MASTER AGREEMENT SS&C DIGITAL SOLUTIONS SERVICES
Exhibit (k)(iv)
SS&C DIGITAL SOLUTIONS SERVICES
THIS AGREEMENT (this “Agreement”) made as of September 25, 2023, (the “Effective Date”) by and between:
1. | SS&C GIDS, Inc., a corporation incorporated in the State of Delaware (“SS&C GIDS”); |
2. | Each of the investment vehicles listed in Schedule C of the Agency Agreement, as defined below (each, a “Fund” and collectively, the “Funds”); and |
Funds may be referred to collectively as “Customer.” SS&C and Customer each may be referred to individually as a “Party” or collectively as “Parties.”
WHEREAS, SS&C is a provider of transfer agency, shareholder record keeping and related services to the financial services industry; and
WHEREAS, Customer desires to utilize SS&C Digital Solutions Services to provide access to account information and certain on-line transaction request capabilities in accordance with the terms of this Agreement.
NOW, THEREFORE, in consideration of the foregoing premises, and for other good and valuable consideration, the receipt and adequacy of which are hereby acknowledged, the Parties hereby agree as follows.
ARTICLE I
DEFINITIONS
Except as may be modified in a Service Exhibit, the following definitions shall apply to this Agreement. Additional terms may be defined in the Agreement and in the exhibits that describe the Digital Solutions Services to be provided by SS&C for Customer.
• “Access” means the ability to retrieve, process, or delete Customer Dat.
“Action” means any civil, criminal, regulatory or administrative lawsuit, allegation, demand, claim, counterclaim, action, dispute, sanction, suit, request, inquiry, investigation, arbitration or proceeding, in each case, made, asserted, commenced or threatened by any Person (including any Government Authority).
• “Affiliate” shall mean, with respect to any Person, any other Person directly or indirectly Controlling, Controlled by or under common Control with such Person.
• “Agency Agreement” shall mean that certain Services Agreement dated July 14, 2023, herewith by and between SS&C GIDS, Inc., SS&C Technologies, Inc. and Customer.
• “API Calls” shall mean any request or submission to the API Management Platform initiated by User activities, regardless of whether such request or submission is successful or unsuccessful.
• “API Management Platform” shall mean a set of SS&C tools for developing, securing, publishing, executing, and monitoring API Calls. Capabilities include API authentication, threat detection, traffic management, transformation, versioning, orchestration, routing, monitoring, and discovery.
• “Authentication Procedures” shall mean, if applicable, those procedures for authenticating Users as set forth within a Service Exhibit.
• “Claim” means any Action arising out of the subject matter of, or in any way related to, this Agreement, its formation or the Digital Services.
• “Customer Data” means all data of Customer, including Customer Personal Data, and data related to securities trades and other transaction data, investment returns, issue descriptions, and third party market and reference data, including pricing, valuation, security master, corporate action and related data, provided by Customer and all output and derivatives thereof, necessary to enable SS&C to perform the Digital Solutions Services, but excluding all hardware, software, source code, data, report designs, spreadsheet formulas, information gathering or reporting techniques, know-how, technology and all other property commonly referred to as intellectual property used by SS&C in connection with its performance of the Digital Solutions Services.
1
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
• “Customer Personal Data” means information about or related to an identifiable, living person provided by Customer, and all output and derivatives thereof, necessary to enable SS&C to perform the Digital Solutions Services.
• “Confidential Information” means any information about Customer or SS&C, including this Agreement, except for information that (i) is or becomes part of the public domain without breach of this Agreement by the receiving Party, (ii) was rightfully acquired from a third party, or is developed independently, by the receiving Party, or (iii) is generally known by Persons in the technology, securities, or financial services industries.
• “Control” over a Person shall mean (i) the possession, directly or indirectly, of more than 50% of the voting power to elect directors, in the case of a Person that is a corporation, or members of a comparable governing body, in the case of a limited liability company, firm, joint-venture, association or other entity, in each case whether through the ownership of voting securities or interests, by contract or otherwise and (ii) with respect to a partnership, a general partner thereof or a Person having management rights comparable to those of a general partner shall be deemed to control such Person. The terms “Controlling” and “Controlled” shall have corollary meanings.
• “Digital Platform” shall mean the SS&C computer and software system that provides an interface between the Internet and public data network service providers and the transfer agency and record keeping systems of Funds for the purposes of communicating Fund data and information and Transaction requests.
• “Digital Solutions Options” shall mean the series of edits and instructions provided by Customer to SS&C in writing, through which Customer specifies its instructions for Transactions available through the various Digital Solutions Services, e.g., minimum and maximum purchase, redemption and exchange amounts.
• “Digital Solutions Services” shall mean the services provided by SS&C utilizing the Digital Platform, the SS&C Web Site, the Internet, and other software, equipment and systems provided by SS&C and telecommunications carriers and firewall providers, whereby Transactions may be requested in each Fund by Users accessing the SS&C Web Site via the Internet.
• “Fund(s)” shall mean the various registered investment companies (mutual funds) annuity, variable annuity or variable universal life contracts or real estate investment trusts or limited partnerships or other similar financial products for which Customer provides various services and which Customer designates for participation in Digital Solutions Services from time to time by written notice to SS&C. “Fund Units” shall mean the shares or units of a Financial Product held by a record owner.
• “Government Authority” means any relevant administrative, judicial, executive, legislative or other governmental or intergovernmental entity, department, agency, commission, board, bureau or court, and any other regulatory or self-regulatory organizations, in any country or jurisdiction
• “Losses” means any and all compensatory, direct, indirect, special, incidental, consequential, punitive, exemplary, enhanced or other damages, settlement payments, attorneys’ fees, costs, damages, charges, expenses, interest, applicable taxes or other losses of any kind.
• “Person” shall mean an individual, corporation, partnership, association, trust or other entity or organization, including a government or political subdivision or an agency or instrumentality thereof.
• “SS&C Associates” means SS&C and each of its Affiliates, and their respective members, shareholders, directors, officers, partners, employees, agents, successors or assigns.
• “SS&C Web Site” shall mean the collection of electronic documents or pages residing on SS&C’s computer system, linked to the Internet and accessible through the World Wide Web, where the Transaction data fields and related screens provided by SS&C may be viewed by Users who access such site.
• “Service Exhibit” shall mean the service exhibits attached hereto which outline the particular Digital Solutions Services to be provided by SS&C to Customer.
• “Third Party Claim” means a Claim (i) brought by any Person other than the indemnifying Party or (ii) brought by a Party on behalf of or that could otherwise be asserted by a third party.
• “Transactions” shall mean account inquiries, purchases, redemptions, exchanges and other transactions offered through Digital Solutions Services as specified in each Service Exhibit.
• “User(s)” shall mean record owners or authorized agents of record owners of shares of a Fund, including brokers, investment advisors and other financial intermediaries or the other Persons authorized to access a particular Digital Solutions Service pursuant to the terms of a Service Exhibit.
2
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
ARTICLE II
USE OF DIGITAL SOLUTIONS SERVICES BY CUSTOMER
Section 2.1 Selection of Digital Solutions Services. SS&C will perform, and Customer has selected, the Digital Solutions Services described on the Service Exhibits attached to this Agreement. New Service Exhibits describing additional Digital Solutions Services may be added to this Agreement from time to time by mutual written agreement of SS&C and Customer, and such additional Digital Solutions Services shall be subject to the terms of this Agreement.
Section 2.2 Selection of additional services of SS&C.
(a) | SS&C and/or its Affiliates may perform additional services for Customer from time to time as may be agreed upon by the parties pursuant to the terms of a mutually acceptable Statement of Work (“SOW”), if any (the “Professional Services”). In most cases, the Professional Services will be performed in connection with a specific Service Exhibit under this Agreement. If such Professional Services require SS&C to perform work at Customer’s location, then Customer shall supply SS&C personnel with suitable workspace, desks, and other normal office equipment, support and supplies, which may be necessary in connection with such Professional Services. |
(b) | The parties may agree upon a change to a SOW (“Change Order”); provided, however, no such change shall be binding upon either party unless and until such a Change Order has been mutually agreed in writing and signed by an authorized representative of Customer. |
(c) | SS&C shall own all updates, software, software enhancements, documentation, technical notes, tangible and intangible property, and work products required to be delivered and/or produced or created by SS&C or its Affiliates in connection with the Services provided under a SOW (“Deliverables”). Notwithstanding anything to the contrary, the parties recognize that from time-to-time Customer may, under this Agreement, disclose to SS&C certain business or technical requirements and specifications on which SS&C or its Affiliates shall partly rely to design, structure or develop the Deliverable. Provided that, as developed, such Deliverable contains no identifiable Customer Confidential Information, (i) Customer hereby consents to SS&C’s and its Affiliates’ use of such Customer provided business or technical requirements and specifications to design, to structure or to determine the scope of such Deliverable or to incorporate into such Deliverable and that any such Deliverable, regardless of who paid for it, shall be, and shall remain, the sole and exclusive property of SS&C and its Affiliates and (ii) Customer hereby grants SS&C and its Affiliates a perpetual, nonexclusive license to incorporate and retain in such Deliverables Customer provided business or technical requirements and specifications. All Customer Confidential Information shall be and shall remain the property of Customer. |
Section 2.3 SS&C Responsibilities. During the Term and subject to the provisions of this Agreement, SS&C shall, at its expense (unless otherwise provided for herein) perform the Digital Solutions Services as described in each Service Exhibit, including provision of all computers, telecommunications connectivity and equipment reasonably necessary at its facilities to operate and maintain the Digital Platform and the SS&C Web Site. SS&C shall at all times perform its obligations under this Agreement with reasonable care, skill, prudence and diligence in a proper and efficient manner in consideration of the fees, expenses and related payment terms listed in Article III below. SS&C shall be under no duty or obligation to perform any service or take any action except as specifically listed in this Agreement and any Service Exhibit thereunder and no other duties or obligations, including valuation related, fiduciary or analogous duties or obligations, shall be implied.
3
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 2.4 Customer Responsibilities. During the Term and subject to the provisions of this Agreement, Customer shall at its expense (unless otherwise provided for herein) fulfill, or cause to be fulfilled by the Funds or otherwise, Customer obligations, if any, set forth in each Service Exhibit to this Agreement.
Section 2.5 Change in Designated Funds. Upon thirty (30) days prior notice to SS&C, Customer may change the Funds designated to participate in Digital Solutions Services by delivering to SS&C, in writing, a revised list of participating Funds.
Section 2.6 Digital Solutions Options. Customer is responsible for establishing implementation procedures and options available for each Digital Solutions Service, as specified in the applicable Service Exhibit.
Section 2.7 Anonymized Data. Notwithstanding anything in this Agreement, SS&C and its third party vendors may collect and use, any such data, text, and files that pass through and/or may be generated by the Customer’s use of the Digital Solutions Services in anonymized format. For clarity, such anonymized data will not include any of Customer’s Confidential Information. SS&C or its third party vendors may also review Customer’s Authorized Users and API Call usage amounts, as applicable, for billing and internal business use.
ARTICLE III
FEES
Section 3.1 Fees for Digital Solutions Services. As consideration for the performance by SS&C of the Digital Solutions Services, Customer will pay SS&C the fees relating to each such service as set forth in each Service Exhibit attached to this Agreement. SS&C will deliver a monthly billing report to Customer including a report of Transactions, by type, processed through Digital Solutions Services.
Section 3.2 Invoicing; Fee Increases. SS&C reserves the right to review and increase its fees upon the prior written approval by Customer; provided, that SS&C will not seek to increase its fees for the Initial Term of the Agency Agreement unless there is (i) a material change in the scope of the Digital Solutions Services; or (ii) an increase in the complexity of the Digital Solutions Services, or the cost (including costs imposed by SS&C’s vendors), time, or amount of work required by SS&C to provide the Digital Solutions Services as agreed by the Parties. All fees and charges shall be billed by SS&C monthly and paid within thirty (30) days of receipt of SS&C’s invoice. Amounts billed but not paid on a timely basis and not being disputed by Customer in good faith shall accrue late fee charges equal to the lesser of one and one-half percent (1 1/2%) per month or the maximum rate of interest permitted by law, whichever is less, until paid in full.
ARTICLE IV
PROPRIETARY RIGHTS
Customer acknowledges and agrees that it obtains no rights in or to any of the software, hardware, processes, templates, screen and file formats, interface formats or protocols, and development tools and instructions, trade secrets, proprietary information or distribution and communication networks of SS&C. Any software, interfaces, interface formats or protocols developed by SS&C shall not be used by Customer for any purposes other than utilizing Digital Solutions Services pursuant to this Agreement or to connect Customer to any transfer agency system or any other Person without SS&C’s prior written approval. Customer also agrees not to take any action which would mask, delete or otherwise alter any SS&C on-screen disclaimers (including electronic forms which Users are required to accept) and copyright, trademark and service mark notifications provided by SS&C from time to time, or any “point and click” features relating to User acknowledgment and acceptance of such disclaimers and notifications.
ARTICLE V
TERM AND TERMINATION
Section 5.1 Term. Unless terminated earlier as provided in this Article V, each service exhibit, shall be effective as of the Effective Date and shall continue in force and effect until the expiration or termination of the Agency Agreement, as it may be amended (the “Term”), unless otherwise stated in a service exhibit. The Agreement shall automatically terminate upon the termination of the final service exhibit.
4
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 5.2 Termination. A Party also may, by written notice to the other Party, terminate this Agreement if any of the following events occur:
(a) | The other Party breaches any material term, condition or provision of this Agreement, which breach, if capable of being cured, is not cured within 30 calendar days after the non-breaching Party gives the other Party written notice of such breach. |
(b) | The other Party (i) terminates or suspends its business, (ii) becomes insolvent, admits in writing its inability to pay its debts as they mature, makes an assignment for the benefit of creditors, or becomes subject to direct control of a trustee, receiver or analogous authority, (iii) becomes subject to any bankruptcy, insolvency or analogous proceeding, (iv) where the other Party is a Fund, becomes subject to a material Action that SS&C reasonably determines could cause SS&C reputational harm, or (v) where the other Party is Fund, material changes in Fund’s Governing Documents or the assumptions set forth in Section 1 of Fee Letter are determined by SS&C, in its reasonable discretion, to materially affect the Services or to be materially adverse to SS&C. |
If any such event occurs, the termination will become effective immediately or on the date stated in the written notice of termination, which date shall not be greater than 90 calendar days after the event.
