FIRST AMENDMENT TO THE AMENDED AND RESTATED MASTER CUSTODIAN AGREEMENT
EXHIBIT (g)(1)(c)
FIRST AMENDMENT TO THE AMENDED AND RESTATED MASTER CUSTODIAN AGREEMENT
This First Amendment to the Amended and Restated Master Custodian Agreement (“Amendment”) effective as of October 20, 2023 (the “Amendment Effective Date”) is made to the Amended and Restated Master Custodian Agreement dated as of September 1, 2013 (the “Existing Agreement”) by and between State Street Bank and Trust Company (“State Street”) and each Xxxxx Xxxxx Fund listed at Appendix A (each a “Fund” and collectively the “Funds”). Capitalized terms not defined herein shall have the meaning ascribed to such term in the Existing Agreement. This Amendment is deemed incorporated in and made a part of the Existing Agreement, and the parties respective data protection obligations under this Amendment and the Existing Agreement are subject to the Data Protection Addendum executed by State Street and the Funds which took effect on October 20, 2023. To the extent of any conflict or inconsistency between the terms of this Amendment and the terms of the Existing Agreement, this Amendment shall prevail and control. Except where the context requires otherwise, reference to the Existing Agreement in this Amendment means the Existing Agreement as amended by, and including, the terms and conditions of this Amendment.
WHEREAS, The Funds and State Street have entered into the Existing Agreement where State Street provides Services to the Funds; and
WHEREAS, The Funds and State Street wish to amend the Existing Agreement as more fully set forth below.
NOW THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties hereto agree as follows:
1.TERMS OF THE EXISTING AGREEMENT. All provisions of this Amendment shall be read in conjunction with, shall supplement and shall at all times be subject to, the general terms and conditions of the Existing Agreement, including, without limitation, the limitations of liability and exculpatory provisions therein or in any other confidential letters of understanding.
2.DEFINITIONS. Capitalized terms shall have the meanings set forth below, and any capitalized terms not defined herein shall have the meaning ascribed to such term in the Existing Agreement. Capitalized terms used in the Exhibits hereto and not otherwise defined therein shall have the meanings ascribed to them in this Amendment.
2.1“Affiliate” means, with respect to any party, any other party that directly or indirectly Controls, is Controlled by or is under common Control with such party. For purposes of this Amendment, a party shall be deemed to have “Control” over a party if: (a) such party directly or indirectly, or acting through one or more parties, owns, controls or has power to vote at least twenty-five percent (25%) of the issued and outstanding voting stock or other equity interest of such party; or (b) such party controls the management or operation of such party through contract or any authorized means.
2.2“Amendment” has the meaning set forth in the first paragraph.
2.3“Amendment Effective Date” has the meaning set forth in the first paragraph.
2.4“Authorized Data Source” means a Third Party source of data or information used by State Street for the provision of the Services, including sources of securities prices, currency exchange rates, interest rates, corporate actions, income and tax data, credit ratings and other Market Data and information.
2.5“Business Contact Information” means business contact information limited to names, addresses, titles, phone and fax numbers and email addresses.
2.6“Claim” means any threatened or actual allegation, claim, demand, adjudication, determination, arbitration, investigation, lawsuit, or other judicial proceeding or action asserted or brought by a Third Party.
2.7“Client” means any clients or customers of the Funds and Shareholders.
2.8“Confidential Information” means the Funds Confidential Information or State Street Confidential Information, as applicable.
2.9“Crisis” means any event or circumstances that would, upon materialization, adversely impact the provision of any Services and could result in such Services being unavailable for a period of time while the incident is resolved by State Street.
2.10“Delegate” has the meaning set forth in Section 3.1.
2.11“Disclosing Party” has the meaning set forth in Section 4.1.
2.12“DR/BCP Plan” has the meaning set forth in Section 5.2(a).
2.13“Existing Agreement” has the meaning set forth in the first paragraph.
2.14“Facilities” means the computing and communications hardware, software, systems, data storage systems and related materials used by or on behalf of State Street, any Delegate or any Affiliate of State Street in performing or providing the Services.
2.15“Force Majeure Event” means the following, to the extent beyond the reasonable control of a party: (i) any general labor strikes, lockouts or stoppages; (ii) natural disaster; (iii) war, terrorist action, riot or rebellion;
(iv) unexpected Legal Requirement that prohibits State Street from providing, or the Funds receiving, the Services; malicious damage caused by a Third Party to State Street Technology or the Funds Technology, as applicable;
(vi) accident, breakdown, failure or malfunction of any telecommunications, computer or other electrical, mechanical or technological service or system (other than State Street Technology); (vii) computer virus (other than as a result of State Street failing to perform in accordance with its obligations set forth in Section 10(b) of Exhibit A or its obligation to update antivirus software and perform patching in Section 4(e) of Exhibit A and not otherwise created by State Street or any Delegate); (viii) fire; or (ix) any other extraordinary event beyond the reasonable control of a party.
2.16"Fund Auditors” has the meaning set forth in Section 6.1(a).
2.17“Fund Confidential Information” includes: (i) all information (including Personal Information) related to the Shareholders and to the business of the Funds, its Affiliates, employees, Clients and other Third Parties, to which State Street has access, whether in oral, written, graphic or machine-readable form, in the course of or in connection with providing the Services; (ii) all information related to the products of the Funds or its Affiliates, whether in oral, written, graphic or machine-readable form, including investment strategies, policies, guidelines, procedures, product plans, product forecasts, holdings, performance data, fees, financial materials and any other product-related information; (iii) all Fund Technology and all work product owned by the Funds pursuant to the Existing Agreement; (iv) the terms and conditions of this Amendment; and (v) Fund Data.
2.18“Fund Data” means, without limiting the definition of the Funds Confidential Information hereunder, data and information (including, as applicable, Personal Information) relating to the business of the Funds which is systematically stored by or on behalf of State Street using, inter alia, the State Street Technology as part of the Services, including any such data or information which has been manipulated, reformatted and/or processed by or on behalf of State Street or any Delegate; and/or any data and information derived from the foregoing.
2.19“Fund Proprietary Technology” means the systems and application software, middleware, communications links and other devices and technology, owned or controlled by the Funds or its Affiliates.
2.20“Fund Technology” means the Fund Proprietary Technology and the Fund Third Party Technology.
2.21“Fund Third Party Technology” means the hardware, systems and application software, middleware, communications links and other devices and technology owned or controlled by Third Parties and licensed to the Fund(s) or its Affiliates other than any of the foregoing provided through State Street or any Delegate.
2.22“GLBA” means Xxxxx-Xxxxx Xxxxxx Act, 15 U.S.C. §6801 et. seq.
2.23“Global Operating Map” has the meaning set forth in Section 3.3(a).
2.24“Global Operating Model Due Diligence Package” has the meaning set forth in Section 3.3(a).
2.25“Indicators” has the meaning set forth in Section 4.3(b).
2.26“Information Security Program” has the meaning set forth in Section 5.1.
