Common use of Effective Internal Controls Clause in Contracts

Effective Internal Controls. (a) At the Purchaser’s request, BNYMCM shall provide to the New York Fed (i) documentary evidence regarding the effectiveness of BNYMCM’s internal controls over financial reporting and information security (e.g., relevant internal controls reports, including System and Organization Controls (SOC), and internal compliance assessments, and access to policies and procedures governing BNYMCM’s operations as they relate to the performance of the Services (including, without limitation, ethics policies and security policies and procedures)) and (ii) any available internal or third-party reports that detail the status of compliance by BNYMCM and its affiliates with laws and regulations, including privacy laws and regulations, relevant to this Agreement and the Services. BNYMCM and the New York Fed will cooperate to determine at the time of the request the specific nature of such documentation, provided, however that nothing in this subsection (a) shall obligate BNYMCM to commission any new or additional reports regarding its compliance with internal controls. (b) BNYMCM shall identify the technology solutions and processes it uses in the performance of the Services. BNYMCM shall provide to the New York Fed a list of such technology solutions and processes and shall provide for each such solution or process (i) information sufficient for the New York Fed to assess the appropriateness of the solution or process, (ii) information about BNYMCM’s implementation of the solution or process, and (iii) information about BNYMCM’s process for assessing and mitigating risks and validating the solution or process. At the New York Fed’s reasonable request, BNYMCM will make available its personnel who are knowledgeable about the foregoing for meetings with the New York Fed to discuss questions and provide such additional information as may be necessary or useful to the New York Fed to assess the solutions or processes as they relate to the Services. BNYMCM shall cooperate with the New York Fed to discuss any findings identified by the New York Fed in its review and agree on an appropriate course of action. BNYMCM shall notify the New York Fed promptly of any changes in the inventory of technology solutions and processes used by BNYMCM in the performance of the Services and of any changes in any of the technology solutions and processes or the manner of their implementation that, in either case, could be material to the New York Fed’s review.

Effective Internal Controls. (a) At the Purchaser’s request, BNYMCM a. The Manager shall provide to the New York Fed (i) documentary evidence regarding Fed the effectiveness of BNYMCM’s internal controls over financial reporting and information security (e.g., relevant internal controls reports, including System and Organization Controls Control 1 (SOC), “SOC 1”) – Type II reports of the Manager and internal compliance assessments, its Affiliates with respect to their respective operations and access to policies and procedures governing BNYMCM’s operations as they relate controls relevant to the performance of services under this Agreement, which reports have been prepared by an accredited independent auditor in accordance with the Services American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements (including, without limitation, ethics policies and security policies and procedures)SSAE No. 18) and International Standards of Attestation Engagements No. 3402, or successor standard report (ii) any available internal or third-party reports that detail the status of compliance by BNYMCM and its affiliates with laws and regulations, including privacy laws and regulations, relevant “SOC 1 Reports”). The Manager shall provide SOC 1 Reports to this Agreement and the Services. BNYMCM and the New York Fed will cooperate to determine at least annually. If the time Manager’ SOC 1 Report covers a period other than a calendar year, the Manager shall also provide the New York Fed a letter signed by a responsible officer of the request Manager attesting for the specific nature period of such documentation, provided, however time from the end of the period covered by the SOC 1 Report through the calendar year in which that nothing in this subsection end date occurs (athe “bridge period”) shall obligate BNYMCM that there have been no changes to commission any new the tested controls during the bridge period that would materially or additional reports regarding its compliance with adversely affect the internal controlscontrol environment. (b) BNYMCM b. The Manager shall identify the technology solutions and processes it uses used by the Manager in the performance of services under the ServicesAgreement. BNYMCM The Manager shall provide to the New York Fed a list of such technology solutions and processes and shall provide and, for each such solution or process (ia) information sufficient for the New York Fed to assess the appropriateness of the solution solutions or processprocesses, (iib) information about BNYMCM’s the Manager’ implementation of the solution or solutions and process, and (iii) information about BNYMCM’s the Manager’ process for assessing and mitigating risks and validating the solution or processsolutions and processes. At the New York Fed’s reasonable request, BNYMCM the Manager will make available its personnel staff who are knowledgeable about the foregoing for meetings with the New York Fed to discuss questions and provide such additional information as may be necessary or useful to the New York Fed to assess the solutions or processes as they relate to the Servicesservices to be performed. BNYMCM shall The Manager will cooperate with the New York Fed to discuss any findings identified by the New York Fed in its review and agree on an appropriate course of actionreview. BNYMCM shall The Manager will notify the New York Fed promptly of any changes in the inventory of technology solutions and processes used by BNYMCM the Manager in the performance of the Services services and of any changes in any of the technology solutions and processes or the manner of their implementation that, in either case, could be material to the New York Fed’s review.