Section 5.3 If more than one Fund is subject to this Agreement,
(a) | this Agreement will terminate with respect to a particular Fund because the Fund is ceasing operations or liquidating as of cessation or liquidation, but such Fund will remain responsible for the greater of the fees payable under this Agreement with respect to such Fund through (i) the remainder of the initial term or then current successive term or (ii) 90 calendar days after termination, which fees shall be payable in a lump sum upon notice of the cessation or liquidation. |
(b) | Management is authorized to terminate this Agreement with respect to each Fund and to enter into the termination-related agreements and amendments on behalf of any terminated Fund contemplated by Section 5.3, in each case without any further action of the terminated Fund or any other Fund. |
Section 5.4 Upon delivery of a termination notice, subject to the receipt by SS&C of all then-due fees, charges and expenses, SS&C shall continue to provide the Services up to the effective date of the termination notice; thereafter, SS&C shall have no obligation to perform any services of any type unless and to the extent set forth in an amendment to this Agreement executed by SS&C. .
Section 5.5 Termination of this Agreement shall not affect: (i) any liabilities or obligations of any Party arising before such termination (including payment of fees and expenses) or (ii) any damages or other remedies to which a Party may be entitled for breach of this Agreement or otherwise. Article III, VI, VII, and IX of this Agreement shall survive the termination of this Agreement. To the extent any services that are Services are performed by SS&C for Customer after the termination of this Agreement all of the provisions of this Agreement shall survive the termination of this Agreement for so long as those services are performed.
ARTICLE VI
INDEMNIFICATION; LIABILITY LIMITATIONS
Section 6.1 No Other Warranties. EXCEPT AS OTHERWISE EXPRESSLY STATED IN THIS AGREEMENT, THE DIGITAL SOLUTIONS SERVICES AND ALL SOFTWARE AND SYSTEMS DESCRIBED IN THIS AGREEMENT AND ITS EXHIBITS ARE PROVIDED “AS-IS,” ON AN “AS AVAILABLE” BASIS, AND SS&C HEREBY SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING SERVICES PROVIDED BY SS&C HEREUNDER, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE.
5
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 6.2 Limitation of Liability. Notwithstanding anything in this Agreement to the contrary, SS&C Associates shall not be liable to Customer for any action or inaction of any SS&C Associate except to the extent of direct Losses resulting from the (i) sole negligence, as specified in Section 6.2, or (ii) gross negligence, willful misconduct or fraud of SS&C in the performance of SS&C’s duties or obligations under this Agreement. Except with respect to the Fund’s indemnification obligations under this Section 6, in no event shall either Party be liable to the other Party for Losses that are indirect, special, incidental, consequential, punitive, exemplary, enhanced or similar (including lost profits, opportunity costs and diminution of value). Fund shall indemnify and hold harmless SS&C Associates from and against Losses (including reasonable legal fees and costs to enforce this provision) that SS&C Associates suffer, incur, or pay as a result of any third party Claim, except (i) to the extent of Losses resulting from the gross negligence, willful misconduct or fraud of SS&C Associates in the performance of SS&C’s duties or obligations under this Agreement and (ii) that SS&C is responsible for up to $50,000 of Losses resulting solely from the negligence of SS&C Associates in the performance of SS&C’s duties or obligations under this Agreement pursuant to Section 6.2. Any expenses (including reasonable legal fees and costs) incurred by SS&C Associates in defending or responding to any Claims (or in enforcing this provision) shall be paid by Fund upon the final adjudication by a court of competent jurisdiction, settlement or similar event unless it shall be determined that an SS&C Associate is not entitled to be indemnified. The maximum amount of cumulative liability of SS&C Associates to Customer for Losses arising out of the subject matter of, or in any way related to, this Agreement, except to the extent of Losses resulting from the willful misconduct or fraud of SS&C in the performance of SS&C’s duties or obligations under this Agreement, shall not exceed the fees paid by Customer to SS&C under this Agreement for the most recent 36 months immediately preceding the date of the event giving rise to the Claim; provided, that if a Claim arises before 36 months from the Effective Date have elapsed, the maximum amount of cumulative liability of a Party for Losses arising from such Claim will be the product resulting from multiplying the fees allocable to the calendar month in which the Claim arises by 36.
Section 6.3 Notwithstanding Section 6.2, with respect to direct Losses of Fund that result solely from the negligence of any SS&C Associate in the performance of SS&C’s duties or obligations under Section 7 of this Agreement, SS&C shall be responsible for the first $50,000 of such Losses. Any amounts in excess thereof are subject to the provisions of Section 6.2.
ARTICLE VII
CONFIDENTIALITY
Section 7.1 SS&C Confidential Information. Customer acknowledges and agrees that the terms and conditions of this Agreement, the Digital Platform (including by way of example and without limitation all processes, algorithms, designs, techniques, code, screen and data formats, interface formats and protocols, and structures contained or included therein) and other information obtained by them concerning the other software, software applications, equipment configurations, and business of SS&C (the “SS&C Confidential Information”) is confidential and proprietary to SS&C. Customer further agrees to use the SS&C Confidential Information only as permitted by this Agreement, to maintain the confidentiality of the SS&C Confidential Information and not to disclose the SS&C Confidential Information, or any part thereof, to any other person, firm or corporation, provided, however, that if Customer becomes compelled or is ordered to disclose SS&C Confidential Information whether (i) by a court order or governmental agency order which has jurisdiction over the Parties and subject matter, or (ii) in the opinion of its legal counsel, by law, regulation or the rules of a national securities exchange to disclose any SS&C Confidential Information, Customer will, except as may be prohibited by law or legal process, provide SS&C with prompt written notice of such request or order. Customer acknowledges that disclosure of the SS&C Confidential Information may give rise to an irreparable injury to SS&C inadequately compensable in damages. Accordingly, SS&C may seek (without the posting of any bond or other security) injunctive relief against the breach of the foregoing undertaking of confidentiality and nondisclosure, in addition to any other legal remedies which may be available. Customer consents to the obtaining of such injunctive relief and in any proceeding upon a motion for such injunctive relief, Customer’s ability to answer in damages shall not be interposed as a defense to the granting of such injunctive relief.
Section 7.2 Customer Confidential Information. SS&C acknowledges and agrees that the terms and conditions of this Agreement, any information obtained by SS&C concerning the software and software applications (including by way of example and without limitation all data in the Files and algorithms, designs, techniques, code, screen and data formats and structures contained or included therein), equipment configurations, personal information regarding the customers and
6
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
consumers of Customer and business of Customer (the “Customer Confidential Information”) is confidential and proprietary to Customer. SS&C hereby agrees to use the Customer Confidential Information only as permitted by this Agreement, to maintain the confidentiality of the Customer Confidential Information and not to disclose the Customer Confidential Information, or any part thereof, to any other person, firm or corporation, provided, however, that if SS&C becomes compelled or is ordered to disclose Customer Confidential Information whether (i) by a court order or governmental agency order which has jurisdiction over the Parties and subject matter, or (ii) in the opinion of its legal counsel, by law, regulation or the rules of a national securities exchange to disclose any Customer Confidential Information, SS&C will, except as may be prohibited by law or legal process, provide Customer with prompt written notice of such request or order.
SS&C acknowledges that disclosure of the Customer Confidential Information may give rise to an irreparable injury to Customer inadequately compensable in damages. Accordingly, Customer may seek (without the posting of any bond or other security) injunctive relief against the breach of the foregoing undertaking of confidentiality and nondisclosure, in addition to any other legal remedies which may be available. SS&C consents to the obtaining of such injunctive relief and in any proceeding upon a motion for such injunctive relief, SS&C’s ability to answer in damages shall not be interposed as a defense to the granting of such injunctive relief.
Section 7.3 Consumer Privacy. Customer and SS&C shall each comply with applicable U.S. laws, rules and regulations relating to privacy, confidentiality, security, data security and the handling of personal financial information applicable to it that may be established from time to time, including but not limited to the Xxxxx-Xxxxx-Xxxxxx Act and Securities and Exchange Commission Regulation S-P (17 CFR Part 248) promulgated thereunder.
Section 7.4 Limitations; Survival. The provisions of this Article VII shall not apply to any information if and to the extent it was (i) independently developed by the receiving Party as evidenced by documentation in such Party’s possession, (ii) lawfully received by it free of restrictions from another source having the right to furnish the same, (iii) generally known or available to the public without breach of this Agreement by the receiving Party or (iv) known to the receiving Party free of restriction at the time of such disclosure. The Parties agree that immediately upon termination of this Agreement, without regard to the reason for such termination, the Parties shall forthwith return to one another all written materials and computer software which are the property of the other Party. All of the undertakings and obligations relating to confidentiality and nondisclosure in this Agreement shall survive the termination or expiration of this Agreement for a period of ten (10) years.
Section 7.5 Notwithstanding the foregoing, each Party may disclose Confidential Information pursuant to a requirement or request of a governmental agency or pursuant to a court or administrative subpoena, order or other such legal process or requirement of law, or in defense of any claims or causes of action asserted against it; provided, however, that it shall (i) first notify the other of such request or requirement, or use in defense, unless such notice is prohibited by statute, rule or court order; and (ii) at the other Party’s expense, cooperate in the other Party’s efforts to file a motion to quash or similar procedural step to frustrate the production or publication of information. Nothing herein shall require either Party to fail to honor a subpoena, court or administrative order or requirement on a timely basis. Each Party shall cooperate with the other in an effort to limit the nature and scope of any legally required disclosure of Confidential Information.
Section 7.6 Notwithstanding the foregoing, the Parties agree that, in the course of performance under this Agreement, SS&C and its employees may gain or enhance its general knowledge, skills, and experience (including ideas, concepts, know-how, and techniques) related to the business of the Customer (collectively referred to as “General Knowledge”). The use of General Knowledge by the SS&C and its employees will not constitute a breach of this Agreement; provided that such General Knowledge is retained in the unaided memories of the employees of SS&C. Notwithstanding anything to the contrary, SS&C and its employees may not disclose, publish, or disseminate any of the following: (i) information or data supplied in confidence by or on behalf of Customer to SS&C, including (1) Customer Confidential Information that is in written or other tangible form and is marked as proprietary or confidential, and (2) Customer Confidential Information that is disclosed in non-tangible form and is identified as proprietary or confidential at the time of the disclosure; (ii) the source of the General Knowledge; or (iii) the business plans of the Customer.
ARTICLE VIII
CLIENT DATA.
Section 8.1 Customer will provide or use commercially reasonable efforts to ensure that other Persons provide all Customer Data to SS&C in an electronic format that is reasonably acceptable to SS&C (or as otherwise agreed in writing) and Customer has the right to so share the data. SS&C shall not be responsible or liable for the accuracy, completeness, integrity or timeliness of any Customer Data provided to SS&C by Customer or any other Person. As between SS&C and Customer, all Customer Data shall remain the property of the applicable Customer. Customer Data shall not be used or disclosed by SS&C other than in connection with providing the Services and as permitted under Section 11.2.
7
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 8.2 SS&C shall maintain, and store material Customer Data used in the official books and records of Fund for a rolling period of 7 years starting from the Effective Date, or such longer period as required by applicable Law or its internal policies.
Section 8.3 Upon termination of this Agreement, except as required by applicable Law and SS&C’s corporate recordkeeping requirements, SS&C shall promptly either return all Customer Data to Customer, or shall destroy all Customer Data. Upon the request of Customer, SS&C shall confirm in writing that all Customer Data required to be returned or destroyed pursuant to this Agreement has been returned or destroyed, as applicable. Notwithstanding the foregoing, any Customer Data that cannot reasonably be destroyed (such as oral communications reflecting Customer Data, firm electronic mail back-up records, back-up server tapes and any similar such automated record-keeping or other retention systems), which shall remain in perpetuity subject to the confidentiality terms of Section 11 of this Agreement.
Section 8.4 Upon reasonable written notice from Customer to SS&C, Customer, through its staff or agents (other than any Person that is a competitor of SS&C), and Government Authorities with jurisdiction over the Customer (each a “Reviewer”) may conduct a reasonable, on-site review of the operational and technology infrastructure controls used by SS&C to provide the Services and meet SS&C’s confidentiality and information security obligations under this Agreement (a “Review”). Customer shall accommodate SS&C requests to reschedule the Review based on the availability of required resources. With respect to any Review, Customer shall:
(a) | Ensure that the Review is conducted in a manner that does not disrupt SS&C’s business operations. |
(b) | Pay SS&C costs, including staff time at standard rates. |
(c) | Comply, and ensure that Reviewers comply, with SS&C policies and procedures relating to physical, computer and network security, business continuity, safety and security. |
(d) | Ensure that all Reviewers are bound by written confidentiality obligations substantially similar to, and no less protective than, those set forth in the Agreement (which Customer shall provide to SS&C upon request). This does not apply to Reviewers who are Government Authorities. |
(e) | Except for mandatory Reviews by Government Authorities, be limited to 1 Review per calendar year. |
ARTICLE IX
DATA PROTECTION.
Section 9.1 From time to time and in connection with the Services, SS&C may obtain access to certain personal data from Fund, Management or from Fund investors and prospective investors. Personal data relating to Fund, Management and their respective Affiliates, members, shareholders, directors, officers, partners, employees and agents and of Fund investors or prospective investors will be processed by and on behalf of SS&C. Each Fund and Management entity consents to the transmission and processing of such data outside the jurisdiction governing this Agreement in accordance with applicable Law.