2.27“Insolvency Event” means, in relation to a Party, the occurrence of any of the following: (i) the Party files a voluntary petition for relief under applicable bankruptcy or insolvency law; (ii) an involuntary proceeding under applicable bankruptcy or insolvency law is instituted against a Party, and such proceeding is not dismissed within sixty (60) days of filing; (iii) the Party is otherwise adjudged bankrupt; (iv) a trustee or receiver is appointed by a court for all or a substantial portion of the assets of the Party; (v) the Party becomes insolvent or suspends its business; or
(v) the Party makes an assignment of all or substantially all of its assets for the benefit of its creditors.
2.28“Legal Requirement” means all applicable laws, legislation (and subordinate legislation made under such legislation), regulations, decrees and orders of any governmental (including any regulatory or quasi-regulatory) agency or stock exchange, procedural rules of any court of competent jurisdiction and mandatory rules, standards and codes of practice of any other competent authority for the time being in force, all as amended, extended or re-enacted from time to time.
2.29“Losses” means, collectively, all losses, liabilities, damages, awards, costs, expenses (including reasonable lawyers’ and other professional advisers’ and experts’ fees) and amounts paid in settlement or compromise.
2.30“Market Data” means: (i) security prices, issuer and issuer group data; (ii) security characteristics and classifications; (iii) ratings (issuer and issue); (iv) exchange, interest, discount and coupon rates; (v) corporate action, dividend, income and tax data; (vi) benchmark, index, composite and index-related data (including values, constituents, weights and performance); and (vii) other reference and market data and information necessary for the performance of the Services.
2.31"Material Function(s)” has the meaning set forth in Section 3.2
2.32“Material Subcontractor” has the meaning set forth in Section 3.2.
2.33“Party” means a party to the Existing Agreement.
2.34“Personal Information” means, collectively, “personally identifiable information”, “non-public personal information”, “personal data”, “personal information” and any other similar terms defined by applicable data protection or privacy laws.
2.35“Receiving Party” has the meaning set forth in Section 4.1.
2.36“Regulatory Authority” means any: (i) governmental, regulatory (or quasi-governmental or quasi-regulatory) or other competent authority (wherever in the world located) having supervisory oversight or jurisdiction (including pursuant to an Insolvency Event) over the Funds or State Street, as applicable; or (ii) any law enforcement authority.
2.37“Representatives” means the officers, directors, employees, agents and other representatives of the Funds or State Street, as applicable. In the case of State Street, Representatives include Delegates and State Street Affiliates.
2.38“Security Incident” has the meaning set forth in Section 4.5(b).
2.39“Security Standards” has the meaning set forth in Section 5.1.
2.40“Services” shall mean the services, functions, responsibilities and/or processes to be performed by State Street as described in the Existing Agreement.
2.41“Shareholder” means a record owner of shares or interests of the Funds.
2.42“Standard of Care” means exercise of reasonable skill and care in carrying out the provisions of, and duties under, this Amendment and the Existing Agreement, as to be expected of a professional provider of services similar to the Services.
2.43“State Street” has the meaning set forth in the first paragraph and includes its permitted successors and permitted assigns.
0.00“Xxxxx Xxxxxx Confidential Information” includes: (i) all information related to the business of State Street, its Affiliates, employees, and other Third Parties, to which the Funds has access, whether in oral, written, graphic or machine-readable form, in the course of or in connection with receiving the Services; (ii) all information related to products of State Street or any of its Affiliates whether in oral, written, graphic or machine-readable form, including investment strategies, policies, guidelines, procedures, product plans, product forecasts, holdings, performance data, fees, financial materials and any other product-related information as requested by the Funds; (iii) all State Street Technology; (iv) work product owned by State Street pursuant to the Existing Agreement; and (v) the terms and conditions of this Amendment. Notwithstanding the foregoing and for the avoidance of doubt, State Street Confidential Information shall not include Fund Data.
2.45“State Street Technology” means the Facilities and including the systems and application software, middleware, communications links and other devices and technology, owned, controlled or used by State Street in connection with performing the Service.
2.46“System” means any of the Fund’s and its Affiliates’ software, firmware, hardware, computer systems, devices and networks, and those of any Third Party entitled to access, operate or use any of the Services, whether owned, leased or rented, or otherwise provided for the benefit of any of the foregoing.
2.47“Third Party” means any person other than State Street or the Funds.
2.48“Third Party Agent” means any provider of services to the Funds (other than State Street or a Delegate), including any investment adviser or sub advisor, custodian, distributor, dealer, transfer agent, administrator, accounting agent or fiduciary in respect thereof.
3.DELEGATES; AFFILIATE RESPONSIBILITY.
3.1General Right to Delegate. Subject to the limitations, obligations and exclusions set forth in Sections 3.2, 3.3, and 3.4, and save where prohibited by applicable law or regulation, State Street shall have the right to employ agents, subcontractors, consultants and other third parties, whether affiliated or unaffiliated to provide or assist it in the provision of all or any part of the Services (each, a “Delegate” and collectively, the “Delegates”) without the consent or approval of the Funds. State Street shall be responsible for the Services delivered by, and the acts and omissions of, any such Delegate as if State Street had provided such Services and committed such acts and omissions itself. Unless otherwise expressly agreed in writing, State Street shall be responsible for the compensation of its Delegates.
3.2Delegation of Material Functions to Non-Affiliates. State Street may not, without first obtaining the prior approval of the Funds, engage any Delegate that is not an Affiliate that will perform or provide: (i) a material portion of the Services and such that the non-Affiliate is significantly relied upon by State Street to the extent that interruption or discontinuance of service by such third party could reasonably be expected to cause the provision of the Services to be materially disrupted or degraded; or (ii) a portion of the Services that (1) is Fund-facing or Fund Client-facing, or (2) will include access to, use of, or other processing of Fund Personal Information (excluding Business Contact Information). Any such functions described in subsections (i) and (ii) above shall be referred to as, individually, a “Material Function” or, collectively, “Material Functions,” and any such non- Affiliate Delegate who performs a Material Function shall be referred to as, individually, a “Material Subcontractor” or, collectively, “Material Subcontractors.”
3.3Delegation of Material Functions to Affiliates. State Street shall not delegate any Material Functions without complying with the requirements of this Section 3.3.
(a)State Street has provided the Funds with documents (collectively, the “Global Operating Model Due Diligence Package”) that outline as of the date of the Amendment Effective Date its global operating model for the delivery of the Services, which documents include schedules (the “Global Operating Map”) that identify the Delegates affiliated with State Street that perform or may perform Material Functions, the location(s) used by such Delegates and the Material Function(s) that the Delegates perform or may perform at such locations. State Street has further provided the Funds with the opportunity to carry out additional due diligence, including to conduct site visits and to obtain additional information that may be reasonably required for the Funds to comply with its obligations under its applicable Legal Requirements.
(b)Without limiting State Street’s obligations under Section 3.3(c), State Street will provide Funds with updates to the Global Operating Map on a quarterly basis to reflect any changes to the Delegates specified therein, the locations from which such Delegates perform services and the Material Functions performed at such locations.
