EX-99.28(H)(1)(P) 8 d633649dex9928h1p.htm MASTER AGREEMENT DST DIGITAL SOLUTIONS SERVICES Master Agreement DST Digital Solutions Services

Ex. 28(h)(1)(p)

MASTER AGREEMENT

DST DIGITAL SOLUTIONS SERVICES

AGREEMENT (this “Agreement”) made as of July 1, 2018 (the “Effective Date”) by and between DST Systems, Inc., a Delaware corporation (“DST”) and State Street Institutional Investment Trust and SSGA Funds, individually and not jointly (together referred to herein as the “Customer”) having their respective principal office and place of business at State Street Financial Center, One Iron Street, Boston, Massachusetts 02210. DST and Customer are together referred to herein as the “Parties” and individually as the “Party”.

WHEREAS, DST is a provider of transfer agency, shareholder record keeping and related services to the financial services industry; and

WHEREAS, Customer desires to utilize DST Digital Solutions Services to provide access to account information and certain on-line transaction request capabilities in accordance with the terms of this Agreement.

NOW, THEREFORE, in consideration of the foregoing premises, and for other good and valuable consideration, the receipt and adequacy of which are hereby acknowledged, the Parties hereby agree as follows.

ARTICLE I

DEFINITIONS

Except as may be modified in a Service Exhibit, the following definitions shall apply to this Agreement. Additional terms may be defined in the Agreement and in the exhibits that describe the Digital Solutions Services to be provided by DST for Customer.

• “Authentication Procedures” shall mean, if applicable, those procedures for authenticating Users as set forth within a Service Exhibit.

• “DST Web Site” shall mean the collection of electronic documents or pages residing on DST’s computer system, linked to the Internet and accessible through the World Wide Web, where the Transaction data fields and related screens provided by DST may be viewed by Users who access such site.

• “FAN” shall mean the DST Financial Access Network, a DST computer and software system that provides an interface between the Internet and public data network service providers and the transfer agency systems of Funds for the purposes of communicating Fund data and information and Transaction requests.

• “Digital Solutions Options” shall mean the series of edits and instructions provided by Customer to DST in writing, through which Customer specifies its instructions for Transactions available through the various Digital Solutions Services, e.g., minimum and maximum purchase, redemption and exchange amounts.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   1    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

• “Digital Solutions Services” shall mean the services provided by DST utilizing FAN, the DST Web Site, the Internet, and other software, equipment and systems provided by DST and telecommunications carriers and firewall providers, whereby Transactions may be requested in each Fund by Users accessing the DST Web Site via the Internet.

• “Fund(s)” shall mean the various registered investment companies (mutual funds) for which Customer provides various services and which Customer designates for participation in Digital Solutions Services from time to time by written notice to DST.

• “Person” shall mean an individual, corporation, partnership, association, trust or other entity or organization, including a government or political subdivision or an agency or instrumentality thereof.

• “Security Procedures” shall mean the procedures set forth within the Information Security Program attached hereto as Attachment I.

• “Service Exhibit” shall mean the service exhibits attached hereto which outline the particular Digital Solutions Services to be provided by DST to Customer.

• “Transactions” shall mean account inquiries, purchases, redemptions, exchanges and other transactions offered through Digital Solutions Services as specified in each Service Exhibit.

• “User(s)” shall mean record owners or authorized agents of record owners of shares of a Fund, including brokers, investment advisors and other financial intermediaries or the other Persons authorized to access a particular Digital Solutions Service pursuant to the terms of a Service Exhibit.

ARTICLE II

USE OF DIGITAL SOLUTIONS SERVICES BY CUSTOMER

Section 2.1 Selection of Digital Solutions Services. DST will perform, and Customer has selected, the Digital Solutions Services described on the Service Exhibits attached to this Agreement. New Service Exhibits describing additional Digital Solutions Services may be added to this Agreement from time to time by mutual written agreement of DST and Customer, and such additional Digital Solutions Services shall be subject to the terms of this Agreement.

Section 2.2 Selection of additional services of DST.

 

  (a)

DST and/or its Affiliates may perform additional services for Customer from time to time as may be agreed upon by the parties pursuant to the terms of a mutually acceptable Statement of Work (“SOW”), if any (the “Professional Services”). In most cases, the Professional Services will be performed in connection with a specific Service Exhibit under this Agreement. If such Professional Services require DST to perform work at Customer’s location, then Customer shall supply DST personnel with suitable workspace, desks, and other normal office equipment, support and supplies, which may be necessary in connection with such Professional Services.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   2    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

 

  (b)

The parties may agree upon a change to a SOW (“Change Order”); provided, however, no such change shall be binding upon either party unless and until such a Change Order has been mutually agreed in writing and signed by an authorized representative of Customer.

 

  (c)

DST shall own all Updates, software, software enhancements, documentation, technical notes, tangible and intangible property, and work products required to be delivered and/or produced or created by DST or its Affiliates in connection with the Services provided under a SOW (“Deliverables”). Notwithstanding anything to the contrary, the parties recognize that from time to time Customer may, under this Agreement, disclose to DST certain business or technical requirements and specifications on which DST or its Affiliates shall partly rely to design, structure or develop the Deliverable. Provided that, as developed, such Deliverable contains no identifiable Customer Confidential Information (as defined below), (i) Customer hereby consents to DST’s and its Affiliates’ use of such Customer provided business or technical requirements and specifications to design, to structure or to determine the scope of such Deliverable or to incorporate into such Deliverable and that any such Deliverable, regardless of who paid for it, shall be, and shall remain, the sole and exclusive property of DST and its Affiliates and (ii) Customer hereby grants DST and its Affiliates a perpetual, nonexclusive license to incorporate and retain in such Deliverables Customer provided business or technical requirements and specifications. All Customer Confidential Information shall be and shall remain the property of Customer.

Section 2.2 DST Responsibilities. During the Term and subject to the provisions of this Agreement, DST shall, at its expense (unless otherwise provided for herein) perform the Digital Solutions Services as described in each Service Exhibit, including provision of all computers, telecommunications connectivity and equipment reasonably necessary at its facilities to operate and maintain FAN and the DST Web Site.