Section 9.2 California Privacy Legislation. For the purposes of this clause the following terms shall have the following respective meanings:
(a) | “CCPA” means the California Consumer Privacy Act of 2018, California Civil Code § 1798.100 to 1798.199, effective 1 January 2020, as amended by the California Privacy Rights Act of 2020, effective 1 January 2023 and their respective implementing regulations. |
(b) | “Personal Information” means personal information within the meaning of CCPA which is received or collected by SS&C from, or on behalf of, Fund or Management in connection with performing its obligations pursuant to this Agreement. |
(c) | “Business”, “Business Purpose”, “Consumer”, “Sell”, “Service Provider”, “Share” and “Verifiable Consumer Request” have the meaning given in Section 1798.140 of CCPA. |
8
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
(1) To the extent CCPA applies to Fund or Management as Business and SS&C as Service Provider in the receipt and/or provision of Services under this Agreement, the Parties hereby agree the following:
(a) | SS&C, as a Service Provider, shall not: |
(i) | Sell or Share Personal Information; |
(ii) | retain, use or disclose any Personal Information for any purpose other than: |
(A) | the limited and specified Business Purposes of providing the Services or performing its obligations under this Agreement; or |
(B) | in accordance with Fund’s or Management’s lawful instructions; or |
(C) | outside of the direct business relationship between SS&C and Fund or Management; or |
(D) | as otherwise permitted pursuant to CCPA, including the purposes described in Section 1798.145, subdivisions (a)(1) to (a)(4) of CCPA |
(iii) | combine Personal Information with personal information received from or on behalf of another person, or collected from SS&C’s own interactions with individuals. |
(b) | SS&C shall comply with its own applicable obligations as Service Provider under CCPA and provide the same level of privacy protection as is required by CCPA. |
(c) | SS&C shall notify Fund and Management on a timely basis if at any time SS&C makes a determination that it can no longer meet its obligations under CCPA. |
(d) | The Parties agree that Fund and Management may take reasonable and appropriate steps to ensure that SS&C uses Personal Information in a manner consistent with Fund’s and Management’s obligations under CCPA and, upon written notice to SS&C stop and remediate the unauthorized use of Personal Information. |
(e) | SS&C shall provide Fund and Management with reasonable assistance in Fund’s and Management’s obligations to respond to Verifiable Consumers Requests in connection with a request for information or deletion by such Consumer pursuant to CCPA, including Section 1798.105(c) of CCPA, and at Fund’s or Management’s written direction, SS&C shall delete, or enable Fund and Management to delete such Personal Information, in each case taking into account the nature of the processing and the information available to SS&C, provided that SS&C shall not be required to comply with a Consumer’s request to delete the Consumer’s Personal information if it is reasonably necessary for Business of the Service Provider to maintain the Consumer’s Personal information in accordance with CCPA, including the purposes described in Section 1798.105. |
(f) | Fund agrees that it shall comply at all times with its own applicable obligations as Business under CCPA. Fund agree to ensure that all relevant Consumers for whom SS&C will process Personal Information on Fund’s behalf as contemplated by this Agreement are fully informed concerning such processing, including, where relevant, the processing of such Personal Information outside the State of California and if applicable provide consent for CCPA compliance purposes. |
Section 9.3 Without prejudice to SS&C’s obligations under Section 9.1 to 9.2, SS&C shall implement and maintain (a) a written information security program which shall be reviewed by SS&C at least annually and (b) reasonable technical, administrative and physical safeguards to protect Customer Data from accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, or access, which safeguards shall include: (i) encryption during the transmission or storage of Customer Personal Data and Confidential Information, (ii) installation and maintenance of firewalls configured to protect Customer Personal Data and Confidential Information, (iii) use of automatically updating anti-virus software on devices used in providing the Services, (iv) maintenance of an intrusion and vulnerability management program, (iv) tracking and monitoring access to network resources and Confidential Information, (vii) control access to physical hardware that contains Confidential Information, (viii) distributed denial of service mitigation services, (ix) a reasonable program for disposal of documents and media containing Customer Personal Data and Confidential Information, and (x) procedures for the maintenance of Customer Data.
Section 9.4 Without prejudice to SS&C’s obligations under Section 9.1 to 9.2, SS&C will promptly investigate material incidents of unauthorized access to, or loss of Customer Personal Data and Confidential Information maintained by SS&C (a “Data Breach”) and, unless prohibited by applicable Law or if it would compromise SS&C’s investigation, notify Customer on a timely basis following any Data Breach. Fund are responsible for making notifications related to a Data Breach that are required by applicable Law. SS&C will work with Fund and Management in good faith to effect such notifications. SS&C will seek to implement corrective action to respond to Data Breaches and prevent future occurrences, and will report to Management the corrective actions. SS&C will reasonably cooperate with Fund and Management in the event of any Government Authority inquiry related to or arising out of a Data Breach. SS&C will reasonably cooperate with any Funds and/or Management entity (as applicable) in the event of any Government Authority inquiry related to or arising out of a Data Breach.
9
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 9.5 SS&C will encrypt Customer Data, both at rest and in transit, via reasonable commercial solution substantially in conformity with the then current version of the requirements set forth in Federal Information Processing Standard (FIPS) Publication 140.
Section 9.6 Where relevant to the Services, SS&C shall conduct a website vulnerability assessment (also known as a penetration test or ethical hack) at least annually of any web-facing technological infrastructure maintained by SS&C to provide the Services utilizing an industry recognized and qualified independent third party. SS&C shall provide Customer with a summary of such testing upon the written request of Customer along with plans for corrective actions for material findings.
Section 9.7 Where relevant to the Services, SS&C shall conduct a website vulnerability assessment (also known as a penetration test or ethical hack) at least annually of applicable web-facing technological infrastructure maintained by SS&C to provide the Services utilizing a certified independent third party.
Section 9.8 Upon Customer’s written request, SS&C shall provide Customer with its (i) International Standard on Assurance Engagements No. 3402 (ISAE 3402) Assurance Reports on Controls at a Service Organization, or (ii) Statement on Standards for Attestation Engagements No. 18 (SSAE 18) Reporting on Controls at a Service Organization, or (iii) other related reports, in each case as applicable to the Services.
Section 9.9 At the request of Fund or Management, on an annual basis and subject to a written disclaimer and indemnity, SS&C will provide Fund or Management with a copy of its reports prepared under Statement on Standards for Attestation Engagements No. 18, Service Organization Controls (SOC1), as applicable to the Services and SS&C’s data processing environment. Upon Fund or Management written request, meet with Customer to discuss the reports and respond to Customer’s inquiries with respect thereto, including providing a summary of SS&C’s remediation plans for any material deficiencies noted in the reports.
Section 9.10 Fund acknowledges that SS&C intends to develop and offer analytics-based products and services for its customers. In providing such products and services, SS&C will be using consolidated data across all clients, including data of Fund, and make such consolidated data available to clients of the analytics products and services. Fund hereby consents to the use by SS&C of Fund Confidential Information (including anonymized shareholder information) in the offering of such products and services, and to disclose the results of such analytics services to its customers and other third parties, provided the information will be aggregated, anonymized and may be enriched with external data sources. SS&C will not disclose shareholder names or other personal identifying information, or information specific to or identifying Fund or any information in a form or manner which could reasonably be utilized to readily determine the identity of Fund or its shareholders.
ARTICLE X
FORCE MAJEURE
Customer acknowledges that the Internet is not a secure organized or reliable environment, and that the ability of SS&C to deliver Digital Solutions Services is dependent upon the Internet and equipment, software, systems, data and services provided by various telecommunications carriers, equipment manufacturers, firewall providers and encryption system developers and other vendors and third parties which are outside the control of SS&C. SS&C shall not be liable for any delays or failures to perform any of its obligations hereunder to the extent that such delays or failures are due to circumstances beyond its reasonable control, including acts of God, strikes, riots, terrorist acts, acts of war, power failures, functions or malfunctions of the Internet, telecommunications services (including wireless), firewalls, encryption systems and security devices, or governmental regulations imposed after the date of this Agreement.
ARTICLE XI
MISCELLANEOUS
Section 11.1 Governing Law; Jurisdiction. This Agreement shall be interpreted in accordance with and governed by the Law of the State of New York. The courts of the State of New York and the United States District Court for the Southern District of New York shall have exclusive jurisdiction to settle any Claim. Each Party submits to the exclusive jurisdiction of such courts and waives to the fullest extent permitted by Law all rights to a trial by jury.
10
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 11.2 Subcontractors. Certain functionalities delivered as part of the Digital Solutions Services may require services from subcontractors or third party vendors. SS&C shall use commercially reasonable efforts to provide reasonable advance written notice to Customer in the event that it plans to subcontract any part of the Digital Services Solutions that require the proposed subcontractor to Access Customer Data. SS&C and Customer shall enter into, or cause to be entered into, a separate agreement or Service Exhibit to this Master Agreement should such subcontractors or third party vendors have Access to Customer Data; otherwise, SS&C may, without further consent from Customer, engage an onshore or offshore subcontractor, third party vendor, or affiliate of SS&C to support the Digital Solutions Services. For clarification, SS&C may subcontract any portion of the Digital Solutions Services to Affiliates of SS&C or to consultants, subcontractors and third party vendors, including, by way of example, software developers and/or cloud hosting service providers. SS&C may use subcontractors or third party vendors in connection with providing the Digital Solutions Services under this Agreement and applicable Service Exhibits provided, upon Customer’s request, SS&C shall provide a list summarizing such third parties that may be used by SS&C and aspects of the Digital Solutions Services that may be provided. The Digital Solutions Services performed by any such subcontractors shall be subject to the terms and conditions of the Agreement and the applicable Service Exhibit. If SS&C delegates any Services, (i) such delegation shall not relieve SS&C of its duties and obligations hereunder, (ii) in respect of personal data, such delegation shall be subject to a written agreement obliging the delegate to comply with the relevant delegated duties and obligations of SS&C; (iii) establish and maintain a vendor governance program to assess and monitor its Subcontractors’: financial health, reputational risks, country risk, quality of management and quality of control environment, through periodic audits of performance and control environment as well as contract adherence; (iv) require each Subcontractor to verify that its employees are complying with all applicable immigration laws..
Section 11.3 Captions. Captions used herein are for convenience of reference only, and shall not be used in the construction or interpretation hereof.
Section 11.4 Counterparts. This Agreement may be executed in counterparts, each of which when so executed will be deemed to be an original. Such counterparts together will constitute one agreement. Signatures may be exchanged via facsimile or electronic mail and shall be binding to the same extent as if original signatures were exchanged.
Section 11.5 Parties’ Independent Contractors. The Parties to this Agreement are and shall remain independent contractors, and nothing herein shall be construed to create a partnership or joint venture between them, and none of them shall have the power of authority to bind or obligate the others in any manner not expressly set forth herein.
Section 11.6 Severability. If any provision (or part thereof) of this Agreement is or becomes invalid, illegal or unenforceable, the provision shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable. If such modification is not practical, the relevant provision shall be deemed deleted. Any such modification or deletion of a provision shall not affect the validity, legality and enforceability of the rest of this Agreement. If a Party gives notice to another Party of the possibility that any provision of this Agreement is invalid, illegal or unenforceable, the Parties shall negotiate to amend such provision so that, as amended, it is valid, legal and enforceable and achieves the intended commercial result of the original provision.
Section 11.7 No Waiver. No failure or delay by a Party to exercise any right or remedy provided under this Agreement or by Law shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No exercise (or partial exercise) of such right or remedy shall prevent or restrict the further exercise of that or any other right or remedy.
Section 11.8 Assignment. Neither this Agreement nor any rights under this Agreement may be assigned or otherwise transferred by Customer, in whole or in part, whether directly or by operation of Law, without the prior written consent of SS&C. SS&C may assign or otherwise transfer this Agreement: (i) to a successor in the event of a change in control of SS&C, (ii) to an Affiliate or (iii) in connection with an assignment or other transfer of a material part of SS&C’s business. Any attempted delegation, transfer or assignment prohibited by this Agreement shall be null and void.
11
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Section 11.9 Notices. Except as otherwise provided herein, all notices required or permitted under this Agreement or required by Law shall be effective only if in writing and delivered: (i) personally, (ii) by registered mail, postage prepaid, return receipt requested, (iii) by receipted prepaid courier, (iv) by any confirmed facsimile or (v) by any electronic mail, to the relevant address or number listed below (or to such other address or number as a Party shall hereafter provide by notice to the other Parties). Notices shall be deemed effective when received by the Party to whom notice is required to be given:
SS&C:
SS&C GIDS, Inc.
0000 Xxxxxxxx
Kansas City, MO 64105
Attention: Legal Department
Email: XXXXxxxxxx@xxxxxx.xxx
Customer:
If to any Fund:
c/o Manulife Investment Management Private Markets (US) LLC
000 Xxxxxxxxx Xxxxxx
Boston, MA 02116
Attention: Xxxxx Xxxxx
Tel: x0 (000) 000 0000
E-mail: xxxxxx@xxxxxxxx.xxx
With a copy to:
Xxxx Xxxxxxx Investment Management LLC
000 Xxxxxxxxx Xxxxxx
Boston, MA 02116
Attention: Chief Legal Officer
Email: Xxxxxxxxxx@xxxxxxxx.xxx
Section 11.10 Entire Agreement. This Agreement (including any schedules, attachments, amendments and addenda hereto) contains the entire agreement of the Parties with respect to the subject matter hereof and supersedes all previous communications, representations, understandings and agreements, either oral or written, between the Parties with respect thereto. This Agreement sets out the entire liability of SS&C Associates related to the Services and the subject matter of this Agreement, and no SS&C Associate shall have any liability to Customer or any other Person for, and Customer hereby waives to the fullest extent permitted by applicable law recourse under, tort, misrepresentation or any other legal theory.
[Remainder of page intentionally left blank; signature page follows]
12
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
IN WITNESS WHEREOF, the Parties hereto have set their hands by their authorized representatives as of the year and date first hereinabove indicated.
