ADMINISTRATIVE SERVICES AGREEMENT

Item 26.c.iv

ADMINISTRATIVE SERVICES AGREEMENT

This Administrative Services Agreement (“Agreement”) is entered into as of June ___, 2010, among Transamerica Life Insurance Company (“Transamerica”), and Xxxxx Consulting, LLC ("Xxxxx").

WHEREAS, Transamerica has developed the Advantage R3 registered variable life policies are hereinafter defined as the "Policies" or for singular “Policy”.  Persons who own Policies are referred to hereafter as "Policyowners".

WHEREAS, Xxxxx may provide administrative services in support of the Policies.

WHEREAS, Transamerica desires to retain and Xxxxx desires to be retained for the purpose of performing such services on behalf of Transamerica.

In consideration of the mutual promises, conditions and covenants as set forth below, the parties agree as follows:

1.0 APPOINTMENT

Transamerica appoints and authorizes Xxxxx to assist Transamerica and to provide administrative support thereto for the Policies, pursuant to the terms and conditions of this Agreement and the executed Appointment Agreement.

2.0 BASIC LEVEL OF SERVICES

Pursuant to this Agreement, Xxxxx shall provide the following administrative services for the Policies (the “Services”):

a)   premium billing

b)   insurance policy administrative changes

c)   provide insurance investment performance analysis and reporting

d)   facilitate monthly transfer elections

e)   quarterly social security sweep and death claim processing

f)   quarterly life insurance analysis reporting

3.0 COMPENSATION

After the first policy year Transamerica will pay Xxxxx an annual fee of 0.18% of the unloaned cash value for each Policy set out on Schedule A if:  (1) this Agreement is in effect; and (2) Transamerica has not received written direction from the Policyowner to have a party other than Xxxxx perform these Services.  The fee will be calculated at the end of the previous policy year and will be paid within 30 days after the close of the policy year.

For a surrender or lapse in policy years one through three, the administrative service fee will be charged back 100% if in

policy year one, 75% if in policy year two, and 50% if in policy year three.  The obligation to pay Company chargebacks shall survive the termination or expiration of this agreement, for any reason.

4.0 TERM AND TERMINATION

4.0.1 This Agreement will become effective as of the date set forth above and will remain in force unless otherwise terminated by the parties for cause pursuant to this Article 4.0.

4.0.2 This Agreement may be terminated immediately for cause by Transamerica upon occurrence of one of the following:

(i)   Upon Xxxxx’ bankruptcy, insolvency or assignment of commissions for the benefit of creditors, conviction of Xxxxx of any felony or fraud or of any crime involving dishonesty;

(ii)   Upon Xxxxx’ material failure to acquire or continuously maintain all licenses required by state or federal law or cancellation of or refusal to renew by the insurance regulatory authority any license, certificate or other regulatory approval required by Xxxxx to perform their duties under this Agreement;

(iii)   Upon any material violation by Xxxxx or its officers, employees or agents of any rule or regulation of any regulatory authority having jurisdiction which would materially adversely affect Xxxxx’x ability to satisfy its obligations under this Agreement; or

(iv)   Upon Xxxxx’ failure to perform or observe any material term, covenant or agreement contained in this Agreement which failure shall remain unremedied for 30 days after the receipt from Transamerica of written notice thereof.

4.0.3 This Agreement may be terminated immediately for cause by Xxxxx upon occurrence of one of the following:

(i)   Upon Transamerica’s bankruptcy, insolvency, conviction of their officers or supervisory personnel of any felony or fraud or of any crime involving dishonesty;

(ii)   Upon Transamerica’s material failure to acquire or continuously maintain all licenses required by state or federal law, or cancellation of or refusal to renew by the insurance regulatory authority any license, certificate or other regulatory approval required by Transamerica to perform their duties under this Agreement;

(iii)   Upon any material violation by Transamerica or its officers, employees or agents of any rule or regulation of any regulatory authority having jurisdiction which would materially adversely affect Transamerica’s ability to satisfy its obligations under this Agreement; or

(iv)   Upon Transamerica’s failure to perform or observe any material term, covenant or agreement contained in this Agreement which failure shall

 remain unremedied for 30 days after the receipt from Xxxxx of written notice thereof.