Section 2.3 Customer Responsibilities. During the Term and subject to the provisions of this Agreement, Customer shall at its expense (unless otherwise provided for herein) fulfill, or cause to be fulfilled by the Funds or otherwise, Customer obligations, if any, set forth in each Service Exhibit to this Agreement.

Section 2.4 Change in Designated Funds. Upon thirty (30) days prior notice to DST, Customer may change the Funds designated to participate in Digital Solutions Services by delivering to DST, in writing, a revised list of participating Funds.

Section 2.5 Digital Solutions Options. Customer is responsible for establishing implementation procedures and options available for each Digital Solutions Service, as specified in the applicable Service Exhibit.

Section 2.6 Scope of DST Obligations. DST shall at all times use reasonable commercial efforts in performing Digital Solutions Services under this Agreement and shall perform such services in accordance with applicable federal and state law, rules and regulations. In the absence of breach of its duties under this Agreement, DST shall not be liable for any loss or damage suffered in connection with

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   3    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

the use of Digital Solutions Services. With respect to those actions or services delineated in Digital Solutions Options and all other instructions given to DST by Customer, DST shall be presumed to have fulfilled its obligations if it has acted in accordance with the Digital Solutions Options and other instructions provided by Customer. With respect to any claims for losses, damages, costs or expenses which may arise directly or indirectly from Security Procedures or Authentication Procedures which DST has implemented or omitted, DST shall be presumed to have fulfilled its obligations if it has followed, in all material respects, at least those Security Procedures attached hereto as Attachment I and those Authentication Procedures described in the attachment to each Service Exhibit to this Agreement, if applicable. DST may, but shall not be required to, modify such Security Procedures and Authentication Procedures from time to time to the extent it believes, in good faith, that such modifications will not diminish the security of FAN. All data and information transmissions via Digital Solutions Services are for informational purposes only, and are not intended to satisfy regulatory requirements or comply with any laws, rules, requirements or standards of any federal, state or local governmental authority, agency or industry regulatory body, including the securities industry, which compliance is the sole responsibility of Customer. Customer acknowledges and agrees that its Users are responsible for verifying the accuracy and receipt of all data or information transmitted via Digital Solutions Services. Customer is responsible for advising its Users of their responsibility for promptly notifying the Fund’s transfer agent of any errors or inaccuracies relating to shareholder data or information transmitted via Digital Solutions Services.

ARTICLE III

FEES

Section 3.1 Fees for Digital Solutions Services. As consideration for the performance by DST of the Digital Solutions Services, Customer will pay DST the fees relating to each such service as set forth in each Service Exhibit attached to this Agreement. DST will deliver a monthly billing report to Customer including a report of Transactions, by type, processed through Digital Solutions Services.

Section 3.2 Invoicing; Fee Increases. DST may change any of the fees and charges provided for in this Article III upon thirty (30) days written notice to Customer, provided that increases applied to Customer’s fees must be applicable across the population of DST clients receiving the functions, products or services to which such increases are applied. All fees and charges shall be billed to and paid by Customer in accordance with the Transfer Agency and Service Agreement made as of June 1, 2015, as amended, between DST Asset Manager Solutions, Inc. and the Customer. Amounts billed but not paid on a timely basis and not being disputed by Customer in good faith shall accrue late fee charges equal to the lesser of one and one-half percent (1 1/2%) per month or the maximum rate of interest permitted by law, whichever is less, until paid in full. Customer shall be responsible for and DST shall be entitled to recover the costs of collecting unpaid fees and charges, including without limitation reasonable attorneys’ fees.

ARTICLE IV

PROPRIETARY RIGHTS

Customer acknowledges and agrees that it obtains no rights in or to any of the software, hardware, processes, templates, screen and file formats, interface formats or protocols, and development tools and instructions, trade secrets, proprietary information or distribution and communication networks of DST. Any software, interfaces, interface formats or protocols developed by DST shall not be used by

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   4    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

Customer for any purposes other than utilizing Digital Solutions Services pursuant to this Agreement or to connect Customer to any transfer agency system or any other Person without DST’s prior written approval. Customer also agrees not to take any action which would mask, delete or otherwise alter any DST on-screen disclaimers (including electronic forms which Users are required to accept) and copyright, trademark and service mark notifications provided by DST from time to time, or any “point and click” features relating to User acknowledgment and acceptance of such disclaimers and notifications.

ARTICLE V

TERM AND TERMINATION

Section 5.1 Term. Unless terminated earlier as provided in this Article V, this Agreement shall be effective as of the Effective Date and shall continue in force and effect until the expiration or termination of the last Service Exhibit between DST and Customer then in effect (the “Term”).

Section 5.2 Termination. Throughout the Term, either Party shall have the right to terminate this Agreement on written notice to the other Party of the other Party’s material breach of this Agreement and such Party’s failure to cure such breach within thirty (30) days. Customer shall have a right to terminate this Agreement upon DST’s written notice of fee increases as described in Section 3.2 above, and such termination right will be available to Customer until such increased fees are applied, which will be no fewer than thirty (30) days, as provided by the written notice requirements of Section 3.2 above.

Section 5.3 Effect of Termination. In the event of a termination under the provisions of this Article V, the Parties will have no continuing obligations to one another other than the obligation to return to one another the confidential or proprietary materials of the other in their possession.

ARTICLE VI

INDEMNIFICATION; LIABILITY LIMITATIONS

Section 6.1 No Other Warranties. EXCEPT AS OTHERWISE EXPRESSLY STATED IN THIS AGREEMENT, THE DIGITAL SOLUTIONS SERVICES AND ALL SOFTWARE AND SYSTEMS DESCRIBED IN THIS AGREEMENT AND ITS EXHIBITS ARE PROVIDED “AS-IS,” ON AN “AS AVAILABLE” BASIS, AND DST HEREBY SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING SERVICES PROVIDED BY DST HEREUNDER, INCLUDING ANY IMPLIED WARRANTY OF TITLE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE.

