EQUITABLE LIFE INSURANCE COMPANY SEVENTH AMENDMENT TO FUND PARTICIPATION AGREEMENT
EQUITABLE LIFE INSURANCE COMPANY
SEVENTH AMENDMENT TO
THIS SEVENTH AMENDMENT (“Amendment”) amends the Fund Participation Agreement dated October 23, 2009 (together with any prior amendments thereto, the “Agreement”) which is hereby incorporated by reference, and is made as of the Amendment Effective Date of August , 2020 by and between EQUITABLE FINANICIAL LIFE INSURANCE COMPANY (formerly known as AXA Equitable Life Insurance Company) and EQUITABLE FINANCIAL LIFE INSURANCE COMPANY OF AMERICA (formerly known as MONY Life Insurance Company of America) (collectively, the “Company”); IVY DISTRIBUTORS, INC. (the “Distributor”) and IVY VARIABLE INSURANCE PORTFOLIOS (the “Fund”).
WHEREAS, the Company, the Distributor, and the Fund desire to further amend the Agreement by the addition of the Confidentiality Section; and
WHEREAS, on or prior to June 15, 2020, Company changed its registered names from AXA Equitable Life Insurance Company to Equitable Financial Life Insurance Company and from MONY Life Insurance Company of America to Equitable Financial Life Insurance Company of America.
NOW, THEREFORE, in consideration of the Agreement and the mutual covenants contained herein, the parties hereto agree as follows:
| 1. | CONFIDENTIALITY. |
1.1 Defined.
(a) “Company Personal Data” means information, in any medium, provided to the Distributor or the Fund by or at the direction of the Company, created or obtained by the Distributor or the Fund on behalf of the Company, or to which the Distributor or the Fund is provided access by or at the direction of the Company, under and in connection with the Agreement that identifies, may be used to contact or locate, or to authenticate the identity of, a specific individual, such as a Company employee, officer, director, agent, supplier, contractor, stockholder or client, and is subject to applicable Laws pertaining to privacy, data security, or both, such as the Xxxxx-Xxxxx-Xxxxxx Act, as amended (15 USC § 6801 et seq.) and the Health and Insurance Portability and Accountability Act of 1996, as amended (42 USC § 1320d). Examples of Company Personal Data include employee identification numbers, government-issued identification numbers, passwords or PINs, user identification and account access credentials or passwords, financial account numbers, credit report information, biometric, health, genetic, medical, or medical insurance data, answers to security questions, and other personal identifiers. The Company’s business contact information is not by itself deemed to be Company Personal Data.
(b) “Confidential Information” of a party or its affiliates (the “Disclosing Party”) will mean non-public information or materials about the Disclosing Party’s business, whether or not proprietary to the Disclosing Party, whether disclosed intentionally by or acquired unintentionally from the Disclosing Party or any director, officer or employee of any of the foregoing, or any of its’ service providers, agents or other representatives, whether in written, electronic, visual or oral form, regardless of how transmitted, and whether or not marked “confidential” or “proprietary”, including, without limitation, information concerning past, present or prospective products, assets, services, systems, customers, employees, financial professionals, shareholders, agents, representatives, finances, books and/or records, business affairs and/or relationships, business plans, trade secrets, methods of operations, distribution and/or marketing strategies and/or procedures or other internal matters, and information, directly or indirectly, derived by or on behalf of the other party (the “Receiving Party”) from the Disclosing Party’s Confidential Information, using the Disclosing Party’s Confidential Information exclusively, or combined with other information, and summaries and analyses of or involving the Disclosing Party’s Confidential Information.
(c) “Law” means any statute, law, ordinance, regulation, rule, code, order, constitution, treaty, the common law, any other requirement or rule of law of any federal, state, local or foreign government or political subdivision thereof, or any self-regulatory organization, or any order, judgement, or decree of any arbitrator, court or tribunal of competent jurisdiction.
1.2 Obligations. The Receiving Party will exercise at least the same degree of care with respect to the Disclosing Party’s Confidential Information that the Receiving Party exercises to protect its own Confidential Information, but in no event shall the Receiving Party use less than reasonable care. The Receiving Party will only use or reproduce the Disclosing Party’s Confidential Information to the extent necessary to enable the Receiving Party to fulfill its obligations under this Agreement. Further, the Receiving Party may disclose the Disclosing Party’s Confidential Information to the directors, officers, and employees (“Qualified Staff Persons”), of Receiving Party who have a need to know such information (and only to the extent necessary) in order to fulfill the purposes contemplated by this Agreement; provided that Receiving Party has first informed such Qualified Staff Persons of the obligations imposed by this Section and remains liable at all times for the acts or omissions of its Qualified Staff Persons Further, the Company will have the right to provide this Agreement, or any Work Order, to an affiliate.