Effective Internal Controls. (a) a. At the Purchaser’s request, BNYMCM the Settlement Agent shall provide to the New York Fed (i) documentary evidence regarding the effectiveness of BNYMCMthe Settlement Agent’s internal controls over financial reporting and information security (e.g., relevant internal controls reports, including System and Organization Controls (SOC), and internal compliance assessments, and access to policies and procedures governing BNYMCMthe Settlement Agent’s operations as they relate to the performance of the Services (including, without limitation, ethics policies and security policies and procedures)) and (ii) any available internal or third-third- party reports that detail the status of compliance by BNYMCM the Settlement Agent and its affiliates with laws and regulations, including privacy laws and regulations, relevant to this Agreement and the Services. BNYMCM The Settlement Agent and the New York Fed will cooperate to determine at the time of the request the specific nature of such documentation, provided, however that nothing in this subsection (a) shall obligate BNYMCM the Settlement Agent to commission any new or additional reports regarding its compliance with internal controls. (b) BNYMCM b. The Settlement Agent shall identify the technology solutions and processes it uses in the performance of the Services. BNYMCM The Settlement Agent shall provide to the New York Fed a list of such technology solutions and processes and shall provide for each such solution or process (i) information sufficient for the New York Fed to assess the appropriateness of the solution or process, (ii) information about BNYMCMthe Settlement Agent’s implementation of the solution or process, and (iii) information about BNYMCMthe Settlement Agent’s process for assessing and mitigating risks and validating the solution or process. At the New York Fed’s reasonable request, BNYMCM the Settlement Agent will make available its personnel who are knowledgeable about the foregoing for meetings with the New York Fed to discuss questions and provide such additional information as may be necessary or useful to the New York Fed to assess the solutions or processes as they relate to the Services. BNYMCM The Settlement Agent shall cooperate with the New York Fed to discuss any findings identified by the New York Fed in its review and agree on an appropriate course of action. BNYMCM The Settlement Agent shall notify the New York Fed promptly of any changes in the inventory of technology solutions and processes used by BNYMCM the Settlement Agent in the performance of the Services and of any changes in any of the technology solutions and processes or the manner of their implementation that, in either case, could be material to the New York Fed’s review.

Effective Internal Controls. (a) At the Purchaser’s request, BNYMCM The Account Parties shall provide to New York Fed the System and Organization Control 1 (“SOC 1”) – Type II reports of the Account Parties and their Affiliates with respect to their respective operations and controls relevant to the performance of services under this Agreement, which reports have been prepared by an accredited independent auditor in accordance with the American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements (SSAE No. 18) and International Standards of Attestation Engagements No. 3402, or successor standard report (“SOC 1 Reports”). The Account Parties shall provide SOC 1 Reports to the New York Fed (i) documentary evidence regarding Fed at least annually. If the effectiveness of BNYMCM’s internal controls over financial reporting and information security (e.g.Account Parties’ SOC 1 Report covers a period other than a calendar year, relevant internal controls reports, including System and Organization Controls (SOC), and internal compliance assessments, and access to policies and procedures governing BNYMCM’s operations as they relate to the performance of the Services (including, without limitation, ethics policies and security policies and procedures)) and (ii) any available internal or third-party reports that detail the status of compliance by BNYMCM and its affiliates with laws and regulations, including privacy laws and regulations, relevant to this Agreement and the Services. BNYMCM and the Account Parties shall also provide New York Fed will cooperate to determine at the time a letter signed by a responsible officer of the request Account Parties attesting for the specific nature period of such documentation, provided, however time from the end of the period covered by the SOC 1 Report through the calendar year in which that nothing in this subsection end date occurs (athe “bridge period”) shall obligate BNYMCM that there have been no changes to commission any new the tested controls during the bridge period that would materially or additional reports regarding its compliance with adversely affect the internal controlscontrol environment. (b) BNYMCM The Account Parties shall identify the technology solutions and processes it uses used by the Account Parties in the performance of services under the ServicesAgreement. BNYMCM The Account Parties shall provide to the New York Fed a list of such technology solutions and processes and shall provide and, for each such solution or process (ia) information sufficient for the New York Fed to assess the appropriateness of the solution solutions or processprocesses, (iib) information about BNYMCM’s the Account Parties’ implementation of the solution or solutions and process, and (iii) information about BNYMCM’s the Account Parties’ process for assessing and mitigating risks and validating the solution or processsolutions and processes. At the New York Fed’s reasonable request, BNYMCM the Account Parties will make available its personnel staff who are knowledgeable about the foregoing for meetings with the New York Fed to discuss questions and provide such additional information as may be necessary or useful to the New York Fed to assess the solutions or processes as they relate to the Servicesservices to be performed. BNYMCM shall The Account Parties will cooperate with the New York Fed to discuss any findings identified by the New York Fed in its review and agree on an appropriate course of actionreview. BNYMCM shall The Account Parties will notify the New York Fed promptly of any changes in the inventory of technology solutions and processes used by BNYMCM the Account Parties in the performance of the Services services and of any changes in any of the technology solutions and processes or the manner of their implementation that, in either case, could be material to the New York Fed’s review.