(c)State Street will provide the Funds with sixty (60) days prior written notice of its intention to (i) delegate Material Functions to a new legal entity which is not already an approved Delegate, (ii) the establishment by an approved Delegate of a new service location from which Material Functions will be performed, and (iii) the transfer of Material Functions from one approved Delegate or location to another, when the Delegate does not already perform the Material Functions being transferred or such Material Function is not already performed at such location.
(d)State Street will provide such other information, from time to time, as the Funds may reasonably request in order to fulfill its regulatory or governance obligations to supervise State Street’s use of Delegates to perform any Material Function.
(e)If the Fund object to, or raises concerns relating to, the proposed: (i) the delegation of Material Functions to a new legal entity which is not already an approved Delegate; (ii) establishment by an approved Delegate of a new service location from which Material Functions will be performed; or (iii) transfer of Material Functions from one approved Delegate or location to another, as applicable; then the parties will promptly meet to discuss the Fund’s objections and concerns. In such an event, the applicable Fund and State Street agree to work together in good faith and may mutually agree to delay or revise the proposed delegation changes. If the parties are unable to agree upon a solution that is satisfactory to the Fund, and the Fund continues to have objections or concerns about the proposed changes in the delegation model, the Fund may, at its sole option, terminate the affected service or workstream, or the obligations under the Existing Agreement, with respect to that Fund only, for convenience and without penalty, effective immediately (or at such later date mutually agreed by the parties to accommodate any post-termination transition plan or expiration assistance) upon providing written notice to State Street. If not otherwise provided in the Existing Agreement, the parties will mutually agree upon reasonable post-termination assistance so as to allow such Services to continue without interruption or adverse effect, and to facilitate the orderly transfer of such Service to a successor provider or to the Funds (at Fund’s option). In the event that State Street performs any transitional or other post-termination assistance following a termination of the Existing Agreement, then State Street shall charge the applicable Fund(s) such fees as shall be agreed in writing for such services and, notwithstanding the termination of the Existing Agreement, the terms of such Agreement shall continue to apply in relation to any such transitional services or other post-termination assistance.
3.4Exclusions.
(a)Notwithstanding the foregoing commitments, the conditions in this Section 3 shall not apply to any delegation or use of a legal entity or location on an emergency or temporary basis in order to allow State Street to continue to provide the Services during any period when State Street or any Delegate is experiencing a service interruption, outage or similar limitation (including a Force Majeure Event). In any such event, State Street shall notify the Funds as soon as reasonably practicable of such temporary delegation or service location and shall take reasonable steps to return such Services to a previously approved Delegate as soon as reasonably possible consistent with maintaining continuity of the Services.
(b)Nothing in this Section 3 shall limit or restrict State Street’s right to use Affiliates or third parties to perform or discharge, or assist it in the performance or discharge, of any obligations or duties under this Agreement other than the provision of the Services.
(c)In no event shall the term Delegate include Third Party providers of Market Data or of components of the State Street Technology, Authorized Data Sources, suppliers of the third party State Street Technology or suppliers of industry messaging or matching utilities.
3.5Subcontractor Agreements. To the extent applicable, State Street shall monitor and oversee Material Subcontractors and State Street’s agreements with its Material Subcontractors, shall, at a minimum, contain such terms required under applicable Legal Requirements, including but not limited to GLBA and any requirements for inclusion of flow-down clauses.
4.PERSONAL INFORMATION AND DISPOSITION OF CONFIDENTIAL INFORMATION. Section 17 of the Existing Agreement is hereby deleted in its entirety and replaced with the following:
4.1Restrictions. A Party receiving Confidential Information (the “Receiving Party”) from the other Party (the “Disclosing Party”) shall keep such Confidential Information confidential. The Receiving Party may disclose the Disclosing Party’s Confidential Information to its Representatives who have a need to know such Confidential Information to effectively perform the Services or for the Funds to receive the benefit of the Services or as otherwise permitted under Section 4.3. The Receiving Party shall cause such Representatives to comply with this Amendment and shall assume full responsibility for any breach of this Amendment by any such Representatives. The Receiving Party shall not transfer or disclose any Confidential Information of the Disclosing Party to any Third Party except as necessary to effectively perform the Services or as otherwise expressly permitted hereunder. Notwithstanding anything to the contrary, the Funds may disclose to its Third Party Agents information regarding the manner in which the Services are delivered to the extent reasonably necessary to appropriately optimize the efficiency of the coordinated delivery of Services and the services of such Third Party Agents, or for the Funds to receive the benefit of the Services, which information for the avoidance of doubt shall exclude pricing information. Such disclosures shall be made under an obligation of confidentiality no less stringent than that imposed on the Funds under this Amendment, limiting the use of such State Street Confidential Information by such Third Parties to the provision of services to the Funds and its Affiliates.
4.2Exclusions. Confidential Information shall not include information that: (a) is in the public domain at the time of its disclosure or thereafter becomes public (other than as a result of a breach by the Receiving Party or its Representatives of their obligations under this Section 4); (b) was in the possession of or demonstrably known by the Receiving Party prior to its receipt from the Disclosing Party without restriction on its use or disclosure; (c) is independently developed by the Receiving Party without use of, reference to or reliance on the Disclosing Party’s Confidential Information; or (d) becomes known by the Receiving Party from a source other than the Disclosing Party without breach of this Amendment and is not subject to an obligation of confidentiality.
4.3Additional Permitted Uses.
(a)Subject to Legal Requirements, State Street may collect, store or use Fund Confidential Information (excluding Personal Information but including Business Contact Information) to the extent reasonably necessary to carry out its own management and control functions, including financial and operational management and reporting, risk management, legal and regulatory compliance, client service management, and business continuity management. In addition and also subject to Legal Requirements, State Street may collect, store or use Fund Personal Information (excluding Business Contact Information, which is covered by the preceding sentence) to the extent reasonably necessary to carry out its business purposes in relation to the provision of services to the Funds, including its own management and control functions, including financial and operational management and reporting, risk management, legal and regulatory compliance, client service management, and business continuity management. In addition, either Party may disclose Confidential Information of the other Party to its attorneys, accountants, auditors and other similar advisors that have a reasonable need to know such Confidential Information in connection with the discharge of their provision of services to such Party in connection with the Services; provided such Confidential Information is disclosed to such professional advisors under obligations of confidentiality which are commensurate with those set forth under this Amendment. Notwithstanding the foregoing, State Street shall not make available, sell, rent, release, disseminate, transfer, communicate, distribute or otherwise disclose any Fund Personal Information to any third party for monetary or other valuable consideration.
(b)State Street and its Affiliates may use Fund Data, but excluding Personal Information, to develop, publish or otherwise distribute to third parties certain investor behavior “indicators” or “indices” that represent broad trends in the flow of investment funds into various markets, sectors or investment instruments (collectively, the “Indicators”), but only so long as: (i) such Fund Data is anonymized and combined or aggregated with (A) information of other customers of State Street, and (B) information derived from other sources, in each case such that neither the Fund Data nor the Indicators allow for attribution or identification of such Fund Data, any investors, or any Personal Information of investors; (ii) the Fund Data represents less than a statistically meaningful portion of all of the data used to create the Indicators; and (iii) State Street publishes or otherwise distributes to third parties only the Indicators and under no circumstance publishes, makes available, distributes or otherwise discloses any of the Fund Data to any third party, whether aggregated, anonymized or otherwise, except as expressly permitted under this Amendment. State Street does not charge a fee for the Indicators but does seek to realize economic benefit from the publication or distribution of the Indicators (subject at all times to satisfaction of (i) – (iii) in the preceding sentence).
