Exhibit 10.14

Confidential

DATED 24 DECEMBER 2020

(1)    ASPEN INSURANCE UK SERVICES LIMITED

- and -

(2)    ASPEN INSURANCE U.S. SERVICES INC.

- and -

(3)    ASPEN BERMUDA LIMITED

- and -

(4)    COGNIZANT WORLDWIDE LIMITED

OUTSOURCING AGREEMENT

1

Confidential

CONTENTS

PART A DEFINITIONS AND INTERPRETATION		6
1.	DEFINITIONS	6
2.	INTERPRETATION	7
PART B TERM AND SERVICE PROVISION		8
3.	TERM	8
4.	SERVICES	10
5.	DELAY	14
6.	ACCEPTANCE	15
7.	NOT USED	16
8.	GOVERNANCE, REPORTING AND PERFORMANCE	16
9.	CHANGE CONTROL	18
PART C PERFORMANCE AND QUALITY		18
10.	HOLDBACK, SERVICE LEVELS AND LIQUIDATED DAMAGES	18
11.	SERVICE IMPROVEMENT AND ADVANCES IN TECHNOLOGY	19
12.	REFERENCE	20
PART D OPERATION OF THE SERVICES		20
13.	ASSETS	20
14.	CO-OPERATION AND THIRD PARTY CONTRACTS	21
15.	PERSONNEL	22
16.	SERVICE LOCATIONS	24
17.	SUBCONTRACTORS	25
18.	DATA AND SECURITY REQUIREMENTS	26
19.	BUSINESS CONTINUITY AND DISASTER RECOVERY	27
20.	REGULATORY MATTERS AND AUDIT RIGHTS	28
21.	CUSTOMER DEPENDENCIES	32
PART E PAYMENT		32
22.	CHARGES	33
23.	TAX	34
24.	VALUE FOR MONEY/BENCHMARKING	34

2

Confidential

PART F INTELLECTUAL PROPERTY, CONFIDENTIALITY AND DATA PROTECTION		35
25.	INTELLECTUAL PROPERTY RIGHTS	35
26.	CONFIDENTIAL INFORMATION	40
27.	DATA PROTECTION	41
28.	PUBLICITY	44
PART G REPRESENTATIONS, WARRANTIES AND INDEMNITIES		44
29.	REPRESENTATIONS AND WARRANTIES	44
30.	INDEMNITIES	46
PART H IMPACT OF A FAILURE TO PERFORM		49
31.	FORCE MAJEURE	49
32.	STEP IN	50
33.	ENHANCED CO-OPERATION	51
34.	LIABILITY	54
35.	INSURANCE	58
PART I TERMINATION		58
36.	TERMINATION	58
37.	TERMINATION ASSISTANCE/EXIT	61
PART J MISCELLANEOUS PROVISIONS		62
38.	COMPLIANCE WITH LAWS	62
39.	TRANSFER OF THIS AGREEMENT	63
40.	NO PARTNERSHIP, AGENCY ETC	63
41.	NOTICES	63
42.	THIRD PARTY RIGHTS	64
43.	SURVIVAL	65
44.	SEVERABILITY	65
45.	ENTIRE AGREEMENT	65
46.	WAIVER	66
47.	CORPORATE SOCIAL RESPONSIBILITY, COMPLIANCE WITH LAWS AND LLOYDS CENTRE OF EXCELLENCE	66
48.	CUMULATIVE REMEDIES	69
49.	DISPUTE RESOLUTION	69

3

Confidential

50.	COUNTERPARTS	69
51.	GOVERNING LAW AND JURISDICTION	70

4

Confidential

SCHEDULES

Schedule 1    Definitions

Schedule 2    Service Descriptions

Schedule 3    Service Levels and Service Credits

Schedule 4    Customer Dependencies

Schedule 5    Sub-Contractor List

Schedule 6    Standards and Policies

Schedule 7    Security - IT & Physical

Schedule 8    Not used

Schedule 9    Form of Local Agreement

Schedule 10    Pricebook, Charges and Invoicing

Schedule 11    Benchmarking

Schedule 12    Governance and Service Management

Schedule 13    Contract Change Control Procedure

Schedule 14    Service Integration

Schedule 15    Exit Plan and Service Transfer Arrangements

Schedule 16    Business Continuity and Disaster Recovery

Schedule 17    Human Resources Provisions

Schedule 18    Key Personnel

Schedule 19    COTS Vendor Usage Restrictions and Related Obligations

Schedule 20    SOW and Work Request Pro formas

Schedule 21    Data Transfer and Processing

Schedule 22    Locations and Site Licence

5

Confidential

THIS AGREEMENT is made on    24 December    2020

BETWEEN:

(1)    ASPEN INSURANCE UK SERVICES LIMITED a company incorporated in England with registered number 04270446, whose registered office is at 30 Fenchurch Street, London EC3M 3BD (the "UK Customer");

(2)    ASPEN INSURANCE U.S. SERVICES INC. a company incorporated in Delaware, United States, whose registered office is at 251 Little Falls Drive, Wilmington, DE 19808 (the "US Customer");

(3)    ASPEN BERMUDA LIMITED a company incorporated in Bermuda with company number 127314 and registration number 32866, whose registered office is at 141 Front Street, Hamilton, HM 19, Bermuda (the "Bermuda Customer"); and

(4)    COGNIZANT WORLDWIDE LIMITED a company incorporated in England with registered number 07195160, whose registered office is at 1 Kingdom Street, Paddington Central, London W2 6BD (the "Service Provider").

Together, the UK Customer, the US Customer and the Bermuda Customer are referred to in this Agreement in the singular form as the "Customer".

WHEREAS:

(A)    The Customer and the Service Provider entered into an Outsourcing Agreement dated 31 August 2018 ("Original Agreement") for the provision and management of the Customer's information technology services. The Parties wish to re-negotiate -and reset the terms of the Original Agreement, and this Agreement sets out the new terms that have been negotiated between the Parties.

(B)    The Service Provider is experienced in providing information technology services, including the provision of digital, technology and operations services and shall remain responsible for certain aspects of the provision and management of the Customer's information technology services functions.

(C)    The Customer now therefore wish.es to procure and the Service Provider wishes to provide the Services to the Customer, subject to and in accordance with the terms and conditions set out in this Agreement.

IT IS AGREED as follows:

Part ADEFINITIONS AND INTERPRETATION

1.DEFINITIONS

1.1In this Agreement, unless the context otherwise requires, the capitalised terms used herein shall have the meanings set out in Schedule 1 (Definitions).

6

Confidential

2.INTERPRETATION

1.1In this Agreement a reference to:

1.1.1a "person" includes bodies corporate and unincorporated associations of people;

1.1.2a clause, Schedule, paragraph, section, Exhibit, Appendix or Annex are, except where otherwise stated, a reference to a clause, Schedule, paragraph, section, Exhibit, Appendix or Annex to this Agreement. The Schedules form part of this Agreement and shall be read as though they were set out in this Agreement;

1.1.3a word importing one gender shall (where appropriate) include any other gender and a word importing the singular shall (where appropriate) include the plural and vice versa;

1.1.4any statute or statutory provision includes, except where otherwise stated, the statute or statutory provision as amended, consolidated or re-enacted from time to time and includes any subordinate legislation made under the statute or statutory provision (as so amended, consolidated or re-enacted) from time to time;

1.1.5"including", "includes" and "in particular" are illustrative, none of them shall limit the sense of the words preceding it and each of them shall be deemed to incorporate the expression "without limitation". "Other" and "otherwise" are also illustrative and shall not limit the sense of the words preceding them;

1.1.6words denoting persons include bodies corporate and unincorporated associations and vice versa where the context requires. The words "subsidiary" and "holding company" shall have the meanings given to them in section 1159 and schedule 6 of the Companies Act 2006;

1.1.7the index and headings in this Agreement and any descriptive notes in brackets are for convenience only and shall not affect its interpretation; and

1.1.8in the case of any inconsistency between any provision of the Schedules to this Agreement and any term of this Agreement the latter shall prevail. In the case of any inconsistency between any provision of the Annexes or Appendices and any provision of the Schedules, the latter shall prevail.

7

Confidential

Part BTERM AND SERVICE PROVISION

3.TERM

1.1Notwithstanding the date of signature of this Agreement, the term of this Agreement shall begin on the Effective Date and shalt expire (unless terminated earlier or extended in accordance with the Agreement) at midnight on 31 December 2024 (such period being the "Initial Term"). The parties recognise that services similar (in part) to the Services have been provided under the Original Agreement prior to the Effective Date but for the purposes of this Agreement they agree that the provision of the Services subject to this Agreement's terms shall be deemed to commence on the Effective Date (the "First Service Commencement Date") (the date of any subsequent transfer or addition of a service being a "Subsequent Service Commencement Date" and together them all being a "Service Commencement Date").

1.2The Customer may, in its sole discretion, extend the Initial Term by a further period of two (2) years from the expiry of the Initial Term, by giving written notice to the Service Provider at least ninety (90) days prior to the expiry of the Initial Term or an extension period, as applicable.

1.3The Service Provider shall provide notice to the Customer of the expiry of the Initial Term and any extension period at least one hundred and eighty (180) days prior to the same.

1.4The Customer may require that local Agreements and/or Statements of Work are put in place between the Customer or its Affiliates and the Service Provider or, exceptionally, its Affiliates (it being agreed that wherever possible such arrangements shall be made with the Service Provider only) pursuant to which the provision of local delivery of certain of the Services may be managed or Change Project (under Statements of Work) provided. The Service Provider agrees that subject always to agreement on the appropriate invoicing and taxation arrangements it shall not unreasonably withhold its consent to the agreement of such Local Agreements and further agrees that any such Local Agreements shall (subject always to the liability provisions of clause 34) incorporate all of the terms of this Agreement save as specified and agreed by the executing parties in such Local Agreement and approved in writing by the relevant Customer(s) and the Service Provider.

1.5The Parties have agreed that:

1.1.1the UK Customer shall be entitled (acting as agent) to make decisions and provide instructions to the Service Provider and its Affiliates pursuant to this Agreement as "the Customer" for and on behalf of each of the US Customer and the Bermuda Customer and references to the Customer instructing the Service Provider or otherwise engaging with it in relation to the provision of instructions hereunder shall be understood to mean that, save with respect to SOWs entered into by the US Customer or the Bermuda Customer to which the UK Customer

8

Confidential

is not a party, the UK Customer can provide such instructions for and on behalf of the US Customer and the Bermuda Customer (and in the event of any conflict between any instructions received by the Service Provider from the UK Customer and either of the US Customer or the Bermuda Customer, the instructions of the UK Customer as agent will prevail);

1.1.2the UK Customer shall procure that the relevant Customer entity complies with the requirements of the relevant Customer Dependencies;

1.1.3notwithstanding clause 3.5.1, the UK Customer may appoint a local representative from each of the other Customers to give instructions to the Service Provider and its Affiliates working "on the ground" (a "Local Manager"), such appointment to be set out in writing between the Parties. In the event of any conflict between the Local Manager's instructions and any instruction from the UK Customer, the instruction of the UK Customer shall prevail;

1.1.4the UK Customer, the US Customer and the Bermuda Customer shall have joint and several liability under this Agreement and any SOW to which they are all parties;

1.1.5the US Customer and the Bermuda Customer each hereby formally appoints the UK Customer as its agent for service of legal proceedings and hereby authorises the UK Customer to execute SOWs, formal variations to this Agreement and Change Control Notes on its behalf;

1.1.6any SOW or Change Control Note to which all three of the UK Customer, the US Customer and the Bermuda Customer are party shall be executed by each such entity albeit that, pursuant to clause 3.5.3, the execution may be carried out by the UK Customer for and on behalf of the US Customer and the Bermuda Customer respectively;

1.1.7invoices for the Charges payable in respect of Services delivered to all of the UK Customer, the US Customer and the Bermuda Customer under this Agreement and SOWs entered into by all three Customer Parties shall be apportioned in accordance with the mechanisms set out in Schedule 10 (Pricebook, Charges and Invoicing);

1.1.8pursuant to clause 34.10, the UK Customer shall be the only Party entitled to bring a claim against the Service Provider in connection with this Agreement or any SOW to which (i) air three of the UK Customer, the US Customer and the Bermuda Customer are party; or (ii) the UK Customer and one of the US Customer and the Bermuda Customer are a party. Accordingly, where a loss is suffered by a Customer (the UK Customer, US Customer or Bermuda Customer) under this Agreement or a SOW to which all three of the UK Customer, US Customer and

9

Confidential

Bermuda Customer are parties then the UK Customer shall bring that claim (unless prohibited by law); and

1.1.9Where the UK Customer is not a party to any SOW and there is more than one other Customer entity contracting, then the Parties agree that:

1.1.1.1the SOW shall set out applicable terms for governance and management of the SOW in place of the terms of this clause 3.5 and appoint a managing agent;

1.1.1.2the relevant Customer contracting entities shall have joint and several liability under that SOW;

1.1.1.3appropriate mechanisms for invoicing in relation to each relevant Customer contracting entity shall be set out in the SOW; and

1.1.1.4the party nominated as the managing agent for the purposes of that SOW under 3.5.9.1 shall be the only party entitled to bring claims for losses suffered under that SOW (unless prohibited by law).

4.SERVICES

General

1.1The Service Provider shall provide the Services to the Customer and the Customer Group in accordance with the terms of the Agreement and also:

1.1.1in accordance with the requirements set out in the applicable Schedules save for immaterial or cosmetic deviations;

1.1.2with diligence, professionalism and in accordance with Good Industry Practice;

1.1.3with sufficient, suitably trained and qualified resources to provide the Services;

1.1.4in a cost-effective manner, but without prejudice to the level of quality and performance required;

1.1.5in accordance with the relevant time frames specified or if none are specified, within a reasonable time frame;

1.1.6in material compliance with the Customer Standards and Policies made available to it in writing from time to time (with changes to the versions listed in Schedule 6 notified by Customer to Service Provider and managed via the Contract Change Control Procedure);

1.1.7to meet or exceed any Service Levels; and

10

Confidential

1.1.8at Customer locations or from Service Provider Service Locations approved in writing by the Customer.

1.2The Service Provider shall adopt processes and related behaviour that shall:

1.1.1support closely the Customer's business model and business objectives;

1.1.2enable the Customer and its Service Provider to respond promptly and effectively to predictable and unpredictable change;

1.1.3promote rational, fact based problem solving;

1.1.4increase ease of communication and understanding;

1.1.5increase openness, reliability and consistency;

1.1.6facilitate the identification and deployment of creative solutions to optimise value; and

1.1.7reflect the partnership principles set out in the annex that will form part of the Schedule 12 (Governance and Service Management).

1.3The Customer considers "scope creep" to be a particular risk in any outsourcing project and considers that its suppliers, as experts in the field, should take responsibility for managing the downside risk of scope creep. Accordingly, if any services, functions or responsibilities are not specifically described in the Agreement or any are required for, incidental to or customarily included in, the performance and provision of the Services they shall be implied by -and automatically included within the applicable Schedule and the -agreed Charges, to the same extent and the same manner as if specifically described in the Agreement.

1.4The Services shall be deemed to include:

1.1.1any services, functions or responsibilities performed within the twelve (12) month period immediately preceding the Effective Date by the Customer's employees, agents and/or contractors whose functions were displaced as a result of this Agreement, even if the service function or responsibility is not specifically described in this Agreement unless such function or responsibility is specifically identified in this Agreement as either no longer being required or as being the responsibility of the Customer; and

1.1.2any services, functions and responsibilities reflected in those categories of the Customer's budget that the Service Provider is assuming pursuant to the Agreement unless the same are specifically identified in this Agreement as either no longer being required or as being the responsibility of the Customer,

11

Confidential

provided in each case such services, functions and responsibilities are (i) required for and (ii) incidental to, or customarily included in, the Services.