5.0 RECORDS

5.0.1 Maintenance of Records Relating to Transactions Arising Under this Agreement. Xxxxx shall maintain at their principal offices, for the duration of this Agreement and six years thereafter, a system of files to contain books and records of all transactions arising under this Agreement. These books and records shall be maintained in accordance with the standards required by all regulatory authorities having jurisdiction over the transactions contemplated by this Agreement. Notwithstanding this provision, in the event that this Agreement is terminated, Xxxxx shall at Transamerica’s sole option transfer copies of records to Transamerica or its authorized representative.  In such case, Transamerica or its authorized representative, as the case may be, shall acknowledge in writing that it is responsible for retaining the records of Xxxxx as required herein.

5.0.2 Maintenance of Records Relating to Compliance with this Agreement.

Xxxxx and Transamerica shall maintain books and records necessary to establish each party’s compliance with this Agreement and both Xxxxx and Transamerica shall maintain such books and records for three years after the termination of this Agreement.

5.0.3 Transamerica’s Right to Inspect. Transamerica, its employees or authorized representatives may audit, inspect and examine at reasonable times, during regular business hours and with at least 72 hours prior notice, the books and records of Xxxxx of all transactions arising under this Agreement necessary to ensure compliance with this Agreement.

5.0.4 Xxxxx’ Right to Inspect. Xxxxx, its employees or authorized representatives may audit, inspect and examine the books and records of Transamerica at reasonable times, during regular business hours and with at least 72 hours prior notice. Xxxxx agrees to limit its review of the books and records of Transamerica to the extent necessary to ensure compliance with this Agreement.

5.0.5 Survival of Records Provisions. The records provisions shall survive the termination of this Agreement.

6.0 INDEMNIFICATION

Xxxxx and Transamerica agree to indemnify and hold harmless the other party (including members, officers, directors, agents, shareholders, and employees of such other party) from and against all losses, claims, liabilities, and expenses of any kind (including reasonable attorneys' fees and costs, and the expenses of regulatory proceedings), and amounts paid as judgments, or in settlement or compromise of lawsuits, or in settlement or compromise of any regulatory proceeding, or as fines or penalties (collectively, "Losses") to the extent such Losses result from a material breach of any representation, warranty or agreement set forth in Section 7.0 hereof or arise out of failure to provide services or result from statements or wrongful conduct of the other party or persons under its control with respect to the Services.  The party seeking indemnity hereunder shall promptly notify the indemnifying party as to the nature of the claim hereunder.

7.0 REPRESENTATIONS, WARRANTIES, AND AGREEMENTS

7.0.1   Xxxxx represents and warrants that:

a.   it is a limited liability company domiciled in Illinois in good standing;

b.   that it has or will have all licenses and permits necessary for it to carry on the activities contemplated by this Agreement;

c.   that it is not the subject of any license revocation proceeding in any jurisdiction;

d.   that it may enter into and perform its obligations under this Agreement without violating any federal or state securities law or insurance law and any regulation or order thereunder, or any contractual or other obligation to any other person; and

e.   it is and will remain throughout the term of this Agreement appropriately licensed, appointed, and registered to perform the Services pursuant to the applicable laws, statutes, rules and regulations promulgated by any state, local and/or federal regulation authority.

Xxxxx shall promptly inform Transamerica if it becomes the subject of any license revocation proceeding, or if it is, or there is reason to believe it shall be become, subject to any governmental order that could affect its ability to perform its obligations under this Agreement.

7.0.2   Transamerica represents and warrants that:

a.      it is a life insurance company domiciled in Iowa in good standing;

b.   is duly licensed as a life insurance company in all jurisdictions where its activities would require licensing; and

c.   that it is not the subject of any license revocation proceeding in any jurisdiction, and

d.   that it may enter into and perform its obligations under this Agreement without violating any federal or state securities law or insurance law and any regulation or order thereunder, or any contractual or other obligation to any other person.

Transamerica shall promptly inform Xxxxx if it becomes the subject of any license revocation proceeding, or if it is, or there is reason to believe it shall be become, subject to any governmental order that could affect its ability to perform its obligations under this Agreement.