(c)Without limiting the foregoing, each Receiving Party expressly agrees that it shall not use the Confidential Information as a basis for making any investment recommendations or decisions (a) regarding specific portfolio holdings, or any instruments derived from the value of such holdings, and (b) to purchase or sell the shares of a Fund for the purpose of taking advantage of any real or perceived discrepancy between the value of the portfolio holdings and the stated net asset value of a Fund’s shares.
4.4Legal Requests. If the Receiving Party is requested or required to disclose any of the Disclosing Party’s Confidential Information under a Legal Requirement, the Receiving Party shall, to the extent not precluded by a Legal Requirement, provide prompt notice of such Legal Requirement to the Disclosing Party so that the Disclosing Party may seek an appropriate protective order or other appropriate remedy or waive compliance with the provisions of this Amendment. If the Disclosing Party is not successful in obtaining a protective order or other appropriate remedy and the Receiving Party is, in the reasonable opinion of its counsel, legally compelled to disclose such Confidential Information, or if the Disclosing Party waives compliance with the provisions of this Amendment in writing, the Receiving Party may disclose, without liability hereunder, such Confidential Information in accordance with, but solely to the extent necessary, in the reasonable opinion of its counsel, to comply with the Legal Requirement. Notwithstanding any confidential restrictions set forth herein, the Receiving Party may disclose Confidential Information as required to satisfy any Legal Requirement without restriction on confidentiality; provided that the Receiving Party requests confidential treatment of such Confidential Information by the relevant Regulatory Authority, and in any such event in which State Street discloses any Fund Confidential Information, State Street will to the extent not precluded by a Legal Requirement provide prompt notice of such event to the applicable Fund(s) so that the applicable Fund(s) may permit the disclosure or seek an appropriate protective order or other appropriate remedy.
4.5[Reserved.]
4.6Exceptions. Without limiting Section 4.1, State Street may also disclose Fund Confidential Information pursuant to any exception permitted by Sections 248.14 and 248.15 of Regulation S-P in the ordinary course of business to carry out the activities covered by the exception under which State Street received such Fund Confidential Information.
4.7Specific Performance. Each Receiving Party specifically agrees that money damages would not be a sufficient remedy for any breach of this Section 4 and the Disclosing Party shall be entitled to specific performance as a remedy for any such breach. Specific performance shall not be deemed to be the exclusive remedy for any breach of this Section 4, but shall be in addition to all other remedies available at law or in equity.
4.8Disposition of Confidential Information. Upon the termination or expiration of the Existing Agreement, or upon the Disclosing Party’s written request (in each case, where practicable (excluding Fund Data which shall always be returned to the applicable Fund)), the Receiving Party shall return to the Disclosing Party all copies of the Disclosing Party’s Confidential Information already in the Receiving Party’s possession or within its control. In the case of State Street, unless otherwise agreed by the Parties, State Street shall return Fund Confidential Information to the applicable Fund in the form in which such Confidential Information is maintained by State Street in the ordinary course. Alternatively, with the Disclosing Party’s prior written consent, the Receiving Party may destroy such Confidential Information using means to protect against unauthorized access to or use of such Confidential Information, including, where appropriate, burning, shredding, or pulverizing the media containing such Confidential Information, or by taking such other means as to assure that such Confidential Information may not be recoverable following its disposal. An officer of the Receiving Party shall thereafter certify in writing to the Disclosing Party that all such Confidential Information has been so destroyed. Notwithstanding the foregoing, the Receiving Party may, subject to compliance with applicable Legal Requirements: (a) retain copies of such Confidential Information as required by Legal Requirements, and, to the extent such copies are electronically stored in accordance with the Receiving Party’s retention or back-up policies or procedures (including those regarding electronic communication), so long as such Confidential Information is kept confidential as required under this Agreement; and (b) retain copies of Confidential Information to the extent referenced or incorporated in the Receiving Party’s documents, records, files or materials, so long as such Confidential Information is kept confidential as required under this Amendment.
0.XXXXXXXX AND BUSINESS CONTINUITY.
5.1Security Standards. State Street shall, at all times, adhere to and comply with State Street’s information security, plans, processes, procedures and standards set forth in Exhibit A hereto (and as amended by State Street from time-to-time in accordance with the terms thereof, the “Information Security Program”); (the “Security Standards”).
5.2Business Continuity.
(a)State Street represents and warrants that, during the term of the Existing Agreement, it shall establish, maintain and comply with State Street’s business continuity and disaster recovery plans, which shall be consistent with then-current generally accepted industry standards (the “DR/BCP Plan”). The DR/BCP Plan shall: (i) be designed to continue all State Street business operations that are critical to the overall operation and functionality of the Services notwithstanding the occurrence of a Crisis; (ii) specify procedures and frequency of testing; and (iii) be maintained consistent with, then-current generally accepted industry standards. The DR/BCP Plan shall provide, among other things, a mechanism for the redundancy or back-up of business operations designed to keep the Services from becoming unavailable for a significant amount of time due to a Crisis. Notwithstanding the foregoing, if a Crisis prevents State Street from providing the Services to the Funds, State Street shall allocate its efforts and resources to restoring Funds Services no less favorably to the Funds than it allocates to any of its other similarly situated customers affected by the Crisis.
(b)Upon the request of the Fund, State Street shall provide the applicable Fund with a reasonable overview of State Street’s then-current DR/BCP Plan for its review. Upon the reasonable request of the Fund, the parties shall meet to discuss State Street’s then-current DR/BCP Plan.
(c)State Street will review the DR/BCP Plan on a regular basis (which will be no less than annually) and upon the request of the Fund will inform the applicable Fund about the current status of the DR/BCP Plan.
6.AUDIT.
6.1Audit.
(a)The Funds and their auditors (including internal audit staff and external auditors) (the “Fund Auditors”), may, upon reasonable advance notice, conduct audits and reviews of the provision of the Services by State Street and its Affiliates or Material Subcontractors that perform Services and have access to Fund Confidential Information, including security, data protection processes, systems and procedures and contractual compliance.
(b)In addition, the Funds may request State Street complete data security questionnaires from time to time. Upon receipt of a data security questionnaire from the Funds, State Street shall, within a commercially reasonable time, fully and accurately respond to such questionnaires providing all reasonably requested information relating to State Street and/or its Delegates (as applicable). State Street shall provide, and shall be responsible for its Delegates providing, the Services to the Funds in a manner consistent with State Street’s most recent response(s) to such data security questionnaire, subject to the terms of Exhibit A.
(c)The costs of an audit pursuant to this Section 6.1 shall be borne by the applicable Funds, except to the extent such audit is conducted to examine an on-going material breach of the Existing Agreement or to verify that such a breach has been cured, in which case State Street shall bear the reasonable cost of such audit.