1.5The Service Provider shall increase or decrease the amount of the Services according to the agreed forecast (pursuant to Schedule 2, Annex 5, Section 4.10 in respect of Change Management Services and paragraph 18 of Schedule 10 in respect of the Run Services) demand for these Services, the Customer's other requirements and, in any event, the Customer reserves the right to add or remove Services. Such additions or removals shall be effected using the systems agreed in the applicable Service Description, Schedule 10 (Pricebook, Charges and Invoicing) or pursuant to the Contract Change Control Procedure.

1.6Except as otherwise expressly provided in this Agreement, the Service Provider shall be responsible for providing all the facilities, personnel and other resources necessary to provide the Services.

1.7Without prejudice to the obligations of the Customer in relation to the Annual Minimum Spend Commitment and the Total Minimum Spend Commitment set out in paragraph 6 of Schedule 10, the Customer reserves the right, in its sole discretion, to provide any or all of the Services itself or to contract with third party suppliers to perform all or any part of the Services at any time.

Suspension

1.8In respect of Change Management Services and related project work only, the Customer shall have the right to suspend the provision of Services at any time where either:

1.1.1the provision of Services is, in the Customer's reasonable opinion, having an adverse impact on the Customer's business or the experience of its customers or staff; or

1.1.2the Service Provider is in material breach of its obligations in respect of the Services that the Customer wishes to suspend.

1.9Not used.

1.10In relation to Change Management Services related project work, the suspension terms in this clause 4.10 and clause 4.11 shall apply. In the event of suspension pursuant to clause 4.8:

1.1.1the Service Provider shall immediately cease providing the affected Change Services;

1.1.2where suspension takes place pursuant to clause 4.8.1 (suspension because of adverse impact):

12

Confidential

1.1.1.1the Service Provider shall continue to charge for the project team at the applicable Rate Card day rate for a period of one (1) week; following which the Charges shall be reduced to fifty percent (50%) of the applicable Rate Card day rate for the personnel engaged on the project at the time; and

1.1.1.2Liquidated Damages and other remedies shall not apply during the period of delay caused by the suspension;

1.1.3where suspension takes place pursuant to clause 4.8.2 (suspension for material breach):

1.1.1.1save to the extent any ramp down benching or other costs are agreed in this Agreement or the applicable SOW, the Service Provider shall cease to have any entitlement to charge for the suspended Services during the period of suspension (but may charge for Services before and after the period of suspension and for any work that is not subject to the suspension); and

1.1.1.2the Service Provider shall engage in good faith discussions with the Customer in relation to potential resolutions of the breach giving rise to the suspension but, during the period of delay caused by the suspension the Customer agrees that the Service Provider shall be relieved from any duty to pay Liquidated Damages;

1.1.4an restarting the provision of any suspended Change Management Services related project work, the Parties shall agree revised Key Milestones (and any suspended Liquidated Damages shall apply to those revised Key Milestones) and project plans. In this regard the Parties agree that the default position will be that the Key Milestones and project plans will be moved by a period equal to the period of suspension (adjusted to reflect any additional or missed public holidays and/or amended Customer requirements/constraints) unless either Party can demonstrate that a different basis of adjustment should apply. For the avoidance of doubt, any Liquidated Damages and other contractual remedies shall apply to these new dates once agreed; and

1.1.5the period of suspension shall last no longer than three (3) months.

1.11The Customer shall have the right to require that any Services suspended pursuant to clause 4.8 restart at any time upon at least one (1) week's notice provided that if suspension occurs pursuant to clause 4.8.2 and the period of suspension continues for longer than two (2) months, at least two (2) weeks' notice shall be required.

1.12The Service Provider agrees that the Customer has the right to call off project work under Statements of Work incorporating the full terms of this Agreement

13

Confidential

and the particular arrangements for doing so are set out in paragraphs 4.4 and 4.5 of Annex 5 of Schedule 2 (Change Management Services).

5.DELAY

1.1If the Service Provider becomes aware that the provision of the Services or any other activity under this Agreement is being, or in its reasonable estimation is likely to be, delayed or interrupted (for whatever reason), such that it shall not meet any of its obligations under this Agreement, then the Service Provider shall, unless otherwise agreed by the Customer, give written notice immediately to the Customer of the relevant circumstances (the "Delay Notice"). The giving of such notice shall not prejudice the Customer's rights under this Agreement.

1.2The Delay Notice shall:

1.1.1identify the cause or causes of the delay or interruption;

1.1.2state whether, and to what extent, the delay or interruption is, or is expected to be, caused by a Force Majeure Event;

1.1.3provide details of the delay or interruption and its expected duration;

1.1.4identify clearly which Services, Milestones (if any), Performance Standards and/or other Agreement obligations are likely to be affected and, in the reasonable opinion of the Service Provider, the extent to which they are likely to be affected; and

1.1.5identify as far as possible the extent to which the Service Provider's fulfilment of the relevant obligations under this Agreement will be delayed, interrupted or otherwise affected.

1.3If the Service Provider fails to achieve a Milestone, at no additional charge to the Customer, and without prejudice to the Customer's other rights, the Service Provider shall (as the case maybe):

1.1.1continue to provide the Services so as to meet the Milestone as soon as possible after the Milestone Date; or

1.1.2re-perform the Services so as to meet the Milestone as soon as possible after the Milestone Date.

1.4If the delay or interruption continues for more than five (5) Business Days, the Service Provider shall provide the Customer periodically (and at least on a· weekly basis) with updated information in relation to the matters referred to in clause 5.2, notwithstanding any discussions or negotiations relating to the continued performance of this Agreement following a Force Majeure Event or the Customer exercising its other rights.

14

Confidential

6.ACCEPTANCE

1.1Where applicable, the Parties shall agree and set out Acceptance Criteria for each Acceptance Item and the rest of this clause 6 shall apply. If no such procedures or criteria are set out, the Services provided under the Agreement shall be deemed .accepted upon receipted delivery to the Customer and the remaining clauses of this clause 6 shall not apply, save that in the case of documentary Deliverables any failure to comply with a requirement that they be clearly and concisely set out with no material errors or omissions shall entitle the Customer to require that they be rectified and redelivered at no additional charge.

1.2The Service Provider must undertake its own internal testing of any Acceptance Item before submitting it to the Customer for acceptance testing.

1.3The Service Provider must provide the Customer with at least seven (7) Business Days' notice prior to submitting any item for acceptance testing.

1.4Unless otherwise agreed between the Parties, the Customer shall conduct the acceptance testing promptly after receiving the Acceptance Item and promptly notify the Service Provider whether it accepts, rejects or conditionally accepts the Acceptance Item. The Customer shall promptly issue an Acceptance Certificate if it accepts or conditionally accepts the Acceptance Item.

1.5The Service Provider shall provide all reasonable support to the Customer in relation to conducting the acceptance testing at no additional charge.

1.6If the Service Provider conducts the acceptance testing, the Customer shall be entitled to observe the acceptance testing and shall provide reasonable support to the Service Provider in relation to the conduct of the acceptance testing.

1.7If an Acceptance Item is rejected, the Customer shall provide reasons for such rejection, and the Service Provider, shall remedy the relevant defects at no additional charge and re-submit the Acceptance Item to the Customer as soon as reasonably practicable but in all cases within seven (7) Business Days or such longer period as may be reasonable in the circumstances and as such longer period is stipulated in the applicable Change Control Note.

1.8If an Acceptance Item is rejected a second time, without prejudice to any other rights the Customer may have, the Customer shall have the option to:

1.1.1require the Service Provider to rectify any defects and re-submit the Acceptance Item for acceptance;

1.1.2accept the Acceptance Item subject to an equitable reduction in fees (which shall be at least 10%) and, in this scenario, such Acceptance Item shall be treated as if it were fully accepted; or

15

Confidential

1.1.3immediately terminate the Service related to the Acceptance Item and any other affected Services for material breach and be refunded all Charges paid under this Agreement in connection with the same provided that all Acceptance Items related to such termination are returned to the Service Provider.

1.9In no circumstances (other than those referred to later in this clause) shall the Customer be deemed to have accepted an Acceptance Item, other than where it is unconditionally accepted and an Acceptance Certificate is issued. Notwithstanding the foregoing, the Customer agrees that if it puts an Acceptance Item into live, productive use without either the prior written consent of the Service Provider or having agreed as part of the original Acceptance Testing approach that the final test is live use or as part of any conditional acceptance that this would happen then it shall be deemed to have accepted the Acceptance Item.

1.10Notwithstanding clause 6.9, the Service Provider may issue an invoice for the relevant Milestone payment if the Customer has not confirmed acceptance or rejection within one month of the due date for acceptance of the Acceptance Item. For the avoidance of doubt, the lack of confirmation of acceptance shall not be ground for the Customer to claim that the invoice has been improperly rendered pursuant to paragraph 3.7 of Schedule 10 (Pricebook, Charging & Invoicing).

1.11If the Customer conditionally accepts an Acceptance Item, it shall notify the Service Provider of the conditions to which the acceptance is subject and the Acceptance Item shall not be fully accepted until such conditions have been met. The Charges related to the relevant Acceptance Item shall be subject to an equitable reduction (which shall be at least 10%), with the balance paid when the defects or backlog of issues have been completed.

7.NOT USED

8.GOVERNANCE, REPORTING AND PERFORMANCE

Governance

1.1The Service Provider shall comply with the Customer's governance requirements as set out in Schedule 12 (Governance and Service Management) at no additional charge.

Procedures Manual

1.2The Service Provider shall develop within 20 Business Days following the First Service Commencement Date and each subsequent Service Commencement Date and maintain (subject always to approval by the Customer) a policy and procedures manual (the "Procedures Manual") that describes, at a minimum:

1.1.1how the Services are to be performed and delivered;

16

Confidential

1.1.2the Equipment and Software to be used;

1.1.3the relevant Documentation including operations manuals and user guides;

1.1.4the quality assurance procedures approved by the Customer;

1.1.5the supervision, monitoring, staffing, reporting, planning and oversight activities to be undertaken by the Service Provider;

1.1.6the Service Provider's problem management escalation procedures;

1.1.7other pertinent Service Provider standards and procedures; and

1.1.8the Standards and Policies.

1.3The Service Provider shall update and maintain the Procedures Manual at least annually and the Customer and the Service Provider shall agree on any policies and procedures to be included within the same.

1.4Until the Procedures Manual is approved, the Service Provider shall perform the Services consistent with existing Customer Standards and Policies.

Escalation

1.5The Service Provider agrees that if an agreed trigger event occurs (it being agreed that this shall include if: (i) there are repeated delivery or service failures; (ii) there is a major one-off failure; (iii) and/or it fails to comply with its rectification obligations) then it will commit to executive escalation as follows:

1.1.1as a first level of executive escalation ("Executive Escalation (a)") the Service Provider has agreed that should Executive Escalation (a) be triggered then Service Provider's Executive Sponsor (named in the Agreement as a member of the Key Personnel) shall relocate to the Customer's offices for four (4) full Business Days per week to lead the Service Provider's team and to explain progress; and the Service Provider's UK CEO or his or her nominee who shall be a main board member of the Service Provider's UK entity shall telephone the Customer's CEO once each week to report progress. Without prejudice to its other rights and remedies the Customer may in its sole and absolute discretion elect to waive or defer Executive Escalation (a); and

1.1.2as a second level of executive escalation ("Executive Escalation (b)") the Service Provider has agreed that should Executive Escalation (a) not result in the successful resolution of the issue that gave rise to Executive Escalation (a) then the Service Provider's UK CEO or his or her nominee who shall be member of the leadership of the Service Provider's UK business (and not the person already identified as Executive Escalation (a)) shall relocate to the Customer's offices for three (3) full Business Days per week to lead the Service Provider's

17

Confidential

team and to explain and report progress. Without prejudice to its other rights and remedies the Customer may in its sole and absolute discretion elect to waive or defer Executive Escalation (b).

9.CHANGE CONTROL

1.1No variation of this Agreement shall be effective unless made in writing, signed by or on behalf of all of the Parties and expressed to be such a variation. Pursuant to clause 3.5, the Parties agree that the UK Customer may bind all of the UK Customer, US Customer and Bermuda Customer with respect to agreeing such variations.

1.2Day-to-day operational changes to the Services shall be effected through an operational change management process, which shall be agreed by the Parties before the first Service Commencement Date and incorporated into the Procedures Manual. Such changes shall not result in any alteration to the Charges.

1.3Additions of new Services, major alterations to the Services or other variations to this Agreement shall be effected through Schedule 13 (Contract Change Control Procedure).

Part CPERFORMANCE AND QUALITY

10.HOLDBACK, SERVICE LEVELS AND LIQUIDATED DAMAGES

1.1If the Service Provider fails to achieve a Key Milestone for any reason other than a Force Majeure Event or a failure by the Customer to meet a Customer Dependency, without prejudice to its other rights and remedies, the Customer may claim the Liquidated Damages associated with that Key Milestone (if any) to the extent agreed and set out in an applicable SOW), in which case:

1.1.1the Liquidated Damages amount shall be deducted from the next invoice or paid to the Customer if there are no further invoices due to be rendered under the Agreement within thirty (30) days from the date of the invoice issued by the Customer; and

1.1.2the Parties agree that the Liquidated Damages are a genuine pre-estimate of some of the loss the Customer is likely to suffer as a result of the Service Provider's failure to achieve a Milestone.

1.2The Parties acknowledge that, prior to the Service Commencement Date for a particular Service Tower, the mechanisms in Schedule 3 (Service Levels and Service Credits) and clause 32 (Step-In) are not applicable.

1.3Not used.

1.4Holdback

18

Confidential

1.1.1The Parties agree that with respect to Change Projects, a holdback mechanism may apply which allows interim time and materials or fixed price invoicing but with a proportion of each interim invoice being held back for release on successful conclusion of the project ("Holdback") and, if agreed to be applicable, shall be documented in the relevant SOW. The Service Provider shall not unreasonably withhold its agreement to include such a Holdback.

1.5The Service Provider acknowledges that any failure to provide a Service to a Performance Standard may have a material adverse impact on the business and operations of the Customer and that, accordingly, it shall:

1.1.1at all times achieve or exceed the Performance Standards in respect of the Services; and

1.1.2perform the Services With at least the same level of performance (including in respect of accuracy, quality, timeliness, responsiveness and efficiency) as was provided by or for the Customer prior to the Effective Date (unless expressly agreed to the contrary in the Agreement) or, if higher, in accordance with Good Industry Practice.

1.6Each Party acknowledges and agrees that any Service Credits that may become payable are an adjustment to the Charges and that the payment and receipt of Service Credits and/or Liquidated Damages is without prejudice to any other right or remedy available to the Customer as a result of the Service Provider's failure to meet the relevant Service Levels or achieve the relevant Milestone (as applicable).

1.7In addition to Service Levels, the Service Provider shall measure other key indicators of performance of the Services (including by carrying out a customer satisfaction survey) and shall provide such measurements to the Customer in order for the Customer to fully understand the levels of performance of the Service being provided by the Service Provider.

1.8At the Customer's election, Service Levels may be added, deleted or revised due to change in the Customer's business requirements once suitable agreement on the impact of such changes on the Service and the Service Credits has been reached through the Contract Change Control Procedure.

11.SERVICE IMPROVEMENT AND ADVANCES IN TECHNOLOGY

1.1Other than the Standards and Policies, the Service Provider shall keep the systems, methodologies and processes used and owned or licenced by the Service Provider in performing the Services current and the Customer shall receive the benefits of upgrades in the same through increases in efficiency and productivity.

1.2The Service Provider shall cause the delivery of the Services, as approved by the Customer, to evolve and be modified, enhanced, supplemented and replaced as necessary for the Services to keep pace with advances in the

19

Confidential

methods of delivering services, where such advances are at the time pertinent and in general use. Accordingly, the Service Provider shall proactively seek out new technologies by surveying the market and the technology landscape more generally to identify advances or changes in technology that are appropriate and beneficial to the Customer.