Effective Internal Controls. (a) At the Purchaser’s request, BNYMCM The Account Parties shall provide to FRBNY the New York Fed (i) documentary evidence regarding the effectiveness of BNYMCM’s internal controls over financial reporting and information security (e.g., relevant internal controls reports, including System and Organization Controls Control 1 (SOC), “SOC 1”) – Type II reports of the Account Parties and internal compliance assessments, their Affiliates with respect to their respective operations and access to policies and procedures governing BNYMCM’s operations as they relate controls relevant to the performance of services under this Agreement, which reports have been prepared by an accredited independent auditor in accordance with the Services American Institute of Certified Public Accountants’ Statement on Standards for Attestation Engagements (including, without limitation, ethics policies and security policies and procedures)SSAE No. 18) and International Standards of Attestation Engagements No. 3402, or successor standard report (ii) any available internal or third-party reports that detail “SOC 1 Reports”). The Account Parties shall provide SOC 1 Reports to the status of compliance FRBNY at least annually. If the Account Parties’ SOC 1 Report covers a period other than a calendar year, the Account Parties shall also provide FRBNY a letter signed by BNYMCM and its affiliates with laws and regulations, including privacy laws and regulations, relevant to this Agreement and the Services. BNYMCM and the New York Fed will cooperate to determine at the time a responsible officer of the request Account Parties attesting for the specific nature period of such documentation, provided, however time from the end of the period covered by the SOC 1 Report through the calendar year in which that nothing in this subsection end date occurs (athe “bridge period”) shall obligate BNYMCM that there have been no changes to commission any new the tested controls during the bridge period which would materially or additional reports regarding its compliance with adversely affect the internal controlscontrol environment. (b) BNYMCM The Account Parties shall identify the technology solutions and processes it uses used by the Account Parties in the performance of services under the ServicesAgreement. BNYMCM The Account Parties shall provide to the New York Fed FRBNY a list of such technology solutions and processes and shall provide and, for each such solution or process (ia) information sufficient for the New York Fed FRBNY to assess the appropriateness of the solution solutions or processprocesses, (iib) information about BNYMCM’s the Account Parties’ implementation of the solution or solutions and process, and (iii) information about BNYMCM’s the Account Parties’ process for assessing and mitigating risks and validating the solution or processsolutions and processes. At the New York FedFRBNY’s reasonable request, BNYMCM the Account Parties will make available its personnel staff who are knowledgeable about the foregoing for meetings with the New York Fed FRBNY to discuss questions and provide such additional information as may be necessary or useful to the New York Fed FRBNY to assess the solutions or processes as they relate to the Servicesservices to be performed. BNYMCM shall The Account Parties will cooperate with the New York Fed FRBNY to discuss any findings identified by the New York Fed FRBNY in its review and agree on an appropriate course of actionreview. BNYMCM shall The Account Parties will notify the New York Fed FRBNY promptly of any changes in the inventory of technology solutions and processes used by BNYMCM the Account Parties in the performance of the Services services and of any changes in any of the technology solutions and processes or the manner of their implementation that, in either case, could be material to the New York FedFRBNY’s review.