8.0 PRIVACY

Xxxxx acknowledges that certain information made available to it may be deemed nonpublic personal information under the Xxxxx-Xxxxx-Xxxxxx Act, other federal or state privacy laws (as amended) and the rules and the regulations promulgated thereunder (collectively, the “Privacy Laws”). Xxxxx hereby agrees (i) not to disclose or use such information except as required to carry out their respective duties under this Agreement or as otherwise permitted by law in their ordinary course of business, (ii) to establish and maintain procedures reasonably designed to assure the security and privacy of all such information and (iii) to protect against any anticipated threats or hazards to security or integrity of such information; (iv) to protect against the unauthorized access to or uses of such information that could result in substantial harm or inconvenience to Transamerica or its policyowners.  Xxxxx’x policies and procedures shall be at least as stringent as the AEGON policy attached hereto as Attachment X.  Xxxxx agrees to provide Transamerica copies of audits and system test results in relation to the system used for transmitting and/or storing information about Transamerica or its Policyowners as my be reasonably requested.

9.0 RELATIONSHIP

9.0.1 Nothing contained herein is intended to create the relationship of employer and employee between the parties hereto. Xxxxx shall be an independent contractor and free to exercise its own judgement as to the time, place and means of performing all acts hereunder, but shall conform to all legal requirements and to all regulations of Transamerica not unreasonably interfering with such freedom of action or judgment.

9.0.2 Xxxxx and Transamerica agree that with respect to the fulfillment of their respective duties and obligations hereunder, each will conduct themselves in accordance with the highest standards of good faith, fair dealing and commercial reasonableness.

10.0 ASSIGNMENT

No assignment by operation of law or otherwise of this Agreement or of compensation payable hereunder shall be valid unless authorized in writing by Transamerica. Every assignment shall be subject to any applicable FINRA, SEC, or state insurance or securities regulation pertaining to such assignments.

11.0 AMENDMENTS

11.0.1 Writing Required. No waiver or amendment of this Agreement shall be effective unless it is in writing and signed by a duly authorized officer of Transamerica and Xxxxx. The failure of Transamerica or Xxxxx to enforce any provisions of this Agreement shall not constitute a waiver of any such provision or a course of conduct or a waiver in the future of that same provision.

11.0.2 Past Waiver. No past waiver of a provision of this Agreement by Transamerica or Xxxxx shall constitute a course of conduct or a waiver in the future of that same provision.

12.0 NOTICE

Any and all notices required to be given under this Agreement or which either of the parties may desire to give shall be in writing and shall be deemed to be delivered when sent by certified mail, postage prepaid, return receipt requested or sent by Federal Express or other recognized overnight courier service, and addressed as follows:

If to Xxxxx:

Xxxxx Consulting, LLC

Attn:  Xxxx Xxxxxx

0000 Xxx Xxxxxxx Xxxxxx, Xxxxx 0000

Xxxxxx, XX 00000-0000

If to Transamerica:

Transamerica Life Insurance Company

Attn:  Xxxxxx Xxxxxxx

0000 Xxxxxxxx Xx XX

Xxxxx Xxxxxx, XX 00000-0000

13.0 SEVERABILITY

Any provision of this Agreement which is prohibited, unenforceable or not authorized in any jurisdiction shall, as to such jurisdiction, by ineffective to the extent of such prohibition, unenforceability or, non-authorization without invalidating the remaining provisions hereof or affecting the validity, enforceability or legality of such provision in any other jurisdiction.

14.0 GOVERNING LAW

This Agreement shall be governed by and construed in accordance with the laws of the State of Iowa, without reference to its conflicts of laws provisions.

15.0 SURVIVAL OF CERTAIN PROVISIONS

Article 5 – Records and Article 6 – Indemnification shall survive the termination or cancellation of this Agreement.

16.0 HEADINGS

Section headings in this Agreement are included herein for convenience of reference only and shall not affect the meaning or interpretation of this Agreement. References to Schedules, shall, unless otherwise indicated, refer to Schedules attached to this Agreement, which shall be incorporated in and constitute a part of this Agreement.