12.REFERENCE

1.1The Service Provider shall use the Customer as a referee in relation to at least two (2) bids each year. Such bids shall be for services broadly similar to the Services for clients of a similar size to the Customer. Failure to do this shall, without limitation, require the Service Provider's UK and Ireland CEO to provide detailed reasons for such failure ta the Customer's CIO.

Part DOPERATION OF THE SERVICES

13.ASSETS

Equipment

1.1In the event the Customer deems it necessary to require the Service Provider to use equipment owned or operated by the Customer ("Customer Equipment"), the Service Provider shall be responsible for transfer of the Customer equipment to the Service Provider's sites/environments. As at the Effective Date, the Parties do not envisage any Customer Equipment being installed on the Service Provider's sites/environments.

1.2The Customer makes no warranties with regard to the Customer Equipment (if any).

1.3The Service Provider shall be fully responsible for monitoring the operation of -and maintenance of the Customer Equipment (if-any) and shall promptly notify the Customer of any issues with the same that may impact the provision of the Services or achievement of the Service Levels.

1.4The Service Provider may, where directed to do so by the Customer, acquire future equipment ("Future Equipment"), including modifications, upgrades, enhancements, additions and replacements of the Customer Equipment, as necessary or appropriate to provide the Services. Such Future Equipment shall be acquired in the name of the Customer and title shall vest in the Customer and, unless agreed to the contrary pursuant to the Contract Change Control Procedure, the Customer shall pay the vendor directly for such Future Equipment.

1.5The Customer shall have the right to approve any software or Service Provider Tools used by the Service Provider in relation to the Services and installed on Customer Systems prior to the Service Provider's use of the same in order to provide the Services, such approval shall not be unreasonably withheld or delayed. The Service Provider shall be responsible for:

20

Confidential

1.1.1in consideration of the Run Charges, installing, operating and maintaining the Service Provider Software and Service Provider Tools;

1.1.2in consideration of the Run Charges, managing and using any other Software, Systems or Materials (including the Customer Software, Customer Systems and Customer Materials) required to provide the Services; and

1.1.3in consideration of any agreed Change Management Charges, modifying such other Software, Systems or Materials (including the Customer Software, Customer Systems and Customer Materials) where the same is agreed as part of the relevant Change Management Services.

Risk of Loss

1.6Each Party shall be responsible for risk of loss of, and damage to, Equipment, Software or other Material in its possession or under its control, provided that the Service Provider will notify the Customer prior to installing any single piece of Equipment worth more than £50,000 at a Customer Location.

1.7The Service Provider shall be responsible for the risk of loss of, and damage to, any property, systems or material used by it to provide the Services, except to the extent that any loss of, or damage to, any such property, systems or materials is caused by an intentional wrongful act or omission of the Customer or Customer Personnel.

14.CO-OPERATION AND THIRD PARTY CONTRACTS

1.1The Service Provider acknowledges that it will be delivering the Services to the Customer in a multi-vendor environment. Accordingly, the Service Provider shall co-operate in good faith with the Customer, to the extent relevant to obtain the benefit of the Services, and with the Customer's other suppliers to facilitate the integrated and efficient carrying out of the Customer's operations and the provision of the Services. Such co-operation shall include providing advice, assistance, data and information as reasonably required by the Customer and (subject to reasonable confidentiality provisions being in place) its suppliers.

1.2Where applicable to its service model, the Service Provider will agree to specific operation level agreements with those third party suppliers of the Customer identified by the Parties from time to time and, without prejudice to the generality of clause 14.1, the Service Provider shall comply with such co-operation obligations.

1.3Notwithstanding Schedule 14 Appendix A, the Parties will identify any third party contracts under which a Third Party Provider furnishes or provides services to the Customer that are associated with the Services and which are required to be maintained in the name of the Customer (or its Affiliates) and managed by the Service Provider ("Managed Agreements"). Any such

21

Confidential

contracts not already included in Schedule 14, Appendix 14-A will be added to it by written agreement of the Parties.

1.4Without prejudice to the generality of its obligations under clauses 14.1 and 14.2, the Service Provider agrees that in relation to any such Managed Agreements, it will monitor the performance of each applicable Third Party Service Provider and take steps to address with each Third Party Service Provider any issues arising with its performance and shall promptly escalate any concerns it may have with respect to such performance to the Customer.

1.5The Service Provider shall ensure that reasonable knowledge transfer takes place between it and the applicable Third Party Service Providers including in relation to:

1.1.1difficulties and issues such Third Party Service Providers may encounter in delivering their services in the context of the Service Provider's provision of the Services;

1.1.2information regarding the operating environment, system constraints and other operating parameters applicable to the provision of the Services by the Service Provider as a supplier with reasonable technical skills and expertise would find reasonably necessary in order to perform its work; and

1.1.3such information as is necessary to assist each such Third Party Service Provider to ensure that the results of its services have the ability to interoperate with the Services.

1.6The Parties acknowledge that from time to time the Service Provider may need to appoint third parties as its subcontractors in order to enable it to perform aspects of the Services. The Service Provider agrees that the Customer shall have the right to nominate certain Third Party Suppliers to be. its subcontractors in relation to such Services. Where requested to do so by the Customer, the Service Provider shall either manage such contracts on the Customer's behalf or shall then enter into direct contracts with such Third Party Suppliers provided, in such latter case, that: (i) the Service Provider is able to reach a commercial agreement in relation to the same; and (ii) the relevant Third Party Supplier passes the Service Provider's ethics, security and compliance checks. Where requested to enter into a direct subcontract with a third party pursuant to this clause, the Service Provider shall negotiate in good faith and use its reasonable commercial endeavours to reach agreement and the Customer agrees to provide reasonable support to assist with such discussions (if requested to do so). Third Party Suppliers who enter into direct agreements with the Service Provider shall thereafter be treated as a subcontractor of the Service Provider for the purposes of clause 17 below.

15.PERSONNEL

Staff Transfer

22

Confidential

1.1The Parties shall comply with the terms of Schedule 17 (Human Resources Provisions).

General

1.2The personnel assigned ta the Customer account by the Service Provider (or its Subcontractors) will be and remain employees of the Service Provider (or such Sub-contractors) ("Service Provider Personnel") and the Service Provider (or such Sub-contractors) shall. be liable for all taxes, national insurance and other costs, compensation and benefits of such personnel, including salary, health, accident and workers' compensation benefits, pensions and contributions that an employer is required to pay with respect to the employment of employees related to the Service Provider Personnel ("Employment Costs").

1.3If the actions or inactions of Service Provider Personnel creates:

1.1.1additional work in connection with the performance of the Services by the Service Provider that would have otherwise been unnecessary in the absence of such action or inaction; or

1.1.2additional work for the Customer to enable it to obtain the full benefit of the Services,

the Service Provider shall perform all such additional work at no additional charge to the Customer.

1.4The Customer shall have the right to require the removal of any member of the Service Provider Personnel assigned to perform under this Agreement where such Service Provider Personnel's performance and competence, responsiveness, capabilities, cooperativeness, ability to work within the Customer's culture, or fitness for a particular task of any person assigned by the Service Provider to perform Services, is insufficient to perform the Services in a manner acceptable to the Customer. In these circumstances, the Customer shall provide to the Service Provider written reasons for the request for removal·. Without prejudice to the foregoing, the Service Provider shall furnish a qualified replacement as soon as reasonably practicable but in all cases, within twenty (20) days of the removal.

Key Personnel

1.5The Customer shall have the right to designate certain employees of the Service Provider or its Sub-contractors as key employees (the "Key Personnel"), provided that the Service Provider may reasonably refuse such designation. The Parties shall agree a maximum number of Key Personnel across each Service Tower during Transition and following the applicable Service Commencement Date. The Key Personnel shall devote sufficient effort to perform their role in the delivery of the applicable Services. The Key Personnel will be listed in Schedule 18 (Key Personnel) to this Agreement.

23

Confidential

1.6During their Duration of Commitment, the Service Provider shall only remove or change the Key Personnel with the written consent of the Customer except where the removal or change results from resignation, death, disability, or termination of employment of the Key Personnel in question in which case the Service Provider must promptly notify the Customer of such removal and the proposed replacement. The Service Provider may review its team after the expiry of the initial Duration of Commitment set out in Schedule 18 (Key Personnel) and thereafter every twelve (12) months and advise which Key Personnel are to be changed in accordance with this clause 15.6 and clause 15.7 and any such changes will be made on at least six (6) months' notice.

1.7The Service Provider may only assign or replace any Key Personnel with the Customer's prior written consent (which in the circumstances set out above shall be deemed to have been given) and only after the Service Provider has provided the Customer with the relevant curriculum vitae of the relevant Key Personnel and with a reasonable opportunity to interview such Key Personnel. At no additional cost to the Customer, the Service Provider will provide for an appropriate transition (including overlap) period for the new individual so that there is no disruption to the performance of the Service Provider's obligations or the Customer's receipt of the Services under this Agreement.

Non-Solicitation

1.8Save for any exceptions agreed, and subject to the parties respective obligations set out, in Schedule 17 (Human Resources Provisions), each Party agrees that during the period between 27 July 2020 and the earlier of: (i) the date falling six (6) months after the expiry or termination of this Agreement, or (ii) the date falling six (6) months after the date the relevant individual has left his or her employment, it will not and will procure that its Affiliates will not directly or indirectly, either on its own account or in conjunction with or on behalf of any other person, employ, hire, solicit or endeavour to entice away from the other Party (or its Affiliates) any person who, at any point since 31 August 2018:

1.1.1in the case of the Customer, has been an officer, manager, employee, agent or consultant of the Customer or its Affiliates; or

1.1.2in the case of the Service Provider, has been engaged in the provision of the Services to the Customer under this Agreement.

16.SERVICE LOCATIONS

1.1When working at any Customer facilities, Service Provider Personnel shall comply with the requirements of Schedule 22 (Locations and Site Licence) and all applicable Standards and Policies, including the Customer's standard workplace security, administrative, safety and other policies and procedures applicable to the Customer's own employees or contractors ("Customer Location Policies") and the Customer IT and security policies as set out in Schedule 7 (Security - IT and Physical).

24

Confidential

1.2The Customer shall notify the Service Provider of any subsequent modifications or amendments to the Customer Location Policies. Any such changes to the Customer Location Policies which impose materially increased obligations or costs on the Service Provider, shall be agreed through the Contract Change Control Procedure.

17.SUBCONTRACTORS

1.1The Service Provider shall not delegate or subcontract any of its obligations under this Agreement without the prior written consent of the Customer and shall ensure that all Sub contractors comply with obligations akin to those set out in Schedules 17 (Human Resources Provisions), 5 (Sub-Contractor List and Service Provider Tools), 7 (Security - IT and Physical), and 21 (Data Transfer and Processing).

1.2The Customer acknowledges and agrees that the consent required pursuant to clause .17.1 has been granted in respect of those Approved Sub-contractors identified in Schedule 5 (Sub contractor List) and any Sub-contractor it formally requires the Service Provider to use in connection with the provision of the Services pursuant to clause 14.6.

1.3The Customer may revoke its approval of a Sub-contractor if it has good faith doubts about the Sub-contractor's ability to perform the sub-contracted Services.

1.4The Service Provider shall on request advise the Customer of the impact of any revocation action pursuant to clause 17.3 by the Customer including any impact on the timetable and the Charges.

1.5If the Customer wishes to proceed with the revocation action pursuant to clause 17.3 then any changes shall be agreed through the Contract Change Control Procedure.

1.6The Parties agree that there will be no impact on the Charges if the Customer revokes its approval of a Sub-contractor as a result of any fraud, fraudulent misrepresentation, Wilful Default or Wilful Abandonment or any other criminal act by a Sub-contractor or its employees.

1.7If the Customer consents to the Service Provider's proposed use of a Sub-contractor to perform the Services (or part thereof) the Service Provider shall remain fully responsible and liable for the acts and omissions of the Sub-contractors to the same extent as if such acts and omissions were those of the Service Provider.

1.8Subject to ensuring that all Service Provider Applicable Regulations and the Customer Applicable Regulations that it has been made aware of pursuant to clause 20.1 in relation to the same are complied with (provided always that compliance with Customer Applicable Regulations shall be deemed where the Service Provider complies with and has taken the steps agreed between the parties pursuant to clause 20.1), the Service Provider may engage any of its

25

Confidential

Affiliates to provide Services and Deliverables to the Customer and the Customer Group under this Agreement. Notwithstanding anything to the contrary in this Agreement, the Service Provider will remain fully liable for Services and Deliverables provided under this Agreement by its Affiliates.

18.DATA AND SECURITY REQUIREMENTS

1.1The Service Provider shall comply with the current Standards and Policies relating to IT and security and the requirements of Schedule 7 (Security- IT and Physical) at no additional cost to the Customer. If the Standards and Policies change these will be notified to the Service Provider by the Customer in accordance with clause 4.1.6 and the Service Provider will review such changes, and notify the Customer of any implications of such changes. Any such changes to this Agreement or the Services required as a direct result of the changes to the Standards and Policies and/or the requirements of Schedule 7 (Security- IT and Physical) will be agreed through the Contract Change Control Procedure save that the Charges shall only be increased where the changes materially increase obligations or costs on the Service Provider.

1.2The Service Provider shall provide ongoing training for all the Service Provider Personnel employed or engaged in the provision of the Services in compliance with the Standards and Policies.

1.3Without limiting clause 18.1, the Service Provider shall comply and shall ensure that all Sub contractors comply with vetting procedures and policies in respect of all Service Provider Personnel that comply with Good Industry Practice.

1.4The Service Provider shall ensure that principles aligned to ISO 27001 and ISO 9001 are reflected in its performance of the Services.

1.5The Customer shall retain exclusive rights and ownership of all of Customer Data and the Customer Data shall not be:

1.1.1used by the Service Provider for any purpose other than as required under the Agreement in connection with providing the Services;

1.1.2disclosed, sold, assigned, leased or otherwise provided to third parties by the Service Provider; or

1.1.3commercially exploited or otherwise used by or on behalf of the Service Provider, its affiliates, officers, directors, employees, or agents, other than in accordance with the Agreement.

1.6Upon request by the Customer and at its election and at no additional charge, the Service Provider shall promptly return to the Customer the Customer Data in the format and on the media as reasonably requested by the Customer, or erase or destroy Customer Data in the Service Provider's possession, power or control (except that the Service Provide may retain one copy for legal

26

Confidential

records) and, if requested by the Customer to do so, shall provide the Customer with confirmation in writing signed by a corporate officer of the Service Provider.

1.7The Service Provider shall protect the Customer's data in its possession, power or control so as to not lose, damage, destroy or corrupt the Customer Data.

1.8Pursuant to the requirements of Schedule 7 (Security- IT and Physical) and the obligations in relation to the provision of the Security Services set out in Annex 2 of Schedule 2 (Service Descriptions), the Service Provider shall establish and maintain all appropriate technical and organisational controls to safeguard against the destruction, loss or alteration of Customer Data and that are no less rigorous than those maintained by the Service Provider for the Service Provider's own information of a similar nature or that otherwise comply with Good Industry Practice.

1.9Service Provider Personnel must not attempt to access, or allow access to, Customer Data to which they are not entitled or that is not required for the performance of the Services by Service Provider Personnel.

1.10The Service Provider acknowledges its obligations with respect to data security set out in this clause 18.8 and 18.9 apply to the same extent to any of the Customer's Confidential Information that is received by the Service Provider. Similarly, the Customer shall ensure that any Service Provider Confidential Information is kept securely in a manner consistent with the data security requirements imposed on the Service Provider under clauses 18.8 and 18.9.