Section 6.2 Limitation of Liability. Under no circumstances shall DST be liable for indirect, incidental, consequential, special, exemplary or punitive damages (even if DST has been advised of or has foreseen the possibility of such damages), arising from the use or inability to use any of the Digital Solutions Services, the DST Web Site or FAN, or under any provision of this Agreement, such as, but not limited to, loss of revenue or anticipated profits or lost business. Without limiting any of the foregoing terms of this Section, DST’s liability in connection with the performance of Digital Solutions

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   5    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

Services under the terms of this Agreement, or under any theory of law, tort or otherwise, shall not exceed, unless otherwise stated in a Service Exhibit or SOW, (i) as to any single claim an amount exceeding the aggregate fees received by DST pursuant to Article III during the three (3) months of the specific Service Exhibit relating to the Digital Solutions Service immediately preceding the act or occurrence from which the claim arises, and (ii) as to all claims, an amount exceeding the aggregate fees received by DST pursuant to Article III during the most recent twelve (12) month Term of the specific Service Exhibit relating to the Digital Solutions Service with respect to which the claim arises.

Section 6.3 Indemnity. Customer hereby indemnifies and holds DST harmless from, and shall defend it against any and all claims, demands, costs, expenses and other liabilities, including reasonable attorneys’ fees, arising in connection with the use of, or inability to use, the Digital Solutions Services by any User, except to the extent such liabilities result directly from the failure by DST to perform its obligations under this Agreement.

Section 6.4 Indemnity for Infringement of IP. DST shall indemnify, defend and hold Customer harmless from all claims, costs, fees, losses, and damages that result from any third party claim that Customer’s use of the Services infringes any U.S. copyright, patent, trade secret or any other intellectual property right; provided, however, that DST shall not be obligated to indemnify Customer: (1) for the claims described in this Section 6.4 to the extent such claims or actions are caused by or arise out of: (i) use of the Services by Customer in a manner not authorized under this Agreement; (ii) Customer’s use of the Services in combination with any software, hardware or services not provided, recommended or approved by DST; (iii) Customer’s failure to use corrections of or modifications to the software and services provided by DST hereunder, if any; or (iv) infringement claims relating to Customer-requested enhancements to the extent such claims arise out of a process specified by Customer or developed by DST in accordance with Customer’s information, directions or specifications or with materials furnished by Customer. In the event that any claim of infringement is asserted or an injunction or restraining order is obtained against the use of the Services, or any part thereof, because of any violation of any intellectual property right of any third party, or in DST’s judgment the Services, or any part thereof, is likely to become the subject of a successful claim of such violation, DST shall (in addition to its indemnification and other obligations hereunder), at DST’s option and expense, promptly: (a) procure for Customer the right to use the Services as provided in this Agreement; (b) replace same with an equally suitable, functionally equivalent, compatible, non-infringing element; (c) modify same to render same non-infringing (provided such modification does not adversely affect such item) or (d), if none of the foregoing options ((a) through (c) above) can be accomplished on commercially reasonable terms or within a commercially reasonable time frame, DST shall have the right to immediately terminate Customer’s use of the Services to the extent of the infringing software or service and cease billing for future fees, if any, attributable to such terminated, infringing application. In the event that DST’s termination right in clause (d) of the preceding sentence is exercised with respect to only one feature of the Service, Customer may, at its sole option, elect to cease using all Digital Solutions Services under this Agreement at any time within thirty (30) days of receipt of notice of the termination of the infringing application.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   6    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

ARTICLE VII

CONFIDENTIALITY

Section 7.1 DST Confidential Information. Customer acknowledges and agrees that the terms and conditions of this Agreement, FAN (including by way of example and without limitation all Security Procedures, processes, algorithms, designs, techniques, code, screen and data formats, interface formats and protocols, and structures contained or included therein) and other information obtained by them concerning the other software, software applications, equipment configurations, and business of DST (the “DST Confidential Information”) is confidential and proprietary to DST. Customer further agrees to use the DST Confidential Information only as permitted by this Agreement, to maintain the confidentiality of the DST Confidential Information and not to disclose the DST Confidential Information, or any part thereof, to any other person, firm or corporation, provided, however, that if Customer becomes compelled or is ordered to disclose DST Confidential Information whether by applicable governing law, order, judgment, decree of a court of jurisdiction, or any rule, regulation or legal process by any administrative, regulatory or self-regulatory agency or commission or other governmental organization or regulatory organization having regulatory authority over Customer to disclose any DST Confidential Information, Customer will, except as may be prohibited by law or legal process, provide DST with prompt written notice of such request or order. Customer acknowledges that disclosure of the DST Confidential Information may give rise to an irreparable injury to DST inadequately compensable in damages. Accordingly, DST may seek (without the posting of any bond or other security) injunctive relief against the breach of the foregoing undertaking of confidentiality and nondisclosure, in addition to any other legal remedies which may be available. Customer consents to the obtaining of such injunctive relief and in any proceeding upon a motion for such injunctive relief, Customer’s ability to answer in damages shall not be interposed as a defense to the granting of such injunctive relief.

Section 7.2 Customer Confidential Information. DST acknowledges and agrees that the terms and conditions of this Agreement, any information obtained by DST concerning the software and software applications (including by way of example and without limitation all data in the Files and algorithms, designs, techniques, code, screen and data formats and structures contained or included therein), equipment configurations, personal information regarding the customers and consumers of Customer and business of Customer (the “Customer Confidential Information”) is confidential and proprietary to Customer. DST hereby agrees to use the Customer Confidential Information only as permitted by this Agreement, to maintain the confidentiality of the Customer Confidential Information and not to disclose the Customer Confidential Information, or any part thereof, to any other person, firm or corporation, provided, however, that if DST becomes compelled or is ordered to disclose Customer Confidential Information whether (i) by a court order or governmental agency order which has jurisdiction over the Parties and subject matter, or (ii) in the opinion of its legal counsel, by law, regulation or the rules of a national securities exchange to disclose any Customer Confidential Information, DST will, except as may be prohibited by law or legal process, provide Customer with prompt written notice of such request or order.

