Finger Printing , negative results | X | |
Drug Testing | ||
Drug testing, negative results (without prescription) | X | |
Education Adjudication Criteria- Highest Level Completed | ||
Degree matched | X | |
Dates matched, major differs slightly | X | |
Major differs dramatically | X | |
No degree awarded when representation was that of a degree | X | |
Institution found no record of applicant (will be individually evaluated) | ||
Employment Adjudication Criteria-Ten Year Check | ||
Dates off by 3 months combined time considering start and end dates, title slightly off | X | |
Title differs dramatically. confirmation has occurred | X | |
Dates off by more than 3 months, confirmation has occurred | X | |
Employer found no record of applicant, but applicant provided pay stub or W2 (will be individually evaluated) | ||
MVR Adjudication Criteria-Then Year Check (during positions only) | ||
Three or less moving violations | X | |
Drunk driving or related charge (one conviction only). Pending status of license. | X | |
Suspended license | X | |
Drunk driving, reckless driving | X | |
Hit and run violations | X | |
Vehicular homicide or manslaughter | X | |
Licensure | ||
This criterion applies primarily to positions with specific licensure requirements; however, any represented certifications will be verified -- verifications of representations that do not match will be individually evaluated |