1.11The Service Provider acknowledges that the Customer is subject to the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500) ("NYDFS") and that the Service Provider's compliance with clauses 18.8 and 18.9 in relation to Customer Confidential Information is required for the Customer to comply with NYDFS. The Service Provider will also reasonably assist the Customer to comply with any additional requirements of NYDFS (at the Customer's cost) provided that the parties agree in writing the scope of any such additional requirements via the Contract Change Control Procedure.

19.BUSINESS CONTINUITY AND DISASTER RECOVERY

1.1Without prejudice to any Services relating to disaster recovery or business continuity the Parties may agree, the Service Provider shall manage and maintain internal disaster recovery and business continuity policies and procedures consistent with Good Industry Practice and the requirements of Schedule 16 (Business Continuity and Disaster Recovery Plan) throughout the Term at no additional cost to the Customer.

27

Confidential

20.REGULATORY MATTERS AND AUDIT RIGHTS

General

1.1The Service Provider shall comply with all Service Provider Applicable Regulations. Without prejudice to the generality of the foregoing, the Customer may notify the Service Provider of (i) any Customer Applicable Regulations it specifically requires the Service Provider to comply with (including any requirements set out in the Standards and Policies to either comply with Customer Applicable Regulations referenced there or to ensure compliance with Customer Applicable Regulations by following certain policies or procedures) and/or (ii) if it requires compliance with what would otherwise be a Service Provider Applicable Regulation in a Customer specific way (such specific compliance becoming compliance with a Customer Applicable Regulation for the purposes of this Agreement and the definition of Service Provider Applicable Regulation). Once any such Customer Applicable Regulations are identified, the Parties will agree how they are to be complied with. For the avoidance of doubt, such notifications may relate to compliance with Customer Applicable Regulations in any jurisdictions worldwide in which the Customer or its Affiliates operate or do business from time to time. The Service Provider shall make any modifications to the Services as reasonably necessary as a result of changes to Service Provider Applicable Regulations at no extra cost to the Customer. Where the relevant modification is required to address a change in Customer Applicable Regulations the effect on cost and delivery shall be assessed and agreed via the Contract Change Control Procedure.

1.2The Service Provider recognises that the Customer and its Affiliates are subject to regulation by (or has regulatory responsibilities in respect of) the regulatory authorities in the jurisdictions in which it operates and that, in particular, the Customer has regulatory responsibilities in respect of:

1.1.1the Financial Conduct Authority and the Prudential Regulation Authority;

1.1.2the Bermuda Monetary Authority;

1.1.3the North Dakota Department of Insurance and the Texas Department of Insurance;

1.1.4the Jersey Financial Services Commission;

1.1.5the Central Bank of Ireland;

1.1.6the successor organisations/regulators of each entity listed in clauses 20.2.1 to 20.2.5 from time to time; and

1.1.7various other relevant governmental agencies or bodies around the world.

28

Confidential

1.3Subject to clause 26 (Confidential Information) and the applicable terms in clauses 20.5 and 20.6 (External Audits), the Service Provider shall provide such cooperation with all applicable regulatory authorities as may reasonably be requested by the Customer or otherwise required by such authorities and in any event shall cooperate with both the Customer and any regulatory authorities in responding to any enquiries made by such authorities. Such cooperation shall be provided at the Customer's reasonable cost. The Service Provider's obligations under this clause 20.3 shall include:

1.1.1providing, on request, such .assistance as the Customer may reasonably require to prove its compliance with its regulatory requirements in the context of the Services;

1.1.2providing to the Customer such information and/or documentation as a regulatory authority may request in its supervision of the performance of the Services and it consents to such information and documentation being passed on to the relevant regulatory authority (subject to the controls in clause 26.3); and

1.1.3in addition to the Customer's own audit rights hereunder, permitting a regulator to carry out audits of the Service Provider where such regulator requires the right to do so.

External Audits

1.4The Customer (or its nominee) shall be entitled to audit the Service Provider's conformance with its obligations under the Agreement (including to verify the Charges) and the relevant Service Provider's facilities in each case in respect of:

1.1.1each Service Tower; and

1.1.2the Services provided to each of the UK Customer, the US Customer and the Bermuda Customer,

during business hours up to a maximum of three (3) times per year in aggregate for all audits under 20.4.1 and 20.4.2 (at no charge) on reasonable written notice (which shall, other than in the case of an emergency or regulatory audit, be no less than one (1) month), provided that the audit is carried out subject to clauses 20.5, 20.6 and 20.11; the auditor is not a direct competitor of the Service Provider; and the auditor enters into a confidentiality agreement with the Customer on terms no less onerous than those set out in clause 26 (Confidential Information). For the avoidance of doubt, the audit departments of the "Big 4" accountancy firms are not direct competitors of the Service Provider, provided that they sign a confidentiality agreement with the Service Provider, including the obligation to put in place appropriate ethical walls between their audit departments and those parts of their business which provide business and technology consulting and services, to ensure that all information obtained by their audit department is not disclosed to parts of their business which may compete with the Service Provider.

29

Confidential

1.5The Service Provider shall provide all reasonable co-operation with any audits conducted pursuant to clause 20.4 and the Customer shall use its reasonable endeavours to seek to:

1.1.1minimise any disruption to the Services; and

1.1.2consolidate such audits for each Service Tower and key Customer Location, where possible.

1.6In conducting an audit, the Customer (or its nominee) shall comply with the Service Provider's reasonable security and confidentiality procedures and shall not be permitted to have unsupervised access to the Service Provider's shared facilities and systems. The Service Provider shall be entitled to reasonable relief if there is any disruption to the Services as a direct result of the Customer carrying out an audit.

1.7Subject to the restrictions in clauses 20.4 20.5 and 20.6 (other than in relation to the frequency of audits), the Customer (or its nominee) shall be entitled to undertake no more than two (2) further audits in that same year across the Agreement as a whole and/or in respect of each Service Tower, (with the Service Provider providing all reasonable co-operation) at its own cost (at the Service Provider's relevant day rate.), unless such audits reveal fraud or a breach of the Agreement (including all instances of overcharging), in which case the cost of the audit shall be borne by the Service Provider.

1.8If, as a result of an audit, it is determined that the Service Provider has overcharged the Customer, the Customer shall notify the Service Provider of the amount of such overcharge and the Service Provider shall promptly pay to the Customer the amount of the overcharge, plus interest at a rate of two percent (2%) above the annual base rate of the Bank of England from time to time calculated from the date of receipt by the Service Provider of the overcharged amount until the date of payment to the Customer.

1.9In the event any such audit by the Customer or its agents reveals an overcharge to the Customer by the Service Provider of five percent (5%) or more of a particular fee category, the Service Provider shall reimburse the Customer for the cost of such audit in addition to the repayment of the sum plus interest at the rate set out above.

1.10The Service Provider agrees that the restrictions on the number of audits and the notice period for such audits set out in clause 20.4 will not apply to audits required for legal or regulatory reasons. Such audits shall be conducted at the Customer's cost where the number set out in clause 20.4 has been exceeded.

1.11If any audit by an auditor designated by the Customer or a regulatory authority having jurisdiction over the Customer results in the Customer being notified that it is not in compliance with any generally accepted accounting principle or audit requirement relating to the Services, then provided that the non-compliance resulted from the Service Provider's default, the Service Provider shall, at its own expense and within the period of time specified by such

30

Confidential

auditor or regulatory authority, bring the Services into compliance. If the Service Provider fails to bring the Services into compliance within a reasonable time the Customer shall be entitled to terminate this Agreement on the grounds of the Service Provider's irremediable material breach of contract on the provision of written notice.

1.12The Service Provider shall maintain and retain in a manner that complies with Good Industry Practice accurate records (including complete financial records of its operations and activities specifically related to the Services) in relation to the provision of the Services provided to the Customer during the Term for seven (7) years after the termination or expiry of the Agreement and: make the same available to the Customer and its auditors.

1.13The Service Provider shall provide all reasonable assistance and information in relation to the conduct of the audit at its own cost. For the avoidance of doubt such information shall not include the provision of any background cost or overhead information or any of the Service Provider internal reports relating to the Services (although the Service Provider snail act reasonably in this regard).

Internal Audit

1.14The Service Provider shall establish and maintain a system of internal audits to provide management with assurance that a quality assurance system is being utilised, is effective, meets customer and business needs and continues to improve ("Internal Audits").

1.15The Service Provider shall maintain internal controls lists in a manner consistent with Good Industry Practice and provide confirmation of the same at least once per year.

1.16Where specifically requested by the Customer, the Service Provider shall also provide a copy (if any are produced) of its:

(a)    internal independent audit reports concerning International Standard on Assurance Engagements No. 3402 (ISAE 3402) Assurance Reports on Controls at a Service Organisation;

(b)    Statement on Standards for Attestation Engagements No. 18 (SSAE 18); and/or

(c)    SOC 1 Type 2 Report prepared in accordance with AT-C320 issued by the AICPA, to the Customer Within a reasonable time after any such reports are completed (provided the Service Provider is not required to provide copies of which reports which cover or refer to other clients of the Service Provider) and shall make alt documents regarding such audits available to any applicable Regulator. The Customer acknowledges that for any of the audit reports specified in (a) to (c) above to be able to demonstrate appropriate control operating effectiveness in accordance to these audits' requirements, processes

31

Confidential

have to be in steady stable state for over eight (8) months. Accordingly, the Customer agrees that it shall not make a request pursuant to this clause 20.16 until a at least one (1) year after the relevant Service Commencement Date in respect of the relevant Services for each Service Tower.

1.17Should any Internal Audit identify an overcharge, the provisions of clauses 20.8 and 20.9 shall apply.

21.CUSTOMER DEPENDENCIES

1.1The Service Provider's sole and exclusive remedy for the Customer failing to meet any of its Customer Dependencies is set out in this clause 21 and the Service Provider shall not be entitled to sue the Customer for breach of contract or terminate the Agreement due to a failure of the Customer to meet the Customer Dependencies.

1.2The Service Provider shall be excused from failures to perform its obligations under this Agreement if the Customer delays or fails to provide the Customer Dependencies but only:

1.1.1to the extent that such failure causes Service Provider's failure to perform;

1.1.2provided that such acts or omissions are not undertaken by the Customer at the Service Provider's direction or with the Service Provider's written consent;

1.1.3provided that the Service Provider gives the Customer prompt written notice of the Customer's failure to perform the Customer Dependencies; and

1.1.4provided the Service Provider uses Commercially Reasonable Efforts to mitigate the adverse consequences of the Customer's failure and continues to provide the Services.

1.3Provided the Service Provider has complied with the obligations set out in clause 21.2 and has obtained the Customer's prior written approval, the Service Provider will be entitled to receive a reasonable adjustment in the timeframes set out in the schedule to deliver and reimbursement of its reasonable, demonstrable, unavoidable costs incurred directly as a result of the Customer's failure to perform the relevant Customer Dependency (with such costs being calculated by reference to the time spent and the Rate Card).

1.4The Service Provider shall only be entitled to relief under this clause 21 from the date on which it notifies the Customer in accordance with clause 21.2.3.

Part EPAYMENT

32

Confidential

22.CHARGES

1.1The Service Provider's pricing shall not be subject to or contingent upon any due diligence to be performed after the Effective Date or, if earlier, the relevant Service Commencement Date, except in respect of lnflight Projects and/or New Services.

1.2In the event the Parties agree that a. particular pass-through expense is to be paid directly by the Customer, such pass-through expense shall not be subject to any mark-up and the Service Provider shall provide the Customer with the original third party invoice together with a statement that the Charges are proper and valid and should be paid by the Customer.

1.3In consideration for the provision of the Services the Customer shall pay to the Service Provider all undisputed Charges within forty-five (45) days of receipt of a correctly rendered invoice.

1.4In the event of late payment, the Service Provider reserves the right to charge interest on amounts overdue at a rate of two percent (2%) above the annual base rate of the Bank of England from time to time.

1.5Except as otherwise agreed by the Parties in writing, no rates or charges other than those set out in clauses 22.3, 22.4 and Schedule 10 shall be applicable to the provision of the Services under this Agreement.

1.6The Service Provider shall only be entitled to invoice the Customer for its expenses if .such expenses have been approved in writing in advance and are incurred in accordance with the version of the Customer's expenses policy notified to the Service Provider from time to time.

1.7The Service Provider shall maintain complete and accurate records of, and supporting documentation for, the amounts billable to and payments made by the Customer under this Agreement and the Service Provider shall provide the Customer with documentation and other information with respect to each invoice as may be reasonably requested by the Customer to verify accuracy and compliance with the provisions of the Agreement.

1.8The Customer shall have the right to deduct from amounts owed by the Customer to the Service Provider amounts that the Service Provider is obliged to pay to or credit to the Customer under the Agreement.

1.9The Customer may withhold payment of particular charges that the Customer reasonably and in good faith disputes on notice to the Service Provider.

1.10If the Customer disputes a part of an invoice, the Service Provider shall re-issue an invoice (with the original invoice date) for the undisputed Charges and the Customer shall pay such undisputed Charges in accordance with clause 22.3. The Service Provider shall also re-issue a separate invoice for the disputed Charges (with the original invoice date). The Parties shall

33

Confidential

diligently pursue an expedited resolution of such dispute in accordance with clause 49 (Dispute Resolution).

1.11The Service Provider shall render invoices in accordance with paragraph 3 of Schedule 10 (Pricebook, Charges and Invoicing).

23.TAX

1.1All prices are exclusive of value added tax or any other locally applicable equivalent sales taxes ("VAT"), which is payable at the rate and as prescribed by law.

1.2Unless otherwise agreed between the Parties, the Service Provider will be responsible for all other taxes which are incurred as a result of its provision of the Services under this Agreement.

1.3The Customer shall be entitled to deduct the sums required to pay any withholding taxes, demanded by any taxation authority, from payment to the Service Provider. Upon becoming aware that it must make a tax deduction, the Customer must notify the Service Provider accordingly.

1.4If the Customer does deduct any amounts pursuant to clause 23.3, it shall pay such sums to the relevant taxation authority within the period for payment permitted by law, and furnish the Service Provider with evidence of payment of the relevant amount from the relevant tax authority. The Customer shall upon request reasonably assist the Service Provider with obtaining relevant basic information about such tax obligations and shall use reasonable efforts to assist the Service Provider with reclaiming such withholding tax, where any double tax treaties or similar rules in the jurisdiction allow for tax reclaims to reduce the Service Provider's tax burden, or with claiming a foreign tax credit.

1.5If VAT or other taxes are payable on damages payable or paid under this Agreement, then the Party liable for payment of such damages must pay any such VAT or other taxes in addition to the relevant amount of damages upon production of a valid VAT or other appropriate tax invoice by the other Party.

24.VALUE FOR MONEY/BENCHMARKING

1.1The Service Provider agrees that:

1.1.1the Charges applicable to the Services it provides under this Agreement shall be competitive and offer value for money to the Customer; and

1.1.2the Performance Standards applicable to the Services shall accord with Good Industry Practice,

and, in order to demonstrate this to the Customer, the Service Provider agrees to comply with the terms of this clause 24 and Schedule 11 (Benchmarking).

34

Confidential

Part FINTELLECTUAL PROPERTY, CONFIDENTIALITY AND DATA PROTECTION

25.INTELLECTUAL PROPERTY RIGHTS

General

1.1Each Party shall retain its rights in its own Pre-existing IPR and the Service Provider shall retain its rights in the Service Provider IPR. Except as provided in this clause 25 (Intellectual Property Rights), neither Party shall gain by virtue of the Agreement any rights of ownership in any IPR owned by the other Party or any third party.

1.2The Service Provider shall procure that all Service Provider Personnel waive all Moral Rights in any Service Provider IPR (excluding any Third Party Materials) provided to, or used by, the Customer in connection with the Agreement.