(d)Notwithstanding the audit, inspection or other rights conferred by this Section 6.1, State Street reserves the right to impose reasonable limitations on the number, frequency, timing and scope of audits, inspections or questionnaires requested by the Funds so as to prevent or minimize any potential impairment or disruption of its operations, distraction of its personnel or breaches of security or confidentiality provided however that State Street may not limit: (i) the number, frequency and timing of audits required by any Regulatory Authority or to the extent prohibited by such Regulatory Authority; (ii) where there is, acting reasonably and with written justification, suspicion of fraud; or (iii) where there are persistent material breaches in respect of Material Functions. In addition, State Street may impose a commercially reasonable per person hourly charge for the cooperation and assistance of its personnel in connection with more than two (2) audits that do not involve a material breach of obligations under the Existing Agreement in any twelve
(12) month period; provided, however, that no such charge may be imposed in connection with any audit or inspection by or at the required direction of any Regulatory Authority.
(e)Nothing in this Section 6 or anywhere else in any of the Existing Agreement shall require State Street to disclose or otherwise make available to the Funds, Fund Auditors or any Third Party any information or access:
(i)to the extent that such information or access is subject to legal privilege and cannot, even after taking reasonable precautions or other steps, be disclosed or otherwise made available without waiving such privilege;
(ii)to the extent doing so would result in a breach of any duty of confidentiality owed by State Street to any Third Party, or any Legal Requirement;
(iii)that is unrelated to the Funds or the provision of the Services to the Funds;
(iv)that is treated as confidential under State Street’s corporate policies, including internal audit reports, compliance or risk management plans or reports, work papers and other reports and information relating to management functions; provided that such confidential treatment is generally and consistently applied to all of State Street’s clients; or
(v)where such access to any part of the State Street’s or its Delegate’s facilities would or could reasonably compromise the security of its operations or confidentiality of its customers (whereafter, if a party reasonably determines such a compromise may result from such access, the parties will meet, agree, and confirm the scoping of the risk, and work together in good faith to address).
With respect to any State Street Technology that is within the scope of the audits to be performed in accordance with Section 6.1, any access provided to the Fund Auditors to State Street Technology shall be limited to a demonstration by State Street of the functionality thereof and a reasonable opportunity to communicate with State Street personnel regarding such State Street Technology. Any on-site audit by Fund Auditors or Regulatory Authorities of the Fund(s) shall be subject to escort and supervision by personnel of State Street or its Delegates.
6.2Provision of Audit Reports to the Funds; Corrective Actions.
(a)State Street shall provide the Funds, at least annually during the remainder of the term of each of the Existing Agreement, with a copy of the report of an internal or third party audit to be conducted in relation to State Street and each of its Delegates performing the Services, testing the internal controls and procedures employed by State Street or such Delegate (as applicable). Such report shall take the form of: (1) a Statement on Standards for Attestation Engagements (SSAE) No. 18, System and Organization Controls (SOC1), Type II Report; (2) an International Standard on Assurance Engagements (ISAE) No. 3402, Assurance Report on Controls at a Service Organization, Type II Report; or (3) any replacement of any of the foregoing.
6.30 over the Funds may have authority pursuant to Legal Requirements to examine State Street and its Delegates that perform Services and their respective provision of the Services. To the extent authorized by Legal Requirements, such Regulatory Authorities may require reports from or perform onsite inspections of State Street and its Delegates as if the Fund performed the function or operation itself on its own premises. If any such Regulatory Authority requires State Street and its Delegates to comply with non-routine, extraordinary information requests (in the form of data production, preservation or retention orders or other requests of a similar nature) which involve material additional costs to State Street in connection with any investigation or inquiry relating to the Funds or any Client (but unrelated to State Street other than as the keeper of such records), State Street may be entitled to reimbursement of the cost as mutually agreed to between the parties.
0.XXXXXXXXX.
7.1Insurance Coverage. State Street shall, at its own cost and expense, obtain and maintain in full force and effect during the term of the Existing Agreement, the insurance coverage in the minimum amounts, with the endorsements and on the terms set forth in Exhibit B as may be amended in writing from time to time by mutual agreement of the parties. All insurance required hereunder to be carried by State Street shall be with sound and reputable insurers, and shall cover liabilities (in accordance with its terms) arising from the performance of the Services by Delegates for which State Street is liable hereunder.
8.1(a) Except as provided in subsection (b) below, State Street shall not be liable to the Funds for any damages under this Amendment to the extent arising out of or relating to the performance or non-performance by State Street (or its Delegates) of its (or their) duties under this Amendment, unless caused by a breach by State Street (or its Delegates) of the Standard of Care or by State Street’s or its Delegate’s intentional breach, bad faith, gross negligence, fraud or willful or intentional misconduct in the performance or non-performance of State Street’s or its Delegate’s duties hereunder.
(b) Notwithstanding subsection (a) above, State Street shall be responsible for any breach of the provisions set forth in Exhibit D.
8.2NOTWITHSTANDING ANY PROVISION IN THE EXISTING AGREEMENT (INCLUDING THIS AMENDMENT) TO THE CONTRARY INCLUDING WITHIN SECTION 8.1 HEREIN, NO DISCLAIMER OR LIMITATION OF DAMAGES OR EXCLUSION OF TYPE OF DAMAGES SHALL APPLY WITH RESPECT TO ANY CLAIMS ARISING OUT OF OR RELATING TO THE FRAUD, WILLFUL OR INTENTIONAL DEFAULT, WILLFUL OR INTENTIONAL MISCONDUCT OR GROSS NEGLIGENCE OF STATE STREET OR ITS DELEGATES OR THE FUNDS.
9.INDEMNIFICATION. The following will apply in lieu of any State Street indemnification obligations and related mitigation and indemnification procedures in the Existing Agreement.
9.1General Indemnification by State Street. Subject to any limitations of liability in the Existing Agreement and herein including Section 9.4 below, State Street, at its expense, shall indemnify and hold harmless the Funds from all Losses relating to any Claim against the Funds to the extent caused by: (a) a breach by State Street (or its Delegates) of its obligations set forth in Exhibit D, (b) a breach by State Street (or its Delegates) of the applicable Standard of Care, or (c) intentional breach, gross negligence, fraud or willful or intentional misconduct of State Street (or its Delegates) in the discharge of or failure to discharge any of its obligations under this Amendment.
9.2Mitigation. To the extent any Losses covered by Section 9.1 above are capable of mitigation by the Funds, the Funds shall use reasonable efforts to do so.
9.3Indemnification Procedures. The applicable Fund(s) shall promptly notify State Street of any actual or threatened Claim. At State Street’s cost: (a) State Street may take control of the defense of such Claim and (if it does so) shall engage appropriately qualified and experienced attorneys to defend such Claim; and (b) the applicable Fund(s) shall cooperate with State Street (and its attorneys) in the defense of such Claim. If the Fund(s) asks State Street whether State Street will take control of the defense of a Claim, State Street must decide whether to do so and notify the applicable Fund(s) of its decision within two (2) weeks (and take control upon such notice if State Street so decides). The Fund(s) may, at their own cost, participate (through its attorneys or otherwise) in such defense. Neither any settlement of a Claim that involves a remedy other than the payment of money by State Street nor any admission of liability, fault, culpability, or failure by the Fund(s) shall be entered into without the prior written consent of the applicable Fund(s). If State Street does not assume control over the defense of a Claim as provided in this Section 9.3, the applicable Fund(s) may defend the Claim in such manner as it may deem appropriate, at the cost and expense of State Street.
