AMENDMENT TO MASTER AGREEMENT FOR SS&C FAN SERVICES-MUTUAL FUNDS BETWEEN TRIBUTARY FUNDS, INC. AND SS&C GIDS, INC.
AMENDMENT
TO
MASTER AGREEMENT FOR SS&C FAN SERVICES-MUTUAL FUNDS
BETWEEN
AND
SS&C GIDS, INC.
THIS AMENDMENT (“Amendment”), signed on this 16th day of July, 2024 (the “Amendment Effective Date”), to the AMENDED AND RESTATED AGENCY AGREEMENT, dated October 1, 2012, as previously amended from time to time (the “Agreement”), by and between TRIBUTARY FUNDS, INC. (previously First Focus Funds, Inc., “Customer”), and SS&C GIDS, INC., a Delaware corporation (previously DST Systems, Inc., “SS&C”).
WHEREAS, FANWeb Services have come to end of life and are no longer being provided by SS&C; and
WHEREAS, the parties desire add Digital Investor Platform Services to the Agreement, upon the following terms and conditions.
NOW, THEREFORE, in consideration of the mutual promises, undertakings, covenants and conditions set forth herein, Customer and SS&C agree as follows.
| 1. | Amendment. |
| a. | FANWeb Services. FANWeb Services, as described therein, are hereby terminated in their entirety. |
| b. | Digital Investor Platform Services. The attached Service Exhibit for Digital Investor Platform Services is hereby added and incorporated into the Agreement. |
| c. | Terms and Conditions Multi-Factor Authentication. The attached Addendum 1 entitled Terms and Conditions Multi-Factor Authentication is hereby added and incorporated into the Agreement. |
| 2. | Effect on Agreement. As of the Amendment Effective Date, this Amendment shall be effective to amend the Agreement and to the extent of any conflict between the Agreement and any prior Amendments, this Amendment supersedes and replaces the Agreement. |
| 3. | Execution in Counterparts. This Amendment may be executed in separate counterparts, each of which will be deemed to be an original and all of which, collectively, will be deemed to constitute one and the same Amendment. |
| 4. | Terminology. The words “include”, “includes”, and “including” will be deemed to be followed by the phrase “without limitation”. The words “herein”, “hereof”, “hereunder” and similar terms will refer to this Amendment unless the context requires otherwise. |
| 5. | Agreement in Full Force and Effect. Except as specifically modified by this Amendment, the terms and conditions of the Agreement shall remain in full force and effect, and the Agreement, as amended by this Amendment, and all of its terms, but not limited to any warranties and representations set forth therein, if any, are hereby ratified and confirmed by Customer and SS&C as of the Amendment Effective Date. |
| 6. | Capitalized Terms. All capitalized terms used but not defined in this Amendment will be deemed to be defined as set forth in the Agreement. |
| 7. | Authorization. Each Party hereby represents and warrants to the other that the person or entity signing this Amendment on behalf of such Party is duly authorized to execute and deliver this Amendment and to legally bind the Party on whose behalf this Amendment is signed to all of the terms, covenants and conditions contained in this Amendment. |
| Copyright SS&C GIDS, Inc. 2023 | 1 | SS&C CONFIDENTIAL |
IN WITNESS WHEREOF, the parties hereto have caused this Amendment to be executed by their duly authorized representatives as of the date first written herein above.
| TRIBUTARY FUNDS, INC. | SS&C GIDS, INC. | |||
| By: | /s/ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ | By: | /s/ ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ | |
| Name: | ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ | Name: | ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ | |
| Title: | Sr. Vice President | Title: | Authorized Representative | |
| Copyright SS&C GIDS, Inc. 2023 | 2 | SS&C CONFIDENTIAL |
SERVICE EXHIBIT
For
DIGITAL INVESTOR PLATFORM SERVICES
| 1. | Services. Customer has requested, and SS&C will provide Digital Investor Services as one of the Digital Solutions Services pursuant to the terms of the Master Agreement for SS&C FAN Services-Mutual Funds (the “Agreement”) between Customer and SS&C. The Services are further described in the Statement of Work for Digital Investor Platform Development (“SOW”), attached hereto. Any capitalized terms not defined in this SERVICE EXHIBIT FOR DIGITAL INVESTOR PLATFORM SERVICES (this “Service Exhibit”) shall have the same meaning as the terms in the Agreement. This Service Exhibit expressly incorporates by reference and is subject to the Agreement. In the event of any conflict between the terms and conditions of the Agreement and the terms and conditions of this Service Exhibit, the terms and conditions of this Service Exhibit will control such conflict with respect to the services provided hereunder. |
| 2. | Destruction on Termination. Upon termination or expiration of this Service Exhibit, SS&C will: |
| a. | Return any written, printed, or tangible materials supplied to SS&C by Customer in connection with the development of the enhanced web functionality for Customer that include Customer data. |
| b. | Alternatively, with the written consent of Customer, SS&C may securely destroy any of the foregoing embodying Customer data (or the reasonably non-recoverable data erasure of computerized data) and, upon request, shall certify such destruction in writing by an authorized officer of SS&C supervising the destruction. |
SS&C may retain documents as is necessary to comply with its own document retention policies or as required by applicable law, or by a governmental or regulatory agency or body, in which case all such retained documents shall continue to be subject to the terms of this Service Exhibit.
| 3. | Definitions. For purposes of this Service Exhibit, the following additional definitions shall apply (in addition to all other defined terms in the Agreement): |
3.1 “Customer Web Site” shall mean the collection of electronic documents or pages residing on the computer system of Customer (or an Internet Service Provider (“ISP”) hired by Customer) connected to the Internet and accessible through the World Wide Web, where User may view information about the Funds and link to Digital Investor.