17.0 EXECUTION IN COUNTERPARTS

This Agreement may be executed in any number of counterparts, each of which when so executed shall be deemed to be an original and all of which taken together shall constitute one and the same agreement.

TRANSAMERICA LIFE  INSURANCE  XXXXX CONSULTING, LLC

COMPANY                                                                          

By:__________________________                                                                           By:__________________________

Its:___________________________                                                                        Its:___________________________

SCHEDULE A

POLICIES COVERED BY AGREEMENT

ATTACHMENT A

INFORMATION SECURITY PRACTICES

1.   Overview.  The purpose of this Attachment A is to define the Information Security practices that Xxxxx agrees to establish, administer and maintain to protect the security, integrity and availability of Customer information assets.

2.   Definitions. For purposes of Attachment A, the terms defined below have the following meaning:

a.   “Agent” means anyone who, through either an agency or contractual relationship, has authority to view, host, store, process, transmit, print, back up or destroy Customer Information Assets.

b.    “Customer Information Assets” are Information Assets belonging to or under the control of Customer, including but not limited to, all information and data provided by Customer to Xxxxx  in any form, and any information or data generated as a result thereof (excluding any information that is of public record or that Customer provides written permission for its disclosure).

c.   “Information Assets” are defined as information and data in any form, whether electronic, hardcopy, photographic image, microfiche or microfilm or in digital, magnetic, optical or electronic form.  It also includes all computing, network, and telecommunications systems and equipment, which view, host, store, process, transmit, print, back up or destroy information and data (e.g., personal computers, laptops, workstations, servers, network devices, software, portable storage devices, electronic storage media, cabling, and other computing and infrastructure equipment).

d.   “Information Security” is defined as the protection against the loss of an Information Asset’s confidentiality, integrity or availability.

e.   “Information Security Breach” is defined as any unauthorized access, use, disclosure or acquisition of Information Assets.

f.   “Information Security Program” is defined as the policies, procedures and controls, designed to protect the confidentiality, integrity, and availability of Information Assets.

g.    “Information Security Vulnerability” is defined as a weakness in information security controls which could be exploited to gain unauthorized access to Information Assets.

a.    “Physical Security” or “Physically Secured” is defined as the protection of information in hardcopy form, information technology hardware, infrastructure and facilities, as well as, power or environmental control, utilities used in data processing operations, against loss or unauthorized acquisition, access or disclosure, damage or misuse during its production, storage, distribution, use or destruction.

2.   Organizational Roles and Responsibilities.

Xxxxx agrees to establish, administer and maintain a written Information Security Program.  This Information Security Program shall establish a chief information security officer or comparable role assigned to a Xxxxx  officer or senior manager.  At a minimum, the program shall provide for an annual review to determine compliance with the standards set forth in this Attachment A.

3.   Information Security Program Framework and Right to Audit.

x.   Xxxxx  agrees to conform its Information Security Program to the framework set forth by the International Standards Organization (“ISO”) in the ISO’s Code of Practice for Information Security Management (“ISO/IEC 27002:2005,” as amended from time to time).  Xxxxx also agrees to include in its Information Security Program the practices described in this Attachment A.

b.   Upon request, Xxxxx agrees to provide Customer a written certification as to its compliance with the terms of this Attachment A.

c.   At least annually, and following any Information Security Breach of Xxxxx  involving Customer Information Assets, Xxxxx  shall grant Customer or a third-party appointed by Customer permission to perform a written or on-site audit or assessment of Xxxxx ’s compliance with the Information Security Program requirements.

4.   General Information Security Requirements.

x.   Xxxxx agrees to take reasonable measures to segregate job functions and roles performed by its employees or Agents to ensure that no individual, internal or external to Xxxxx, has conflicting duties that could jeopardize the security, integrity or availability of Customer Information Assets.  Such measures may include, but are not limited to, permitting only Xxxxx  employees or Agents with a “business need to know” to access and manage Customer Information Assets, providing the most minimal level of access needed to perform a given job function (the “principle of least privilege”).

x.   Xxxxx agrees to prohibit the installation of unauthorized or unlicensed software on Xxxxx Information Assets by its employees or Agents or to permit unauthorized connection to or interaction with Customer’s company network.

b.   To guard against unauthorized access, Xxxxx  agrees to configure with industry standard encryption technology, its portable devices that store, process, transmit or destroy Customer Information Assets, such as, laptops, personal digital assistants, Blackberries®, smart phones, hand-held or palmtop computers, portable memory drives, and other similar portable devices.