1.3Developed IPR shall be solely owned by the Customer and shall vest in the Customer on creation provided always that such Developed IPR in any Deliverable which is rejected under clause 6.8.3 shall automatically vest in the Service Provider upon such rejection and, to the extent that any such rights to not automatically vest, the Customer agrees to irrevocably assign, transfer and convey to the Service Provider all rights, title and ownership in the relevant Developed IPR in the rejected Deliverable, The Customer shall and shall procure that its personnel shall give the Service Provider or its designees, all reasonable assistance and execute all documents necessary to assist or enable the Service Provider to perfect, preserve, register or record its rights in the relevant Developed IPR in the rejected Deliverable at the Service Provider's cost.

1.4The Service Provider may use the Developed IPR solely to provide the Services to the Customer during the Term.

1.5To the extent that title and/or ownership rights may not automatically vest in the Customer as contemplated by clause 25.3, the Service Provider agrees to irrevocably assign, transfer and convey to the Customer all rights, title and ownership in the Developed IPR. The Service Provider shall and shall procure that Service Provider Personnel shall give the Customer or its designees, all reasonable assistance and execute all documents necessary to assist or enable the Customer to perfect, preserve, register or record Its rights in the Developed IPR at the Customer's cost.

1.6The Service Provider shall ensure that where it develops Developed IPR for the Customer, it shall deliver the same in Source Code and object code form, with appropriate Documentation and that both versions shall be able to be used by a reasonably skilled programmer familiar with the relevant software language.

35

Confidential

1.7The Service Provider shall ensure that all Documentation related to any software Deliverable (or a component thereof) is up to date at the date of delivery.

1.8Subject to clause 25.10, 25.11 and 25.12, the Service Provider grants to the Customer and the Customer Group a, royalty-free, world-wide, non-exclusive, non-transferable (subject to clause 39) licence (at no additional charge) to use the Service Provider owned Service Provider Pre-existing IPR:

1.1.1that is provided to the Customer and/or the Customer Group as part of the Services during the Term and (which includes any applicable Termination Assistance Period) where necessary for the Customer's and the Customer Group's use and receipt of the Services (which right includes the right for the Customer Group's agents and subcontractors to (i) use for .and (ii) and assist the Customer Group in its receipt of the Services, in each case in connection with their own provision of services to the Customer Group) but excluding any (i) Digital Products (to be licensed on separate terms) or (ii) Service Provider Toots (and Customer will use reasonable endeavours to keep Service Provider informed as to the identity of the sub-contractors and agents permitted access under this clause); and

1.1.2in perpetuity and including the right to sub-licence, where such Service Provider's Pre-existing IPR is embedded into a Deliverable,

in each case subject to: (a) the restriction that it may not be deconstructed (to the maximum extent permitted by Relevant Law) or extracted from the relevant Services or Deliverable or used as a standalone product; and (b) any further limitations set out in a Statement of Work or otherwise agreed in writing by the Parties. The Customer shall also ensure that any sub-licensee under 25.8 complies with the licence conditions set out in this clause.

1.9The Service Provider agrees that for Change Projects under this Agreement it will not develop any standalone modifications, functionality or derivatives of Service Provider IPR without Aspen's prior written consent. Where a Change Project may involve the delivery of modifications, enhancements or derivatives of Service Provider IPR (but excluding Third Party Materials) which are in existence prior to the Effective Dater the parties may discuss deviations to the allocation of ownership of Developed IPR set out in the definition of Developed IPR in Schedule 1, along with the commercial implications of any such deviation.

1.10Third Party Materials Generally

1.1.1The Service Provider shall obtain the Customer's prior written consent before embedding in any Deliverables or using or providing to Customer or installing in the Customer's environment any Third Party

36

Confidential

Materials or its own Digital Products or Service Provider Tools (each as defined in clause 25.11).

1.1.2Where Service Provider does propose to use Third Party Materials with Customer's consent (including any non-Cognizant owned Service Provider Tools) then, subject always to clause 25.12, it shall use Commercially Reasonable Efforts and at mutually agreed terms (but at no additional cost as regards the Service Provider's efforts to procure a licence), to procure the grant to the Customer and the Customer Group and, to the extent necessary, its sub-contractors, agents and representatives of a world wide, non-exclusive licence to use, modify, enhance and maintain the Third Party Materials to be embedded in the Deliverables or to be made available to the Customer specifically to provide the Services to the Customer.

1.1.3Notwithstanding the foregoing, the Parties agree that it may not be possible to procure such a licence under clause 25.10.2 -and that, in addition to addressing the variations required by clause 25.12 the Parties may need to either: (i) agree further variations to the terms of this Agreement .and -appropriate pass through terms from the third party in respect of such Third Party Materials only; or (ii) -arrange for such Third Party Materials to be Iicensed directly to the Customer Group. In this latter case, the Service Provider shall use Commercially Reasonable Efforts to assist the Customer in the procurement of a licence directly from the licensor of any Third Party Materials.

1.1.4Where the Service Provider has not complied with the terms of clause 25.10.1 and obtained the Customer's prior consent to use, provision or installation in the Customer's environment or to embed in any Deliverable Third Party Materials then, without prejudice to the Customer's other rights and remedies hereunder, the Service Provider shall (at its cost and option) either: (i) procure a licence for the Customer to use such Third Party Materials; or (ii) re provide the relevant Services and/or Deliverables in such a manner that the relevant Third Party Materials are not required but until such time as its failure to comply with clause 25.10.1 is identified and then, following such identification remedied pursuant to this clause 25.10.4, the Third Party Materials in question will be deemed to have been licensed to the Customer for it to use in connection with its receipt of the Services and use of Deliverables but only to the extent strictly necessary to permit such use.

1.11Service Provider Tools and Digital Products

1.1.1The Parties acknowledge and agree that from time to time the Service Provider may propose the use of its own proprietary products that are typically licenced on stand alone terms (the "Digital Products") and that subject always to agreement between the Parties as to such terms, any such Digital Products shall be licenced on separate terms (and

37

Confidential

subject to escrow requirements, or not, in accordance with such separate terms) and the other terms of this clause 25 shall not apply to their use. The Service Provider undertakes to ensure that the impact of the use of Digital Products on the Customer's receipt of the Services and the wider terms of this Agreement is minimised.

1.1.2As part of delivering the Services, the Customer acknowledges that Service Provider Personnel may also utilise proprietary software, methodologies, tools, specifications, drawings, sketches, models, samples, records, documentation, works of authorship, creative works, ideas, know-how, data or other materials which have been or are originated, developed, licensed, purchased, or acquired by Service Provider or its Affiliates or Sub-contractors (collectively, "Service Provider Tools"). Where necessary to deliver the Services, Customer consents to installation in its environment of the Service Provider Tools listed in Schedule 5 (Sub-contractors and Service Provider Tools) or the applicable SOW but agrees and acknowledges that it (and its agents and sub-contractors) will not directly or independently use (and will not have any right to so use), any such Service Provider Tools unless otherwise specifically agreed by the Parties in writing via the Contract Change Control Procedure or in a SOW.

1.12COTS, Cloud and Similar Materials and Services

1.1.1In the event that an element of the Services to be provided by the Service Provider is to be procured from and passed through to the Customer from a commercially available off the shelf package software provider, cloud services provider or similar provider of software, hardware or solutions on standard terms (a "COTS Vendor"), then the Parties will negotiate the terms of such pass through supply and that such negotiations shall include agreeing, subject to confirming the same via the Contract Change Control Procedure, that: (i) the Service Provider's liability arising in relation to or in connection with breaches of clause 27 (Data Protection) caused by the COTS Vendor shall be capped at the level at which the COTS Vendor caps its liability to the Service Provider and which the Service Provider is entitled to recover from such COTS Vendor under its terms; and (ii) the approach to the management of data export requirements (including the requirement that such COTS Vendor enter into any Data Protection Model Clauses) imposed by this Agreement, it being agreed that the Parties shall agree such other lawful data export mechanism as is appropriate where the COTS Vendor refuses to enter into the Data Protection Model Clauses.

1.1.2The Parties agree that as at the Effective Date, save for those COTS Vendors listed in Schedule 19 (COTS Vendors) to whom the terms listed in Schedule 19 (COTS Vendor Usage Restrictions and Related Obligations) apply, there are no COTS Vendors in scope and thus clause 25.12.1 does not apply to the scope of the Services set out in the Agreement as at the Effective Date.

38

Confidential

1.1.3The Service Provider shall not change the Services after the Effective Date such that a new COTS Vendor in respect of which the Service Provider would wish to apply this clause is introduced into delivery of the Services without the prior written consent of the Customer. For the avoidance of doubt, if the Service Provider wishes to change the Services (including end to end solutions) and an element of such Services will be provided on a pass through basis using a new COTS Vendor not listed in Schedule 19 then the Service Provider and the Customer shall agree through the Contract Change Control Procedure what COTS Vendors will be used and the terms that will apply, updating Schedule 19 accordingly.

1.13The Customer grants to the Service Provider and its Affiliates a non-exclusive, non transferable, revocable licence (including the right to sub-licence, but only to sub-contractors approved by the Customer in accordance with this Agreement) to use, copy, modify, and prepare derivative works of the IPR arising in any materials (including Developed IPR and all hardware, software or other .items) provided by or on behalf of the Customer or any of its Affiliates to the Service Provider in connection with .its delivery of the Services for the sole purpose of providing the Services to the Customer for the Term (which includes any applicable Termination Assistance period).

Escrow

1.14The Service Provider shall ensure that the Source Code in the Service Provider Software embedded in Deliverables (excluding any Third Party Materials which are instead subject always to the provisions of clause 25.10 and which may or may not be subject to escrow depending on the terms agreed with the third party vendor in question) together with any related Documentation, is deposited in escrow pursuant to the terms of the Escrow Agreement.

1.15The Service Provider and the Customer mutually undertake to sign the Escrow Agreement promptly following delivery of any Deliverable to which clause 25.14 applies. The Service Provider additionally undertakes to procure that the relevant escrow agent promptly signs the Escrow Agreement.

Residual Knowledge

1.16Nothing contained in the Agreement shall restrict either Party from the use of any general ideas, concepts, know-how, methodologies, processes, technologies, algorithms or techniques retained in the unaided mental impressions of such Party's personnel relating to the Services which either Party, individually or jointly, develops or discloses under the Agreement provided that in doing so such Party does not:

1.1.1infringe the Intellectual Property Rights of the other Party or third parties who have licensed or provided materials to the other Party; or

39

Confidential

1.1.2breach its confidentiality obligations ·under the Agreement or under agreements with third parties.

26.CONFIDENTIAL INFORMATION

1.1Subject to clause 26.2, each Receiving Party will treat and keep all confidential information of the Disclosing Party as secret and confidential and will not, without the Disclosing Party's written consent, directly or indirectly communicate or disclose (whether in writing or orally or in any other manner) Confidential Information to any other person other than in accordance with the terms of this Agreement.

1.2Clause 26.1 shall not apply to the extent that:

1.1.1the Receiving Party needs to disclose the Confidential Information of the Disclosing Party to any of its employees, Affiliates (and their employees) or Sub-contractors and/or in the case of the Service Provider, COTS Vendors in order to fulfil its obligations, exercise its rights under this Agreement or to receive the benefit of the Services, provided always that the Receiving Party shall ensure that every person to whom disclosure is made pursuant to this clause 26.2.1 uses such Confidential Information solely for such purposes, and complies with this clause 26 to the same extent as if it were a Party to this Agreement;

1.1.2any Service Provider Confidential Information is embodied in or otherwise incorporated into any Developed IPR;

1.1.3such Confidential Information is in the public domain at the Service Commencement Date or at a later date comes into the public domain, other than as a result of breach of this Agreement;

1.1.4the Receiving Party obtains or has available such Confidential Information from a source other than the Disclosing Party without breaching any obligation of confidence;

1.1.5subject to clause 26.3, such Confidential Information is required to be disclosed pursuant to any Relevant Law or the rules of any Regulator or stock exchange; or

1.1.6the Receiving Party can show such Confidential Information was independently developed by it otherwise than in connection with this Agreement.

1.3Notwithstanding clause 26.1, the Customer may disclose Confidential Information to its solicitors, auditors, insurers, accountants or other operational or service-related advisers for the purposes of reporting to or seeking advice from the relevant Party provided that neither Party may pass commercially sensitive information of the other to its competitors, notwithstanding any other provision of this Agreement er a SOW. In such

40

Confidential

circumstances as this Clause 26.3 permits disclosure of Service Provider Confidential Information, the Customer shall ensure that every person to whom disclosure is made pursuant to this clause 26.3 uses such Confidential Information solely for such purposes and complies with this clause 26 to the same extent as if it were a Party to this Agreement. Prior to making any disclosure under 26.2.5 the Receiving Party shall, unless prohibited from doing so by Relevant Law, provide the Disclosing Party with prompt notice of such request(s) so that the Disclosing Party may seek an appropriate protective order or other appropriate remedy and/or waive compliance with the confidentiality provisions of this Agreement. In the event that such protective order or other remedy is not obtained, or Disclosing Party grants a waiver hereunder, Receiving Party may furnish that portion (and only that portion) of the Confidential Information which the Receiving Party is legally compelled to disclose and will exercise its reasonable efforts to obtain reliable assurance that confidential treatment wilt be accorded any Confidential Information so furnished.

27.DATA PROTECTION

1.1The categories of personal data to be processed by the Service Provider, categories of data subjects whose personal data will be processed, and the nature and purpose of processing activities to be performed under this agreement is set out in Schedule 21 (Data Transfer and Processing) of this Agreement as enhanced or clarified in relation to an SOW in the applicable sow.

1.2Each Party shall comply with its respective obligations under applicable Data Protection Legislation and, without prejudice to the foregoing, the Service Provider shall not process Customer Personal Data in a manner that will or is likely to result in the Customer breaching its obligations under Data Protection Legislation provided that the Customer gives reasonable written notice to the Service Provider of such obligations.

1.3Upon termination or expiry of this agreement, the Service Provider shall, at the Customer's request, promptly delete or return all Customer Personal Data and delete the copies thereof (unless otherwise required by Data Protection Legislation) and shall certify to the Customer that it has done so.

1.4The Parties acknowledge that, in respect of all Customer Personal Data processed by the Service Provider for the purpose of the provision of Services under this Agreement:

1.1.1the Customer alone shall determine the purposes for which and the manner in which such Customer Personal Data will be processed by the Service Provider;

1.1.2the Customer shall be the data controller; and

1.1.3the Service Provider shall be the data processor.

41

Confidential

1.5Where in connection with this Agreement the Service Provider processes Customer Personal Data as the data processor of the Customer, the Service Provider shall:

1.1.1process Customer Personal Data only on behalf of the Customer, only for the purposes of performing this Agreement and only in accordance with instructions contained in this Agreement or as otherwise received from time to time; the Service Provider shall notify the Customer prior to taking any further action if it considers an instruction to be likely to result in processing that is in breach of Data Protection Legislation. However, for the avoidance of doubt, the Service Provider is not obliged to analyse the lawfulness of the Customer's instructions;

1.1.2not otherwise modify, amend, disclose or permit the disclosure of any of the Customer Personal Data to any third party (including a data subject) unless specifically authorised or directed to do so in writing by the Customer;

1.1.3implement and maintain appropriate technical and organisational measures to protect Customer Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Upon the Customer's request, the Service Provider shall provide the Customer with a written description of the technical and organisational measures implemented by itself and its Sub-contractors as well as copies of all documentation relevant to such compliance including, protocols, procedures, guidance, training and manuals;

1.1.4ensure the reliability of any of the Service Provider Personnel with access to Customer Personal Data, that such access is granted on a 'need to know' basis, and that they are subject to binding obligations of confidentiality with respect to Customer Personal Data;

1.1.5comply with:

1.1.1.1all binding guidance and recommendations from the relevant supervisory authorities in countries where the Customer is established;

1.1.1.2clause 18.4; and

1.1.1.3the Customer's Standards and Policies;

1.1.6at no additional cost, provide full cooperation and assistance to the Customer as the Customer may require to allow the Customer to comply with its obligations as a data controller, including in relation to data security, data breach notification, data protection. impact assessment, prior consultation with data protection authorities, any enquiry, notice or investigation received from a data protection authority, and the fulfilment of data subject's rights;

42

Confidential

1.1.7promptly and without delay (but in any event within 48 hours of becoming aware of it), notify the Customer in writing of any actual or alleged unauthorised disclosure, loss, destruction, compromise, damage, alteration, or theft of Customer Personal Data (including unauthorised access to or use of the Customer Systems or data, improper handling or disposal of data, theft of information or technology assets, and/or the inadvertent or intentional disclosure of Customer Personal Data) or any incident which may give rise to a personal data breach (as such term is defined under the GDPR); and

1.1.8subject to clause 20.4, permit physical inspections of the Service Provider's relevant premises dedicated to the Customer and/or the Services, by the Customer or its representatives to ensure compliance with this clause 27.