3.2 “Multi-Factor Authentication” shall mean the User “out of band” (“OOB”) authentication process, utilized by Digital Investor, as governed by the terms in Addendum 1 attached hereto, whereby SS&C together with a third party service provider implements multi-factor authentication (“MFA”) security features enabling Users to enter contact information into a User security profile and establish a multi-factor authentication method for access to account data. MFA authentication will enable Users to configure or update MFA security profiles, including preferred method for MFA notifications, whereby a temporary one-time authentication code is sent to the User via SMS text message or email, which the User then enters into the application.
3.3 “Shareholder” shall mean the record owner or authorized agent of the owner of shares of a Fund.
| 4. | Acceptance Process. In accordance with a mutually agreed upon project milestones and timeline, Customer and SS&C will review and/or test each phase of the services and each deliverable contemplated by this Service Exhibit requiring acceptance within the period set forth within the SOW attached hereto. |
| 5. | Project Changes. During this Service Exhibit Customer may request changes in Services (hereinafter collectively "Changes"). Any Changes agreed to by SS&C will be in writing signed by a duly authorized representative of each party, and function as an addendum to and be incorporated as part of the Service Exhibit. Changes may result in an increase or decrease in the fees for a project and/or adjustment of the delivery date as mutually agreed to by the parties and may require adjustments to the SOW or a separate SOW altogether. If adjustments to the SOW are not made or a separate SOW is not created, then Customer will pay SS&C for the additional Changes based on the then current hourly rate. As part of its approval, SS&C may condition any Change on an increase in the payments to be |
| Copyright SS&C GIDS, Inc. 2023 | 3 | SS&C CONFIDENTIAL |
made for the Services and a new work schedule if SS&C believes in good faith that such Change necessitates a change in the work schedule and SS&C will incur additional costs to implement such Change.
| 6. | FAN Web Functions and Client-Specific Customization - Not Carried Over to Digital Investor |
6.1 We realize that many clients may have made improvements to their FAN Web sites over the years. This may have included custom coding to account for certain functions, to improve the user experience, or logic for certain business items.
6.2 The Digital Investor platform is on a completely different infrastructure than FAN Web. While Digital Investor does use the FAN Web configuration options to control business rules and other attributes behind the scenes, nothing else is shared with the FAN Web templates.
6.3 This means that workflows, display, and other related logic will perform as indicated in the Digital Investor summary product specification document, which may differ from the way that FAN Web performs or displays these features and functions today.
6.4 Unless specifically called out in the Digital Investor proposal, no FAN Web functions and/or custom or client-specific FAN Web features will be carried over into the Digital Investor site build. The summary product specification document that is provided with your proposal/estimate indicates how features and functions will be displayed, implemented, and customized.
6.5 If there are items that you wish to include in your Digital Investor build, we can work on a consultative basis with you to estimate these items for possible inclusion.
6.6 All functions will follow the standard Digital Investor Product Specifications unless noted. Customizations beyond those specifications will necessitate a change of scope which may impact timeline and cost.
| 7. | Deliverables. Customer acknowledges and agrees that it obtains no rights in or to any of the Deliverables other than as provided herein. Customer shall be entitled to use such Deliverables, as outlined in the SOW attached hereto, solely in conjunction with its use of the Services. Customer agrees that the Deliverables shall not be used to connect Customer to any transfer agency system or any other person without SS&C’s prior written approval. Customer also agrees not to take any action which would mask, delete or otherwise alter any on-screen disclaimers of SS&C or its Affiliates (including electronic forms which Users are required to accept) and copyright, trademark and service mark notifications provided by SS&C or its Affiliates from time to time, or any “point and click” features relating to User acknowledgment and acceptance of such disclaimers and notifications. |
| 8. | SS&C Responsibilities. The Services hereunder shall include: |
8.1 Development Responsibilities.
SS&C shall perform the Services to configure and implement certain enhanced web functionality on Customer’s website. Implementation will include the functions described more fully in the attached SOW.
8.2 On-going Support Responsibilities.
SS&C will provide the following support and maintenance services:
| i. | Maintaining the enhanced web infrastructure and associated disaster relief environments; |
| ii. | Updates to the common enhanced web software as needed to maintain compatibility with API’s; |
| iii. | Updates required by changes that SS&C chooses to make to the core enhanced web platform or hardware infrastructure that were not requested by Customer; |
| iv. | Access to the SS&C help desk and other online support as required and above the SS&C support layer; |
| v. | Ongoing research and development of new features, functions, and interfaces; |
| vi. | Update as needed to maintain functionality with most recent browser updates as defined by the SS&C browser compatibility schedule; |
| Copyright SS&C GIDS, Inc. 2023 | 4 | SS&C CONFIDENTIAL |
| vii. | Updates as required to the Digital Investor main and disaster recovery environments; and |
| viii. | In connection with Multi-Factor Authentication: |
| a. | maintain User security profile information; |
| b. | receive and route User login requests to an authentication risk engine for evaluation, issuing challenge responses when risk factors are identified in login attempt; |
| c. | generate random authentication codes to be sent via Users’ registered contact methods, and require User to successfully enter valid authentication codes to gain access; and |
| d. | during instances of time to time downtime for planned maintenance or unavailability of the authentication risk engine, continue authentication by issuing challenges to all Users attempting logins until the maintenance window or unavailability of the authentication risk engine has concluded. |
| 9. | Customer Responsibilities. In addition to performing all customer responsibilities as set forth in the Agreement and this Service Exhibit, Customer shall be responsible for providing timely feedback, testing and approvals to SS&C in connection with the foregoing Services and shall provide SS&C with such other written instructions as SS&C may request from time to time relating to the performance of SS&C’s obligations hereunder. |