9.4Exclusion to Indemnity Obligation. The indemnification obligation set forth in this Section 9 shall not apply and State Street shall have no obligation to indemnify the Fund(s) to the extent any such loss, liability, cost or expense was caused by: (a) the failure of any identified assumptions or dependencies not caused by a breach by State Street;
(b) a breach by the Fund(s) of any obligation under the Existing Agreement; or (c) events, facts or circumstances that otherwise excuse State Street from its obligations under this Amendment or limit its liability with respect thereto.
10.1Entire Agreement. The Existing Agreement as amended by this Amendment and all Exhibits attached hereto constitutes the complete agreement and understanding between the Parties with respect to the subject matter of the Existing Agreement, and supersedes all prior agreements and understandings between the Parties with respect to the subject matter of the Existing Agreement.
10.2To the extent any obligation or liability of the Funds, State Street or its Delegates is excused under the Existing Agreement due to the occurrence of an event beyond the reasonable control of such entity, such obligation or liability shall be excused only to the extent directly caused by a Force Majeure Event as defined in this Amendment.
10.3Notices. Notices with respect to this Amendment shall be sent in accordance with the Existing Agreement.
10.4Survival. Any provision of this Amendment which, by its nature, should survive termination or expiration, shall survive any such termination or expiration of the Existing Agreement, including Sections 4, 8, 9 and 10 of this Amendment.
10.5Upon termination or expiration of the Existing Agreement, State Street shall: (i) cease to use and return all books of account, records, correspondence, documents, and assets relating to the affairs of the Funds or belonging to the Funds; and (ii) work with the Funds and/or any replacement provider to ensure a smooth transition of service provision to a third party solution. The Funds shall be entitled to continued provision of the Services by State Street (at the same fees as in effect immediately prior to termination or expiration) for such exit period as required (as reasonably determined by the Funds) to wind-down the Funds’ then-current use of the Services and complete any such transition.
10.6Headings and Construction. The headings of this Amendment are for reference only and shall not be used to interpret the meaning of the terms and conditions of this Amendment. Any reference to “include”, “includes” or “including” shall be understood to be exemplary and not limiting and followed by “but not limited to.”
10.7Counterparts; Method of Amendment. This Amendment may be executed in counterparts and shall not be effective or enforceable unless and until it is executed with the handwritten signature of an authorized representative of each of the relevant entities. Without limiting the foregoing, none of the following shall amend or modify the Existing Agreement or this Amendment: (a) terms and conditions which are displayed or conveyed electronically or are associated with, or are responded to by the operation of a mouse or other pointing device, typing on a keyboard, “virtual” actions, an automated computer program, the removal of shrinkwrap, the opening of a package, the loading or use of software or other goods or services, or any other action other than such a handwritten signature as described in the previous sentence; or (b) payment by the Funds of any fees or other consideration to State Street or use of or any other action with respect to the Services.
10.8Governing Law and Choice of Forum. This Amendment and the Existing Agreement shall be governed by, and construed in accordance with, the laws of the Commonwealth of Massachusetts, without regard to its choice of laws principles.
11.STATE STREET OBLIGATIONS AND REPRESENTATIONS AND WARRANTIES
11.1Insofar such requests relate to the provision of the Services, State Street shall, if directed to do so by a Fund, cooperate with the reasonable requests of a Regulatory Authority having supervisory oversight or jurisdiction over the Fund or the investment manager of the Fund.
11.2State Street represents and warrants that the provision of the Services in accordance with the Existing Agreement, and State Street and State Street’s personnel in the performance of State Street’s obligations under the Existing Agreement, complies with all laws applicable to State Street.
11.3In the event that State Street experiences or becomes aware of any development reasonably likely to have a material adverse impact on State Street’s ability to carry out the Material Functions in compliance with the terms of the Existing Agreement, then State Street shall give notice of the same to the Fund, and supply a copy of such notice to xxxxxxxxxxxxxxxx@xxxxxxxxxxxxx.xxx.
NEXT PAGE IS SIGNATURE PAGE.
IN WITNESS WHEREOF, the Parties have caused this Amendment to be executed by their duly authorized representatives to be effective as of the Amendment Effective Date.
STATE STREET BANK AND TRUST COMPANY | |
|
|
|
|
By: | /s/ Xxxxx Xxxxxx
|
Name: | Xxxxx Xxxxxx
|
Title: | Managing Director, Authorized Signer
|
Date: | 11/8/2023 |
EACH FUND LISTED ON APPENDIX A OF THE EXISTING AGREEMENT | |
|
|
|
|
By: | /s/ Xxxxx Xxxxxxxx
|
Name: | Xxxxx Xxxxxxxx
|
Title: | Treasurer
|
Date | 11/8/2023 |
EXHIBIT A
STATE STREET INFORMATION SECURITY PROGRAM
State Street and the Funds hereby agree that State Street shall maintain an Information Security Program that satisfies the requirements set forth below; provided, that, because Information Security is a highly dynamic space (where laws, regulations and threats are constantly changing), State Street reserves the right to make changes to its information security controls at any time and at the sole discretion of State Street in a manner that does not materially reduce the protection it applies to Fund Data.
From time to time, State Street may provide Fund Data to a third party in connection with the performance of the Services under the Existing Agreement; provided that, State Street will use commercially reasonable efforts to negotiate security measures with such third parties substantially the same as those described in these Security Standards. In the event that State Street is unable to negotiate a contractual obligation to maintain such security measures, State Street shall perform due diligence with respect to such third party, including, without limitation, its security controls, and mitigate any such lack of contractual obligation, to the extent possible. Notwithstanding the foregoing, nothing in this State Street Information Security Program schedule shall reduce or otherwise modify State Street’s obligations under the Amendment or the Existing Agreement, including, but not limited to, State Street’s responsibility for its Delegates pursuant to Section 3.1 of the Amendment or for its confidentiality obligations, including with regard to Delegates, pursuant to Section 4 of the Amendment.
1.Information Security Program Objective.
State Street shall, at all times, maintain and adhere to, in all material respects, an Information Security Program that requires it to implement data security measures consistent in all material respects with applicable prevailing financial industry practices and standards and applicable Legal Requirements that are designed to:
(a)protect the privacy, confidentiality, integrity, and availability of Fund Data;
(b)protect against accidental, unauthorized, unauthenticated or unlawful access, copying, use, processing, disclosure, alteration, corruption, transfer, loss or destruction of the Fund Data;
(c)comply with applicable Legal Requirements that are relevant to the handling, processing and use of Fund Data by State Street in accordance with the Existing Agreement; and
(d)implement customary administrative, physical, technical, procedural and organizational safeguards.