1.3 Nondisclosure. Receiving Party shall not disclose the Disclosing Party’s Confidential Information to any other individual or entity, including, without limitation, any of its subsidiaries, affiliates, authorized attorneys, accountants, subcontractors, consultants, service providers or other agents or representatives (each a “Representative”), except such persons who have a need to know such information in order to fulfill the purposes contemplated by this Agreement, have been informed of the obligations imposed by this Agreement and have ethical duties of confidentiality to the Receiving Party or shall have executed a written confidentiality agreement on substantially the same terms and conditions as set forth in this Section. Any breach of confidentiality by such person shall be deemed to be a breach by Receiving Party of Receiving Party’s obligations hereunder.
1.4 Information Security Program. The Distributor and the Fund warrant and represent that each has adopted and implemented, and covenants that each will maintain, a reasonable information security program (each, an “Information Security Program”) in alignment with the National Institute of Standards and Technology Cyber Security Framework (the “NIST CSF”) and which incorporates administrative, technical, and physical safeguards reasonably designed (a) to ensure the confidentiality of Company Personal Data in its possession or under its control; (b) to protect against any reasonably anticipated threats or hazards to the security or integrity of Company Personal Data; (c) to protect against unauthorized access to, destruction or loss of, or alteration or use of Company Personal Data, including without limitation, training of the Distributor’s and the Fund’s personnel and agents in safeguarding the same; and (d) ensure the timely destruction of all electronic and physical copies containing Company Personal Data, which the Distributor or the Fund are permitted or required to destroy under applicable law, record retention policies and procedures, or otherwise under its Information Security Program, in a safe and secure manner.
1.5 Reviews. Each of the Distributor and the Fund shall periodically review and update its Information Security Program as necessary to better align the Information Security Program with the NIST CSF and address changes in applicable Laws, changes in technology and information systems and changes in threats or hazards to Company Personal Data. Upon the Company’s written request, Distributor and the Fund shall provide the Company with an executive summary of any audit report completed in the prior calendar year by or on their behalf as a result of any audit performed to assess the effectiveness of the Information Security Program, to the extent such audit was relevant to the security and confidentiality of Company Personal
Data. Upon reasonable request by the Company, but no more than once during any calendar year, the Distributor and the Fund shall permit the Company or its representative to assess and discuss the Information Security Program with the Distributor and the Fund, and shall grant the Company or its representative reasonable access to knowledgeable personnel, its offices, and confidential, high level, documentation of infrastructure and application software that processes, stores or transports Personal Information pursuant to this Agreement, on reasonable advance notice during normal business hours, and in a manner designed to minimize the disruption of Distributor’s and the Fund’s normal business operations, to confirm the Distributor or the Fund’s compliance with the requirements of this Agreement with respect thereto.
1.6 Incident Management. For purposes of this Section, the term “Incident” means the occurrence of any act that compromises the security, confidentiality or integrity of Company Personal Data or that constitutes the unauthorized disclosure, unauthorized access, loss, or theft of the Company Personal Data. With respect to an Incident, the Distributor and the Fund shall:
| a. | Provide the Company with the name and contact information for an employee of the Distributor or the Fund who shall serve as the Company’s primary information security contact and shall be available to assist the Company twenty-four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with an Incident; |
| b. | Notify the Company of the occurrence of an Incident as soon as practicable, once the Distributor or the Fund becomes aware of the Incident, but in no event later than in the time required by applicable Laws; and |
| c. | Notify the Company’s Chief Privacy Officer of an Incident by e-mailing the Company with a read receipt at XxxxxxxXxxxxx@xxxxxxxxx.xxx, and with a copy by e-mail to the Distributor and the Fund’s primary business contact within the Company. |
1.7 Mitigation. The Distributor and the Fund understand and acknowledge that any Incident may impose obligations on the Company to notify affected individuals as well as regulators of such Incident and take steps, among others, to mitigate any adverse impact or other harm to such affected individuals arising from such Incident. The Distributor and the Fund agree to cooperate with and assist the Company in meeting all such obligations.
1.8 Nonconfidential Information. Notwithstanding anything to the contrary herein, Receiving Party shall have no obligation to preserve the confidentiality of any of the Disclosing Party’s Confidential Information which:
(1) was, is or becomes publicly known, other than through unauthorized disclosure by the Receiving Party;
(2) at the time of disclosure to Receiving Party, was already in the possession of Receiving Party and not subject to any confidentiality undertaking;
(3) is disclosed to Receiving Party by any individual or entity other than Disclosing Party, if such individual or entity is not bound by a confidentiality agreement with, or other known contractual or legal obligation of confidentiality to, the Disclosing Party; or
(4) was or is developed by Receiving Party without use of or reference to any of the Disclosing Party’s Confidential Information.