| 10. | Limitation of Liability. Notwithstanding anything in the Agreement to the contrary, for purposes of this Service Exhibit neither SS&C nor any SS&C Associate shall be liable to Customer for any action or inaction of any SS&C Associate except to the extent of direct Losses (as defined herein) finally determined by a court of competent jurisdiction to have resulted solely from the gross negligence, willful misconduct or fraud of SS&C in the performance of SS&C’s duties or obligations under this Agreement. “Losses” shall mean any and all compensatory, direct, indirect, special, incidental, consequential, punitive, exemplary, enhanced or other damages, settlement payments, attorneys’ fees, costs, damages, charges, expenses, or other losses of any kind. Under no circumstances shall SS&C Associates be liable to Customer for Losses that are indirect, special, incidental, consequential, punitive, exemplary or enhanced or that represent lost profits, opportunity costs or diminution of value. Customer shall indemnify, defend and hold harmless SS&C and SS&C associates from and against Losses that SS&C and the SS&C Associates suffer, incur, or pay as a result of any Third Party Claim or Claim among the Parties . Any expenses (including legal fees and costs) incurred by SS&C in defending or responding to any Claims (or in enforcing this provision) shall be paid by Customer on a quarterly basis prior to the final disposition of such matter upon receipt by Customer of an undertaking by SS&C to repay such amount if it shall be determined that a SS&C Associate is not entitled to be indemnified. The maximum amount of cumulative liability of SS&C to Customer and for Losses arising out of the subject matter of, or in any way related to, this Service Exhibit shall not exceed the fees paid by Customer to SS&C under this Service Exhibit for the most recent twelve (12) months immediately preceding the date of the event giving rise to the Claim. |
SS&C shall indemnify, defend and hold harmless Client and its Affiliates from and against Losses (including reasonable legal fees and costs to enforce this provision) that Customer or its affiliates suffer, incur, or pay as a result of any third party Claim that the Services infringe, or cause the infringement of, the intellectual property rights of a third party, except to the extent such infringement is a result of or arises out of: (i) improper use of the Services by Customer or its affiliates; (ii) modifications to the Services by Customer not previously authorized in writing by SS&C; (iii) Customer Users not complying with instructions or designs required by SS&C; (iv) use of the Services by Customers or Users in breach of this Service Exhibit; or (v) the combination of the Services by Client or Users with products or systems other than those provided for use with the Services by, or authorized in writing by, SS&C. SS&C may discharge its indemnity obligation by, at its sole option and expense (a) procuring any right to allow Customer to continue to receive the infringing part of the Services; (b) modifying, amending or replacing the infringing part of the Services with other services that deliver substantially the same capabilities; or (c) terminating the infringing part of the Services, provided that SS&C shall in such case refund any fees paid in advance with respect thereto.
| 11. | Fees and Term. The fees payable to SS&C by Customer for the Services under this Service Exhibit are set forth on the Fee Schedule attached to this Service Exhibit, which is incorporated into this Service Exhibit as if fully set forth herein. The term of this Service Exhibit shall be co-terminus with the Amended and Restated Agency Agreement between the parties dated October 1, 2012. |
| Copyright SS&C GIDS, Inc. 2023 | 5 | SS&C CONFIDENTIAL |
SERVICE EXHIBIT - FEE SCHEDULE
DIGITAL INVESTOR PLATFORM AND
ON-GOING SUPPORT AND MAINTENANCE SERVICES
FEE SCHEDULE
| I. | Digital Investor Platform Ongoing Support & Maintenance |
None.
MFA Services
| Monthly Login Volumes | |
| 0 – 100,000 | $6,000 per year |
| 100,001 – 999,999 | $8,000 per year |
| 1,000,000 + | $10,000 per year |
| MFA Services | |
| Calls to ThreatMetrix | $0.008 per call |
| Text Notification and One-Time Password | $0.06 per occurrence |
| Email Notification and One-Time Password | $0.06 per occurrence |
Note: Notwithstanding the above, SS&C reserves the right to implement fees for the ongoing support and maintenance of Digital Investor in the future. These fees will not reflect and will not be inclusive of the underlying the Digital Platform, API or other charges that will be agreed upon between Customer and SS&C as part of the overall SS&C agreement.
| II. | Technical Personnel (2023 Standard Rates) |
| Business Analyst / Tester / Other | $165.00/ hour |
| COBOL / Workstation Programmer | $220.00/ hour |
| Web Developer | $275.00/ hour |
| Full Service Staff Support | $110.00/ hour |
Notes to Above Fees:
| 1) | On each January 1 (pro-rated for a previous partial year), all fees for the following year shall be increased by the amount the last published US Consumer Price Index – All Urban Consumers - U.S. City Average - All Items compiled by the US Bureau of Labor Statistics (“CPI-U”) has increased since the CPI-U that was published immediately before January 1 of the previous year, plus three percent (US CPI + 3%). In the absence of CPI-U being published, the Parties shall agree in writing to use another index that most closely resembles CPI-U. Items marked by an “*” are subject to change with sixty (60) day notice. |
| 2) | Any fees, reimbursable, or other expenses not paid within thirty (30) days of receipt of invoice will be charged a late payment fee of one and a half percent (1.5%) per month until payment is received. |
| Copyright SS&C GIDS, Inc. 2023 | 6 | SS&C CONFIDENTIAL |
STATEMENT OF WORK
for
Digital Investor Platform Development
This Statement of Work (“SOW”) shall be incorporated into and governed by the terms and conditions of the Master Agreement for SS&C FAN Services-Mutual Funds, between Tributary Funds, Inc. (“Customer”) and SS&C GIDS, Inc. (“SS&C”) (the “Agreement”) and the Service Exhibit for Digital Investor Platform Services. Phrases defined in the Agreement or the Service Exhibit for Digital Investor Platform Services and used in this SOW have the same meaning when used here as they do when used in the Agreement or the Service Exhibit for Digital Investor Platform Services. In the event of any conflict between the terms and conditions of this SOW and the Agreement or Service Exhibit for Digital Investor, the terms and conditions of this SOW shall govern.
| 1. | Development Services |
Digital Investor Platform Development Services will be based upon the elements mutually agreed to between Customer and SS&C, as set forth in the Initial Professional Service Schedule – Digital Investor Pages, and product specification documents. To assist with the development of the Digital Investor Platform, SS&C will be using standard components, functions, and business rules of Digital Investor Platform as a baseline for requirements and development. In some cases, excluding and/or removing functionality from the Digital Investor Platform standard components may be detrimental to the project from a cost or timeline perspective. As these functions are identified, they will be disclosed to Customer to determine whether the given functions should be included or excluded from scope with any impact to timeline or fee schedule.