DST acknowledges that disclosure of the Customer Confidential Information may give rise to an irreparable injury to Customer inadequately compensable in damages. Accordingly, Customer may seek (without the posting of any bond or other security) injunctive relief against the breach of the foregoing undertaking of confidentiality and nondisclosure, in addition to any other legal remedies which may be available. DST consents to the obtaining of such injunctive relief and in any proceeding upon a motion for such injunctive relief, DST’s ability to answer in damages shall not be interposed as a defense to the granting of such injunctive relief.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   7    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

Section 7.3 Consumer Privacy. Customer and DST shall each comply with applicable U.S. laws, rules and regulations relating to privacy, confidentiality, security, data security and the handling of personal financial information applicable to it that may be established from time to time, including but not limited to the Gramm-Leach-Bliley Act and Securities and Exchange Commission Regulation S-P (17 CFR Part 248) promulgated thereunder.

Section 7.4 Limitations; Survival. The provisions of this Article VII shall not apply to any information if and to the extent it was (i) independently developed by the receiving Party as evidenced by documentation in such Party’s possession, (ii) lawfully received by it free of restrictions from another source having the right to furnish the same, (iii) generally known or available to the public without breach of this Agreement by the receiving Party or (iv) known to the receiving Party free of restriction at the time of such disclosure. The Parties agree that immediately upon termination of this Agreement, without regard to the reason for such termination, the Parties shall forthwith return to one another all written materials and computer software which are the property of the other Party. All of the undertakings and obligations relating to confidentiality and nondisclosure in this Agreement shall survive the termination or expiration of this Agreement for a period of ten (10) years.

ARTICLE VIII

FORCE MAJEURE

Customer acknowledges that the Internet is not a secure organized or reliable environment, and that the ability of DST to deliver Digital Solutions Services is dependent upon the Internet and equipment, software, systems, data and services provided by various telecommunications carriers, equipment manufacturers, firewall providers and encryption system developers and other vendors and third parties which are outside the control of DST. DST shall not be liable for any delays or failures to perform any of its obligations hereunder to the extent that such delays or failures are due to circumstances beyond its reasonable control, including acts of God, strikes, riots, terrorist acts, acts of war, power failures, functions or malfunctions of the Internet, telecommunications services (including wireless), firewalls, encryption systems and security devices, or governmental regulations imposed after the date of this Agreement.

ARTICLE IX

INSPECTIONS

Section 9.1 Inspections. For so long as this Agreement is in effect, at Customer’s expense, Customer or any third party or any governmental entity that has regulatory jurisdiction over Customer or one of its affiliates (subject to such third party or governmental entity’s execution of a confidentiality agreement with DST), may inspect the DST Web Site once in each 12 month period, after providing thirty (30) days’ written notice to DST. Tools which may be used for the audit may include network security tools; provided, that DST may specify the time at which any tool is used, if DST reasonably believes that such tool may affect system performance. The audit will be coordinated through the DST Internal Audit Office and DST will be entitled to observe all audit activity. Customer will not perform any action that may interfere with the uptime or stability of DST’s systems or networks. For clarification, as part of the inspection process Customer is not permitted to perform penetration testing or code scanning on the DST Web Site or associated systems or networks.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   8    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

ARTICLE X

MISCELLANEOUS

Section 10.1 Governing Law; Jurisdiction. This Agreement shall be interpreted, construed and enforced in all respects in accordance with the laws of the State of Missouri, without reference to the conflict of laws provisions thereof.

Section 10.2 Subcontractors. DST may, without further consent from Customer, engage an onshore or offshore affiliate of DST to perform services hereunder. The Services performed by any such subcontractors shall be subject to the terms and conditions of the Agreement and the applicable Service Exhibit.

Section 10.3 Notices. The parties hereto shall also notify the following individuals with respect to matters pertaining to this Agreement:

DST Systems, Inc.

333 West 11th Street

Kansas City, MO 64105

Attention: Legal Department

Customer: State Street Institutional Investment Trust & SSGA Funds

State Street Financial Center

One Lincoln Street

Boston, Massachusetts 02111

Attn: Ellen Needham, President

State Street Institutional Investment Trust & SSGA Funds

State Street Financial Center

One Lincoln Street

Boston, Massachusetts 02111

Attn: Joshua Weinberg, Chief Legal Officer

Section 10.4 Captions. Captions used herein are for convenience of reference only, and shall not be used in the construction or interpretation hereof.

Section 10.5 Counterparts. This Agreement may be executed in counterparts, all of which together shall be deemed one and the same Agreement.

Section 10.6 Parties’ Independent Contractors. The Parties to this Agreement are and shall remain independent contractors, and nothing herein shall be construed to create a partnership or joint venture between them, and none of them shall have the power of authority to bind or obligate the others in any manner not expressly set forth herein.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   9    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

Section 10.7 Severability. If any provision or provisions of this Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality, and enforceability of the remaining provisions shall not in any way be affected or impaired thereby unless either of the Parties shall, in its reasonable determination, conclude that it shall be materially prejudiced by such holding of invalidity, illegality or unenforceability, in which case such Party may terminate this Agreement by thirty (30) days written notice to the other.

Section 10.8 No Waiver. No term or provision hereof shall be deemed waived and no breach excused unless such waiver or consent shall be in writing and signed by the Party claimed to have waived or consented. Any consent by any Party to, or waiver of, a breach by the other, whether express or implied, shall not constitute consent to, waiver of, or excuse for any other different or subsequent breach.

Section 10.9 Assignment. Neither this Agreement nor all or any of the rights and obligations of either Party hereunder shall be assigned, whether by agreement or by operation of law to any Person other than an affiliate of the assigning Party, without the prior written consent of the other Party, and any attempt to do so shall be void. No such permitted assignment shall relieve the assigning Party of its obligations under this Agreement. This Agreement shall be binding upon and inure to the benefit of the respective successors, permitted assigns and legal representatives of the Parties hereto.