1.6The Service Provider shall nominate a representative within its organisation who shall have responsibility to respond to Customer queries regarding the processing of Customer Personal Data and the Service Provider shall ensure that it responds to such queries promptly.

1.7Save to the extent an alternative approach is agreed in relation to a COTS Vendor pursuant to clause 25.12.1, the Service Provider shall not authorise any third party or Sub-contractor to process Customer Personal Data other than with the prior written consent of the Customer (for the avoidance of doubt, written consent shall be deemed given for authorised Sub contractors listed in this Agreement and Service Provider Affiliates).

1.8Save to the extent an alternative approach is agreed in relation to a COTS Vendor pursuant to clause 25.12.1, where the Service Provider is a processor with respect to the Customer Personal Data, it shall impose obligations on its Sub-contractors and Affiliates that are the same as or equivalent to those set out in this clause 27 by way of written agreement, and shall remain fully liable to the Customer for any failure by a Sub-contractor to fulfil its obligations in relation to the Customer Personal Data.

1.9Pursuant to clause 17 (Sub-contractors), where the Service Provider is subject to an obligation in relation to Customer Personal Data or the Customer s granted a right in respect of the Service Provider, the Service Provider should procure that its Sub-contractors are subject to equivalent obligations and that the Customer is granted the same right against the Subcontractors.

1.10The Service Provider shall not process and/or transfer any Customer Personal Data in or to any country outside the European Economic Area without the prior written consent of the Customer.

1.11If, for the purposes of the performance of this Agreement, the Service Provider or any of its Sub-contractors wishes to process arid/or transfer any Customer Personal Data in or to a country outside the European Economic Area without prejudice to clause 27.10, the Service Provider shall comply with such other

43

Confidential

instructions and shall carry out such other actions as the Customer may notify in writing, including:

1.1.1providing details of how the Service Provider will ensure an adequate level of protection for any such Customer Personal Data so as to ensure the Customer's compliance with Data Protection Legislation; and

1.1.2implementing any data transfer mechanism provided by the applicable Data Protection Legislation, such as the appropriate model contractual clauses approved by the European Commission as set out in Schedule 21 (Data Transfer and Processing), to allow for the lawful processing of Personal Data in a country outside the European Economic Area pursuant to the applicable Data Protection Legislation.

28.PUBLICITY

1.1The Service Provider shall not make any public announcement (whether written or oral) about the existence of the Agreement or that it is providing Services to the Customer without the Customer's prior written consent (which may be withheld in its complete discretion). For the purpose of clause 12.1, the Customer's consent to disclosure by the Service Provider is deemed to be given only to the extent that such disclosure is required for the Service Provider to comply with its obligations under clause 12.1.

1.2In no circumstance shall either Party be authorised to use any of the other Party's logos, trademarks or any other representations related to the other Party's brand (including noting the other Party or its personnel as a referee) without the other Party's prior written consent (which may be withheld in its complete discretion).

Part GREPRESENTATIONS, WARRANTIES AND INDEMNITIES

29.REPRESENTATIONS AND WARRANTIES

1.1Each Party represents, warrants and undertakes to the other, as at the date of this Agreement:

1.1.1that it has the power and authority to enter into and perform its obligations under this Agreement;

1.1.2that it has all necessary rights, licences, permissions and consents to provide (in the case of the Service Provider) or receive (in the case of the Customer) the Services; and

1.1.3that the signing of this Agreement does not violate any law or constitute a default under any other agreement that that Party has entered into.

1.2The Service Provider represents, warrants and undertakes to the Customer on a continuing basis throughout the term that:

44

Confidential

1.1.1it shall not conduct itself in a way so as to adversely affect the Customer's public image (except that this clause 29.2.1 shall not preclude the Service Provider from enforcing its right under this Agreement);

1.1.2it is not insolvent or unable to pay its debts within the meaning of the insolvency legislation applicable to it;

1.1.3it shall allocate sufficient resources to provide the Services in accordance with the contractual, requirements and use Commercially Reasonable Efforts to use the resources efficiently and services necessary to provide the Services;

1.1.4it shall not knowingly and/or negligently insert or include, or permit or cause any Service Provider personnel to insert or include, any known Virus into any items provided to the Customer or the Customer Systems;

1.1.5it shall use the latest available versions of anti-virus software available from an industry accepted anti-virus software vendor to check for and delete malicious software and Viruses from the Service Provider's IT systems;

1.1.6it shall co-operate with the Customer to reduce the effect of any virus found and assist the Customer to mitigate any losses (including without limitation, loss of operational efficiency and loss or corruption of the Customer's data) and to restore the system, products, Deliverables and Services to their desired operating efficiency, such assistance to be at the Customer's reasonable and demonstrable cost unless the Service Provider is in breach of clause 29.2.4 or clause 29.2.5;

1.1.7it has undertaken all diligence it requires (including in relation to the Customer's existing services) in order to plan and perform the Services and that accordingly its prices and estimates are robust and may be relied upon by the Customer;

1.1.8it is skilled and experienced in the provision of services akin to the Services and in using the tools, methodologies and procedures it is proposed that it will use in the delivery of Services hereunder;

1.1.9all information it provides to the Customer during the Term shall, at the time it is supplied, be true and accurate in all material respects;

1.1.10that the Services will be performed in accordance with all

1.1.1.1Service Provider Applicable Regulations and

1.1.1.2any provisions agreed between the Parties under clause 20.1 in relation to Customer Applicable Regulations;

45

Confidential

1.1.11it shall at all times conduct the performance of the Services in such a manner that shall ensure that the Customer does not fail to comply with the Customer Applicable Regulations that have been notified to the Service Provider in writing (if any) as a result of or in connection with its receipt of the Services provided that the Customer explains in writing how the Service Provider is expected to comply with these obligations; and

1.1.12it shall comply with any reasonable Customer request or instruction that enables the Customer to comply with its regulatory requirements (if any) in respect of the Services at mutually agreed terms. Any Customer requests or instructions which fall outside of the scope of the Services shall be agreed through the Contract Change Control Procedure.

1.3The Customer warrants that, to the extent that Customer Personal Data is provided to the Service Provider for processing (as that term is defined in the Data Protection Legislation), the Customer or relevant Customer Affiliate providing such Customer Personal Data shall have a legal basis on which to do so in respect of such Customer Personal Data.

1.4Except as expressly set out in this Agreement, all other warranties, express or implied, shall be excluded to the fullest extent permitted by law.

30.INDEMNITIES

1.1IPR Indemnities

1.1.1Subject to clauses 30,1.2 and 30.1.3, each Party will indemnify, defend and hold harmless the other Party and its Affiliates and their respective officials, employees,. agents and assigns ("Representatives") against any claims, losses, damages, costs (including reasonable leg.al fees), expenses and liabilities agreed in a settlement or awarded against the other Party and/or its Representatives as a result of any infringement (or claim of infringement) of any third party IPR caused by or alleged to have occurred because of:

1.1.1.1in the case of indemnification by the Service Provider to the Customer, Customer or its Affiliates possession of the Developed IPR in any Deliverables provided by the Service Provider to the Customer or its Affiliates; or otherwise in respect of the Service Provider's performance or provision of the Services; and

1.1.1.2in the case of the Customer's indemnification of the Service Provider, the Customer's receipt or use of such Deliverables or Services other than in accordance with or as envisaged by this Agreement or such Deliverables' or Services' specifications, or the Service Provider's receipt or use of any Customer Indemnified Items made available to the Service Provider or a Service Provider Affiliate by or on behalf of the

46

Confidential

Customer or a Customer Affiliate for its use under this Agreement (provided always such receipt or use was in .accordance with the terms of or as envisaged by this Agreement).

1.1.2The Parties agree that the indemnifying party shall be relieved of its obligation to indemnify the indemnified party pursuant to clause 30.1.1 if and to the extent that the infringement claim arises due to (i) use of the material that is subject to the relevant indemnity claim other than in accordance with or as envisaged by this Agreement; or using infringing material after a fix or remedy has been provided (whether pursuant to clause 30.3 or otherwise); (ii) use of an allegedly infringing item or any part thereof in combination with any equipment, software or data not approved for use by the indemnifying party, or use in any manner by the indemnified party (or its Affiliates) for which the allegedly infringing item was not designed; or (iii) where the Service Provider is the indemnifying party, any modification or alteration of the allegedly infringing item by a person or entity other than Service Provider or its Affiliates or Sub-contractors unless such modification or alteration was made on the instructions of or in accordance with designs, specifications, information or materials provided by or on behalf of the Service Provider or its Affiliates or Sub-contractors.

1.1.3The Parties recognise that each of them may make available certain Third Party Materials to the other and that such Third Party Materials may not benefit from IPR indemnification protection equivalent to that set out in clause 30.1.1 above. Where Third Party Materials are identified by a Party as requiring discussion between the Parties in respect of indemnification, the Parties will discuss the same and then may either agree in writing: (i) to continue to allow the other to benefit from the indemnity set out in clause 30.1.1 above; or (ii) agree that separate pass through indemnity protections from the third party should apply in the event of an IPR infringement claim arising in relation to a Party's use of Third Party Materials provided to it by the other Party, For the avoidance of doubt, if the Parties do not specifically agree to either (i) or (ii) in respect of any Third Party Materials then Third Party Materials shall nevertheless be excluded from the indemnity protection under clause 30.1.1 above except where the indemnifying party has provided or made available to the indemnified party any Third Party Material specifically for use under this Agreement in breach of the relevant third party licence terms and the relevant third party makes a claim against the indemnified party in respect of the same, in which case the indemnity at clause 30.1.1 shall cover such claims and Clause 30.3 shall also apply.

1.2In addition to the indemnities provided in clause 30.1.1 (IPR Indemnity) and Schedule 17 (Human Resources Provisions), the Service Provider will indemnify, defend and hold harmless the Customer and its Affiliates and their respective officials, employees, agents and assigns ("Customer

47

Confidential

Indemnities") against any claims, losses, damages, costs (including reasonable legal fees), expenses and liabilities agreed in a settlement or awarded against the Customer and/or the Customer Personnel as a result of any of the following:

1.1.1breach by the Service Provider of any of the representations and warranties set out in clauses 29.1.1 and 29.1.3; and

1.1.2any Employment Liabilities arising in relation to or employment claims of Service Provider Personnel made against the Customer Group not covered by the indemnities provided in Schedule 17 (Human Resources Provisions) except to the extent such Employment Liabilities arise as a result of an act or omission of Customer or Customer's Group.; and

1.1.3breach by the Service Provider of clause 27 (Data Protection).

1.3Without prejudice to its obligations pursuant to clause 30.1.1, if any Deliverable or service other item or material provided by the Service Provider or the provision of the Services by the Service Provider is, or in the Service Provider's reasonable judgement is likely to become, the subject of a claim (an "Infringing Item"), the Service Provider, at its expense and discretion and in addition to the indemnity and defending the claim, will procure for the Customer the right to use and continue using the Infringing Item or replace it with a non-infringing equivalent or modify it to make its use non-infringing, provided that such replacement or modification does not result in a degradation of the performance or quality of the Infringing Item (other than minor or cosmetic defects).

1.4The following procedures will apply with respect to any indemnification arising in connection with the Agreement:

1.1.1as soon as reasonably practicable after receipt by an indemnified party of written notice of the assertion or the commencement of any claim, demand, action, cause of action or other proceeding by a third party, whether by legal process or otherwise (a "Claim"), but no later than fourteen (14) days following receipt of written notice from the indemnified party relating to any Claim, the indemnifying party will notify the indemnified party in writing that it will assume control of the defence and settlement of such Claim (the "Notice");

1.1.2if the indemnifying party delivers the Notice relating to any claim within the required notice period, the indemnifying party will be entitled to have sole control over the defence and settlement of such Claim;

1.1.3if the indemnifying party fails to assume the defence of any such Claim within the prescribed period of time, then the indemnified party may assume the defence of any such Claim at the cost and expense of the indemnifying party; and

48

Confidential

1.1.4subject to the payment of its reasonable costs, the indemnified Party shall provide reasonable assistance to the indemnifying Party, including reasonable assistance to the indemnifying Party's employees, agents, independent contractors and Affiliates, as applicable. Notwithstanding any provision of this clause 30 to the contrary, the indemnifying Party will not consent to the entry of any judgment or enter into any settlement that provides for injunctive or other non-monetary relief affecting the indemnified Party without the prior written consent of the indemnified Party, such consent not to be unreasonably withheld or delayed.

Part HIMPACT OF A FAILURE TO PERFORM

31.FORCE MAJEURE

1.1Neither Party shall be liable for default or delay in the performance of its obligations under the Agreement:

1.1.1if the default or delay is caused by a ca use beyond the reasonable control of such Party (it being agreed that causes beyond the reasonable control of a Party shall not include strikes or lock outs of its own personnel); and

1.1.2provided the non-performing Party is without fault in causing the default or delay and the default or delay could not have been prevented by reasonable precautions (which for these purposes shall include complying with that Party's Disaster Recovery Plan and/or Business Continuity Plan or, if of a higher standard, disaster recovery plans consistent with Good Industry Practice) or circumvented by workarounds.

1.2The non-performing Party shall be excused from further performance or observance of the obligation(s) so affected for as long as:

1.1.1the circumstances prevail; and

1.1.2the Party continues to use its best efforts to recommence performance or observance whenever and to whatever extent possible without delay.

1.3A Force Majeure Event shall not relieve the Service Provider of its obligations to supply the Services in conjunction with implementing its Disaster Recovery Plans or Business Continuity Plans, including requiring that essential personnel report to work during an emergency, and any or all personnel work at a contingency location.

1.4In the event that a Force Majeure Event interrupts the provision of one or more Service Towers within the Run Services for in excess of thirty (30) days the Customer may terminate the affected Service Tower( s) or if more than two (2) Service Towers are affected, all of them in whole or in part on the provision of written notice. If the Force Majeure Event interrupts the provision of Change

49

Confidential

Management Services (or part of them) for in excess of thirty (30) days, the Customer may terminate only the affected Change Management Services-related SOWs in whole or in part on the provision of written notice.

32.STEP IN

1.1If:

1.1.1any default or non-performance by the Service Provider occurs and as a result, the performance of any business critical service is prevented, hindered, degraded or delayed for more than two (2) consecutive days;

1.1.2the Service Provider is excused from the performance of the Services pursuant to a Force Majeure Event;

1.1.3a Regulator requires the Customer to do so; or

1.1.4the circumstances in paragraph 13.1 of Schedule 15 (Exit) occur,

then, without limiting any other rights it may have, the Customer may take control of the part of the Services affected by the Service Provider default or non-performance, or the Force Majeure Event and in the case of clause 32.1.3, the Customer shall take control of the part of the Services affected by the regulatory direction (in each case, "Step In") for a maximum period of two (2) months after which the Customer shall either terminate this Agreement pursuant to any rights to do so hereunder it may have or allow the Service Provider to resume performance of the relevant Service.