Scope of Professional Services
Digital Investor Platform Professional Services are provided by SS&C and consists of implementation, configuration, consulting and other programming-related services (collectively “Professional Services”), as further described below, in connection with Customer’s use of the Digital Investor Web Site, the Digital Platform, and other SS&C products or systems.
The new Digital Investor screens and workflows will be compatible with existing SS&C the Digital Platform API services for access to recordkeeping system data and processes. Professional Services will allow the screens to be built to current design, coding and mobile accessibility standards, and to provide an enhanced end-user experience.
Customer’s Digital Investor web site will include all of the features and functionality listed in the Initial Professional Services Schedule, including the custom options listed. Wording and content changes on the site will be accommodated as reasonably requested by Customer in accordance with the platform requirements. For non-custom functions listed, Professional Services will develop the site per the production specifications for the Digital Investor Platform, incorporating Customer’s options, and styling and branding information.
SS&C and Customer may at any time agree to additions, deletions or modifications to Customer’s web site design via a Change Order.
Customer will be provided with an intake form to provide styling and branding information, such as high resolution logos, preferred fonts, colors, as well as disclaimer text, footer links, and other styling and customization data. Customer agrees to return the completed intake form within five (5) business days unless otherwise arranged.
Custom Options: For Landing Page and Asset Allocation, Professional Services will leverage industry practices and recommended Digital Investor screens and workflows. Estimates in the Fee Schedule attached hereto are based upon these industry practices, screens and workflows. This estimate includes one working design session plus a final review. Customer will give consideration to the Digital Investor recommended workflows and process as a solution for these requirements. Any material changes to the workflows or process will be discussed as part of these working sessions and will be mutually agreed upon by both Customer and Professional Services; Professional Services will assess any possible impact to project timeline and costs. Any changes to these workflows will follow the project change control process.
Professional Services will perform testing of Customer’s platform to determine its (i) conformity with the standards of certain frequently used browsers; and (ii) mobile devices, in accordance with standard practices. Please note that responsive design is
| Copyright SS&C GIDS, Inc. 2023 | 7 | SS&C CONFIDENTIAL |
an approach to web design aimed at providing an optimal viewing experience across a very wide range of devices. Some functionality may contain data elements or screen structures (tables) that are not optimal for smaller screen sizes. These features will be functional but are optimized to the extent possible given the restrictions of the screen.
Change control for Professional Services will be governed by an industry standard change management process. In general, any revised and/or new workflows will be mutually agreed upon by Customer and Professional Services.
User Acceptance Testing. User Acceptance Testing (“UAT”) will be completed by Customer. SS&C agrees to provide resource allocations if necessary that are adequate to complete first round and second round (defect remediation testing) of testing per the project schedule.
Bug Tracking: Professional Services employs industry standard web-based bug tracking tools, project management, and workflow management (change control, release management). Customer as well as the UAT team will employ the bug tracking tool to report defects, request changes, and other project-related workflows.
The screens, workflows, and functions to be included in Digital Investor Platform- Initial Professional Services for Customer’s secure account access site are outlined in the Initial Professional Services Schedule.
| 2. | Advanced Bank Account Verification |
If requested by Customer and subject to a separate Service Exhibit, SS&C will make available an advanced bank account validation service to replace the paper forms and related medallion guarantees in use currently. The advanced bank account validation service will be provided by a third party vendor in conjunction with the Digital Investor Platform. The bank account validation functionality will allow Users to verify a new bank account by providing a certain account information or credentials from their bank. SS&C will transmit such inquiry to vendor to evaluate User’s bank information. The terms of use associated with advanced bank account validation services will be incorporated in a separate service exhibit. In order to receive the advanced bank account verification service, Customer acknowledges and agrees that Customer and Users must agree to comply with the contract terms and conditions required by the vendor. For the avoidance of doubt, SS&C and the vendor are each independent entities and not employees, agents, partners, joint venturers or legal representatives of the other. SS&C disclaims all liability for the performance of the vendor’s services and will not be liable with respect to any claims for losses, damages, costs or expenses which may result directly or indirectly from vendor’s delivery of the advanced bank validation services in connection with the Digital Investor Platform.
| 3. | MFA Authentication |
SS&C will make available a digital User identity and access management service to authenticate Users in connection with additional services. Subject to the terms of Addendum 1, SS&C together with a third party service provider will implement MFA Authentication security features enabling Users to enter contact information into a User security profile and establish a multi-factor authentication method for access to account data, subject to terms required by the third party service provider. Development of MFA Authentication will enable Users to configure or update MFA security profiles, including preferred method for MFA notifications, whereby a temporary one-time authentication code is sent to the User via SMS text message or email, which the User then enters into the application.
| 4. | Browser Support |
SS&C will perform testing of Customer’s website to determine its (i) conformity with the standards of certain frequently used browsers; at the start of the project and then annually, if on-going support services are elected by Customer1; and (ii) its functionality on certain mobile devices. Such testing will be performed in accordance with SS&C’s E-Business Solutions Graded Browser Support standards.
| 5. | Web Analytics |
If selected by Customer, the Web Analytics solution will employ a web-based analytics tracking tool on the platform. Web Analytics solution applies automated technology to generate reports on certain User behavior and interaction within the Digital Investor site at a demographic level. In addition to the rights and restrictions set forth in the Agreement and this SOW,
| 1 | Fees for on-going browser testing support will be as mutually agreed upon by the parties. |
| Copyright SS&C GIDS, Inc. 2023 | 8 | SS&C CONFIDENTIAL |
with respect to the Web Analytics functionality of Digital Investor and collection of related data, Customer’s use of Web Analytics services may depend upon compliance with terms and conditions for integrated third party Web Analytics applications. Such third party terms and conditions may require, without limitation: i) incorporation of third party application privacy terms by reference into the privacy policy made available to Users on Customer’s Digital Investor web site; ii) provision by Customer to its Users of any legally required notice, or collection by Customer of any legally required User consent, for such data collection or use; and iii) Customer's presentation of an opportunity to each User to opt out of the collection or use of data in connection with the Web Analytics services; in each case in compliance with applicable laws, to allow SS&C or applicable third party to collect and use such data in connection with providing Web Analytics services to Customer.