SS&C GIDS, Inc. | ||
By: | /s/ Xxxx Xxxxxx | |
Name: | Xxxx Xxxxxx | |
Title: | Authorized Signatory | |
Manulife Private Credit Fund | ||
By: | /s/ Xxxxxxxxxxx Xxxxxxx | |
Name: | Xxxxxxxxxxx Xxxxxxx | |
Title: | Chief Legal Officer and Secretary |
13
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
List of Attachments
ADDENDUM 1 | Multi-Factor Authentication Services Terms and Conditions | |
SCHEDULE NO. 1 | DIGITAL INVESTOR | |
SCHEDULE NO. 2 | E-PRESENTMENT SERVICES | |
SCHEDULE NO. 3 | COMPOSITION SERVICES | |
SCHEDULE NO. 4 | VISION SERVICES | |
SCHEDULE NO. 5 | FAN MAIL SERVICES | |
SCHEDULE NO. 6 | INTERNET DEALER COMMISSIONS | |
ADDENDUM 2 | SECURITY REQUIREMENTS |
14
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
ADDENDUM 1
Terms and Conditions
Multi-Factor Authentication Services
Multi-Factor Authentication Services. SS&C will provide SS&C Multi-Factor Authentication (“MFA”) as one of the services provided to Customer pursuant to the terms of the governing agreement (the “Master Agreement”) between Customer and SS&C. Any terms not defined in these Terms and Conditions shall have the same meaning as the terms in the Master Agreement. In the event of any conflict between the terms and conditions of the Master Agreement and these Terms and Conditions, the provisions of these Terms and Conditions will control such conflict with respect to the services provided hereunder.
1. Customers’ Services Subscription. SS&C grants Customer a limited, revocable, non-exclusive, nontransferable right to use certain services of ThreatMetrix, Inc. (“ThreatMetrix”) (the “ThreatMetrix Services”), and any other materials or intellectual property SS&C provides to Customer in connection with the ThreatMetrix Services (the “ThreatMetrix Materials”), solely for Customer’s own internal business purposes, namely: (i) identity verification; (ii) mitigation of financial and business risk; (iii) detection, investigation, assessment, monitoring and prevention of fraud and other crime; and/or (iv) compliance with anti-money laundering (AML), counter-terrorism financing (CTF), anti-bribery and corruption (ABC) and similar laws, after implementation and configuration of Customer’s website, and subject to the terms and conditions of this agreement. Customer shall not: (i) interfere with or disrupt the integrity or performance of the ThreatMetrix Services or the ThreatMetrix Services Data contained therein; or (ii) attempt to gain unauthorized access to the ThreatMetrix Services or their related systems or networks. “ThreatMetrix Services Data” shall include the following: any technology embodied or implemented in the ThreatMetrix Services or ThreatMetrix Materials; any computer code provided by ThreatMetrix for Customer’s website or computer network; any hosting environment made accessible by Customer for purposes of obtaining the ThreatMetrix Services; any suggestions, ideas, enhancement requests, or feedback related to the ThreatMetrix Services; any user device data, Internet Protocol (IP) addresses, anonymous device information, machine learning data, user data persistent in the ThreatMetrix network, device reports, or transaction histories; and any corollaries, associations, and ThreatMetrix conclusions pertaining to or arising out of any of the foregoing. Customer will provide ThreatMetrix Services Data to ThreatMetrix as may be necessary for ThreatMetrix to provide to Customer the ThreatMetrix Services. Customer will take such actions as may be legally and technically necessary to allow ThreatMetrix to collect ThreatMetrix Services Data Customer decides to receive in connection with the ThreatMetrix Services.
2. Legal Compliance. Customer will use, and Customer will require that Customer’s customers use, the ThreatMetrix Services in compliance with applicable law including, without limitation, those laws related to data privacy, international communications, and the transmission of technical or personal data. Without limiting the generality of the foregoing, Customer will be responsible for any notifications or approvals required from Customer’s customers or, if applicable, clients of Customer’s customers, arising out of any use of the ThreatMetrix Services including, without limitation, those relating to any computer code deposited on any device and any information secured from such customers or clients (or their respective devices). Customer also will be responsible for compliance with laws and regulations in all applicable jurisdictions concerning the data of Customer’s customers or clients of Customer’s customers.
3. Ownership. As against Customer, ThreatMetrix (and its licensors, where applicable) owns all right, title and interest, including all related intellectual property rights, in and to the ThreatMetrix Services and ThreatMetrix Materials, any software delivered to Customer, any hosting environment made accessible by Customer, any technology embodied or implemented in the ThreatMetrix Services and ThreatMetrix Materials, any computer code provided by ThreatMetrix for Customer’s particular website and computer network, and any ThreatMetrix Services Data. The ThreatMetrix name, the ThreatMetrix logo, and the product names associated with the ThreatMetrix Services are trademarks of ThreatMetrix or third parties, and no right or license is granted to use them. All rights not expressly granted to SS&C are reserved by ThreatMetrix and its licensors, and Customer shall have no rights which arise by implication or estoppel.
4. Limitations. The ThreatMetrix Services analyze the activities and other attributes of devices used in transactions, and provide information, including device reports generated by the ThreatMetrix Services (“Device Reports”), based on the data analyzed and the policies Customer defines. The ThreatMetrix Services provide information as to whether a device contains attributes which correlate to a device(s) used in a fraudulent transaction, but do not determine the eligibility of any individual for credit. Customer acknowledges and agrees that ThreatMetrix does not intend that the Device Reports, or any ThreatMetrix Materials, be considered consumer reports subject to the federal Fair Credit Reporting Act (“FCRA”). Customer represents that it will not use the Device Reports (or any other data provided by ThreatMetrix) for making credit eligibility decisions or
15
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
for any other impermissible purpose listed in Section 604 of the FCRA (15 U.S.C. §1681b). In addition, Customer shall not, and shall not permit any representative or third party to: (a) copy all or any portion of any ThreatMetrix Materials; (b) decompile, disassemble or otherwise reverse engineer (except to the extent expressly permitted by applicable law, notwithstanding a contractual obligation to the contrary) the ThreatMetrix Services or ThreatMetrix Materials, or any portion thereof, or determine or attempt to determine any source code, algorithms, methods, or techniques used or embodied in the ThreatMetrix Services or any ThreatMetrix Materials or any portion thereof; (c) modify, translate, or otherwise create any derivative works based upon the ThreatMetrix Services or ThreatMetrix Materials; (d) distribute, disclose, market, rent, lease, assign, sublicense, pledge, or otherwise transfer the ThreatMetrix Services or ThreatMetrix Materials, in whole or in part, to any third party; or (e) remove or alter any copyright, trademark, or other proprietary notices, legends, symbols, or labels appearing on the ThreatMetrix Services or in any ThreatMetrix Materials.
5. Indemnification. Customer shall indemnify and hold harmless ThreatMetrix and its licensors, and each of their respective officers, directors, employees, attorneys and agents from and against any and all claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with: (i) any claim alleging that use of any information or data provided by Customer, any of Customer’s customers, or any individual or entity whose information Customer has indicated should be used in connection with the ThreatMetrix Services, infringes the rights of, or has caused harm to, a third party; (ii) any refusal to process any action requested by a user of a device based on Customer’s use of any Device Reports provided to Customer by the ThreatMetrix Services or Customer’s use of the ThreatMetrix Services; or (iii) Customer’s failure to provide data to ThreatMetrix in the format prescribed by ThreatMetrix.
6. Limitation of Liability. THE THREATMETRIX SERVICES INCLUDING, WITHOUT LIMITATION, THE DEVICE REPORTS, AND ANY OTHER SERVICES, ARE PROVIDED AS IS. THREATMETRIX HEREBY DISCLAIMS ALL OTHER REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, WITH RESPECT TO THE THREATMETRIX SERVICES AND THREATMETRIX MATERIALS INCLUDING, WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, AND ALL WARRANTIES THAT MAY ARISE FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE PRACTICE. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL THREATMETRIX’S AGGREGATE LIABILITY FOR ANY CLAIM OR COMBINATION OF CLAIMS EXCEED ONE HUNDRED UNITED STATES DOLLARS ($100). IN NO EVENT SHALL THREATMETRIX AND/OR ITS LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICES, THREATMETRIX MATERIALS, OR SUPPORT SERVICES INCLUDING, BUT NOT LIMITED TO, THE USE OR INABILITY TO USE THE SERVICES, THREATMETRIX MATERIALS, OR SUPPORT SERVICES, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE, EVEN IF THREATMETRIX HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7. Third-Party Rights. This agreement confers rights and remedies upon ThreatMetrix. The parties may not modify or terminate this agreement without the prior written consent of ThreatMetrix.
8. Customer Acknowledgements. Customer acknowledges and agrees that SS&C has engaged ThreatMetrix, Inc. as a third party vendor to provide some or all of the services hereunder and that SS&C disclaims all liability for the performance of the vendor’s services and will not be liable with respect to any claims for losses, damages, costs or expenses which may result directly or indirectly from such vendor’s delivery of the services hereunder.
16
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
SCHEDULE NO. 1
SERVICE EXHIBIT
For
DIGITAL INVESTOR PLATFORM SERVICES
1. | Services. Customer has requested, and SS&C will provide Digital Investor Services as one of the Digital Solutions Services pursuant to the terms of the Master Agreement for SS&C Digital Solutions Services (the “Agreement”) between Customer and SS&C. The Services are further described in the Statement of Work for Digital Investor Platform Development (“SOW”), attached hereto. Any terms not defined in this Service Exhibit shall have the same meaning as the terms in the Agreement. This Service Exhibit expressly incorporates by reference and is subject to the Agreement. In the event of any conflict between the terms and conditions of the Agreement and the terms and conditions of this Service Exhibit, the terms and conditions of this Service Exhibit will control such conflict with respect to the services provided hereunder |
2. | Destruction on Termination. Upon termination or expiration of this Service Exhibit, SS&C will: |
a. | Return any written, printed, or tangible materials supplied to SS&C by Customer in connection with the development of the enhanced web functionality for Customer that include Customer data. |
b. | Alternatively, with the written consent of Customer, SS&C may securely destroy any of the foregoing embodying Customer data (or the reasonably non-recoverable data erasure of computerized data) and, upon request, certify such destruction in writing by an authorized officer of SS&C supervising the destruction. |
SS&C may retain documents as is necessary to comply with its own document retention policies or as required by applicable law, or by a governmental or regulatory agency or body, in which case all such retained documents shall continue to be subject to the terms of this Service Exhibit.
3. | Definitions. For purposes of this Exhibit, the following additional definitions shall apply (in addition to all other defined terms in the Agreement): |
• | “Customer Web Site” shall mean the collection of electronic documents or pages residing on the computer system of Customer (or an Internet Service Provider (“ISP”) hired by Customer) connected to the Internet and accessible through the World Wide Web, where User may view information about the Funds and link to Digital Investor. |
• | “Multi-Factor Authentication” shall mean the User “out of band” (OOB) authentication process, utilized by Digital Investor, as governed by the terms in Addendum 1 attached hereto, whereby SS&C together with a third party service provider implements multi-factor authentication (“MFA”) security features enabling Users to enter contact information into a User security profile and establish a multi-factor authentication method for access to account data. MFA authentication will enable Users to configure or update MFA security profiles, including preferred method for MFA notifications, whereby a temporary one-time authentication code is sent to the User via SMS text message or email, which the User then enters into the application. |
• | “Shareholder” shall mean the record owner or authorized agent of the owner of shares of a Fund. |
4. | Acceptance Process. In accordance with a mutually agreed upon project milestones and timeline, Customer and SS&C will review and/or test each phase of the services and each deliverable contemplated by this Service Exhibit requiring acceptance within the period set forth within the SOW attached hereto. |
5. | Project Changes. During this Service Exhibit Customer may request changes in Services (hereinafter collectively “Changes”). Any Changes agreed to by SS&C will be in writing signed by a duly authorized representative of each party, and function as an addendum to and be incorporated as part of the Service Exhibit. Changes may result in an increase or decrease in the fees for a project and/or adjustment of the delivery date as mutually agreed to by the parties and may require adjustments to the SOW or a separate SOW altogether. As part of its approval, SS&C may condition any Change on an increase in the payments to be made for the Services and a new work schedule if SS&C believes in good faith that such Change necessitates a change in the work schedule and SS&C will incur additional costs to implement such Change. |
17
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
6. | Deliverables. Customer acknowledges and agrees that it obtains no rights in or to any of the Deliverables other than as provided herein. Customer shall be entitled to use such Deliverables, as outlined in the SOW attached hereto, solely in conjunction with its use of the Services and shall not be used to connect Customer to any transfer agency system or any other person without SS&C’s prior written approval. Customer also agrees not to take any action which would mask, delete or otherwise alter any on-screen disclaimers of SS&C or its Affiliates (including electronic forms which Users are required to accept) and copyright, trademark and service mark notifications provided by SS&C or its Affiliates from time to time, or any “point and click” features relating to User acknowledgment and acceptance of such disclaimers and notifications. |
7. | SS&C Responsibilities. The Services hereunder shall include: |
Development Responsibilities.
SS&C shall perform the Services to configure and implement certain enhanced web functionality on Customer’s website. Implementation will include the functions described more fully in the attached SOW.
On-going Support Responsibilities.
