AMENDMENT To Transfer Agency and Service Agreements Between Dodge & Cox Funds And Boston Financial Data Services, Inc.
AMENDMENT
To Transfer Agency and Service Agreements
Between
Dodge & Xxx Funds
And
Boston Financial Data Services, Inc.
This Amendment is made as of this 14th day of December 2017, between Dodge & Xxx Funds (the “Funds”) and Boston Financial Data Services, Inc. (“Boston Financial”). In accordance with Sections 5 (Representations & Warranties of Boston Financial) and Sections 14 (Amendment) of the three Transfer Agency and Service Agreements between Dodge & Xxx Balanced Fund, Dodge & Xxx Stock Fund, Dodge & Xxx Income Fund and Boston Financial each dated November 10, 1997 as amended (collectively, the “Agreements”), all as assigned to the Funds in an Assignment of Agreements dated May 10, 1998, the parties desire to amend the Agreements as set forth herein.
NOW THEREFORE, the parties agree as follows:
| 1. | The following new section, Section 1.2(f) Omnibus Transparency Service is added to the Agreements: |
“(f) Omnibus Transparency Services. Upon request of the Fund, Boston Financial shall carry out certain information requests, analyses and reporting services in support of the Fund’s obligations under Rule 22c-2(a)(2) and the Fund’s excessive trading policies. The parties will agree to such services and terms as stated in the attached schedule (“Schedule 1.2(f)” entitled “Omnibus Transparency Services”) that may be changed from time to time subject to mutual written agreement between the parties. In consideration of the performance of the services by Boston Financial pursuant to this Section 1.2(f), the Fund agrees to pay Boston Financial for such fees and expenses associated with such additional services as set forth on Schedule 4.1.”
| 2. | The following new section, Section 8.4, is added to the Agreements: |
“8.4 Information Security. Boston Financial will maintain at each service location physical and information security requirements (“Information Security Requirements”) that are reasonably designed to protect against the destruction, loss, theft, unauthorized access, unauthorized use, or alteration of the Fund’s confidential information, including any non-public personal information of the Fund’s shareholders (“Customer Data”), in the possession of Boston Financial. Boston Financial has provided the Fund with a schedule of the Information Security Requirements, attached hereto as Schedule 8.4 Information Security Requirements and agrees to comply with such Information Security Requirements in the performance of its services under this Agreement. During the term of this Agreement, Boston Financial further agrees to maintain such Information Security Requirements at a level that will be no less rigorous than those in place at the effective
1
date of this Agreement. Boston Financial will, at a minimum, update its Information Security Requirements to remain compliant with regulatory requirements applicable to Boston Financial and its services. Boston Financial will meet with the Fund, annually and/or at its request, to discuss the Information Security Requirements, including any updates thereto.”
| 3. | Schedule 1.2(f) (Omnibus Transparency Services). The Agreements are hereby amended to add new Schedule 1.2(f) Omnibus Transparency Services, which is attached hereto and incorporated herein. |
| 4. | Schedule 8.4 (Information Security Requirements.) The Agreements are hereby amended to add new Schedule 8.4 Information Security Requirements, which is attached hereto and incorporated herein. |
| 5. | All defined terms and definitions in the Agreements shall be the same in this amendment (the “December 2017 Amendment”) except as specifically revised by this December 2017 Amendment; and |
| 6. | Except as specifically set forth in this December 2017 Amendment, all other terms and conditions of the Agreements shall remain in full force and effect. |
IN WITNESS WHEREOF, the parties hereto have caused this Amendment to be executed in their names and on their behalf by and through their duly authorized officers, as of the day and year first above written.
| DODGE & XXX FUNDS | BOSTON FINANCIAL DATA SERVICES, INC. | |||
| By: /s/ Xxxxxxx X. Xxxxxxxxxx |
By: /s/ Xxxxxxx Xxxxxxxx | |||
| Name: Xxxxxxx X. Xxxxxxxxxx | Name: Xxxxxxx Xxxxxxxx | |||
| Title: Vice President and Assistant Secretary | Title: Managing Director | |||
2
SCHEDULE 1.2(f)
OMNIBUS TRANSPARENCY SERVICES
| A. | The Funds shall provide the following information to Boston Financial: |
| 1. | The name and contact information for the Financial Intermediary, with which the Funds have a “shareholder information agreement” (under which the Financial Intermediary agrees to provide, at the Fund’s request, identity and transaction information about shareholders who hold their shares through an account with the Financial Intermediary (an “accountlet”)), that is to receive an information request; |
| 2. | The Funds to be included, along with each Fund’s frequency trading policy, under surveillance for the Financial Intermediary; |
| 3. | The frequency of supplemental data requests from Boston Financial; |
| 4. | The duration of supplemental data requests (e.g. 60 days, 90 days); and |
| 5. | The expected turnaround time for a response from the Financial Intermediary to an information request (including requests for supplemental data) |
| B. | Upon receipt of the foregoing information, the Funds hereby authorize and instruct Boston Financial to perform the following Services: |
| 1. | Financial Intermediary Surveillance Schedules. |
(a) Create a system profile and infrastructure based upon parameters set by the Fund to establish and maintain Financial Intermediary surveillance schedules and communication protocol/links.