(a)Risk Assessment - State Street shall, at least annually, perform risk assessments that are designed to identify material threats (both internal and external) against Fund Data, the likelihood of those threats occurring and the impact of those threats upon the State Street organization to evaluate and analyze the appropriate level of information security safeguards (“Risk Assessments”).
(b)Risk Mitigation - State Street shall use commercially reasonable efforts to manage, control and remediate any threats identified in any of the Risk Assessments that are likely to result in unauthorized access, copying, use, processing, disclosure, alteration, transfer, loss or destruction of Fund Data commensurate with the sensitivity of the Fund Data necessary for or related to the performance of Services by State Street.
(c)Security Controls Testing (SOC Reporting) - State Street shall, approximately once every other calendar year, engage an independent external party to conduct periodic testing of State Street’s Information Security Program and practices. State Street shall have a process to review and evaluate findings resulting from this testing and remediate them, to the extent High or Critical (equivalent to a rating above 6.9 pursuant to the Common Vulnerability Scoring System v.3.0 or as designated under any successor system) and, in each case, technically feasible, or mitigate or risk accept them, in each case, on a time scale commensurate with the risk they represent and as may be further summarized in the security controls.
(d)Pen Testing - State Street will, approximately once each other calendar year during the term of the Existing Agreement, engage an independent external party to conduct penetration testing on its network and internet-facing applications that any Fund accesses in connection with the Services provided by State Street. State Street shall have a process to review and evaluate findings resulting from this testing and remediate, to the extent High or Critical (equivalent to a rating above 6.9 pursuant to the Common Vulnerability Scoring System v.3.0 or as designated under any successor system) and, in each case, technically feasible, or mitigate or risk accept them, in each case, on a time scale commensurate with the risk they represent and as may be further summarized in the security controls. In connection with a request from any Fund to discuss State Street’s Security Standards pursuant to Section 3 below, State Street will discuss with the Fund a high level summary of the testing, which will include, as a minimum, the date of such testing and the methodology used and themes resulting from such penetration testing.
0.Xxxxxxxx Controls. Annually, upon any Fund’s reasonable request, State Street shall provide the Fund a copy of its Corporate Information Security controls that form part of the Information Security Program and an opportunity to discuss State Street’s Security Standards with a qualified member of State Street’s Information Technology management team, which shall include an opportunity to review any changes that State Street made to its information security controls since the last review. State Street shall review its Information Security Program annually.
(a)Responsibility - State Street shall assign responsibility for information security management to senior personnel only.
(b)Access - State Street shall permit only those personnel performing roles supporting the provision of Services under the Existing Agreement to access Fund Data.
(c)Confidentiality - State Street personnel who have accessed or otherwise been made known of Fund Data shall maintain the confidentiality of such information in accordance with the terms of the Existing Agreement, including with respect to confidentiality and use limitations.
(d)Training - State Street shall provide information security training to its personnel approximately once each calendar year and have an appropriate disciplinary process for personnel in the event of noncompliance with the requirements set forth in the Existing Agreement.
(e)Monitoring – State Street shall ensure regular monitoring and logging of network events with respect to any processing of Fund Data and shall update antivirus software and perform patching on a regular basis and within a reasonable period of time commensurate with the severity rating of or risk mitigated by the patch. State Street shall implement controls that are commercially reasonable in light of industry best practices and that are designed to detect and prevent the introduction or intrusion of malicious code on information systems handling or holding Fund Data and implement a process for removing said malicious code from information systems handling or holding Fund Data. State Street has or will obtain (as applicable) all necessary rights and licenses to use such software required to perform this operation.
(f)Background Checks – All State Street Representatives, and personnel of any third party provider of State Street who access State Street’s facilities or systems, are subject to certain credit and criminal checks conducted by State Street or its agents applicable to banks pursuant to applicable Legal Requirements. If any person does not pass such State Street security checks, such person is not permitted to be employed by State Street or, in the event of a third party contractor, State Street shall require and confirm that such person is removed from any assignment for State Street. In addition to the foregoing, State Street requires its third party providers to undertake, as part of its standard hiring and vendor due diligence practices, appropriate pre-employment background investigations consistent with industry standards with respect to any personnel that are assigned to perform services for State Street or otherwise have access to confidential information of State Street or its clients.
(g)Internet Facing Applications – State Street will use multifactor authentication for the Funds’ users accessing Internet facing applications permitting financial instructions/transactions or displaying personally identifiable information. State Street shall use an industry standard security protocol that must be signed and encrypted for single sign-on of the Funds’ users of xx.xxxxxxxxxxx.xxx remote access.
(h)Security and Supervision – State Street acknowledges that, in the performance of the Services, it will not require, and it will not have, access to Fund facilities.
(a)Data Sensitivity - State Street acknowledges that it understands the sensitivity of Fund Data.
(b)External Hosting Facilities – State Street shall implement controls, consistent with financial industry practices and standards, and applicable Legal Requirements, regarding the collection, use, storage and/or disclosure of Fund Data by an external hosting provider.
(a)Securing Physical Facilities - State Street shall maintain systems located in State Street Facilities that host Fund Data or provide Services in an environment that is designed to be physically secure and to allow access only to authorized individuals. A secure environment includes the availability of onsite security personnel on a 24 x 7 basis or equivalent means of monitoring locations supporting the delivery of Services under the Existing Agreement.
(b)Physical Security of Media - State Street shall implement controls, consistent with financial industry practices and standards, and Legal Requirements, that are designed to prevent the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Fund Data shall not be stored on removable media.
(c)Media Destruction - State Street shall destroy Fund Data or use commercially reasonable efforts to render Fund Data on media irretrievable: (i) if such media is no longer used; or (ii) subject to any exceptions set forth herein or in any other applicable written agreement between State Street and the Funds, upon termination of the Existing Agreement. All backup tapes that are not destroyed must meet the level of protection described in this Exhibit A until destroyed.
(d)Paper Destruction - State Street shall cross shred all paper waste containing Fund Data and dispose in a secure and confidential manner.
7.Communications and Operations Management.
(a)Data Protection During Transmission - State Street shall encrypt, using an industry recognized encryption algorithm, Personal Information when in transit across public networks. Except when requested or instructed by the Funds, State Street shall, where practicable, encrypt, using an industry recognized encryption algorithm, Fund Data (excluding Personal Information which is covered by the preceding sentence) when in transit across public networks.
(b)Data Loss Prevention - State Street shall implement and adhere to a data leakage program that is designed to identify, detect, monitor, log, document, and, where appropriate and technically feasible, prevent Fund Data leaving State Street’s control without authorization; provided that, in the event of any data leakage, State Street shall be responsible to the Funds for such data leakage.
(a)Authorized Access - State Street shall have controls that are designed to maintain logical separation such that access to State Street Technology hosting Fund Data and/or being used to provide Services will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privilege, and prevent unauthorized access to Fund Data.
(b)User Access - State Street shall have a process to promptly disable access to Fund Data by any State Street personnel who no longer requires such access. State Street shall also promptly remove access to State Street systems by Fund personnel upon receipt of notification from the applicable Fund.
(c)Authentication Credential Management - State Street shall communicate authentication credentials to users in a secure manner, with a proof of identity check of the intended users.