SS&C will provide the following support and maintenance services:
i. | Maintaining the enhanced web infrastructure and associated disaster relief environments |
ii. | Updates to the common enhanced web software as needed to maintain compatibility with API’s |
iii. | Updates required by changes that SS&C chooses to make to the core enhanced web platform or hardware infrastructure that were not requested by Customer |
iv. | Access to the SS&C help desk and other online support as required and above the SS&C support layer |
v. | Ongoing research and development of new features, functions, and interfaces |
vi. | Update as needed to maintain functionality with most recent browser updates as defined by the SS&C browser compatibility schedule |
vii. | Updates as required to the Digital Investor main and disaster recovery environments |
viii. | In connection with Multi-Factor Authentication: |
a. | maintain User security profile information; |
b. | receive and route User login requests to an authentication risk engine for evaluation, issuing challenge responses when risk factors are identified in login attempt; |
c. | generate random authentication codes to be sent via Users’ registered contact methods, and require User to successfully enter valid authentication codes to gain access; |
d. | during instances of time to time downtime for planned maintenance or unavailability of the authentication risk engine, continue authentication by issuing challenges to all Users attempting logins until the maintenance window or unavailability of the authentication risk engine has concluded. |
8. | Customer Responsibilities. In addition to performing all customer responsibilities as set forth in the Agreement and this Service Exhibit, Customer shall be responsible for providing timely feedback, testing and approvals to SS&C in connection with the foregoing Services and shall provide SS&C with such other written instructions as SS&C may request from time to time relating to the performance of SS&C’s obligations hereunder. |
9. | Fees. The fees payable to SS&C by Customer for the Services under this Service Exhibit are set forth on the attached Fee Schedule. |
18
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
STATEMENT OF WORK
for
DIGITAL INVESTOR PLATFORM DEVELOPMENT
This Statement of Work (“SOW”) shall be incorporated into and governed by the terms and conditions of the Master Agreement for SS&C Digital Solutions Services, between Customer and SS&C (the “Agreement”) and the Service Exhibit for Digital Investor Platform Services. Phrases defined in the Agreement or the Service Exhibit for Digital Investor Platform Services and used in this SOW have the same meaning when used here as they do when used in the Agreement or the Service Exhibit for Digital Investor Platform Services. In the event of any conflict between the terms and conditions of this SOW and the Agreement or Service Exhibit for Digital Investor, the terms and conditions of this SOW shall govern.
1. | Development Services |
Digital Investor Platform Development Services will be based upon the elements mutually agreed to between Customer and SS&C, as set forth in the Initial Professional Service Schedule – Digital Investor Pages, and product specification documents. To assist with the development of the Digital Investor Platform, SS&C will be using standard components, functions, and business rules of Digital Investor Platform as a baseline for requirements and development. In some cases, excluding and/or removing functionality from the Digital Investor Platform standard components may be detrimental to the project from a cost or timeline perspective. As these functions are identified, they will be disclosed to Customer to determine whether the given functions should be included or excluded from scope with any impact to timeline or fee schedule.
Scope of Professional Services
Digital Investor Platform Professional Services are provided by SS&C and consists of implementation, configuration, consulting and other programming-related services (collectively “Professional Services”), as further described below, in connection with Customer’s use of the Digital Investor Web Site, the Digital Platform, and other SS&C products or systems.
The new Digital Investor screens and workflows will be compatible with existing SS&C the Digital Platform API services for access to recordkeeping system data and processes. Professional Services will allow the screens to be built to current design, coding and mobile accessibility standards, and to provide an enhanced end-user experience.
Customer’s Digital Investor web site will include all of the features and functionality listed in the Initial Professional Services Schedule, including the custom options listed. Wording and content changes on the site will be accommodated as reasonably requested by Customer in accordance with the platform requirements. For non-custom functions listed, Professional Services will develop the site per the production specifications for the Digital Investor Platform, incorporating Customer’s options, and styling and branding information.
SS&C and Customer may at any time agree to additions, deletions or modifications to Customer’s web site design via a Change Order.
Customer will be provided with an intake form to provide styling and branding information, such as high resolution logos, preferred fonts, colors, as well as disclaimer text, footer links, and other styling and customization data. Customer agrees to return the completed intake form within five (5) business days unless otherwise arranged.
Custom Options: For Landing Page and Asset Allocation, Professional Services will leverage industry practices and recommended Digital Investor screens and workflows. Estimates in the Fee Schedule attached hereto are based upon these industry practices, screens and workflows. This estimate includes one working design session plus a final review. Customer will give consideration to the Digital Investor recommended workflows and process as a solution for these requirements. Any material changes to the workflows or process will be discussed as part of these working sessions and will be mutually agreed upon by both Customer and Professional Services; Professional Services will assess any possible impact to project timeline and costs. Any changes to these workflows will follow the project change control process.
Professional Services will perform testing of Customer’s platform to determine its (i) conformity with the standards of certain frequently used browsers; and (ii) mobile devices, in accordance with standard practices. Please note that responsive design is an approach to web design aimed at providing an optimal viewing experience across a very wide range of devices. Some functionality may contain data elements or screen structures (tables) that are not optimal for smaller screen sizes. These features will be functional but are optimized to the extent possible given the restrictions of the screen.
19
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Change control for Professional Services will be governed by an industry standard change management process. In general, any revised and/or new workflows will be mutually agreed upon by Customer and Professional Services.
User Acceptance Testing. User Acceptance Testing (“UAT”) will be completed by Customer. SS&C agrees to provide resource allocations if necessary that are adequate to complete first round and second round (defect remediation testing) of testing per the project schedule.
Bug Tracking: Professional Services employs industry standard web-based bug tracking tools, project management, and workflow management (change control, release management). Customer as well as the UAT team will employ the bug tracking tool to report defects, request changes, and other project-related workflows.
The screens, workflows, and functions to be included in Digital Investor Platform- Initial Professional Services for Customer’s secure account access site are outlined in the Initial Professional Services Schedule.
2. | Advanced Bank Account Verification |
If requested by Customer and subject to a separate Service Exhibit, SS&C will make available an advanced bank account validation service to replace the paper forms and related medallion guarantees in use currently. The advanced bank account validation service will be provided by a third party vendor in conjunction with the Digital Investor Platform. The bank account validation functionality will allow Users to verify a new bank account by providing a certain account information or credentials from their bank. SS&C will transmit such inquiry to vendor to evaluate User’s bank information. The terms of use associated with advanced bank account validation services will be incorporated in a separate service exhibit. In order to receive the advanced bank account verification service, Customer acknowledges and agrees that Customer and Users must agree to comply with the contract terms and conditions required by the vendor. For the avoidance of doubt, SS&C and the vendor are each independent entities and not employees, agents, partners, joint venturers or legal representatives of the other. SS&C disclaims all liability for the performance of the vendor’s services and will not be liable with respect to any claims for losses, damages, costs or expenses which may result directly or indirectly from vendor’s delivery of the advanced bank validation services in connection with the Digital Investor Platform.
3. | MFA Authentication |
SS&C will make available a digital User identity and access management service to authenticate Users in connection with additional services. Subject to the terms of Addendum 1, SS&C together with a third party service provider will implement MFA Authentication security features enabling Users to enter contact information into a User security profile and establish a multi-factor authentication method for access to account data, subject to terms required by the third party service provider. Development of MFA Authentication will enable Users to configure or update MFA security profiles, including preferred method for MFA notifications, whereby a temporary one-time authentication code is sent to the User via SMS text message or email, which the User then enters into the application.
4. | Browser Support |
SS&C will perform testing of Customer’s website to determine its (i) conformity with the standards of certain frequently used browsers; at the start of the project and then annually, if on-going support services are elected by Customer1; and (ii) its functionality on certain mobile devices. Such testing will be performed in accordance with SS&C’s E-Business Solutions Graded Browser Support standards.
5. | Web Analytics |
If selected by Customer, the Web Analytics solution will employ a web-based analytics tracking tool on the platform. Web Analytics solution applies automated technology to generate reports on certain User behavior and interaction within the Digital Investor site at a demographic level. In addition to the rights and restrictions set forth in the Agreement and this SOW, with respect to the Web Analytics functionality of Digital Investor and collection of related data, Customer’s use of Web Analytics services may depend upon compliance with terms and conditions for integrated third party Web Analytics applications. Such third party terms and conditions may require, without limitation: i) incorporation of third party application
20
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
privacy terms by reference into the privacy policy made available to Users on Customer’s Digital Investor web site; ii) provision by Customer to its Users of any legally required notice, or collection by Customer of any legally required User consent, for such data collection or use; and iii) Customer’s presentation of an opportunity to each User to opt out of the collection or use of data in connection with the Web Analytics services; in each case in compliance with applicable laws, to allow SS&C or applicable third party to collect and use such data in connection with providing Web Analytics services to Customer.
The Services included represent SS&C’s standard offering and do not include customization. If Customer requests changes to the Services then the parties agree to enter into a separate SOW and such Services may affect the established project timeline and fees in this SOW.
Fees. The fees payable to SS&C by Customer for the Services under this Statement of Work are set forth on the Statement of Work Fee Schedule attached hereto. Fees will be invoiced based upon mutually agreed project milestones. SS&C and Customer will work together to ensure that the estimated fee is not exceeded without prior consent. SS&C will notify Customer if SS&C believes that the estimated fee will be exceeded.
21
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
STATEMENT OF WORK – INITIAL PROFESSIONAL SERVICES SCHEDULE
for
DIGITAL INVESTOR PAGES
The following screens, workflows and functions are included in the Digital Investor Platform initial build:
Digital Investor Implementation
The following represents the recommended features for a Digital Investor implementation. These take into account the existing features offered to existing shareholders while also adding new features to the platform. The pricing listed takes into account scope and tasks necessary to include these features or remove them from the build.
Web Accessibility |
| |||
WCAG 2.1 Level AA |
X | |||
Secured Account Access |
||||
Enhanced Security Profile (ThreatMetrix) |
||||
Register New User |
X | |||
Secure Login |
X | |||
Advanced Authentication with Out of Band Authentication |
X | |||
Retrieve User ID |
X | |||
Reset Password (Advanced work flow using MFA) |
X | |||
Account Inquiry |
| |||
Display Portfolio Summary |
X | |||
Enhanced Portfolio Display (Hide Zero Balance Accounts, Set Portfolio Sort Order) |
X | |||
View Transaction History with Filtering |
X | |||
View Statements/Tax Forms/Confirmations |
X | |||
Consent for eDelivery |
X | |||
View Pending Transactions |
X | |||
Site Map |
X | |||
Account Nicknames & Icons |
X | |||
Welcome Back Banner |
X | |||
Cost Basis |
| |||
View Cost Basis Activity (Unrealized & Realized Gain/Loss) |
X | |||
Beneficiary Information |
| |||
View Beneficiary & Transfer on Death (XXX) Beneficiary |
X | |||
Beneficiaries - Add/Change/Delete |
||||
Purchase |
| |||
Fiduciary |
X | |||
Non-Fiduciary |
||||
Redeem |
| |||
Fiduciary |
X | |||
Non-Fiduciary |
||||
Exchange |
| |||
Fiduciary to Fiduciary |
X | |||
Non-Fiduciary to Fiduciary |
||||
Non-Fiduciary to Non-Fiduciary |
X |
22
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Systematics |
| |||
Systematic Purchase – View/Add/Change |
X | |||
Systematic Exchange – View/Add/Change |
||||
Systematic Redeem – View/Add/Change |
X | |||
Pending Trades |
| |||
Cancel Pending Trades |
X | |||
Beneficiaries - Add/Change/Delete |
||||
Account Maintenance |
| |||
Change Username |
X | |||
Change Password |
X | |||
Update Security Profile (SMS Number and/or E-mail for OOB) |
X | |||
Contact Information |
||||
Address of Registration - View/Change |
X | |||
Telephone Number - View/Add/Change |
X | |||
Email Address - View/Add/Change |
X | |||
Distribution Options - View/Change |
X | |||
Messaging Framework |
| |||
Informational Messages (Pre-Authentication) |
X | |||
Index Page Only |
X | |||
Broadcast Messages (Post-Authentication) |
||||
Secure Inbox |
||||
Enhanced Insights and Marketing Messages |
||||
Message at Log out |
||||
Additional Options |
| |||
Operator ID |
X | |||
Analytics Enabled & Basic Reports |
X | |||
AWD Integration |
||||
Courtesy E-mails |
X | |||
Year to Date Tax Information |
||||
Duplicate Statements & Tax Forms |
||||
View Dealer Information |
X | |||
Calculate Historical Balance |
X |
23
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
SCHEDULE NO. 2
SERVICE EXHIBIT
for
E-PRESENTMENT SERVICES
This “Service Exhibit” for e-Presentment Services (“Services”) is entered into by and between Customer and SS&C. This Service Exhibit is an exhibit to the Master Agreement for SS&C Digital Solutions Services by and between SS&C and Customer (the “Agreement”). This Service Exhibit expressly incorporates by reference and is subject to the Agreement. Any terms not defined in this Service Exhibit shall have the same meaning as the terms in the Agreement. In the event of any conflict between the terms and conditions of the Agreement and the terms and conditions of this Service Exhibit, the terms and conditions of this Service Exhibit will control such conflict with respect to the services provided hereunder.
1. | Definitions |
Unless otherwise defined herein, all capitalized terms shall have the meaning set forth in the Agreement.
“Application” means the Services applications as set forth in this Services Exhibit.
“Consent” means End-Users expressed consent to access and retrieve document information, including periodic statements, financial information, disclosure, tax, or confirmation documents, or marketing materials, electronically.
“Development Documents” means any of the following documents: System Requirements Document, Project Development Estimate, Project Requirements Document or any other mutually agreed to document describing the development activities.
“Document” means the equivalent electronic rendition of a single customer communication to an End-User as identified in this Services Exhibit, including, but not limited to statement, xxxxxxx notice, check image, report, trade confirmation, or tax document.
“Document Type” means the documents set forth in Development Documents for which the Services will be provided.
“End-User” means (i) Customer’s authorized representatives and (ii) Customer’s customers that have provided Consent to access electronic Applications provided by SS&C via the Internet.
“Image” means the equivalent of impression that would be applied to one side of a single sheet in a simplex print-processing environment.
“Services” means the services described in this Services Exhibit.