The Services included represent SS&C’s standard offering and do not include customization. If Customer requests changes to the Services then the parties agree to enter into a separate SOW and such Services may affect the established project timeline and fees in this SOW.
Fees. The fees payable to SS&C by Customer for the Services under this Statement of Work are set forth on the Statement of Work Fee Schedule attached hereto. Fees will be invoiced based upon mutually agreed project milestones. SS&C and Customer will work together to ensure that the estimated fee is not exceeded without prior consent. SS&C will notify Customer if SS&C believes that the estimated fee will be exceeded.
| Copyright SS&C GIDS, Inc. 2023 | 9 | SS&C CONFIDENTIAL |
STATEMENT OF WORK – INITIAL PROFESSIONAL SERVICES SCHEDULE
for
DIGITAL INVESTOR PAGES
The following screens, workflows and functions are included in the Digital Investor Platform initial build:
Digital Investor Implementation
The following represents the recommended features for a Digital Investor implementation. These take into account the existing features offered to existing shareholders while also adding new features to the platform. The pricing listed takes into account scope and tasks necessary to include these features or remove them from the build.
| Web Accessibility | |
| WCAG 2.1 Level AA2 | X |
| Secured Account Access | |
| Register New User | X |
| Secure Login | X |
| Advanced Authentication with Out of Band Authentication | X |
| Retrieve User ID | X |
| Reset Password (Advanced work flow using MFA) | X |
| Account Inquiry | |
| Display Portfolio Summary | X |
| Enhanced Portfolio Display (Hide Zero Balance Accounts, Set Portfolio Sort Order) | X |
| View Transaction History with Filtering | X |
| View Statements/Tax Forms/Confirmations | X |
| Consent for eDelivery | X |
| View Pending Transactions | X |
| Site Map | X |
| Account Nicknames & Icons | X |
| Welcome Back Banner | X |
| Cost Basis | |
| View Cost Basis Activity (Unrealized & Realized Gain/Loss) | X |
| Update Cost Basis Method: | |
| · Apply a single cost basis method to all investments · Apply cost basis election to each investment |
X |
| Beneficiary Information | |
| View Beneficiary & Transfer on Death (▇▇▇) Beneficiary | X |
| Beneficiaries - Add/Change/Delete | X |
| 2 | SS&C has used commercially reasonable efforts to design the Services in accordance with published Web Content Accessibility Guidelines, and will do so under applicable newer published guidelines for future upgrades to or development of the Services that occurs subsequent to publication of new guidelines. However, due to the subjective nature of such guidelines, SS&C will not provide compliance certification with respect thereto. |
| Copyright SS&C GIDS, Inc. 2023 | 10 | SS&C CONFIDENTIAL |
| Purchase | |
| Fiduciary | X |
| Non-Fiduciary | X |
| Redeem | |
| Fiduciary | X |
| Non-Fiduciary | X |
| Exchange | |
| Fiduciary to Fiduciary | X |
| Non-Fiduciary to Fiduciary | |
| Non-Fiduciary to Non-Fiduciary | X |
| Systematics | |
| Systematic Purchase – View/Add/Change | X |
| Systematic Exchange – View/Add/Change | |
| Systematic Redeem – View/Add/Change | X |
| Pending Trades | |
| Cancel Pending Trades | X |
| Account Maintenance | |
| Change Username | X |
| Change Password | X |
| Update Security Profile (SMS Number and/or E-mail for OOB) | X |
| Contact Information | |
| Address of Registration - View/Change | X |
| Telephone Number - View/Add/Change | X |
| Email Address - View/Add/Change | X |
| Distribution Options - View/Change | X |
| Messaging Framework | |
| Informational Messages (Pre-Authentication) | X |
| Index Page Only | X |
| Message at Log out | |
| Additional Options | |
| Operator ID | X |
| Analytics Enabled & Basic Reports | X |
| AWD Integration | |
| Courtesy E-mails | X |
| Year to Date Tax Information | |
| Duplicate Statements & Tax Forms | |
| View Dealer Information | X |
| Calculate Historical Balance | X |
| Copyright SS&C GIDS, Inc. 2023 | 11 | SS&C CONFIDENTIAL |
STATEMENT OF WORK
FEE SCHEDULE
| I. | Project Implementation3 |
| One Time Implementation Fee – Web Only | |
| FANWeb to Digital Investor Transition Fee | Waived |
Any changes to the services under this Statement of Work requested by Customer must be submitted to SS&C in writing detailing the specific change(s) requested. In connection with any such requested change, SS&C and Customer shall confer, diligently and in good faith, and agree upon such changes and any additional fees applicable thereto. No more than fifteen (15) hours of text changes will be allowed during User Acceptance Testing (UAT).
Any enhancements or changes to workflow or features may affect timelines, scope and fees.
| 3 | Fee shown is an estimate based on known requirements. Any material changes to the scope of the services under this Statement of Work may impact the foregoing fee. |
| Copyright SS&C GIDS, Inc. 2023 | 12 | SS&C CONFIDENTIAL |
ADDENDUM 1
Terms and Conditions
Multi-Factor Authentication Services
Multi-Factor Authentication Services. SS&C will provide SS&C Multi-Factor Authentication (“MFA”) as one of the services provided to Customer pursuant to the terms of the governing agreement (the “Master Agreement”) between Customer and SS&C. Any terms not defined in these Terms and Conditions shall have the same meaning as the terms in the Master Agreement. In the event of any conflict between the terms and conditions of the Master Agreement and these Terms and Conditions, the provisions of these Terms and Conditions will control such conflict with respect to the services provided hereunder.