(b) Initiate information requests to the Financial Intermediaries.
| 2. | Data Management Monitoring |
(a) Monitor status of information requests until all supplemental data is received.
(b) If a Financial Intermediary does not respond to a second request from Boston Financial, Boston Financial shall notify the Fund for the Fund to follow-up with the Financial Intermediary.
| 3. | Customized Reporting for Market Timing Analysis |
(a) Run information received from the Financial Intermediaries through TA2000 System functionalities.
(b) Generate exception reports using parameters provided by the Funds.
| 4. | Daily Exception Analysis of Market Timing Policies for Supplemental Data Provided |
(a) Review daily short-term trader exceptions, daily excessive trader exceptions, and daily supplemental data reconciliation exceptions.
(b) Analyze Financial Intermediary supplemental data (items), which are identified as “Potential Violations” based on parameters established by the Funds.
(c) Confirm exception trades and if necessary, request additional information regarding Potential Violations.
3
SCHEDULE 1.2(f)
OMNIBUS TRANSPARENCY SERVICES
(Continued)
| 5. | Communication and Resolution of Market Timing Exceptions |
(a) Communicate results of analysis to the Funds or upon request of the Funds directly to the Financial Intermediary.
(b) Unless otherwise requested by the Funds and as applicable, instruct the Financial Intermediary to (i) restrict trading on the accountlet, (ii) cancel a trade, or (iii) prohibit future purchases or exchanges.
(c) Update AWD Work Object with comments detailing resolution.
(d) Keep a detailed record of all data exceptions and inquires with regards to potential violations.
| 6. | Management Reporting |
(a) Provide periodic reports, in accordance with agreed upon frequency and content parameters, to the Funds. As reasonably requested by the Funds, Boston Financial shall furnish ad hoc reports to the Funds.
| 7. | Support Due Diligence Programs |
(a) Update system watch list with pertinent information on trade violators.
(b) Maintain a detailed audit trail of all accounts that are blocked and reason for doing so.
| C. | Use of Financial Intermediary Data. |
The parties agree, that in addition to the terms of the Agreements with respect to confidential information, that any of the Fund network or other data received for purposes of this Schedule 1.2(f) from the Funds’ Financial Intermediaries shall not be disclosed by Boston Financial to any third party; and shall not be incorporated by Boston Financial either by itself or aggregated with other sources of information into other products or services.
4
SCHEDULE 8.4
INFORMATION SECURITY REQUIREMENTS
Dated as of December 14, 2017
As each party recognizes that the adoption of an effective Information Security Program is essential to protect the assets and operations of the Parties, the following requirements are set forth with respect to services provided by Boston Financial to the Funds.
ARTICLE I — Mutual Obligations
Section 1.1 Information Security Standards.
To the extent applicable, each party agrees to comply with applicable information security requirements for financial institutions, including mutual funds, and/or third parties servicing financial institutions based on the type of confidential information received, accessed or transmitted from or to each financial institution and/or the type of access to financial institution systems. Boston Financial uses the National Institute of Standards and Technology (NIST) standards as the basis for its information security program and reviews other published guidelines periodically for applicability.
ARTICLE II – Boston Financial Security Obligations
Section 2.1. Safety and Security Procedures.
(a) Boston Financial will maintain and enforce safety and security procedures as set forth in this Schedule for: (i) all Boston Financial Service locations, and (ii) communication lines to the edge of Boston Financial’s computing infrastructure, which procedures will be (A) designed to protect the Funds’ Confidential Information from unauthorized access, including taking reasonable steps to avoid the corruption, loss or mis-transmission of data and to ensure the security of data during transmission and storage, including the use of data encryption techniques in accordance with industry standards for the transmission of data, (B) at least as stringent as the most rigorous standard Boston Financial uses to provide similar services to similar clients, and (C) in compliance with any applicable laws governing Boston Financial’s provision of Services in the United States. Boston Financial will provide documentation of Boston Financial’s and any subcontractors’ safety and security policies and practices and will detail such policies and practices for the Services upon the Funds’ written request. Upon confirmation of a failure of any such safety and/or security procedures that impact the Funds’ data, Boston Financial will, within 1-3 business days, notify the Funds. If a failure of safety and/or security procedures results in a breach that impacts Funds’ data, Section 2.1(b) will also apply.