The foregoing exceptions shall not apply to Company Personal Data.
1.9 Government Disclosures. In the event that Receiving Party becomes legally compelled by a court of competent jurisdiction or by a governmental body to disclose any of the Disclosing Party’s Confidential Information, Receiving Party will give Disclosing Party prompt written notice of such requirement, together with a copy of such demand, to enable Disclosing Party to seek a protective order or other remedy or waive
compliance with this Section. In the event that Disclosing Party elects not to seek or is unable to obtain a protective order or other remedy, Receiving Party will only disclose that portion of the Disclosing Party’s Confidential Information which it is advised in writing by its legal counsel is legally required to be disclosed and will make reasonable efforts to obtain assurance that confidential treatment will be accorded such Confidential Information.
1.10 Return of Confidential Information. Except as otherwise expressly provided in this Agreement, Receiving Party will, and will cause all others in possession to, return to Disclosing Party (or such third party as Disclosing Party may designate in writing) all documents and materials (and all copies thereof) containing the Disclosing Party’s Confidential Information, whether in hardcopy, electronic form or otherwise, promptly following termination of this Agreement, with or without cause. Notwithstanding the foregoing sentence, (a) the Receiving Party may retain such documents, records, and copies as it reasonably believes may be required in order to satisfy any internal record keeping, retention policies and procedures or applicable Law to which the Receiving Party is subject, and (b) the Receiving Party shall not be required to purge any Confidential Information contained in its computer systems’ historical back up media; provided that any Confidential Information retained by the Receiving Party in accordance with the foregoing expiations shall continue to be subject to the confidentiality terms of this Agreement and shall survive the Agreement’s expiration, if applicable. The Receiving Party will certify in writing that it has fully complied with its obligations under this Section within seven (7) days after its receipt of a request from the Disclosing Party for such a certification.
1.11 Third-Party Suppliers, Sub-contractors, Sub-servicers and/or Hosting Providers. The Distributor and the Fund warrant and represent that each will ensure its third-party suppliers, sub-contractors, sub-servicers and/or hosting providers adhere to the Distributor and the Fund’s obligation of ensuring its continued effectiveness to safeguard their Confidential Information, the Company’s Confidential Information, and all nonpublic personal information, to the extent it is in their possession or under their control, and maintenance of a comprehensive security program, including incorporation of administrative, technical and physical safeguards as detailed in the Information Security Program Section. The Distributor and the Fund shall regularly audit and review their third-party suppliers, sub-contractor, sub-servicer and/or hosting providers controls to ensure effectiveness of their internal control environment, including the design and implementation of their programs to reasonably prevent a cyber breach or fraud. This includes but is not limited to the review of their application and/or infrastructure security, penetration test reviews, access controls and management (e.g., use of Multi-Factor Authentication), data protection (e.g., encryption at rest and in-transit), incident response, change management, logging, monitoring and reporting.
2. The remaining terms and conditions of the Agreement not modified herein shall remain in full force and effect.
3. This Amendment may be executed in two or more counterparts, each of which shall be deemed an original, but all of which together shall constitute only one instrument.
4. This Amendment and the provisions herein contained shall be binding upon and inure to the benefit of the Distributor and the Fund and the Company and their respective successors and assigns.
Signature Blocks on Following Page
IN WITNESS WHEREOF, the parties hereto have signed this Amendment.
| EQUITABLE FINANCIAL LIFE INSURANCE COMPANY: | EQUITABLE FINANCIAL LIFE INSURANCE COMPANY OF AMERICA: | |||||||
| By: |
|
By: |
| |||||
| Name: Xxxxxxx Xxxxxxxxx | Name: Xxxxxxx Xxxxxxxxx | |||||||
| Title: Managing Director | Title: Senior Vice President | |||||||
| Date Signed: 9/2/2020 | 9:44 AM EDT | Date Signed: 9/2/2020 | 9:44 AM EDT | |||||||
| IVY DISTRIBUTORS, INC.: | IVY VARIABLE INSURANCE PORTFOLIOS: | |||||||
| By: |
|
By: |
| |||||
| Name: Xxx X. Xxxxxxx | Name: Xxxxxx X. Xxxxxxx | |||||||
| Title: President | Title: CEO, President | |||||||
| Date Signed: 08/28/2020 | Date Signed: 08/28/2020 | |||||||