Section 10.10 Notices. All notices, requests or communications required hereunder shall be in writing and shall be deemed to have been duly given (i) upon delivery, if delivered personally against written receipt, (ii) three (3) days after posting by certified mail, postage prepaid, return receipt requested, (iii) upon confirmed receipt, if delivered by telecopier or (iv) the next day if delivered by a recognized overnight commercial courier, such as Federal Express or DHL, addressed in each instance to the Parties at the addresses set forth below the signatures of the parties at the end of this Agreement (or at such other addresses as shall be given by either of the Parties to the other in accordance with this Section 10.10).

Section 10.11 Entire Agreement. This Agreement and its Exhibits together constitute the complete understanding and agreement of the Parties with respect to the subject matter hereof, and supersede all prior communications and written agreements with respect thereto, including, but not limited to, the Master Agreement DST FAN Services – Mutual Funds, made as of August 20, 2009 by and between DST and State Street Institutional Investment Trust . They may not be modified, amended or in any way altered, except in a writing signed by both Parties. No agent of any Party hereto is authorized to make any representation, promise or warranty inconsistent with the terms hereof.

Section 10.12 Limitations of Liability of the Trustees and Shareholders. A copy of Customer’s Agreement and Declaration of Trust of the Customer is on file with the Secretary of State of The Commonwealth of Massachusetts, and notice is hereby given that the obligations of this Agreement are not binding upon any of the Trustees, officers, or shareholders of the Customers but are binding only upon the assets and property of the separate mutual fund series in question.

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   10    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

IN WITNESS WHEREOF, the Parties hereto have set their hands by their authorized representatives as of the year and date first hereinabove indicated.

 

STATE STREET INSTITUTIONAL INVESTMENT TRUST

By: /s/ Ellen M. Needham

Name: Ellen M. Needham
Title: President

 

SSGA FUNDS                DST SYSTEMS, INC.

By: /s/ Ellen M. Needham

     

By: /s/ Kristina M. Spillane

Name: Ellen M. Needham       Name: Kristina M. Spillane
Title: President       Title: Managing Director

 

Copyright DST Systems, Inc. 2018

Digital Solutions Services Master Agreement

   11    DST CONFIDENTIAL


Ex. 28(h)(1)(p)

SERVICE EXHIBIT

VISION SERVICES

 

1.

Vision Services. Customer has requested, and DST will provide Vision Services as one of the Digital Solutions Services pursuant to the terms of the Master Agreement for DST Digital Solutions Services (the “Agreement”) between Customer and DST. The Vision Services (the “Vision Services”) consist of the services provided by DST utilizing FAN®, the Vision Web Site, the Support Services Web Site, the Internet, and other systems provided by DST and telecommunications carriers, whereby Users may view account information related to a Customer’s Financial Products or submit Transaction requests directly to the Financial Product’s transfer agent via the Internet, as described further in this Service Exhibit.

 

2.

Definitions. For purposes of this Exhibit, the following additional definitions shall apply (in addition to all other defined terms in the Agreement):

 

   

“Customer Web Site” shall mean the collection of electronic documents or pages residing on the computer system of Customer (or an Internet Service Provider (“ISP”) hired by Customer) connected to the Internet and accessible through the World Wide Web, where Users may view information about the Financial Products and access the various Transaction screens made available through Vision Services.

 

   

“Support Services Web Site” shall mean the collection of electronic documents or pages residing on the DST controlled World Wide Web address (currently, https://www.dstdss.com), linked to the Internet and accessible through the World Wide Web, which Customer may access to view information about Users and approve/deny access requests by Users.

 

   

“Financial Products” shall mean mutual funds, and “Financial Product Units” or “Units” shall mean the shares or units of a Financial Product held by a record owner.

 

   

“Transactions” shall mean new account establishment, account inquiries, purchases, redemptions through Automated Clearing House, fed wire, or check to the address of record for the Financial Product account, exchanges, maintenance and other transactions offered from time to time through Vision Services.

 

   

“Unit Holder” shall mean the record owner of Financial Product Units.

 

   

“User(s)” shall mean the authorized agents, selling agents and other intermediaries (i.e., broker/dealers, registered investment advisors or registered representatives) acting on behalf of record owners of Units of a Financial Product whom Customer has authorized to use Vision Services.

 

   

“Vision Web Site” shall mean the collection of electronic documents or pages residing on the DST controlled World Wide Web address (currently https://www.dstvision.com), linked to the Internet and accessible through the World Wide Web, which Users may access to view account information or to request Transactions on behalf of the record owners for whom they are acting.

 

   

“Vision Implementation Procedures” shall mean the optional features and functions of Vision Services which are selected by Customer, and the processes needed to activate these functions, for the various components of Vision Services, a copy of which has been provided to Customer.

 

Copyright DST Systems, Inc. 2018    12    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

 

3.

DST Responsibilities. In connection with its performance of Vision Services, DST shall:

 

  (a)

receive Transaction requests electronically transmitted by Users to the Vision Web Site via the Internet and route Transaction requests through FAN to Customer’s transfer agency system;

 

  (b)

deliver to Customer a Vision Implementation Procedures instruction form;

 

  (c)

provide all computers, telecommunications connectivity and equipment reasonably necessary at its facilities to operate FAN, the Vision Web Site and the Support Services Web Site;

 

  (d)

deliver a monthly billing report to Customer, which shall include a report of Transactions, by type, processed through Vision Services; and

 

  (e)

perform all other DST obligations as set forth in the Agreement.

 

4.

Customer Responsibilities. In connection with its use of Vision Services, Customer shall:

 

  (a)

provide the Vision Implementation Procedures to DST for each Financial Product in writing on forms provided by DST and update the Digital Solutions Options in writing as required by Customer from time to time (Vision is offered in a generic format with limited Financial Product customization, as described in the Vision Implementation Procedures);

 

  (b)

provide DST with such other written instructions as it may request from time to time relating to the performance of DST’s obligations hereunder; and

 

  (c)

perform all other Customer obligations as set forth in the Agreement.