2. | Description of Services |
2.1 | SS&C will provide the following Services (“Services”): |
a. | Load All – Document load, storage and CSR web presentment: SS&C will load Documents into its electronic Application (“SS&C Archive”). Documents will be stored for thirty-six (36) months or until the Agreement is terminated, whichever is earlier, following the load date of Documents. SS&C shall properly destroy Documents on its system once SS&C is no longer obligated to maintain such Documents, as set forth herein. All loaded Documents will be available online for CSR viewing, regardless of whether or not the End-User has provided Consent for delivery of Documents. |
b. | Consented Load Only – Document, load, storage and CSR web presentment: SS&C will load Documents for End-Users who have provided Consent for electronic delivery of Documents into its electronic Application (“SS&C Archive”). Documents will be stored for thirty-six (36) months or until the Agreement is terminated, whichever is earlier, following the load date of Documents. SS&C shall properly destroy Documents on its systems once SS&C is no longer obligated to maintain such Documents, as set forth herein. All loaded Documents will be available online for CSR viewing. |
24
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
c. | Presentment Hosting: SS&C will provide a hosted environment to enable Consumer Presentment, Secure eMail and CSR web presentment. Application hosting includes managing the hardware and software environment, the capacity to support presentment, as well as creation, delivery and management of email notifications. |
2.2 | As requested by Customer and upon payment of additional fees, SS&C will provide the following optional services: |
a. | Statement Presentment via Web Services: Up to thirty-six (36) months of Documents for End-Users, excluding, if applicable, any third party intermediaries such as agents, who have not provided Consent or elected paper suppressions, will be made available via a standard web services request from Customer’s website. All loaded Documents will be available online for CSR viewing, regardless of whether or not the End-User has provided Consent for delivery of electronic Documents. |
b. | Statement Presentment for End-Users via SS&C hosted services: SS&C will develop Customer branded web pages for electronic presentment of Documents to End-Users, excluding third party intermediaries such as agents, who have provided Consent. SS&C will provide “document available” email notifications to End-Users indicating that a Document is available online for viewing. This service includes Customer defined requirements for retries of email notifications, as well as spam and bounce management capabilities as defined in the applicable Development Documents. SS&C will make available to Customer, via a report accessible through its ePriority portal, a list of undeliverable email addresses. |
c. | Dealer Viewing via VISION: Up to thirty-six (36) months of electronic Documents for third party intermediaries such as dealers will be available via SS&C Systems’ VISION application. |
d. | Consent and Suppression: SS&C will provide Customer branded web pages for the collection of End-User Consent for electronic delivery of Documents and suppression of paper based delivery. |
e. | Extended Storage of Documents in SS&C Archive: Customer must notify SS&C in writing 60 days in advance of the end of any 36 month retention period expiration of Customer’s desire to have Documents stored for additional months. Documents will continue to be retained so long as Customer has not made a request in writing to terminate Extended Storage. SS&C shall properly destroy Documents on its system after the required storage period has ended and SS&C is no longer obligated to maintain such Documents, as set forth herein. |
f. | eMail Notifications: SS&C will create and send an email with content provided by Customer, to Consented End-Users with the email addresses contained in the consent database or as otherwise provided by Customer. eMail delivery occurs after Documents are loaded into the Application and released or made available for viewing. This Service includes Customer defined requirements for eMail retries, spam and bounce management capabilities. SS&C will make available to Customer, via a report accessible through its ePriority portal, a list of undeliverable email addresses. |
g. | Regulatory eMail Notifications: SS&C will create and send an email, with links to respective regulatory documents with content provided by Customer, to Consented End-Users with the email addresses contained in the consent database or as otherwise provided by Customer. eMail delivery occurs after email samples are approved and released for delivery by Customer. This Service includes Customer defined requirements for eMail retries, spam and bounce management capabilities. SS&C will make available to Customer, via a report accessible through its ePriority portal, a list of undeliverable email addresses. |
h. | Document Load from Customer’s Historical Archive: SS&C will process Customer’s historical data along with an index file as described in applicable Development Documents. SS&C will load the data |
25
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
into its electronic Application (“SS&C Archive”). The data will be stored for thirty-six (36) months or until the Agreement is terminated, whichever is earlier following the load date of Documents. SS&C shall properly destroy Documents on its system once SS&C is no longer obligated to maintain such Documents, as set forth herein. All Documents will be available online for CSR viewing, regardless of whether or not the End-User has provided Consent. |
i. | Marketing eMails to Customer’s customers: SS&C will create and send emails containing content provided by Customer to the email addresses contained in an email request via batch file or web services as provided by Customer. eMail delivery occurs after each email file is released. This Service includes Customer defined requirements for eMail retries, spam and bounce management capabilities. SS&C will make available to Customer, via a report accessible through its ePriority portal, a list of undeliverable email addresses. This Service is intended for emails sent to Customer’s customers for any business related communication, and is specifically not available for solicitation purposes. |
2.3 | Development Documents |
The Development Documents describe all requirements for customization of the Services, the web site, and other systems and software utilized in connection with performance of the Services. Customer will comply with the terms of the Development Documents that describe any project assistance that may be required for completion of deliverables described in the Development Documents. The Services may also include such additional services and/or customization of the Services as may be mutually agreed upon by the Parties from time to time. Each such additional service and/or customization, together with such additional pricing, fees, expenses, terms, conditions, as mutually agreed by the Parties, shall be detailed in separate Development Documents that will be annexed to and made a part of this Services Exhibit.
2.4 | Composition/ Print Services |
Under this Service Exhibit, SS&C will not provide direct composition or print services. Customer will be required to either: (i) enter into an agreement with SS&C for direct composition or print services via a service exhibit for Composition Services, or (ii) find and enter into an agreement with a separate third party provider for any direct composition and print services it requires. If Customer enters into an agreement with SS&C for direct composition and/or print services, the terms of that service exhibit will govern. If Customer enters into an agreement with a third party provider for direct composition and/or print services Customer must notify SS&C and provide written confirmation for SS&C to send the applicable data files to the third party provider for direct composition and/or print services. Once the third party provider has completed composition of the applicable data files, SS&C will be available to receive the composed images back from the third party provider for Customer’s presentment needs under this Schedule.
3. | Delivery of Data for Processing, Schedules and Data Requirements |
Customer will transmit via a mutually agreed upon method and on an agreed upon schedule.
Delivery of the Customer Data to the SS&C production facility will be via the format, protocols and formatting instructions set forth in the agreed Development Documents and Customer Data must fulfill the requirements identified in the Development Documents.
SS&C will have no responsibility for delays or errors resulting from Customer’s failure to provide Customer Data correctly. Customer may, at its option, transmit Customer data before Customer has made a final accuracy check. Therefore, SS&C will hold all production until a written or electronic release has been issued by Customer. Should retransmissions be necessary or a release be issued that is later rescinded, Customer shall pay SS&C the applicable processing Fees, (i.e., Load All, Statement Presentment, and Electronic Distribution and Notification fees), for any work performed prior to rescission at the rates set forth in the Pricing Attachment.
26
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
4. | Obligations and Conditions of Services |
4.1 | SS&C assumes no responsibility for the business results achieved from use of the Services or errors or interruptions caused by third parties, including but not limited to (i) failures attributable to user errors or misuse of the Services, (ii) failures to use corrections supplied by SS&C, or (iii) modifications by Customer or any third party. SS&C makes no warranty with respect to the performance of third parties such as web portals, automated clearing houses, financial institutions, and other internet service providers and telecommunication carriers, or as to the reliability, security or performance of the internet. |
4.2 | Customer will promptly notify SS&C of any suspected fraudulent activity of which Customer may become aware during the Term. Customer will only use the Services provided under this Service Exhibit for the purposes contemplated herein. |
4.3 | Customer will notify SS&C in writing immediately if it becomes aware of any claim of loss or liability by a third person related to a Service. |
5. | Fees |
The fees payable to SS&C by Customer for the Services under this Service Exhibit are set forth on the Fee Schedule attached to this Service Exhibit.
27
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
SCHEDULE NO. 3
SERVICE EXHIBIT
for
COMPOSITION SERVICES
This is a “Service Exhibit” for Composition Services (“Services”) entered into by and between Customer and SS&C made a part of the Master Services Agreement by and between Customer and SS&C (“Agreement”). Unless specifically stated otherwise, all terms, covenants and conditions described in the Agreement are incorporated herein by reference as if the same had been described herein in full. In the event of a conflict between the terms set forth in this Services Schedule and the Agreement, the terms of this Service Exhibit shall govern.
1. | Definitions |
Unless otherwise defined herein, all capitalized terms shall have the meaning set forth in the Agreement.
“Development Documents” means any of the following documents: System Requirements Document, Project Development Estimate, Project Requirements Document or any other mutually agreed to document describing the development activities.
“Document” means the equivalent electronic rendition of a single customer communication as identified herein or in the Development Documents, including, but not limited to statement, xxxxxxx notice, check image, report, trade confirmation, or tax document.
“Document Type” means the types of Documents set forth in Development Documents for which the Services will be provided.
“Format” means SS&C will structure the input data provided by Customer’s recordkeeping system so as to present the information organized and arranged according to Customer’s requirements as detailed in the Development Documents.
“Image” means the equivalent of impression that would be applied to one side of a single sheet in a simplex print-processing environment.
“Services” means the services described in this Services Schedule.
2. | Description of Services |
2.1 | SS&C will provide the following Services (“Services”): |
a. | Data Processing –Documents: SS&C will process Customer’s data, format, and index the data in a design and Format the data to support the electronic presentment and delivery of Documents or delivery of such Documents to a print vendor of Customer’s choice. The Services will include: (i) composition and electronic creation of all Document Types (as defined in below); (ii) creating, archiving, and maintaining electronic Images of each composed and created Document Type; and (iii) making available Document Types to a print vendor or electronic present vendor of Customer’s choice. |
b. | Development of Document Type Templates. As part of the Services, SS&C shall create and maintain the format, design and content for each Document Type (each, a “Document Type Template”) in accordance with Customer’s requirements. Customer may request SS&C to create new Document Type Templates and/or to modify a Document Type Template (each, a “Document Type Template Development/Modification Request”). SS&C shall create and/or modify Document Type Templates and Customer shall evaluate and either accept or reject such Document Type Template in accordance with the process set forth in Annex 1 attached hereto. Once created and approved by Customer, all Document Type Templates shall be maintained by SS&C in accordance with this Service Schedule. |
28
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
2.2 | Development Documents |
The Development Documents describe all requirements for customization of the Services, the web site, and other systems and software utilized in connection with performance of the Services. Customer will comply with the terms of the Development Documents that describe any project assistance that may be required for completion of deliverables described in the Development Documents. The Services may also include such additional services and/or customization of the Services as may be mutually agreed upon by the Parties from time to time. Each such additional service and/or customization, together with such additional pricing, fees, expenses, terms and conditions, all as mutually agreed by the Parties, shall be detailed in separate Development Documents that will be annexed to and made a part of this Service Exhibit.
3. | Delivery of Data for Processing, Schedules and Data Requirements |
Customer will transmit via a mutually agreed upon method and on an agreed upon schedule.
Delivery of the Customer Data to the SS&C production facility will be via the format, protocols and formatting instructions set forth in the agreed Development Documents and Customer Data will fulfill the requirements identified in the Development Documents.
SS&C will have no responsibility for delays or errors resulting from Customer’s failure to provide Customer Data correctly. Customer may, at its option, transmit Customer data before Customer has made a final accuracy check. Therefore, SS&C will hold all production until a written or electronic release has been issued by Customer. Should retransmissions be necessary or a release be issued that is later rescinded, Customer shall pay SS&C the applicable processing Fees, for any work performed prior to rescission at the rates set forth in the Pricing Attachment.
4. | Obligations and Conditions of Services |
4.1 | SS&C assumes no responsibility for the business results achieved from use of the Services or errors or interruptions caused by third parties, including but not limited to (i) failures attributable to user errors or misuse of the Services, (ii) failures to use corrections supplied by SS&C, or (iii) modifications by Customer or any third party. SS&C makes no warranty with respect to the performance of third parties such as web portals, automated clearing houses, financial institutions, and other internet service providers and telecommunication carriers, or as to the reliability, security or performance of the internet. |
4.2 | Customer will promptly notify SS&C of any suspected fraudulent activity of which Customer may become aware during the Term. Customer will only use the payment services for the purposes contemplated herein. |
4.3 | Customer will notify SS&C in writing immediately if it becomes aware of any claim of loss or liability by a third person related to a Service. |
5. | Fees |
SS&C will perform the Services in exchange for the Fees set forth in the Fees Exhibit attached hereto as Exhibit A.
29
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Annex 1
Document Type Template Creation/Modification Process
1. At any time during the Term, Customer may submit a Document Type Template Development/Modification Request to SS&C. Each Document Type Template Development/Modification Request will be in writing and will set out Customer’s reasonable requirements related thereto.
2. SS&C will submit to Customer: (i) as soon as reasonably possible after receiving a Document Type Template Development/Modification Request, but in no event more than five (5) Business Days after receipt of complete requirements, a written proposal for performance of the Development Request (“Document Type Development Request Proposal”), which shall include the following: (1) a description of the tasks to be performed by SS&C; (2) the applicable specifications; (3) the completion date for each task and for each deliverable; (4) the specific resources to be provided by SS&C by project discipline for the performance of the Document Type Development Request; and (5) the applicable fees due to SS&C.
3. If Customer accepts a Document Type Development Request Proposal, SS&C will perform the Document Type Development Request in accordance with the agreed upon terms and requirements set forth in such Document Type Development Request Proposal and the terms and conditions of this Service Schedule (collectively, the “Development/Modification Terms”).