(d)Multi-Factor Authentication for Remote Access - State Street shall use multi-factor authentication, or another strong authentication mechanism, and a secure tunnel when remotely accessing State Street’s internal network.
9.Use of Laptop and Mobile Devices in connection with the Existing Agreement.
(a)Encryption Requirements - State Street shall encrypt any laptops or mobile devices (e.g., PDAs, tablets, smartphones) containing Fund Data used by State Street’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
(b)Secure Storage - State Street shall require that all laptops and mobile devices be securely stored whenever out of State Street personnel’s immediate possession.
(c)Inactivity Timeout - State Street shall employ access and password controls as well as inactivity timeouts of no longer than thirty (30) minutes on laptops, desktops and mobile devices managed by State Street and used by State Street’s personnel.
(d)Remote Access - State Street shall maintain the ability to remotely remove Fund Data promptly from mobile devices managed by State Street.
10.Information Systems Acquisition Development and Maintenance.
(a)Fund Data – Fund Data shall only be used by State Street for the purposes specified in the Existing Agreement.
(b)Virus Management - State Street shall maintain a malware protection program designed to identify, detect, prevent, and respond to malware infections, malicious code and unauthorized execution of code within State Street Technology, and recover from any impact caused by such malware, malicious code or unauthorized execution of code.
11.Incident Event and Communications Management.
(a)Incident Management/Notification of Breach - State Street shall develop and implement an incident response plan that specifies actions to be taken when State Street or one of its Delegates detects that a party has gained unauthorized access (including inadvertent disclosures) to Fund Data (the “Response Plan”). Such Response Plan shall include an escalation procedure that includes notification to senior managers and appropriate reporting to Regulatory Authorities and law enforcement agencies. This procedure shall provide for reporting of incidents that compromise the confidentiality of Fund Data (including backed up data) to the Funds via telephone or email (and provide a confirmatory notice in writing as soon as practicable); provided that the foregoing notice obligation is excused for such period of time as State Street is prohibited by Legal Requirement from notifying the Funds.
(b)State Street shall promptly notify the Funds (but in no event later than forty-eight (48) hours or such shorter timeframe as may be required under applicable Legal Requirement) after State Street knows that unauthorized access to Fund Data has occurred, unless otherwise prohibited by Legal Requirement. In such an event, and unless prohibited by Legal Requirement, State Street shall provide as part of such notification, to the extent available to State Street, a reasonable description of the circumstances and extent of such unauthorized access sufficient for the Funds to understand material details of any such unauthorized disclosure or access, and shall provide reasonable cooperation to the Funds, their investigators and any Regulatory Authorities:
(i)in the investigation, remediation, and resolution of, any other response to, any such unauthorized access;
(ii)in the Funds’ efforts to comply with statutory notice or other Legal Requirements applicable to the Funds or their Clients arising as a result of such unauthorized access; and
(iii)in litigation and investigations involving the Funds arising as a result of such unauthorized access.
For the avoidance of doubt, State Street shall not be required to disclose or otherwise make available information pursuant to the terms of Section 6.1(e) of this Amendment.
(c)With respect to each unauthorized disclosure or access, State Street shall promptly use commercially reasonable efforts (i) to contain such unauthorized disclosure or access and, further, to prevent further unauthorized access to or misuse of the Fund Data; and (ii) to investigate the unauthorized disclosure or access. State Street shall take reasonable actions to mitigate loss from any such unauthorized disclosure or access.
INSURANCE
Type of Insurance | Minimum Aggregate Coverage |
Errors and Omissions Insurance | $25,000,000 (or such other minimum amounts to the extent coverage is offered/available at commercially reasonable rates, including breadth of coverage) |
Workers Compensation | With respect to U.S. operations of State Street only, in such form and in such amounts as may be required by law |
Broad Form Commercial General Liability Insurance (including Products Completed Operations, Contractual, Personal Injury, Advertising Injury and Broad Form Property Damage coverage) and naming the Fund and its Affiliates (as their interests may appear) as additional insureds | In an amount of at least $10,000,000 combined single limit written on an occurrence basis and including clauses providing that every underwriter shall waive all of its rights of recovery under subrogation or otherwise against the Funds and its Affiliates (as their interests may appear). This limit requirement may be met by any combination of primary Commercial General Liability and excess liability insurance |
Employers’ Liability Insurance | $1,000,000 |
Comprehensive crime coverage or fidelity insurance | $10,000,000 |
Cyber Liability Insurance, including coverage for privacy liability and network security liability, breach costs coverage (to the extent commercially available), with minimum limits per occurrence and in the aggregate, in the amount indicated. | $10,000,000 |
Upon the reasonable request of the Fund(s), State Street shall furnish the Fund(s) with an insurance certificate evidencing the above policies and coverage. An updated insurance certificate will be provided upon reasonable request in accordance with and subject to the terms of the Agreement.
State Street may provide the coverage amounts set forth above by means of “follow on” umbrella insurance policies.
EXHIBIT C [INTENTIONALLY OMITTED]
CONTRACTUAL OBLIGATIONS SUBJECT TO SECTION 8.1(B)
Notwithstanding Section 8.1(a) of the Amendment and pursuant to Section 8.1(b) thereof, State Street shall be responsible for any breach of the below-referenced sections and as otherwise provided in the “Relevant Qualifications” column set forth in this Exhibit D regardless of whether or not State Street (or its Delegates) breached the applicable Standard of Care.
Section | Title | Relevant Qualifications (references to “State Street” below shall be read to apply to State Street or its Delegates, as applicable) |
3 | Delegation | Liability arising out of State Street’s failure to: (i)compensate its Delegates; (ii)comply with its requirements under Section 3.2; or (iii)to provide notice under Section 3.3(c);
shall not require State Street to have breached its Standard of Care.
Remainder of section is subject to Standard of Care. |
4.3 and 4.8 | Personal Information and Disposition of Confidential Information | Liability arising out of State Street’s obligations in Sections 4.3 and 4.8 shall not require State Street to have breached its Standard of Care. |
5.1 | Security Standards |
|
5.2 | Business Continuity | Liability arising out of State Street’s obligations in this section shall not require State Street to have breached its Standard of Care, except for liability arising out of the obligation to comply with the DR/BCP Plan (which shall require a breach of the applicable Standard of Care). |
6 | Audit | Liability arising out of State Street’s obligations in this section shall not require State Street to have breached its Standard of Care, except for liability arising out of State Street’s obligation to carry out a remediation plan pursuant to Section 6.2(b) (which shall require a breach of the applicable Standard of Care). |
7 | Insurance | Liability arising out of State Street’s obligations in this section shall not require State Street to have breached its Standard of Care, except for liability arising out of State Street’s obligation to use sound and reputable insurers (which shall require a breach of the applicable Standard of Care). |
8.2 | Liability |
|
9 | Indemnification |
|
Exhibit A | State Street Information Security Program | Liability arising out of State Street’s obligations in this exhibit shall not require State Street to have breached its Standard of Care, except for liability arising out of State Street’s obligation to update virus protection software which is subject to the applicable Standard of Care. |