As a condition of a User’s access to the Vision Services, Customer acknowledges that each User must comply with all User Enrollment and Authorization Procedures described in the Authentication Procedures Section of this Vision Exhibit.

If Customer chooses to allow Users to use the Vision Services via Customer’s Web Site, Customer shall also:

 

  (d)

provide all computers, telecommunications equipment and other equipment and software reasonably necessary to develop and maintain the Customer Web Site; and

 

  (e)

design and develop the Customer Web Site functionality necessary to facilitate and maintain the hypertext links to the Vision Web Site and the various related web pages and otherwise make the Customer Web Site available to Users.

 

5.

Customer Controlled Content. Through the Vision Web Site, DST provides Customer the ability to post content (plain text or HTML) including hypertext links to other Web sites, that is displayed and viewable to all Users authorized by Customer. The use of this feature of Vision Services is optional, at the discretion of Customer, and subject to the following terms and conditions:

 

  (a)

Customer is solely responsible for any and all content and hypertext links displayed in the Customer-Controlled Content Areas of the Vision Web Site.

 

Copyright DST Systems, Inc. 2018    13    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

 

  (b)

Customer is solely responsible for compliance with all legal and regulatory requirements which may apply to content and hypertext links in the Customer-Controlled Content Areas of the Vision Web Site, including, but not limited to copyright, trade secret and intellectual property laws and federal and state securities laws which may relate to mutual fund products and securities or other Financial Products, as applicable, electronically and over the Internet.

 

  (c)

DST reserves the right, but has no duty, to electronically monitor the Customer-Controlled Content Areas of the Vision Web Site for adherence to the terms of this Agreement and may disclose any and all data and information posted to the Customer-Controlled Content Areas of the Vision Web Site to the extent necessary to protect the rights or property of DST, its affiliates or licensees, or to satisfy any law, regulation or authorized governmental request.

 

  (d)

DST reserves the right, but has no duty, to prohibit conduct, informational material, hypertext links to certain sites, comments, responses or any communication, data, information or content posted to the Customer-Controlled Content Areas of the Vision Web Site which it deems, in its sole discretion, to be harmful to DST, its customers or any other person or entity.

 

  (e)

Customer acknowledges that DST cannot ensure editing or removal of any inappropriate, questionable or illegal content posted to the Customer-Controlled Content Areas of the Vision Web Site or to any site on the Internet accessed from a hypertext link at the Customer-Controlled Content Areas of the Vision Web Site. Accordingly, Customer agrees that DST has no liability for any action or inaction with respect to content or hypertext links posted to or deleted from the Customer-Controlled Content Areas of the Vision Web Site and Customer shall indemnify and hold DST harmless from and against any and all costs, damages and expenses (including attorney’s fees) arising out of the posting of content or hypertext links at the Customer-Controlled Content Areas of the Vision Web Site.

 

6.

Change in Designated Financial Products. Upon ten (10) business days prior notice to DST, Customer may change the Financial Products designated to participate in Vision Services by delivering to DST, in writing, a revised list of participating Financial Products.

 

7.

Indemnity for Actions of Users. Customer acknowledges that the use of Vision by Users to conduct Transactions on behalf of Unit Holders presents risks arising from the actions of such Users. Accordingly, Customer hereby indemnifies and holds DST harmless from, and shall defend it against any and all claims, demands, costs, expenses and other liabilities, including reasonable attorneys’ fees, arising out of financial or other consequences of Transactions conducted by Users, or out of disputes as to the authority of Users to conduct Transactions, except to the extent such Losses arise from DST’s material breach of this Agreement.

 

8.

Fees. The fees payable to DST by Customer for Vision Services are set forth on the Fee Schedule attached to this Service Exhibit. Notwithstanding the foregoing, the Parties acknowledge and agree that the compensation provided for in this Agreement is not consideration for distribution services which are primarily intended to result in the sale of shares of a Fund.

 

Copyright DST Systems, Inc. 2018    14    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

Exhibit Term:

July 1, 2018 through June 30, 2022.

At the end of the initial Exhibit Term above (the “Initial Exhibit Term”), this Service Exhibit shall automatically renew for additional, successive twelve (12)-month terms (each, a “Renewal Exhibit Term”) unless terminated by either Party by written notice to the other at least sixty (60) days prior to the end of the Initial Exhibit Term or any Renewal Exhibit Term, in which case the effective date of such termination notice shall be the end of the relevant Initial Exhibit Term or Renewal Exhibit Term. The Initial Exhibit Term and any Renewal Exhibit Term(s) are referred to herein as the Exhibit Term. Nothing in this paragraph shall alter or affect either Party’s ability to terminate the Agreement and this Service Exhibit as set forth in Article V of the Agreement.

 

STATE STREET INSTITUTIONAL INVESTMENT TRUST

By: /s/ Ellen M. Needham

Name: Ellen M. Needham
Title: President

 

SSGA FUNDS                DST SYSTEMS, INC.

By: /s/ Ellen M. Needham

     

By: /s/ Kristina M. Spillane

Name: Ellen M. Needham       Name: Kristina M. Spillane
Title: President       Title: Managing Director

 

Copyright DST Systems, Inc. 2018    15    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

VISION

FEE SCHEDULE

[Intentionally Redacted]

 

Copyright DST Systems, Inc. 2018    16    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

VISION

Authentication Procedures

1.a. ID/Password Requirements - Users

Authentication of a User in Vision is based on the Vision Operator ID and Password.

Required - The Vision Operator ID, assigned by DST, shall have access authorization as determined by Customer. This may include the following access levels, at Customer’s option, the contents of which shall be determined by Customer:

Unrestricted Access - This allows the User to view any account information for all of Customer’s Financial Products.

Dealer Level Access - This allows the User to view any account information with the authorized dealer number.

Dealer/Branch Level Access - This allows the User to view any account information with the authorized dealer and branch combination.

Dealer/Representative Level Access - This allows the User to view any account information with the authorized dealer and representative combination.