1.2In exercising its rights of Step In the Customer may perform any act that the Customer deems reasonably necessary in order to restore the Services (including by engaging a third party service provider) or may direct the Service Provider to procure those Services from a third party supplier provided that the Customer: (i) complies with the Service Provider's reasonable security and confidentiality policies as notified to the Customer; (ii) procures that any third party that it engages signs an Agreed Form NOA, with an obligation to erect "ethical" walls within its own organisation to protect the Service Provider's confidentiality, if the third party stepping in is a competitor of the Service Provider; (iii) does not have unsupervised access to the Service Provider's facilities and shared computing environment; and (iv) does not require the Service Provider to disclose its commercially sensitive information to any third party.

1.3Where a third party supplier is engaged in connection with a Step In, the Service Provider shall be liable for the payment of the difference between the sums that would have been paid to the Service Provider for the provision of those Services and the sums payable to the third party supplier for performing the same for as long as the failure to perform continues (save for where the Step In is a result of a Force Majeure Event), and the Customer shall not be charged for Services that are not provided to the Customer as a result of a Force Majeure Event or the Service Provider's default or non-performance.

50

Confidential

The Service Provider shall either pay directly or reimburse the Customer for any such third party costs incurred, Such payments made by the Service Provider may be credited against the Charges or paid by way of cheque or direct debit to the Customer, at the Customer's option.

1.4In the event of the Customer exercising its right of StepIn, the Service Provider shall co-operate with the Customer (and its agents or representatives, including any applicable third party supplier) and provide reasonable assistance at no charge to the Customer to restore such Customer function or the Services or any part of them as soon as reasonably possible, including giving the Customer (and its agents or representatives, including any applicable third party services provider) reasonable access to the Service Provider's premises, Equipment, Material and Software, to the extent reasonably necessary for the purpose of restoring such Customer function or the Services or any part of them to the level required under this Agreement.

1.5As soon as reasonably practicable following the restoration of the affected Customer function or the affected part of the Services (meaning that its performance is no longer substantially prevented, hindered, degraded or delayed) to the Customer's reasonable satisfaction or a Regulator lifting its Step In requirement, the Service Provider shall resume the performance of the relevant Services.

1.6Without prejudice to the caps set out in clause 34, nothing in this clause 32 limits the Service Provider's liability to the Customer with respect to any default or non-performance by the Service Provider under this Agreement provided always that the Service Provider shall be relieved of its obligations to deliver the Services affected by any Step In during the period the Customer or any third party supplier has taken over delivery of such Services.

33.ENHANCED CO-OPERATION

1.1Where the Customer requires the right to do so in order to obtain an improved understanding of the Services or to assist the Service Provider to improve its performance (including in particular in the circumstances set out in clause below), the Parties agree that the Customer may nominate a certain number of its employees, agents or contractors (subject; to clause 32.4), to be seconded to the Service Provider or any of its subcontractors ("Consultants") provided that the Parties agree the role and responsibilities of such Consultants and the desired outcomes of involvement. The number of Consultants shall be the minimum reasonably necessary (as determined by the Customer acting reasonably) for the limited purposes described in this clause 33.1 and the Customer agrees to appoint Consultants with a level of seniority appropriate to the tasks they shall be engaged in and to provide the Service Provider with at least five (5) Business Days' notice of its intention to exercise its rights under this clause 33.

51

Confidential

1.2The circumstances that the Parties agree shall entitle the Customer to invoke its rights under clause 33.1 include where:

1.1.1the Customer is entitled, or has reasonable grounds for believing that it will be entitled, to terminate the Agreement in whole or in part for cause;

1.1.2the Service Provider is not performing any of the services in accordance with the Minimum Service Levels (if any);

1.1.3the Service Provider is or the Customer has reasonable grounds for believing that the Service Provider is reasonably likely to be in material breach of its obligations under the Agreement;

1.1.4the Customer has reasonable grounds to suspect acts of fraud are being committed by the Service Provider, any Sub-contractor or any Service Provider Personnel;

1.1.5the Service Provider causes the Customer to breach its legal or regulatory obligations; or

1.1.6the Service Provider fails to provide the Services in accordance with the Agreement (whether such failure amounts to a material breach of contract or not) and that failure causes, or is in the Customer's opinion likely to cause:

1.1.1.1delay in delivery of the Services that means that the Service Provider will not be able to meet any Key Milestone date;

1.1.1.2the degradation or unavailability of the Services which, in the Customer's opinion, is unlikely to be resolved within a reasonable period of time; or

1.1.1.3the Customer to incur a material loss, liability or cost whether direct or indirect or to suffer any adverse publicity.

1.3No Consultant shall become an employee of the Service Provider, or have a legal entitlement to any benefits conferred by the Service Provider on its employees, as a result of his or her secondment under this clause 33.

1.4A Consultant may not be an employee of any entity who competes with the Service Provider in the field of system integration services unless they .are an employee of the Customer.

1.5The Consultants shall be given full access to all information (other than commercially sensitive information or information related to the Charges) that is available to all relevant Service Provider Personnel and that is related to the performance of the Services that are relevant to the purposes described in clauses 33.1 and 33.2 and shall be able to make suggestions related to any

52

Confidential

element of the performance of the Services provided that the Consultant: (i) complies with the Service Provider's reasonable security and confidentiality policies as notified to the Consultant; (ii) signs an Agreed Form NDA; and (iii) does not have unsupervised access to the Service Provider's facilities and shared computing environment.

1.6The Service Provider shall not be obliged to follow any suggestions given by the Consultants.

1.7If the Service Provider does follow a suggestion of a Consultant, then the Service Provider shall be fully responsible for all consequences that flow from the suggestion as if it were the Service Provider's own suggestion.

1.8By exercising its right under this clause, the Customer shall not, and shall not be deemed to, assume any obligation to resolve any issue or problem with the Services or relieve the Service Provider of any obligation or liability in relation to that event. Without limiting the foregoing, nothing in this clause 33.8 shall be construed to limit the Service Provider's obligation to continue to perform the Services in accordance with all applicable Service Levels or Milestone dates.

1.9If the Customer exercises its rights under this clause, the Parties shall carry out a monthly review to agree on whether the secondment shall continue. In any case, a secondment under this clause may be terminated by the Customer at any time by giving written notice to the Service Provider, but shall in any event cease when the secondment has been effective for a continuous period of ninety (90) days (or such longer period as may be agreed between the Parties, such agreement may not be withheld by the Service Provider where clause 33.10 applies), when both of the following conditions are satisfied:

1.1.1the event giving rise to the appointment of the Consultants under this clause has ceased and/or has been resolved or remedied; and

1.1.2the Service Provider has demonstrated to the Customer's reasonable satisfaction that the Service Provider has taken all reasonable measures to ensure that the event giving rise to the appointment of the Consultants shall not reoccur.

1.10Subject to clause 33.11, the Customer shall be responsible for paying the Consultants' reasonable and demonstrable fees for the duration of the secondment, plus any reasonable, actual and demonstrable travel and subsistence costs incurred by the Consultants in relation to their secondment under this clause provided that the salaries of the Consultants are reasonable given their level of seniority and experience and Good Industry Practice ("Consultant Costs").

1.11Notwithstanding clause 33.10, the Parties agree that to the extent that the Customer exercises its rights due to an alleged Service Provider default and it

53

Confidential

transpires that the Service Provider was in default then the Service Provider shall be responsible for fifty percent (50%) of the Consultant Costs.

1.12The exercise by the Customer of its rights in this clause 33 shall be without prejudice to any other rights or remedies of the Customer.

34.LIABILITY

1.1Nothing in this Agreement shall limit a Party's liability in respect of:

1.1.1death or persona I injury caused by negligence;

1.1.2fraud or fraudulent misrepresentation;

1.1.3any employment related indemnities;

1.1.4the breach by a Party, its Affiliates or sub-contractors (including, in the case of the Service Provider, its Sub-contractors) or personnel of the duties of confidentiality contained in the Agreement save:

1.1.1.1where the breach is of the data protection obligations under this Agreement or any Local Agreement, SOW or Data Protection Model Clauses, in which case the liability caps in clause 34.2.1 (in the case of the Service Provider) or clause 34.3 (in the case of Customer) shall apply; or

1.1.1.2where the breach is in relation to breach of any data security obligations under clause 18, in which case the liability caps in clause 34.6 (in the case of the Service Provider) or 34.7 (in the case of the Customer) shall apply (except to the extent the data security breach is also a breach of clause 26 (Confidentiality) leading to a loss of Confidential Information).

1.1.5any claim made under the IPR indemnities set out in clause 30.1.1;

1.1.6Wilful Abandonment or Wilful Default by the Service Provider; and

1.1.7any liability that cannot be excluded pursuant to applicable law.

1.2Subject to clause 34.1, the maximum aggregate liability of the Service Provider (including all Service Provider Affiliates) to Customer (which includes, for the avoidance of doubt, the UK Customer, US Customer and Bermuda Customer and all other Customer Affiliates) arising under or in connection with this Agreement (including all SOWs and Local Agreements) for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise) for all losses whatsoever and howsoever caused:

1.1.1for all liability related to personal data, including under the indemnity in clause 30.2.3 (Data Protection Indemnity) and/or arising any Data Protection Model Clauses, shall be limited to the greater of: (i)

54

Confidential

$10,000,000 (ten million USD); or (ii) 250% (two hundred and fifty per cent) of the of the total Charges paid or payable under the Agreement in the Contract Year immediately prior to the first claim giving rise to such liability, but subject to any variation or exception agreed pursuant to clause 25.12.1; and

1.1.2for all claims for damage to tangible property caused by the Service Provider's (including its Affiliates or its Sub-contractors) negligence or Wilful Default shall be limited to $7,500,000 (seven million five hundred thousand USD).

1.3Subject to clause 34.1, the maximum aggregate liability of the Customer (including Customer Affiliates) arising under or in connection with this Agreement (including all SOWs and Local Agreements) and/or any Data Protection Model Clauses for all liability related to personal data shall be limited to $10 million (ten million USD).

1.4Provided that nothing in this clause 34.4 shall limit or exclude a Party's liability under clauses 34.1.1, 34.1.2 and 34.1.7, a Party nor its Affiliates shall have any liability Under this Agreement or any SOW or local Agreement or Data Protection Model Clauses for: (i) any indirect or consequential losses suffered by the other Party: or (ii) for any special or incidental damages, loss of profits, loss of business, loss of revenue, loss of goodwill, loss of anticipated savings or any loss of data (in each case howsoever arising and whether direct or indirect) other than as detailed in clause 34.5 below.

1.5Subject to clauses 34.6 and 34.2, the exclusions in clause 34.4 shall not exclude liability for the following heads of losses which the Service Provider will accept to be deemed direct losses or damages suffered by the Customer:

1.1.1subject always to the Customer's duty to mitigate, the costs of procuring and implementing an alternative to the Services provided (or not provided) by the Service Provider;

1.1.2the cost of restoring lost or damaged data caused or materially contributed to by the Service Provider to the last machine readable backup taken by the Customer in accordance with Good Industry Practice unless otherwise agreed in writing in a Statement of Work;

1.1.3the cost of restoring damage to physical property caused or contributed to by the Service Provider;

1.1.4additional wages, overtime and expenses incurred by the Customer or its subcontractors or agents in performing or rectifying defective services and/or managing a third party's performance of the same;

1.1.5the public relations costs of repairing any brand or reputational damage caused solely by the Service Provider's breach of this Agreement where the Customer can demonstrate that such breach causes these losses;

55

Confidential

1.1.6cost savings that the Customer reasonably anticipated to make by entering into this Agreement (but which have not already been compensated either pursuant to clause 5.3 or 10.1 of this Agreement). Such cost savings shall be calculated as the difference between the baseline costs in the Pricebook (the "Baseline Costs") and the charges for equivalent volumes (calculated by reference to the original baseline volumes in the Pricebook). The following will be excluded from the charges for the purposes of this calculation: (i) any spend on Change Management Services, (ii) any incremental charges arising as a result of a change to the Agreement, and (iii) any additional costs reimbursed pursuant to clause 21.3. For the avoidance of doubt, and subject always to clause 21 (Customer Dependencies), to the extent that a cost saving is enabled by the Service Provider but the Customer does not take the necessary action to realise those savings (having agreed such actions as a Customer Dependency with the Service Provider), then the Service Provider shall have no liability with respect to the failure of the Customer to achieve such cost saving; and

1.1.7in the event that a breach of the Service Provider prevents the Customer from running its business in the normal way, the costs of the remedial action necessary so as to re enable such normal running together with the costs of implementing any temporary work-around.

1.6Subject to clause 34.1 and 34.2., the Service Provider's (including its Affiliates) total aggregate liability to the Customer (which includes, for the avoidance of doubt, the UK Customer, US Customer and Bermuda Customer and all other Customer Affiliates) arising under or in connection with the Agreement (including all SOWs and Local Agreements) for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise, for any losses whatsoever and howsoever caused shall not exceed, for all claims in each Contract Year:

1.1.1not used

1.1.2the greater of:

(i) a de minimis amount equal to 200% of the Charges paid by the Customer under the Agreement (including all SOWs and Local Agreements) in the previous Contract Year; and

(ii) two hundred percent (200%) of the total Charges paid or payable under the Agreement (including all SOWs and Local Agreements) in the relevant Contract Year prior to the date which the first claim in that Contract Year arises.

For the avoidance of doubt, the annual cap that applies to any one claim shall be that of the Contract Year in which the event (or first in a series of events) that gave rise to the claim in question occurs.

56

Confidential

1.7Subject to clause 34.1 and 34.3, the Customer's total aggregate liability in each Contract Year under or in connection with this Agreement (including all SOWs and Local Agreements) shall not exceed the total amounts paid or payable under the Agreement (including all SOWs and Local Agreements) in the Contract Year in which the claim arises. For the avoidance of doubt, the annual cap that applies to my one claim shall be that of the Contract Year in which the event (or first in a series of events) that gave rise to the claim in question occurs,

1.8For the avoidance of doubt, the Parties acknowledge that in accordance with Relevant Law, any claim for damages shall be reduced by the amount of Service Credits or Liquidated Damages already paid by the Service Provider to the Customer in respect of the relevant liability so as to avoid double recovery by the Customer.

1.9The phrase "paid or payable" will mean the aggregate of:

1.1.1all relevant amounts already paid by the Customer to the Service Provider; and

1.1.2all relevant amounts invoiced but not yet paid by the Customer to the Service Provider.

1.10In the event that any breach by the Service Provider or any Service Provider Group company of this Agreement, a Local Agreement, SOW and/or any Data Protection Model Clauses results in any losses being suffered by (i) any Customer that is a party to this Agreement (each of the UK Customer, US Customer and/or Bermuda Customer); and/or (ii) any Customer Group Company that is not a party to this Agreement, such losses will be treated as if they had been suffered by the UK Customer and the UK Customer (acting as agent for the US and Bermuda Customers and to the exclusion of any right of the US or Bermuda Customer to also bring any claim in respect of the same loss) may recover any such losses from the Service Provider in accordance with this clause 34. The US Customer and the Bermuda Customer and any Customer Group Company that is not a party to this Agreement (including any Local Agreement, SOW or any Data Protection Model Clauses) may only recover its losses directly from the Service Provider if the UK Customer is prohibited by law from doing so. For the purposes of this clause 3,4,10, any losses suffered by any Customer Group Company that is not a party to this Agreement (including any local Agreement, SOW or any Data Protection Model Clauses) will not be treated as being indirect or consequent al in terms of this clause 34 simply because it has been suffered by that Customer Group company and not by a Customer directly.

1.11Nothing in this clause 34 shall relieve the Customer of its obligation to pay all Charges which have been properly incurred under this Agreement.