1. Customers’ Services Subscription. SS&C grants Customer a limited, revocable, non-exclusive, nontransferable right to use certain services of ThreatMetrix, Inc. (“ThreatMetrix”) (the “ThreatMetrix Services”), and any other materials or intellectual property SS&C provides to Customer in connection with the ThreatMetrix Services (the “ThreatMetrix Materials”), solely for Customer’s own internal business purposes, namely: (i) identity verification; (ii) mitigation of financial and business risk; (iii) detection, investigation, assessment, monitoring and prevention of fraud and other crime; and/or (iv) compliance with anti-money laundering (AML), counter-terrorism financing (CTF), anti-bribery and corruption (ABC) and similar laws, after implementation and configuration of Customer’s website, and subject to the terms and conditions of this agreement. Customer shall not: (i) interfere with or disrupt the integrity or performance of the ThreatMetrix Services or the ThreatMetrix Services Data contained therein; or (ii) attempt to gain unauthorized access to the ThreatMetrix Services or their related systems or networks. “ThreatMetrix Services Data” shall include the following: any technology embodied or implemented in the ThreatMetrix Services or ThreatMetrix Materials; any computer code provided by ThreatMetrix for Customer’s website or computer network; any hosting environment made accessible by Customer for purposes of obtaining the ThreatMetrix Services; any suggestions, ideas, enhancement requests, or feedback related to the ThreatMetrix Services; any user device data, Internet Protocol (IP) addresses, anonymous device information, machine learning data, user data persistent in the ThreatMetrix network, device reports, or transaction histories; and any corollaries, associations, and ThreatMetrix conclusions pertaining to or arising out of any of the foregoing. Customer will provide ThreatMetrix Services Data to ThreatMetrix as may be necessary for ThreatMetrix to provide to Customer the ThreatMetrix Services. Customer will take such actions as may be legally and technically necessary to allow ThreatMetrix to collect ThreatMetrix Services Data Customer decides to receive in connection with the ThreatMetrix Services.
2. Legal Compliance. Customer will use, and Customer will require that Customer’s customers use, the ThreatMetrix Services in compliance with applicable law including, without limitation, those laws related to data privacy, international communications, and the transmission of technical or personal data. Without limiting the generality of the foregoing, Customer will be responsible for any notifications or approvals required from Customer’s customers or, if applicable, clients of Customer’s customers, arising out of any use of the ThreatMetrix Services including, without limitation, those relating to any computer code deposited on any device and any information secured from such customers or clients (or their respective devices). Customer also will be responsible for compliance with laws and regulations in all applicable jurisdictions concerning the data of Customer’s customers or clients of Customer’s customers.
3. Ownership. As against Customer, ThreatMetrix (and its licensors, where applicable) owns all right, title and interest, including all related intellectual property rights, in and to the ThreatMetrix Services and ThreatMetrix Materials, any software delivered to Customer, any hosting environment made accessible by Customer, any technology embodied or implemented in the ThreatMetrix Services and ThreatMetrix Materials, any computer code provided by ThreatMetrix for Customer’s particular website and computer network, and any ThreatMetrix Services Data. The ThreatMetrix name, the ThreatMetrix logo, and the product names associated with the ThreatMetrix Services are trademarks of ThreatMetrix or third parties, and no right or license is granted to use them. All rights not expressly granted to SS&C are reserved by ThreatMetrix and its licensors, and Customer shall have no rights which arise by implication or estoppel.
4. Limitations. The ThreatMetrix Services analyze the activities and other attributes of devices used in transactions, and provide information, including device reports generated by the ThreatMetrix Services (“Device Reports”), based on the data analyzed and the policies Customer defines. The ThreatMetrix Services provide information as to whether a device contains attributes which correlate to a device(s) used in a fraudulent transaction, but do not determine the eligibility of any individual for credit. Customer acknowledges and agrees that ThreatMetrix does not intend that the Device Reports, or any ThreatMetrix Materials, be considered consumer reports subject to the federal Fair Credit Reporting Act (“FCRA”). Customer represents that
| Copyright SS&C GIDS, Inc. 2023 | 13 | SS&C CONFIDENTIAL |
it will not use the Device Reports (or any other data provided by ThreatMetrix) for making credit eligibility decisions or for any other impermissible purpose listed in Section 604 of the FCRA (15 U.S.C. §1681b). In addition, Customer shall not, and shall not permit any representative or third party to: (a) copy all or any portion of any ThreatMetrix Materials; (b) decompile, disassemble or otherwise reverse engineer (except to the extent expressly permitted by applicable law, notwithstanding a contractual obligation to the contrary) the ThreatMetrix Services or ThreatMetrix Materials, or any portion thereof, or determine or attempt to determine any source code, algorithms, methods, or techniques used or embodied in the ThreatMetrix Services or any ThreatMetrix Materials or any portion thereof; (c) modify, translate, or otherwise create any derivative works based upon the ThreatMetrix Services or ThreatMetrix Materials; (d) distribute, disclose, market, rent, lease, assign, sublicense, pledge, or otherwise transfer the ThreatMetrix Services or ThreatMetrix Materials, in whole or in part, to any third party; or (e) remove or alter any copyright, trademark, or other proprietary notices, legends, symbols, or labels appearing on the ThreatMetrix Services or in any ThreatMetrix Materials.