Tax ID Level Access -This allows the User to view any account with the authorized Social Security Number and/or TIN of the Unit Holder.

Trust/TPA Access – This allows the User to view any account with the authorized trust company or Third Party Administrator number assigned to the underlying account/contract.

Required - Password is used in conjunction with Vision Operator ID to access the Vision Web Site, which consequently provides access to any Financial Product account information that has been previously authorized by Customer. Vision does not use a personal identification number (PIN).

1.b. ID/Password Requirements – Customer point of contact

Authentication of a Customer point of contact in the Support Services Web Site is based on an Operator ID and Password.

Required - The Operator ID, chosen by Customer, shall have access as determined by Customer. Access will be specific to the management company associated with Customer. This may include the following access levels, at Customer’s option, inquiry only access (Customer point of contact may only view information related to Users) or update access (Customer point of contact may update profiles related to Users, including, but not limited to, changing, adding and deleting User information). DST shall store the Operator ID and associated access levels. Any personnel changes or access changes affecting Customer point of contact must be communicated to DST promptly.

Required - Password is used in conjunction with Operator ID to access the Support Services Web Site, which consequently provides access to any User information (profile, firm, address, authorization information, etc.).

 

Copyright DST Systems, Inc. 2018    17    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

USER ENROLLMENT AND AUTHORIZATION PROCEDURES

The following procedures are part of the Authentication Procedures applicable to Vision Services.

 

1.

Enrollment.

Each User is required to complete an Electronic Enrollment Form, which is available at a URL designated by DST (at the date of this Agreement - www.dstvision.com). Users enrolling for access may complete the enrollment process by providing DST with information called for in the Electronic Enrollment Form about their practice and the Financial Products they wish to access.

 

2.

Customer Authorization.

Upon receiving a completed Electronic Enrollment Form from a User, DST will make available an Authorization Request to Customer (point of contact) through the Support Services Web Site. The Authorization Request will identify the level of access requested and the security criteria as well as provide a sample client Tax ID/Social Security Number.

Through the Support Services Web Site, Customer point of contact is solely responsible for authorizing or denying each User request for access to Transactions through Vision Services. When authorizing requests, security criteria must be verified by Customer. This includes verifying:

 

   

Appropriate Level of Authorization. Please note, each authorization will provide access to the level indicated on DST’s Authorization Request. Access may be requested at the dealer, dealer/branch, dealer/representative, tax ID, or Trust/TPA level.

 

   

Accurate Access Security Criteria. Customer must verify that each field authorized in the security criteria accurately represents the dealer/branch/representative or tax ID information which appears on the master of the representative’s clients’ accounts. 100% of the representative’s accounts should reflect the authorized criteria.

Customer assumes all responsibility for verifying the security level of each new User authorization request. DST shall not be required to verify that the person who processes the Authorization Request is legally authorized to do so on behalf of Customer and DST shall be entitled to rely conclusively upon such approval/denial without further duty to inquire.

 

3.

Password & ID Notification.

When Customer approves an authorization request, the User’s ID is updated for the authorized security and an e-mail is sent to the User notifying him/her of their access to the Vision Web Site. Users are required to establish their own initial password at a URL designated by DST (at the date of this Agreement - www.dstvision.com/assignpswd.html).

 

Copyright DST Systems, Inc. 2018    18    DST CONFIDENTIAL
Digital Solutions Services Master – Vision Services Exhibit   


Ex. 28(h)(1)(p)

ATTACHMENT I

INFORMATION SECURITY PROGRAM

This Attachment is made subject to the terms of the Master Agreement for DST Digital Solutions Services (the “Agreement”), and to the extent the terms hereunder conflict with the terms of the Agreement, the terms of this Attachment shall prevail. The requirements of this Attachment are applicable if and to the extent that DST creates, has access to, or receives from or on behalf of Customer any Customer Confidential Information (as defined in the Agreement) in electronic format.

1. Definitions. Capitalized terms have the same meaning as set forth in the Agreement unless specifically defined below:

 

  1.1

DST Security Assessment” has the meaning set forth in Section 3.2.

 

  1.2

Mitigate” means DST’s deployment of security controls as necessary, in its discretion, which are reasonably designed to reduce the adverse effects of threats and reduce risk exposure.

 

  1.3

Remediation” or “Remediate”, means that DST has resolved a Security Exposure or Security Incident, such that the vulnerability no longer poses a risk to Customer Confidential Information.

 

  1.4

Security Exposure” means an identified vulnerability that may be utilized to compromise Customer Confidential Information.

 

  1.5

Security Incident” means the confirmed unauthorized disclosure of Customer Confidential Information.

2. General Requirements.

2.1 Security Program. DST shall maintain a comprehensive information security program under which DST documents, implements and maintains the physical, administrative, and technical safeguards reasonably designed and implemented to: (a) comply with U.S. laws, rules and regulations applicable to DST’s business and (b) protect the confidentiality, integrity, availability, and security of Customer Confidential Information.

2.2 Policies and Procedures. DST shall maintain written information security management policies and procedures reasonably designed and implemented to identify, prevent, detect, contain, and correct violations of measures taken to protect the confidentiality, integrity, availability, or security of Customer Confidential Information. Such policies and procedures will, at a minimum:

(i) assign specific data security responsibilities and accountabilities to specific individual(s);

(ii) describe acceptable use of DST’s assets, including computing systems, networks, and messaging;

 

Copyright DST Systems, Inc. 2018    19    DST CONFIDENTIAL
Digital Solutions Services Master – Information Security – Attachment I   


Ex. 28(h)(1)(p)

(iii) provide authentication rules for the format, content and usage of passwords for end users, administrators, and systems;

(iv) describe logging and monitoring of DST’s production environment, including logging and monitoring of physical and logical access to DST’s networks and systems that process or store Customer Confidential Information;

(v) include an incident response process;

(vi) enforce commercially reasonable practices for user authentication;

(vii) include a formal risk management program which includes periodic risk assessments; and

(viii) provide an adequate framework of controls reasonably designed to safeguard Customer Confidential Information.