30
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
SCHEDULE NO. 4
SERVICE EXHIBIT
for
VISION SERVICES
1. | Vision Services. Customer has requested, and SS&C will provide Vision Services as one of the Digital Solutions Services pursuant to the terms of the Master Agreement for SS&C Digital Solutions Services (the “Agreement”) between Customer and SS&C. The Vision Services (the “Vision Services”) consist of the services provided by SS&C utilizing the Digital Platform, the Vision Web Site, the Distribution Support Services Web Site, the Internet, and other systems provided by SS&C and telecommunications carriers, whereby Users may view account information related to a Customer’s Financial Products or submit Transaction requests directly to the Financial Product’s transfer agent via the Internet, as described further in this Service Exhibit. |
2. | Definitions. For purposes of this Exhibit, the following additional definitions shall apply (in addition to all other defined terms in the Agreement): |
• | “Customer Web Site” shall mean the collection of electronic documents or pages residing on the computer system of Customer (or an Internet Service Provider (“ISP”) hired by Customer) connected to the Internet and accessible through the World Wide Web, where Users may view information about the Financial Products and access the various Transaction screens made available through Vision Services. |
• | “Distribution Support Services Web Site” shall mean the collection of electronic documents or pages residing on the SS&C controlled World Wide Web address (currently, xxxxx://xxx.xxxxxx.xxx), linked to the Internet and accessible through the World Wide Web, which Customer may access to view information about Users and approve/deny access requests by Users. |
• | “Financial Products” shall mean mutual funds, or real estate investment trusts or limited partnerships or other similar financial products, and “Financial Product Units” or “Units” shall mean the shares or units of a Financial Product held by a record owner. |
• | “Transactions” shall mean new account establishment, account inquiries, purchases, redemptions through Automated Clearing House, fed wire, or check to the address of record for the Financial Product account, exchanges, maintenance and other transactions offered from time to time through Vision Services. |
• | “Unit Holder” shall mean the record owner of Financial Product Units. |
• | “User(s)” shall mean the authorized agents, selling agents and other intermediaries (i.e., broker/dealers, registered investment advisors or registered representatives) acting on behalf of record owners of Units of a Financial Product whom Customer has authorized to use Vision Services. |
• | “Vision Web Site” shall mean the collection of electronic documents or pages residing on the SS&C controlled World Wide Web address (currently xxxxx://xxx.xxxxxxxxx.xxx), linked to the Internet and accessible through the World Wide Web, which Users may access to view account information or to request Transactions on behalf of the record owners for whom they are acting. |
• | “Vision Implementation Procedures” shall mean the optional features and functions of Vision Services which are selected by Customer, and the processes needed to activate these functions, for the various components of Vision Services, a copy of which has been provided to Customer. |
3. | SS&C Responsibilities. In connection with its performance of Vision Services, SS&C shall: |
(a) | receive Transaction requests electronically transmitted by Users to the Vision Web Site via the Internet and route Transaction requests through the Digital Platform to Customer’s transfer agency system; |
(b) | deliver to Customer a Vision Implementation Procedures instruction form; |
(c) | provide all computers, telecommunications connectivity and equipment reasonably necessary at its facilities to operate the Digital Platform, the Vision Web Site and the Distribution Support Services Web Site; |
(d) | deliver a monthly billing report to Customer, which shall include a report of Transactions, by type, processed through Vision Services; |
(e) | provide Multifactor Authentication, subject to the terms set forth in Addendum 1 |
(f) | perform all other SS&C obligations as set forth in the Agreement. |
31
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
4. | Customer Responsibilities. In connection with its use of Vision Services, Customer shall: |
(a) | provide the Vision Implementation Procedures to SS&C for each Financial Product in writing on forms provided by SS&C and update the Digital Solutions Options in writing as required by Customer from time to time (Vision is offered in a generic format with limited Financial Product customization, as described in the Vision Implementation Procedures); |
(b) | provide SS&C with such other written instructions as it may request from time to time relating to the performance of SS&C’s obligations hereunder; and |
(c) | perform all other Customer obligations as set forth in the Agreement. |
As a condition of a User’s access to the Vision Services, Customer acknowledges that each User must comply with all User Enrollment and Authorization Procedures described in the Authentication Procedures Section of this Vision Exhibit.
If Customer chooses to allow Users to use the Vision Services via Customer’s Web Site, Customer shall also:
(d) | provide all computers, telecommunications equipment and other equipment and software reasonably necessary to develop and maintain the Customer Web Site; and |
(e) | design and develop the Customer Web Site functionality necessary to facilitate and maintain the hypertext links to the Vision Web Site and the various related web pages and otherwise make the Customer Web Site available to Users. |
5. | Customer Controlled Marketing Content. Through the Vision Web Site, SS&C provides Customer the ability to post content (plain text or HTML) including hypertext links to other Web sites, that is displayed and viewable to all Users authorized by Customer. The use of this feature of Vision Services is optional, at the discretion of Customer, and subject to the following terms and conditions: |
(a) | Customer is solely responsible for any and all content and hypertext links displayed in the Customer-Controlled Content Areas of the Vision Web Site. |
(b) | Customer is solely responsible for compliance with all legal and regulatory requirements which may apply to content and hypertext links in the Customer-Controlled Content Areas of the Vision Web Site, including, but not limited to copyright, trade secret and intellectual property laws and federal and state securities laws which may apply to the promotion of mutual fund products and securities or other Financial Products, as applicable, electronically and over the Internet. |
(c) | SS&C reserves the right, but has no duty, to electronically monitor the Customer-Controlled Content Areas of the Vision Web Site for adherence to the terms of this Agreement and may disclose any and all data and information posted to the Customer-Controlled Content Areas of the Vision Web Site to the extent necessary to protect the rights or property of SS&C, its affiliates or licensees, or to satisfy any law, regulation or authorized governmental request. |
(d) | SS&C reserves the right, but has no duty, to prohibit conduct, promotional material, hypertext links to certain sites, comments, responses or any communication, data, information or content posted to the Customer-Controlled Content Areas of the Vision Web Site which it deems, in its sole discretion, to be harmful to SS&C, its customers or any other person or entity. |
(e) | Customer acknowledges that SS&C cannot ensure editing or removal of any inappropriate, questionable or illegal content posted to the Customer-Controlled Content Areas of the Vision Web Site or to any site on the Internet accessed from a hypertext link at the Customer-Controlled Content Areas of the Vision Web Site. Accordingly, Customer agrees that SS&C has no liability for any action or inaction with respect to content or hypertext links posted to or deleted from the Customer-Controlled Content Areas of the Vision Web Site and Customer shall indemnify and hold SS&C harmless from and against any and all costs, damages and expenses (including attorney’s fees) arising out of the posting of content or hypertext links at the Customer-Controlled Content Areas of the Vision Web Site. |
6. | Change in Designated Financial Products. Upon ten (10) business days prior notice to SS&C, Customer may change the Financial Products designated to participate in Vision Services by delivering to SS&C, in writing, a revised list of participating Financial Products. |
32
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
7. | Indemnity for Actions of Users. Customer acknowledges that the use of Vision by Users to conduct Transactions on behalf of Unit Holders presents risks arising from the actions of such Users. Accordingly, Customer hereby indemnifies and holds SS&C harmless from, and shall defend it against any and all claims, demands, costs, expenses and other liabilities, including reasonable attorneys’ fees, arising out of financial or other consequences of Transactions conducted by Users, or out of disputes as to the authority of Users to conduct Transactions. |
8. | Fees. The fees payable to SS&C by Customer for Vision Services are set forth on the Fee Schedule attached to this Service Exhibit. |
33
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
VISION
Authentication Procedures
1.a. | ID/Password Requirements - Users |
Authentication of a User in Vision is based on the Vision Operator ID and Password.
Required - The Vision Operator ID, assigned by SS&C, shall have access authorization as determined by Customer. This may include the following access levels, at Customer’s option, the contents of which shall be determined by Customer:
Unrestricted Access - This allows the User to view any account information for all of Customer’s Financial Products.
Dealer Level Access - This allows the User to view any account information with the authorized dealer number.
Dealer/Branch Level Access - This allows the User to view any account information with the authorized dealer and branch combination.
Dealer/Representative Level Access - This allows the User to view any account information with the authorized dealer and representative combination.
Tax ID Level Access -This allows the User to view any account with the authorized Social Security Number and/or TIN of the Unit Holder.
Trust/TPA Access – This allows the User to view any account with the authorized trust company or Third Party Administrator number assigned to the underlying account/contract.
Required - Password is used in conjunction with Vision Operator ID to access the Vision Web Site, which consequently provides access to any Financial Product account information that has been previously authorized by Customer. Vision does not use a personal identification number (PIN).
1.b. | ID/Password Requirements – Customer point of contact |
Authentication of a Customer point of contact in the Distribution Support Services Web Site is based on an Operator ID and Password.
Required - The Operator ID, chosen by Customer, shall have access as determined by Customer. Access will be specific to the management company associated with Customer. This may include the following access levels, at Customer’s option, inquiry only access (Customer point of contact may only view information related to Users) or update access (Customer point of contact may update profiles related to Users, including, but not limited to, changing, adding and deleting User information). SS&C shall store the Operator ID and associated access levels. Any personnel changes or access changes affecting Customer point of contact must be communicated to SS&C promptly.
Required - Password is used in conjunction with Operator ID to access the Distribution Support Services Web Site, which consequently provides access to any User information (profile, firm, address, authorization information, etc.).
34
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
VISION USER ENROLLMENT AND AUTHORIZATION PROCEDURES
The following procedures are part of the Authentication Procedures applicable to Vision Services.
1. | Enrollment. |
Each User is required to complete an Electronic Enrollment Form, which is available at a URL designated by SS&C (at the date of this Agreement - xxx.xxxxxxxxx.xxx). Users enrolling for access may complete the enrollment process by providing SS&C with information called for in the Electronic Enrollment Form about their practice and the Financial Products they wish to access.
2. | Customer Authorization. |
Upon receiving a completed Electronic Enrollment Form from a User, SS&C will make available an Authorization Request to Customer (point of contact) through the Distribution Support Services Web Site. The Authorization Request will identify the level of access requested and the security criteria as well as provide a sample client Tax ID/Social Security Number.
Through the Distribution Support Services Web Site, Customer point of contact is solely responsible for authorizing or denying each User request for access to Transactions through Vision Services. When authorizing requests, security criteria must be verified by Customer. This includes verifying:
• | Appropriate Level of Authorization. Please note, each authorization will provide access to the level indicated on SS&C’s Authorization Request. Access may be requested at the dealer, dealer/branch, dealer/representative, tax ID, or Trust/TPA level. |
• | Accurate Access Security Criteria. Customer must verify that each field authorized in the security criteria accurately represents the dealer/branch/representative or tax ID information which appears on the master of the representative’s clients’ accounts. 100% of the representative’s accounts should reflect the authorized criteria. |
Customer assumes all responsibility for verifying the security level of each new User authorization request. SS&C shall not be required to verify that the person who processes the Authorization Request is legally authorized to do so on behalf of Customer and SS&C shall be entitled to rely conclusively upon such approval/denial without further duty to inquire.
3. | Password & ID Notification. |
When Customer approves an authorization request, the User’s ID is updated for the authorized security and an e-mail is sent to the User notifying him/her of their access to the Vision Web Site. Users are required to establish their own initial password during enrollment at a URL designated by SS&C (at the date of this Agreement - xxx.xxxxxxxxx.xxx/xxxxxxxxxx.xxxx).
4. | Vision Automation. |
Enrollments eligible for the automation process will be limited to Rep-level requests only. SS&C will validate the following criteria to determine if access will be approved:
(a) | Dealer/Branch/Rep criteria must match exactly. The provided Dealer/Branch/Rep from the enrolment will be matched against the sample account number on the TA2000 shareowner master table (B88). |
(b) | The first 5 letters of the representative’s Last Name on the Vision profile must match to any 5 successive letters of the Rep Name on the shareowner master. |
(c) | If this above requirements are met, such request will be deemed “in good order”, and access will be granted without further follow up by SS&C and such request will not be escalated to AFS for review/approval. |
(d) | Customer acknowledges that SS&C is agreeing to the above process changes solely as an accommodation to Customer and does not take any position as to the advisability of such change. Customer further acknowledges and agrees that SS&C shall have no liability to Customer or any other person or party in connection with or arising directly or indirectly from SS&C following this instruction from Customer. |
35
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
SCHEDULE NO. 5
SERVICE EXHIBIT
for
BASIC FAN MAIL SERVICES
1. | Basic FAN Mail Services. Customer has requested, and SS&C will provide Basic FAN Mail Services as one of the Digital Services pursuant to the terms of the Master Agreement for SS&C Digital Solutions Services (the “Agreement”) between Customer and SS&C. Any terms not defined in this Service Exhibit shall have the same meaning as the terms in the Agreement. This Service Exhibit expressly incorporates by reference and is subject to the Agreement. In the event of any conflict between the terms and conditions of the Agreement and the terms and conditions of this Service Exhibit, the terms and conditions of this Service Exhibit will control such conflict with respect to the services provided hereunder. |
2. | Definitions. For purposes of this Exhibit, the following additional definition shall apply (in addition to all other defined terms in the Agreement): |
• | “Distribution Support Services Web Site” shall mean the collection of electronic documents or pages residing on the SS&C controlled World Wide Web address (currently, xxxxx://xxx.xxxxxx.xxx), linked to the Internet and accessible by hypertext link through the World Wide Web, which Customer may access to view information about Recipients and approve/deny access requests by Recipients. |
• | “FAN Mail®” shall mean the SS&C-designed, developed and instituted system known as “Financial Adviser Network MailTM” or “FAN Mail,” which enables SS&C to make data from SS&C’s TA2000® mutual fund recordkeeping systems and data provided to SS&C, in the format specified by SS&C, from other mutual fund recordkeeping systems or recordkeeping systems maintained by third parties for other Funds, available through the Internet to authorized Recipients. |
• | “FAN Mail Services” shall mean the services provided by SS&C utilizing FAN Mail, the Distribution Support Services Web Site, the Internet, and other systems provided by SS&C and telecommunications carriers, as described in the Service Exhibits which are attached to this Agreement from time to time. |
• | “Recipient(s)” shall mean the Persons described herein to whom data is made available utilizing FAN Mail Services, including specified authorized agents of record owners of Fund Units, including registered financial advisers, financial planners and other financial intermediaries. |
3. | SS&C Responsibilities. In connection with its performance of Basic FAN Mail Services, SS&C shall: |
a. | Receive data (“Files”) from Customer or extract Files from TA2000 as instructed by Customer, address the Files to Recipients who have been designated by Customer to receive the Files and who have completed the enrollment process for Basic FAN Mail Services described below, and make the Files available to such Recipients. Files will be made available through the Internet via hypertext link to the SS&C Web Site. SS&C shall provide each Recipient utilizing the Internet with a recipient ID (the “Recipient ID”) and a password (the “Password”) in accordance with the then current Recipient Enrollment and Authorization Procedures and shall permit access to the file(s) associated with a given Recipient ID and Password whenever the appropriate Recipient ID and Password is received at the SS&C Web Site. Each Recipient is responsible for accessing and retrieving such Recipient’s Files. |
b. | Make available to Recipients the Files set forth on the File and Usage Fee Schedule attached to this Service Exhibit. SS&C may, from time to time, and upon notice to Customer, add and/or delete Files from the File and Usage Fee Schedule. |
c. | Perform the following administrative functions: maintain a data base which contains the Recipient’s name, address, electronic mailing address, forty-five (45) day history of Files made available and list of Recipients by dealer/adviser number; provide billing to Customer; reasonably assist Customer and Recipients to establish FAN Mail links; monitor transmissions and provide ongoing technical support for FAN Mail; and maintain a Website facilitating enrollment for Recipients of Customer’s Files. |
36
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
d. | Establish links between Customer, the SS&C Web Site and the Distribution Support Services Web Site, provide telephone support to Customer and Recipients respecting use of FAN Mail, use reasonable efforts to resolve problems, and establish and maintain the SS&C Web Site so it is available. |
e. | Perform all other SS&C obligations as set forth in the Agreement. |
4. | Customer and Recipient Responsibilities. During the Term and subject to the provisions of this Agreement, Customer shall at its expense (unless otherwise provided for herein) fulfill Customer obligations as follows: |
(e) | Customer. Customer must: |
(i) | Comply with all Recipient Enrollment and Authorization Procedures attached as part of this Exhibit; |
(ii) | Transmit Files daily from Financial Product recordkeeping systems maintained by third parties to SS&C in formats specified from time to time by SS&C, if applicable. For Files to be extracted from TA2000, by execution of this Service Exhibit Customer hereby consents, and instructs SS&C to extract Files from TA2000 for Recipients who have been designated by Customer to receive the Files; |
(iii) | Perform all other Customer obligations as set forth in the Agreement. |
(f) | Recipient. As a condition of a Recipient’s access to Files, Customer acknowledges that each Recipient must: |
(i) | Obtain and pay for connectivity to the Internet or delivery protocol; |
(ii) | Have the proper equipment and software to enable the Recipients to access the SS&C Web Site and download the Files therein and obtain all related maintenance, including support in the event of download problems; and |
(iii) | Comply with all Recipient Enrollment and Authorization Procedures attached as part of this Exhibit. |
Customer agrees that SS&C shall not be required to provide Files to any Recipient who fails to comply with the foregoing.