5. Indemnification. Customer shall indemnify and hold harmless ThreatMetrix and its licensors, and each of their respective officers, directors, employees, attorneys and agents from and against any and all claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with: (i) any claim alleging that use of any information or data provided by Customer, any of Customer’s customers, or any individual or entity whose information Customer has indicated should be used in connection with the ThreatMetrix Services, infringes the rights of, or has caused harm to, a third party; (ii) any refusal to process any action requested by a user of a device based on Customer’s use of any Device Reports provided to Customer by the ThreatMetrix Services or Customer’s use of the ThreatMetrix Services; or (iii) Customer’s failure to provide data to ThreatMetrix in the format prescribed by ThreatMetrix.
6. Limitation of Liability. THE THREATMETRIX SERVICES INCLUDING, WITHOUT LIMITATION, THE DEVICE REPORTS, AND ANY OTHER SERVICES, ARE PROVIDED AS IS. THREATMETRIX HEREBY DISCLAIMS ALL OTHER REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, WITH RESPECT TO THE THREATMETRIX SERVICES AND THREATMETRIX MATERIALS INCLUDING, WITHOUT LIMITATION, ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, AND ALL WARRANTIES THAT MAY ARISE FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE PRACTICE. NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL THREATMETRIX’S AGGREGATE LIABILITY FOR ANY CLAIM OR COMBINATION OF CLAIMS EXCEED ONE HUNDRED UNITED STATES DOLLARS ($100). IN NO EVENT SHALL THREATMETRIX AND/OR ITS LICENSORS BE LIABLE TO ANYONE FOR ANY INDIRECT, PUNITIVE, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR OTHER DAMAGES OF ANY TYPE OR KIND (INCLUDING, BUT NOT LIMITED TO, LOSS OF DATA, REVENUE, PROFITS, USE OR OTHER ECONOMIC ADVANTAGE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICES, THREATMETRIX MATERIALS, OR SUPPORT SERVICES INCLUDING, BUT NOT LIMITED TO, THE USE OR INABILITY TO USE THE SERVICES, THREATMETRIX MATERIALS, OR SUPPORT SERVICES, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, REGARDLESS OF CAUSE, EVEN IF THREATMETRIX HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
7. Third-Party Rights. This agreement confers rights and remedies upon ThreatMetrix. The parties may not modify or terminate this agreement without the prior written consent of ThreatMetrix.
8. Customer Acknowledgements. Customer acknowledges and agrees that SS&C has engaged ThreatMetrix, Inc. as a third party vendor to provide some or all of the services hereunder and that SS&C disclaims all liability for the performance of the vendor’s services and will not be liable with respect to any claims for losses, damages, costs or expenses which may result directly or indirectly from such vendor’s delivery of the services hereunder.
| Copyright SS&C GIDS, Inc. 2023 | 14 | SS&C CONFIDENTIAL |
Exhibit
Information Security Program
This Exhibit is made subject to the terms of the Master Agreement for SS&C FAN Services-Mutual Funds (the “Agreement”), and to the extent the terms hereunder conflict with the terms of the Agreement, the terms of this Exhibit shall prevail. The requirements of this Exhibit are applicable if and to the extent that SS&C creates, has access to, or receives from or on behalf of Client any Client Confidential Information (as defined in the Agreement) in electronic format.
| 1. | Definitions. Capitalized terms have the same meaning as set forth in the Agreement unless specifically defined below: |
| 1.1 | “SS&C Security Assessment” shall mean SS&C’s internal security assessment as described in Section 3.1 below. |
| 1.2 | “Mitigate” means SS&C’s deployment of security controls as reasonably necessary, in its discretion, which are reasonably designed to reduce the adverse effects of threats and reduce risk exposure. |
| 1.3 | “Remediation” or “Remediate”, means that SS&C has resolved a Security Exposure or Security Incident, such that the vulnerability no longer poses a material risk to Client Confidential Information. |
| 1.4 | “Security Exposure” means an identified vulnerability that may be utilized to compromise Client Confidential Information. |
| 1.5 | “Security Incident” means the confirmed unauthorized disclosure of Client Confidential Information. |
| 2. | General Requirements. |
| 2.1 | Security Program. SS&C shall maintain a comprehensive, commercially reasonable information security program under which SS&C documents, implements and maintains the physical, administrative, and technical safeguards reasonably designed and implemented to: (i) comply with U.S. laws applicable to SS&C’s business; and (ii) protect the confidentiality, integrity, availability, and security of Client Confidential Information. |
| 2.2 | Policies and Procedures. SS&C shall maintain written information security management policies and procedures (configured in accordance with its risk assessment program) reasonably designed and implemented to identify, prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of Client Confidential Information. Such policies and procedures will, at a minimum: |
| (a) | assign specific data security responsibilities and accountabilities to specific individual(s); |
| (b) | describe acceptable use of SS&C’s assets, including computing systems, networks, and messaging; |
| (c) | provide authentication rules for the format, content and usage of passwords for end users, administrators, and systems; |
| (d) | describe logging and monitoring of SS&C’s production environment, including logging and monitoring of physical and logical access to SS&C’s networks and systems that process or store Client Confidential Information; |
| (e) | include an incident response process; |
| (f) | enforce commercially reasonable practices for user authentication; |
| (g) | include a formal risk management program which includes periodic risk assessments; and |
| (h) | provide an adequate framework of controls reasonably designed to safeguard Client Confidential Information. |
| 2.3 | Privacy. For the purpose of this section 2.3, “US Data Protection Laws” means federal and state laws relating to data protection and the processing of Personal Information in force from time to time in the United States, in each case to the extent applicable to the processing of Client Personal Information by SS&C in the provision of Services under this Agreement. “Business”, “Consumer”, “Personal Information” and Service Provider” have the meaning given to them in the US Data Protection Laws, The Parties acknowledge and agree that for the purposes of the US Data Protection Laws, SS&C will act as a "Service Provider" or “Processor, as applicable, in its performance of its obligations pursuant to this Agreement and Client shall be a “Business”. SS&C will comply with its own applicable obligations as Service Provider under US Data Protection Law. SS&C will notify Client as soon as possible if SS&C determines that it can no longer meet its obligations under applicable US Data Protection Law. |