2.   Information Asset Classification, Information Asset Management and Record Retention.

x.   Xxxxx agrees to establish reasonable measures to classify and control its Information Assets to indicate the ownership, custodianship and degree of sensitivity consistent with Customer’s Information Asset classification program to ensure that Customer Information Assets receive an appropriate level of protection by Xxxxx .  Customer’s Information Asset classification program provides for the segregation of Information Assets into the following categories: public information, non-sensitive business data, proprietary information and confidential information.

x.   Xxxxx agrees to maintain and preserve Customer’s Information Assets pursuant to Customer’s record retention requirements.  Xxxxx  agrees not to dispose of any Customer Information Assets without prior written notice and securing Customer’s affirmative approval of such proposed destruction.  Destruction methodologies must be performed in a secure manner such that the information cannot be recreated or read after disposal.

3.   Human Resources & the Business of Insurance.

x.   Xxxxx agrees to perform sufficient criminal background checks prior to employment to ensure that individuals convicted of any criminal felony involving theft, dishonesty or a breach of trust do not access Customer Information Assets or render services to the Customer as prohibited by the Violent Crime Control and Law Enforcement Act of 1994 (see 18 U.S. Code §§ 1033 and 1034).

Xxxxx agrees to establish and maintain written controls to govern the creation, suspension, cancellation, modification, or deletion of user accounts to access Customer Information Assets, which at minimum, address employee or Agent termination, prolonged leave of absence or changes in job duties.  Moreover, within twenty-four (24) hours of an employee’s or Agent’s reassignment or termination, Xxxxx  agrees to communicate, in writing, to Customer such

a.   information to enable Customer to remove identified former Xxxxx  employee or Agent from accessing Customer’s network or internal systems.

x.  Xxxxx agrees to provide and maintain an Information Security training program for its employees and Agents to enable protection and maintenance of the confidentiality and security of Customer Information Assets.  Xxxxx further agrees to impose disciplinary measures on those employees or Agents who violate the Information Security Program.

2.   Physical Security.

Xxxxx agrees to implement and maintain appropriate administrative, logical, and physical safeguards to control access to Customer Information Asset.  Such measures may include, but are not limited to, securing access to and from Xxxxx premises, immediately disabling lost or missing tokens accessing Xxxxx software, applying termination controls for employees or Agents, securing storage containers, destroying Information Assets in a secured environment.

9.   Information Back Ups.

x.   Xxxxx agrees to maintain adequate back up facilities reasonably designed to support the recovery of back up copies (“back up” or “back ups”) of Customer Information Assets in accordance with Customer disaster recovery requirements and record retention requirements.  Xxxxx agrees to ensure that such back up facilities are reasonably designed to be physically secured.

x.   Xxxxx  agrees to store no more than one (1) full back up and six (6) days of subsequent incremental back ups on Xxxxx ’s premises. Xxxxx further agrees to utilize machine-readable back up technology.

x.   Xxxxx agrees to encrypt backs ups to prevent unauthorized access to and ensure the confidentiality of Customer Information Assets.

10.     Network Security.

x.   Xxxxx agrees that Customer may terminate any network or remote connection (“remote connection”) with Xxxxx  at any time, without warning, if Customer suspects or confirms that any such connection is not secure.

x.   Xxxxx agrees to utilize best practices with respect to establishing and maintaining appropriate controls for its electronic interfaces and connections between its own systems and those of others.