5. | Fees for Basic FAN Mail Services. As consideration for the performance by SS&C of the Basic FAN Mail Services, Customer shall pay to SS&C the following fees and charges: |
(a) | A monthly FAN Mail access and support charge as set forth on the File and Usage Fee Schedule attached hereto. |
(b) | A usage fee per record made available to Recipients — each one hundred sixty (160) bytes of information, or portion thereof, being a record — as set forth on the File and Usage Fee Schedule attached hereto. |
This Service Exhibit shall be coterminous with, and all other terms and conditions shall be governed by the Agreement into which this Service Exhibit is incorporated.
37
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
RECIPIENT ENROLLMENT AND AUTHORIZATION PROCEDURES
for
BASIC FAN MAIL SERVICES
The following Enrollment and Authorization Procedures, which may be modified by SS&C from time to time, are also part of the Security Procedures applicable to the Basic FAN Mail Services:
1. | Enrollment. |
(a) New Recipients. Each Recipient is required to complete an online enrollment found at xxxx://xxx.xxxxxxxxxx.xxx and electronically submit to SS&C the information called for in the enrollment process. In order to complete the enrollment process, the Recipient must verify Recipient’s agreement to SS&C’s Terms and Conditions for access to FAN Mail Services by clicking an “I Agree” button. The Recipient must identify the broker/dealer with which the Recipient is associated. If SS&C does not already have a hard copy blanket Broker/Dealer Authorization Letter completed and on file for the identified broker/dealer, the Recipient must submit a hard copy Broker/Dealer Authorization Letter signed by the broker/dealer. SS&C will not be required to verify that the person who clicks agreement to the Terms and Conditions or that the person who signs the Broker/Dealer Authorization Letter is legally authorized to do so and SS&C shall be entitled to rely conclusively upon such agreement keystroke or signature without further duty to inquire. The Recipient must also provide all information requested concerning the Recipient’s practice and which financial products the Recipient wishes to access. A Recipient ID and Password are established immediately upon completion of the enrollment process.
(b) Currently Enrolled Recipients. Recipients who are currently enrolled and authorized by Customer to receive Files for Basic FAN Mail Services at the time of execution of this Service Exhibit under any prior FAN Mail Agreement shall not be required to re-enroll and Customer agrees that authorization shall be deemed to be given as to such Recipients until Customer notifies SS&C otherwise.
2. | Customer Authorization. |
Upon SS&C’s receipt of enrollment instructions from the Recipient, SS&C will make available an Authorization Request to Customer (point of contact) through the Distribution Support Services Web Site.
Through the Distribution Support Services Web Site, the Customer’s point of contact is solely responsible for authorizing or denying each Recipient request for access to the product. When authorizing requests, security criteria must be verified by Customer. This includes verifying that each field authorized in the security criteria accurately represents the dealer/branch/representative, tax ID, or cumulative discount information or any additional data extract criteria requested that appears on the master of the Recipient’s clients’ accounts. 100% of the Recipient’s accounts should reflect the authorized criteria.
Customer assumes all responsibility for verifying and approving the security level of each new Recipient authorization request. SS&C shall not be required to verify that the person who processes the Authorization Request is legally authorized to do so on behalf of Customer and SS&C shall be entitled to rely conclusively upon such approval/denial without further duty to inquire. No Files will be made available until the request is authorized by Customer.
3. | Data Availability Notification. |
When Customer approves an authorization request, the Recipient’s ID is updated for the authorized security and an e-mail is sent to the Recipient notifying him/her that data is available for retrieval.
38
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
ADDENDUM 2
SECURITY REQUIREMENTS
Information Security Program
1. | Information Security Program. SS&C represents, warrants and covenants that it has adopted, implemented and maintains a comprehensive written Information Security Program, under which SS&C documents, implements and maintains the physical, administrative, and technical safeguards reasonably designed and implemented to: (a) comply with U.S. laws applicable to SS&C’s business; and (b) protect the confidentiality, integrity, availability and security of Customer Data. |
2. | Industry Best Practices. SS&C’s Information Security Program shall employ commercially reasonable best practices, including organizational, physical and technical safeguards as follows: |
a. | Infrastructure and Application Layer Protections. Procure industry infrastructure and application layer protections to protect against any anticipated threats or hazards to Customer Data. |
b. | Authentication Controls. Reduce risks associated with SS&C having access to Customer Data by incorporating commercially reasonable authentication controls that conform to regulations applicable to SS&C, which at minimum, will include the use of multi-factor authentication where Customer Data is being accessed. SS&C Personnel shall only perform actions within their role function and privilege level and strictly on an ‘as needed’ basis only. |
c. | Data Leak Prevention. Protect against the inadvertent loss of data via the implementation of data leakage prevention technologies and strategies. |
d. | Production Environment. SS&C will not store production Customer Data outside the production environment without the express consent of Customer. |
e. | Passwords. Protect against unauthorized access by ensuring unique user IDs and passwords are in use, appropriately managing passwords. SS&C shall implement appropriate controls reasonably modeled with industry best practices including NIST SP 800-53 Rev 5 (i) taking into account its subsequent revisions and (ii) in accordance to meet SS&C’s own business needs and policy standards |
f. | Physical Security. SS&C shall: (i) restrict entry to SS&C’s area(s) where Customer Confidential Information is stored, accessed, or processed solely to SS&C’s personnel or SS&C authorized third party service providers for such access; and (ii) implement commercially reasonable practices for infrastructure systems, including fire extinguishing, cooling, and power, emergency systems and employee safety. |
g. | Access Provisioning & Review. SS&C shall implement and maintain a system for provisioning access granted to SS&C Personnel and SS&C Subcontractors’ personnel that access any Customer Data through SS&C’s system. |
h. | Remote Network Access. When SS&C Personnel are accessing SS&C networks remotely, either on SS&C issued laptops or employee personal devices such access shall be over a Virtual Private Network (VPN) or similar secure network infrastructure that provide greater security when accessing systems remotely. Such provisioning shall be administered through a clearly defined Access Management Process. |
i. | Patch & Vulnerability Management. Securely install, configure, operate and maintain reasonable information systems, networks and software, including change management, patch management and vulnerability management, such as up-to-date system security software, relevant, verified security patches made available without operational impact (which shall be installed using a risk-based approach to remediate identified security vulnerabilities within a reasonable period of time)), virus definitions and firewalls, and provide commercially reasonable active intrusion detection technology. Customer is not permitted to conduct penetration testing or other code scanning on SS&C’s environment and software. |
39
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
j. | Anti-Malware Controls. SS&C will employ commercially reasonable protection standards designed to ensure (i) any applicable systems and software will be free from Malware and SS&C shall not insert or permit any third-party to insert any Malware into or onto SS&C systems or software, and (ii) in the event that Malware is so inserted, SS&C shall report the Malware to Customer as soon as reasonably possible. |
3. | SS&C Information Security Training Program. As part of the Information Security Program, prior to any exposure to Customer Confidential Information and on an annual basis (at a minimum) thereafter, SS&C will institute an appropriate training and awareness program(s) reasonably designed to ensure that all SS&C Personnel are appropriately trained regarding their responsibilities under the Information Security Program and are appropriately educated on threats and hazards designed to compromise data and/or the computing environment. SS&C shall ensure each individual to whom Customer Confidential Information is disclosed or made accessible are aware of and subject to appropriate policies pertaining to Confidential Information. Each such individual shall be informed of and shall acknowledge, in written form, his or her understanding of the security and data protection rules as stated in SS&C’s policies. |
4. | Annual Review of Information Security Program. On at least an annual basis, SS&C will review its Information Security Program, and update and revise it as needed. SS&C may provide Customer with SS&C’s written due diligence questionnaire on an annual basis (which will be in lieu of all other questionnaires that may be requested) and (SS&C will have the right to deny) upon approval by SS&C will respond to all reasonable requests in a reasonable timeframe upon 30-45 day written notice with Customer paying for time spent by SS&C’s personnel to respond. Customer may also request on an annual basis a copy of SS&C’s non-confidential policies and procedures, applicable SOC reports procured by SS&C, a penetration test attestation, and SS&C’s SIG. At no time will SS&C be required to reveal any details or information that could reasonably be expected to jeopardize the security or integrity of any SS&C system or the confidentiality or security of any other client’s data. |
Business Continuity and Disaster Recovery
1. | SS&C Disaster Recovery Plan |
The SS&C Disaster Recovery Plan is an overview of the recovery processes for SS&C’s Primary Data Center infrastructure. In the US, the Winchester Data Center is the primary facility for a majority of SS&C’s data processing infrastructure. SS&C maintains alternate data center in the US, commonly referred to as the Recovery Center. The Recovery Center in the US is the Bridgeton data center (BRC), near St. Louis, Missouri.
The Recovery Center is equipped with the hardware and software designed to achieve certain Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) if a disaster disables the Primary Data Center. Recovery Time Objectives begin after SS&C declares a disaster at the Primary Data Center. The specific RTO and RPO depend on the application being recovered.
Initial Response to Emergency Situations
SS&C Data Center personnel take action designed to protect employees, organizational assets, and client data. They evaluate the emergency and make a preliminary estimate of damages and downtime. The Recovery Center is placed on alert and the following information is then provided to the Incident Response Team (IRT):
• | Time disaster occurred. |
• | Location of disaster |
• | Type of disaster |
• | Injuries |
• | Estimate of damage |
• | Estimate of downtime |
• | Recommendation to declare a disaster or repair |
Declaration of Disaster
If a situation warrants a disaster declaration, the IRT will recommend data center failover to the Managing Director of Risk and IT Solutions, who in consultation with SS&C’s Chief Technology Officer, will make a recommendation to SS&C’s President. SS&C’s President will make the ultimate decision for disaster declaration, its timing, and failover to the recovery center. Upon declaration, Global Crisis Management (GCM) will coordinate and synchronize the execution of the following actions and maintain reporting through SS&C’s Crisis
40
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |
Communication Protocols:
• | Notify SS&C’s BRC to begin recovery operations |
• | Execute employee notification procedures (execute client notification include timeframe or max timeframe) |
• | Convene a bridge call to communicate with client relationship managers |
• | Provide status reports as defined at declaration |
Customer Connectivity
SS&C recovers client connectivity at the Recovery Center according to the following processes:
SS&C Supported Connectivity - SS&C has designed its Wide Area Network (WAN) to allow the redirection of client connections from Winchester to the Recovery Center. SS&C accomplishes this through established commands.
Customer Provided - SS&C has implemented a secured network infrastructure at the Recovery Center, which allows client-provided connectivity. Customers who provide their own network connectivity to Winchester are responsible for providing connectivity into the Recovery Center.
Recovery Information
SS&C uses various forms of data back-up and recovery designed to meet product RTO and RPO, SS&C backs up and recovers data and systems according to contracted product availability. Due to a wide range of client and application specific requirements, this document does not contain the list of SS&C recovered products. Customer service representatives can provide specific product recovery.
The following section covers the types of data processing used to back up and recover each of the platforms supported at the Primary Data Center(s).
Change Control
Where required, SS&C or SS&C associates and vendors install upgrades, patches, and any adjustments on Recovery Center devices in accordance with production change control processes.
2. | SS&C Business Continuity |
The SS&C GCM Program Overview is provided to clients requiring background on business continuity and crisis management programs at SS&C. It includes details on exercises used to test business continuity preparedness, and may be updated by SS&C from time to time, and is incorporated by reference into this Addendum.
41
Copyright SS&C GIDS, Inc. 2023 | SS&C CONFIDENTIAL |