2.3 Subcontractors. To the extent that any subcontractor engaged by DST to provide services under the Agreement has access to, or receives from or on behalf of Customer any Customer Confidential Information in electronic format, DST shall enter into a written agreement with such subcontractor, which agreement shall contain provisions regarding maintaining the confidentiality of the Customer Confidential Information which are substantially compliant with, and at least as protective as, those terms set forth in the Agreement (including this Attachment), to the extent the terms of the Agreement and this Attachment would be relevant to the subcontractor’s services provided.

2.4 IT Change and Configuration Management. DST shall employ its own reasonable processes, for change management, code inspection, repeatable builds, separation of development and production environments, and testing plans. Code inspections will include a comprehensive process reasonably designed and implemented to identify vulnerabilities and malicious code. In addition, DST shall ensure that processes are documented and implemented for purposes of vulnerability management, patching, and verification of system security controls prior to their connection to production networks.

2.5 Physical and Environmental Security. DST shall: (i) restrict entry to DST’s area(s) where Customer Confidential Information is stored, accessed, or processed solely to DST’s personnel or DST authorized third party service providers for such access; and (ii) implement commercially reasonable practices for infrastructure systems, including fire extinguishing, cooling, and power, emergency systems and employee safety.

2.6 DST Employee Training and Access. DST shall: (i) train its employees on the acceptable use and handling of Customer’s Confidential Information; (ii) provide annual security education for its employees and maintain a record of employees that have completed such education; and (iii) implement a formal user registration and de-registration procedure for granting and revoking access to DST’s information systems and services; and upon termination of any of DST’s employees, DST shall revoke such employee’s access to DST’s domain following termination of such individual and revoke such individual’s access to Customer Confidential Information as soon as possible and in accordance with DST’s internal policies and procedures.

2.7 Change Notifications. DST may, in its sole discretion, revise DST information security policies and procedures based on internal company security and compliance related risk assessment decisions, provided such revisions do not materially degrade the controls associated with DST’s information security services provided to Customer as of the date of execution of this Attachment.

2.8 Data Retention. DST shall not retain any Customer Confidential Information following completion of the applicable services provided under the Agreement, except to the extent: (a) required by U.S. law, rules or regulations; (b) expressly required or permitted by Customer in writing: (c) required by DST’s document retention policies; (d) to the extent necessary to comply with Customer’s or DST’s legal or regulatory obligations; or (e) as otherwise permitted in accordance with the Agreement.

 

Copyright DST Systems, Inc. 2018    20    DST CONFIDENTIAL
Digital Solutions Services Master – Information Security – Attachment I   


Ex. 28(h)(1)(p)

3. Due Diligence Supporting Materials; Security Assessment.

3.1 Due Diligence Supporting Materials. In response to Customer’s due diligence efforts, DST will provide copies of its: (i) SIG; (ii) if applicable, once annually, the SOC 1, Type II report, prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization; (iii) information security policy and control standards summary; and (iv) network penetration vendor attestation letter. DST will be reasonably available to answer any additional questions of Customer, up to forty (40) hours per year, that are not already addressed by providing the documentation set forth within this Section 3.1 and would not require DST, in its sole good faith discretion, to disclose information that it deems highly sensitive.

3.2 DST Security Assessment. As part of DST’s Security Assessment, DST will: (i) conduct regular vulnerability scans on externally-facing applications that may receive, access, process or store Customer Confidential Information at DST’s expense; (ii) evaluate the results of the vulnerability scans and Remediate Security Exposures deemed material by DST’s personnel as reasonably appropriate, taking into account facts and circumstances surrounding such issues; and (iii) Mitigate Security Exposures discovered and deemed material by DST’s personnel within a reasonably appropriate time period. In addition, DST will at least once per year, perform penetration testing on its externally-facing systems that may receive, access, process or store Customer Confidential Information, and will provide Customer with a letter confirming the testing has been performed. Customer is not permitted to conduct penetration testing or other code scanning on DST’s environment and software.

4. Security Incident Response.

4.1 Mitigation and Remediation of Security Incidents. DST will Mitigate or Remediate any Security Incident in accordance with its internal security policies and procedures.

4.2 Security Incident Response. DST shall maintain formal processes reasonably designed and implemented to detect, identify, report, respond to, Mitigate, and Remediate Security Incidents in a timely manner.

4.3 Security Incident Notification. DST shall promptly notify Customer but in no event later than 72 hours following discovery of any Security Incident(s). Such notification shall include the extent and nature of such intrusion, disclosure, or unauthorized access, the identity of the compromised Customer Confidential Information (to the extent it can be ascertained), how DST was affected by the Security Incident, and its response to such Security Incident. DST shall use continuous and diligent efforts to remedy the cause and the effects of such Security Incident in an expeditious manner and deliver to Customer a root cause analysis and future incident Mitigation plan with regard to any such incident. DST shall reasonably cooperate with Customer’s investigation and response to each Security Incident. If Customer determines in its sole discretion that it may need or be required to notify any individual(s) as a result of a Security Incident, Customer shall have the right to control all such notifications and DST shall bear all direct costs associated with the notification, to the extent the notification and corresponding actions are required by U.S. law, rules or regulations, and subject to the limitation of

 

Copyright DST Systems, Inc. 2018    21    DST CONFIDENTIAL
Digital Solutions Services Master – Information Security – Attachment I   


Ex. 28(h)(1)(p)

liability set forth in the Agreement. Without limiting the foregoing, unless otherwise required by U.S. law, rules or regulations, no such notifications shall be made by DST without Customer’s prior written consent and Customer shall, together with DST, determine the content and delivery of all such notifications. For the avoidance of doubt, DST shall be solely responsible for all costs and expenses, subject to the limitations of liability under the Agreement that Customer and/or DST may incur to the extent that they are attributable to or arise from DST’s breach of its confidentiality obligations under the Agreement.

 

Copyright DST Systems, Inc. 2018    22    DST CONFIDENTIAL
Digital Solutions Services Master – Information Security – Attachment I