| (a) | SS&C will not process Client Personal Information in a manner inconsistent with SS&C’s role as Client’s Service Provider and as such role and responsibility is outlined in this Agreement; |
| Copyright SS&C GIDS, Inc. 2023 | 15 | SS&C CONFIDENTIAL |
| (b) | SS&C will not retain, use, disclose, “sell” or “share” personal data in Client Personal Information outside of the direct business relationship between Client and SS&C except as outlined herein; and |
| (c) | To the extent legally permitted, SS&C shall promptly notify Client if SS&C receives any verifiable Consumers requests from an individual seeking to exercise any rights afforded to them under applicable US Data Protection Law regarding personal data and SS&C shall provide Client with reasonable assistance in Client’s obligations to respond to such verifiable Consumers requests, taking into account the nature of processing and the information available to SS&C. SS&C will cooperate to the extent reasonably necessary in connection with Client’s requests related to data protection impact assessments and consultation with supervisory authorities, in each case taking into account the nature of processing and the information available to SS&C. Staff time in excess of 10 hours per services agreement in any year shall be chargeable at SS&C standard rates together with any expenses. |
| (d) | SS&C shall provide Client reasonable assistance in Client’s obligations in connection with a request for deletion by a Consumer pursuant to US Data Protection Law, and at Client's written direction and cost, SS&C shall delete such Personal Information, in each case taking into account the nature of the processing and the information available to SS&C, provided that SS&C shall not be required to comply with a request to delete Personal Information if it is reasonably necessary for the Business of Service Provider to maintain the Personal Information in accordance with applicable US Data Protection Law; and |
| (e) | Client agrees that it shall comply at all times with its own applicable obligations as Business under applicable US Data Protection Law. Client agrees to ensure that all relevant Consumers for whom SS&C will process Personal Information on Client’s behalf as contemplated by the Agreement are fully informed concerning such processing, including, where relevant, the processing of such Personal Information outside a specific state and if applicable provide consent for purposes of compliance with applicable US Data Protection Law. |
| 2.4 | Subcontractors. To the extent that any subcontractor engaged by SS&C to provide services under the Agreement has access to, or receives from or on behalf of Client any unencrypted Client Confidential Information in electronic format, SS&C shall enter into a written agreement with such subcontractor, which agreement shall contain provisions regarding maintaining the confidentiality of the Client Confidential Information which are substantially compliant with, and at least as protective as, those terms set forth in the Agreement (including this Exhibit), to the extent the terms of the Agreement and this Exhibit would be relevant to the subcontractor’s services provided. |
| 2.5 | IT Change and Configuration Management. SS&C shall employ its own reasonable processes, for change management, code inspection, repeatable builds, separation of development and production environments, and testing plans. Code inspections will include a comprehensive process reasonably designed and implemented to identify vulnerabilities and malicious code. In addition, SS&C shall ensure that processes are documented and implemented for purposes of vulnerability management, patching, and verification of system security controls prior to their connection to production networks. |
| 2.6 | Physical and Environmental Security. SS&C shall: (i) restrict entry to SS&C’s area(s) where Client Confidential Information is stored, accessed, or processed solely to SS&C’s personnel or SS&C authorized third party service providers for such access; and (ii) implement commercially reasonable practices for infrastructure systems, including fire extinguishing, cooling, and power, emergency systems and employee safety. |
| 2.7 | SS&C Employee Training and Access. SS&C shall: (i) train its employees on the acceptable use and handling of Client’s Confidential Information; (ii) provide annual security education for its employees and maintain a record of employees that have completed such education; and (iii) implement a formal user registration and de-registration procedure for granting and revoking access to SS&C’s information systems and services; and upon termination of any of SS&C’s employees, SS&C shall revoke such employee’s access to SS&C’s domain following termination of such individual and revoke such individual’s access to Client Confidential Information as soon as possible and in accordance with SS&C’s internal policies and procedures. |
| 2.8 | Change Notifications. SS&C may, in its sole discretion, revise SS&C information security policies and procedures based on internal company security and compliance related risk assessment decisions, provided such revisions do not materially degrade the controls associated with SS&C’s information security services provided to Client as of the date of execution of this Exhibit. |
| 2.9 | Data Retention. SS&C shall not retain any Client Confidential Information following completion of the applicable services provided under the Agreement, except to the extent: (i) required by U.S. law; (ii) expressly required or permitted by Client in writing: (iii) required by SS&C’s document retention policies; (iv) to the extent necessary to comply with Client’s or SS&C’s legal or regulatory obligations; or (v) as otherwise permitted in accordance with the Agreement. |
| Copyright SS&C GIDS, Inc. 2023 | 16 | SS&C CONFIDENTIAL |
| 3. | Security Incident Response. |
| 3.1 | Security Incident Response. SS&C shall maintain formal processes reasonably designed and implemented to detect, identify, report, respond to, Mitigate, and Remediate Security Incidents in a timely manner. |
| 3.2 | Mitigation and Remediation of Security Incidents. To the extent applicable, SS&C will Mitigate or Remediate any Security Incident in accordance with its internal security policies and procedures. |
| 3.3 | Security Incident Notification. SS&C shall promptly notify Client but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include, to the extent it can be ascertained, the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Client Confidential Information, how SS&C was affected by the Security Incident, and its response to such Security Incident. When available, SS&C shall deliver to Client a root cause analysis and future incident Mitigation plan with regard to any such incident. SS&C shall reasonably cooperate with Client’s investigation and response to each Security Incident. At no time will SS&C be required to reveal any details or information that could reasonably be expected to jeopardize the security or integrity of any SS&C system or the confidentiality or security of any other client’s data. |
| Copyright SS&C GIDS, Inc. 2023 | 17 | SS&C CONFIDENTIAL |