5
(b) Boston Financial will, as promptly as possible (with the goal of twenty-four (24) hours, but in no event longer than forty-eight (48) hours), inform the Funds, upon confirmation of any breach in security of which Boston Financial becomes aware and that impact the Funds’ data, including any corruption, loss or mis-transmission of data, or any breach of data security during transmission and storage. In the event of a security breach, Boston Financial will, perform a root cause analysis to identify the cause of such security breach and will provide reasonable updates to the Funds regarding the status of the analysis. Upon completion of Boston Financial’s analysis, Boston Financial will provide Funds with a written report detailing Boston Financial’s findings and actions taken in response to such breach. Boston Financial will remedy the cause of any such breach as promptly as reasonably possible and Boston Financial will cooperate fully, and will cause its subcontractors to cooperate fully, with the Funds and their respective designees, and with any civil or criminal authority in any investigation or action relating to such breach.
Section 2.2 Compliance with NIST.
(a) Boston Financial and its subcontractors, if any, will substantially comply with the standards of NIST that are applicable to the Services, and Boston Financial and its subcontractors will maintain security policies and procedures with a framework designed to comply with the foregoing.
(b) If, as a result of a review performed in accordance with this Schedule, the Funds determines that Boston Financial or any subcontractor is not materially complying with this Schedule, Boston Financial will or will cause its subcontractor to, at Boston Financial’s expense, take steps to correct such non-compliance within a reasonable time period to be mutually agreed upon by Boston Financial and the Funds. Notwithstanding any contrary provision contained herein, and without limiting the Funds’ rights and remedies hereunder at law and in equity, Boston Financial’s or its subcontractor’s failure to take such steps in a reasonable and timely manner, will be considered a material breach of Boston Financial’s obligations under this Schedule.
Section 2.3 Access by Regulatory Authorities; Reports.
(a) Boston Financial agrees that any regulatory agency with supervisory responsibility for the Funds will have the right, at the Funds’ expense, to examine all records and materials, and interview those employees of Boston Financial to the extent it pertains to or otherwise relates to the performance of this Schedule by Boston Financial and shall only access Funds data and controls and reasonable information related to the Services rendered by Boston Financial to Funds and Boston Financial’s operations providing such Services to Funds, or as otherwise permitted under applicable law, rule, or regulation. Such access will be provided during Boston Financial’s normal business hours and the Funds shall provide Boston Financial with reasonable prior notice (but in no case less than thirty (30) days prior written notice) of such examinations to the extent that the Funds receives such advance notice from its regulatory agencies and such notice is permitted.
6
(b) When available, Boston Financial will provide the Funds with the reports of any third party review that addresses the scope and control objectives related to the Services or the infrastructure or other components of such services, including SOC-1 Reports from Boston Financial (and subject to availability and mutual agreement on any applicable fees, SOC-2 Reports from DST Systems, Inc.). Upon request, Boston Financial will also provide the Funds with an attestation letter certifying Boston Financial’s completion of regular network security penetration testing and will make its security personnel available to discuss. Further, as part of any onsite discussion, Boston Financial will, if requested, provide a high-level summary for on-site review of vulnerability testing of certain application source code that Boston Financial conducts.
Section 2.4 Changes that May Affect Services.
Boston Financial will notify the Funds immediately of any security-related or other changes that would materially diminish the security environment of Boston Financial or Boston Financial’s ability to perform its obligations to the Funds.
Section 2.5 Disaster Recovery Plan.
(a) Boston Financial will (i) implement and deliver to the Funds a disaster recovery plan for the Services; (ii) update and test the operability of such plan on an annual basis; (iii) certify to the Funds at least on an annual basis that the plan is fully operational and (iv) implement the plan upon the occurrence of a disaster. Upon the occurrence of a disaster, Boston Financial will use its best efforts to reinstitute the Services within four (4) hours of the occurrence of a disaster but, in any event, will reinstitute the Services within seventy-two (72) hours of each occurrence. In the event of a disaster, Boston Financial will not increase its charges under this Agreement or charge the Funds usage fees in addition to the fees charged under the Agreement.
Section 2.6 Insurance
Boston Financial will maintain an insurance policy with a limit of at least $25 million, for each occurrence and in the aggregate, providing coverage for claims and losses with respect to network and information security risks (such as data breaches, unauthorized access/use, ID theft, invasion of privacy, damage/loss/theft of data, degradation, downtime). Boston Financial agrees to maintain such policy in full force and effect during the term of this Agreement and to promptly notify the Funds in writing in the event that either insurance policy is cancelled or discontinued or the above limit is materially reduced. Upon Funds’ request, Boston Financial agrees to furnish the Funds with certificates of insurance evidencing the above insurance coverage.
7