Xxxxx agrees to employ and maintain up-to-date information hardening controls, including, but not limited to, anti-virus and file integrity checking system,

a.   software patches and security updates, firewall, proxy or other network traffic filtering technology, to protect its Information Assets.

x.   Xxxxx agrees to utilize appropriate firewall- or proxy-based, or similar architecture to disallow unauthorized in-bound and out-bound connections to Customer Information Assets on its Information Assets that view, host, store, process, transmit, print, back up or destroy Customer Information Assets.  Moreover, Xxxxx  further agrees to employ intrusion detection systems or intrusion prevention systems to guard against malicious network activity and configure such systems to alert appropriate Xxxxx  personnel.

x.   Xxxxx agrees to configure wireless network access points to ensure that only authorized Xxxxx devices establish a connection to the Xxxxx internal network where Customer Information Assets are viewed, hosted, stored, processed, transmitted, printed, backed up or destroyed. Furthermore, Xxxxx agrees to utilize industry best practices for encryption and other appropriate safeguards to protect against unauthorized access and use.

x.   Xxxxx agrees to ensure that Customer Information Assets are not available in Information Assets directly exposed to the internet or other non-Xxxxx network, unless previously authorized, in writing, by Customer.

10.     System Event Logging, Monitoring and Reporting.

Xxxxx agrees to ensure that Information Assets used to provide services to Customer monitor, log and report significant events.  A significant event includes, but is not limited to, unauthorized attempts to access network or Customer Information Assets. Moreover, Xxxxx agrees to establish protocols to demonstrate data integrity of significant events logged and access to such logs.

11.     Logical Access.

Xxxxx agrees to employ logical access safeguards on all Information Assets, which connect to Customer Information Assets.  Xxxxx agrees, at minimum, to include the following logical access safeguards: granting users a personally identifiable unique user account, configuring password settings to include a minimum of eight (8) characters in length with three (3) of four (4) of the following character types: (i) upper case alpha character, (ii) lower case alpha character, (iii) numeric character and (iv) special character (e.g., !, $, @), and setting expired passwords protocols. At minimum, the expired password protocols provide for: setting passwords to automatically change every sixty (60) days or, where not feasible, manually changing password settings accepted, provided, however, that Xxxxx : assigns the system account to a unique owner, who is ultimately responsible for

a.   the disposition  and usage of the account and password, configures the system account with advanced complex password creation rules (e.g., extended password length, hashing algorithms), limits the system account, wherever possible, to allow log on capabilities only to required computers and/or servers, manually changes the system account, at least once a year and upon staff turnover.  Moreover, accounts with any access to Customer Information Assets must be configured, as technically possible, to disallow login capability after a maximum of seven (7) consecutive unsuccessful login attempts.

x.   Xxxxx agrees to store password text in encrypted form in the user identity database and such password text must be rendered unreadable during transmission and storage, if embedded within batch files, automatic login scripts, software macros, terminal function keys, on computer where access controls are disabled, or any location where unauthorized individuals may discover password text.

10.     Application and System Development.

Xxxxx  agrees to establish and maintain a written, application and systems development life cycle (“SDLC”) plan that provides for the preliminary review of information security requirements, which includes: vulnerability testing of Information Assets to identify the most common vulnerability weaknesses, establishment of separate physical or logical environmental partitions for development, testing, staging and production environments, controlled utilization of actual or fictitious data, testing and controlling logical access controls, segregation of employee duties, establishing a formal, written change management process, among others.

11.     Information Security Incident Management.

x.   Xxxxx  agrees to establish and maintain a written information security incident response program (“ISIRP”), which, at minimum, includes: policy and procedures, defined roles and responsibilities of ISIRP members and provides for annual ISIRP training;

x.   Xxxxx  agrees to disclose to Customer any unmitigated Information Security Breach experienced by Xxxxx  prior to the execution of this Agreement;

x.   Xxxxx agrees to report to Customer within twenty-four (24) hours any actual or suspected Information Security Breach involving Customer Information Assets.  The parties agree to coordinate and cooperate with each other in investigating the suspected breach. Xxxxx agrees to take immediate steps to remedy the Information Security Breach in accordance with applicable privacy laws and regulations.

9.   Compliance.

Xxxxx agrees to comply with all applicable international, state, and federal statutory requirements applicable to the receipt, handling, storage and transmission of certain Customer Information Assets (e.g., personal identifiable information, individually identifiable health information) subject to such rules and regulations.