57

Confidential

35.INSURANCE

1.1The Service Provider shall maintain at its own cost (and on reque.st provide evidence to the Customer in the form of a broker's letter) the following insurance policies with an insurer of good standing (subject to clause 35.2) for the term of this Agreement and six (6) years thereafter:

1.1.1professional liability insurance for a minimum amount of £10,000,000 (ten million GBP) per claim and annual aggregate;

1.1.2public and product liability insurance for a minimum amount of £10,000,000 (ten million GBP) per claim and annual aggregate; and

1.1.3employer's liability insurance for a minimum amount of £10,000,000 (ten million GBP).

1.2The Service Provider shall not take out or hold any of the insurance coverage described in clause 35.1 with the Customer or any member of the Customer Group without the Customer's prior written consent.

1.3The Service Provider shall not during the term of this Agreement and for a period of six (6) years thereafter act or refrain from acting in such a way as would entitle the underwriter(s) of the policies required by clause 35.1 above to avoid or negate their liability to deal with any claim(s) which would otherwise be covered.

1.4The Service Provider shall, whenever reasonably requested by the Customer, provide evidence of such insurance and of its currency.

Part ITERMINATION

36.TERMINATION

Customer Termination Rights

1.1The Customer may terminate for convenience this Agreement (in whole or in part) on ninety (90) days' notice.

1.2Early Termination Payments

1.1.1If the Customer terminates this Agreement pursuant to clause 36.1 or the Supplier terminates this Agreement pursuant to clause 36.7, the Customer shall pay the Service Provider a sum equal to the Remaining Minimum Spend Commitment.

1.1.2If the Customer terminates this Agreement pursuant to clause 36.4.4 (Material Adverse Change) or clause 36.4.5 (Change of Control), it shall pay the Service Provider a sum equal to 70% of the Remaining Minimum Spend Commitment.

58

Confidential

1.1.3In addition to any sums that are due under clauses 36.2.1 or 36.2.2, the Customer shall also pay: (i) any additional applicable Early Termination Payments the parties may agree after the Effective Date in accordance with paragraph 25.1.2 of Schedule 10; and (ii) any due and payable invoices for Services performed up to the date of such termination.

1.1.4The Service Provider agrees that such payments shall be the Service Provider's sole and exclusive remedies in connection with any early termination itself and that beyond such payments mentioned above, no damages or compensation for early termination shall be payable; provided always that this shall be without prejudice to the rights and remedies of the Service Provider at law in respect of the recovery of any damages which arise due to breach of this Agreement by the Customer (whether connected with the event giving rise to the early termination or not).

1.3The Customer may terminate the Agreement for material breach by the Service Provider, immediately if it is not capable of remedy, or after thirty (30) days from the Customer providing the Service Provider with written notice of the material breach if it is capable of remedy but remains unremedied.

1.4The Customer may also terminate the Agreement:

1.1.1immediately if an Insolvency Event occurs with respect to the Service Provider;

1.1.2upon thirty (30) days' written notice where the Service Provider persistently breaches the Agreement;

1.1.3not used;

1.1.4immediately where a Material Adverse Change occurs in relation to the Service Provider and the process outlined in that definition has been exhausted;

1.1.5on a no-fault basis, in the event there is a Change of Control of the Service Provider (other than an internal re-organisation within the Service Provider Group) which raises a legitimate concern for the Customer and: (a) immediately where termination is required or requested by a Regulator; or (b) on thirty (30) days' notice where the new controlling entity: (i) has significantly worse financial standing than the Service Provider; (ii) is a direct competitor of the Customer; or (iii) is involved in an industry for which association would be reasonably likely to bring the Customer into disrepute, provided that the Customer gives notice to terminate on this basis within ninety (90) days following the Customer becoming aware of the Change of Control, such notice to specify the. date upon which termination shall become effective;

1.1.6immediately for any breach of this Agreement by the Service Provider: (i) which causes a Regulator to require or request that the Agreement is

59

Confidential

terminated as a result of the breach; (ii) to the extent that the breach is the chief and direct cause of a Regulator imposing a fine on the Customer or any member of the Customer Group; or (iii) to the extent the breach causes the Customer to breach a specific legal requirement which in turn is likely to cause regulatory problems for the Customer or any member of the Customer Group, and the nature of and impact on the Services of such a legal requirement have been set out in the applicable SOW or in this Agreement;

1.1.7upon thirty (30) days' written notice in the event of a Material Service Failure;

1.1.8upon thirty (30) days' written notice where there is repeated failure by the Service Provider to engage with the governance procedures set out in this Agreement, including but not limited to, Schedule 12 (Governance and Service Management) where, following formal notice from the Customer, the Service Provider either:

1.1.1.1fails to address and propose a plan to solve the concerns identified by the Customer within thirty (30) days of a notice requiring it do so; or

1.1.1.2fails to then deliver on the plan proposed by it pursuant to this clause by the dates specified in the plan;

1.1.9upon thirty (30) days' written notice in the event any breach of this Agreement by the Service Provider has a material adverse impact on the Customer's reputation (or that of the Customer Group) or leads to material adverse publicity; or

1.1.10as set out in clause 31.4.

1.5If the Customer terminates this Agreement in whole or in part and the Customer has paid any Charges in advance for Services it has not yet received, an amount equal to such Charges shall be repayable, subject to a pro-rated reduction.

1.6If the Service Provider believes that any termination by the Customer constitutes a wrongful repudiation of the Agreement, then the Service Provider agrees that it will not affirm the Agreement provided that the termination by the Customer occurs at a time when the Customer is entitled to terminate the Agreement or relevant Statement of Work for convenience. Any wrongful repudiation made in those circumstances shall, if proven, be deemed to be termination for convenience by the Customer and the Customer shall be liable to pay to the Service Provider all amounts (including termination charges) payable on or In connection with termination for convenience (and within the timescales for payment of the same) as provided in this Agreement and/or the relevant Statement of Work.

Service Provider Termination Right

60

Confidential

1.7The Service Provider may only terminate this Agreement on written notice to the Customer due to:

1.1.1The Customer's failure to pay undisputed Charges, for which properly submitted invoices have been delivered, by the due date for payment, provided that:

1.1.1.1the Customer fails to remedy the failure to pay within fifteen (15) days of its receipt of the Service Provider's written notice of the failure to pay; and

1.1.1.2the Service Provider provides the Customer a further notice of the failure to pay and the Customer fails to remedy the failure to pay within ninety (90) days of its receipt of such further notice in which case the Service Provider may terminate forthwith;

1.1.2a material breach by the Customer of the licence conditions set out in clause 25.8 which the Customer fails to cure (if capable of cure) within thirty (30) days of a notice requiring it to do so;

1.1.3a breach by the Customer (or any of its Affiliates) of its obligations under clause 26 (Confidential Information), provided the Customer fails to remedy the relevant breach (if capable of remedy) within sixty (60) days of its receipt of the Service Provider's written notice of the relevant breach in which case the Service Provider may terminate forthwith; or

1.1.4the Customer's breach of its obligations under clause 27 (Data Protection) where to continue to provide the Services would put the Service Provider in breach of Relevant Laws in which case the Service Provider may terminate forthwith unless such Relevant Laws allow a cure period and/or a notice period in which case the Customer shall have thirty (30) days to cure and/or be provided notice as applicable.

37.TERMINATION ASSISTANCE/EXIT

1.1Subject to clause 37.4, for up to a maximum period of nine (9) months following the effective date of termination or expiration of the Agreement or following the date of any notice of termination, at the Customer's election and request the Service Provider shall provide Termination Assistance to the Customer at the agreed day rates.

1.2Actions by the Service Provider under this clause 37 shall be subject to the provisions of the Agreement.

1.3Charges for Termination Assistance activities by the Service Provider shall be at the services rates set out in the Rate Card or such lower rates (if any) as specified in an Exit Plan.

61

Confidential

1.4The Service Provider represents and warrants that the Termination Assistance services shall be provided to facilitate the Customer to readily continue the provision of the services in house or by a replacement supplier (working in accordance With Good Industry Practice) and eliminate or minimise any disruption or deterioration of the Service, including, but not limited to, the following:

1.1.1efficient and comprehensive transition;

1.1.2assistance in providing information required to prepare and execute any request for proposal process;

1.1.3knowledge transfer;

1.1.4enabling data migration; and

1.1.5executing any document required for assignment of rights.

1.5The Customer shall procure that any Successor Service Provider shall enter into a confidentiality agreement with the Service Provider on the terms of the Agreed Form NOA.

Part JMISCELLANEOUS PROVISIONS

38.COMPLIANCE WITH LAWS

Generally

1.1The Service Provider shall perform its obligations in a manner that complies with all Service Provider Applicable Regulations. The Service Provides obligations pursuant to this clause shall include identifying and procuring any required permits, certificates, approvals and inspections applicable to the Service Provider or otherwise required by Service Provider Applicable Regulations. If a charge of non-compliance with such Service Provider Applicable Regulation occurs, the Service Provider shall promptly notify the Customer in writing (unless prohibited from doing so under Relevant Law). Any actual failure to so comply with Service Provider Applicable Regulations applicable to the Services shall give the Customer the right to terminate this Agreement for irremediable material breach pursuant to clause 36.3.

1.2The Customer shall notify the Service Provider of any material changes in any Relevant Laws affecting its business and of which it becomes aware in the ordinary course of its business (provided always that this shall not release the Service Provider from its own obligations to keep abreast of all Service Provider Applicable Regulations affecting its business and the ongoing provision of the Services).

1.3Not used.

62

Confidential

1.4The Service Provider shall be responsible for any fines and penalties imposed on the Service Provider or the Customer arising from any non-compliance by the Service Provider, its personnel or agents with any Service Provider Applicable Regulations.

39.TRANSFER OF THIS AGREEMENT

1.1The Customer may assign the Agreement: (i) within the Customer Group; (ii) to any entity that acquires it (provided the entity passes the Service Provider's reasonable ethics and compliance checks); or (iii) with the Service Provider's consent (not to be unreasonably withheld) to any third party, provided in each case that if the Service Provider has bona fide concerns (in its sole discretion) in relation to the assignee's financial standing, the Parties shall meet to discuss those concerns and the Customer shall provide or obtain such financial assurances as the Service Provider may reasonably require. To be clear each of the UK Customer, US Customer and Bermuda Customer must jointly agree any such assignment of this Agreement in full.

1.2Apart from the specific rights to transfer, novate or assign specified in clause 39.1, neither Party may assign, novate or otherwise transfer any of its rights or obligations under this Agreement without the other Party's prior written consent (such consent not to be unreasonably withheld or delayed). For the avoidance of doubt, it is reasonable for the Customer to withhold its consent to any proposed assignment, novation or other transfer by the Service Provider to any person (the "Transferee"), if the Transferee is of lesser financial standing to the Service Provider or has a lesser ability to provide services of the quality required by this Agreement.

1.3The Service Provider shall use its reasonable endeavours to notify the Customer in advance of any Change of Control and in any event shall notify the Customer within ten (10) days of any Change of Control occurring.

40.NO PARTNERSHIP, AGENCY ETC

1.1Nothing in this Agreement is intended to create a partnership or the relationship of principal and agent or employer and employee between the Parties. Neither Party has the authority or power to bind, to contract in the name of or to create a liability for the other in any way or for any purpose.

41.NOTICES

1.1All formal notices and communications between the Parties and/or to any Affiliate made in the course of this Agreement are to be in writing and shall be deemed to have been received by the addressee at the times stated below, provided that the notice of communication is addressed to the recipient at the address specified below, is marked for the urgent notification of the .specified point of contact as notified in writing to the other Party from time to time in accordance with this clause 41 and is properly franked or otherwise sent postage prepaid:

63

Confidential

1.1.1by first class post, forty-eight (48) hours after dispatch;

1.1.2by email with return receipt acknowledgement, on the next Business Day after the day of dispatch;

1.1.3by hand delivery, immediately upon receipt by the recipient; or

1.1.4if sent by a reputable overnight express mail service with a reliable tracking system, twenty four (24) hours after dispatch.

This clause 41.1, however, shall not apply to the service of any proceedings or documents in any legal action.

1.2The addressees of the Parties for the purpose of this clause 41 and for the purpose of service of proceedings are set out below. Notices must be addressed to:

The Service Provider    The Customer
For the attention of:    For the attention of:
Head of UKI Insurance Practice    General Counsel
1 Kingdom Street,    30 Fenchurch Street
Paddington Central,    London
London    EC3M 3BD
W26BD

With a copy to: Corporate Counsel -    With a copy to: Chief Technology
UKI Insurance Practice    Officer & Group Head of
1 Kingdom Street,    Procurement
Paddington Central,    30 Fenchurch Street
London    London
W26BD    EC3M 3BD

42.THIRD PARTY RIGHTS

1.1A person who is not a Party to this Agreement may not enforce any of its terms under the Contracts (Rights of Third Parties) Act 1999, save that Affiliates of the Customer from time to time and Divested Affiliates as referred to below may enforce the benefits granted to them under this Agreement. For the avoidance of doubt however this Agreement may be amended or rescinded by agreement between the Parties (and the UK Customer acting on behalf of the US Customer and Bermuda Customer) without the consent of any third party.

1.2At the Customer's discretion and upon notice to the Service Provider of the divestment, any Divested Affiliate shall be entitled (at no additional charge to it or the Customer other than in respect of any separation costs identified and agreed pursuant to the Contract Change Control Procedure) to continue to receive the Services, which it has been receiving pursuant to this Agreement (including the governance regime in Schedule 12 and the invoicing regime in

64

Confidential

Schedule 10, for a period of up to two (2) years from the date of completion of such divestment or the date of notice whichever is later, such period to co-terminate with the Term and provided that: (i) the overall liability of Service Provider under this Agreement, any Local Agreement or SOW to the Customer, the Divested Affiliate and any of the beneficiaries does not increase; and (ii) the Divested Affiliate passes the Service Provider's reasonable ethics and compliance checks. The Divested Affiliate shall enjoy the same unit charges for the Run Services save for the Common Services Charges. Changes to the Common Service Charges and any separation costs will be agreed pursuant to Contract Change Control Procedure. The Customer shall be responsible for compliance by such Divested Affiliate to the relevant terms and conditions of this Agreement, including the payment obligations in clause 22 (Charges) for the Services received by the Divested Affiliate and shall be responsible for payment in the event the Divested Affiliate fails to pay the Service Provider. Any changes to the relevant Services or additional requirements (for example, separate invoices for the Customer and Divested Affiliate) or other commercial impact (including to Charges) resulting from the activities contemplated in this clause shall be agreed in accordance with the Contract Change Control Procedure.

43.SURVIVAL

1.1Those clauses that by their nature are intended to survive the termination or expiry of this Agreement, shall so survive.

44.SEVERABILITY

1.1If any provision of this Agreement or any part of any provision is determined to be partially void or unenforceable by any court or body of competent jurisdiction or by virtue of any legislation to which it is subject or by virtue of any other reason whatsoever, it shall be void or unenforceable to that extent only and the validity and enforceability, of any of the other provisions or the remainder of any such provision shall not to be affected. If any clause is rendered void or unenforceable, whether wholly or in part, the Service Provider and the Customer shall endeavour, without delay and in good faith discussions, to attain the economic and/or other intended result in another legally permissible manner.

45.ENTIRE AGREEMENT

1.1This Agreement constitutes the entire understanding between the Parties relating to the subject matter of this Agreement and, save as may be expressly referred to in this Agreement, supersedes all prior representations, writings, negotiations or understandings relating to the subject matter of this Agreement.

1.2Except in respect of any fraudulent misrepresentation made by a Party, the Parties acknowledge that they have not relied on any representations,

65

Confidential

writings, negotiations or understandings, whether express or implied, (other than as set out in this Agreement) in entering into this Agreement.

1.3Nothing in this clause 45 is intended to exclude a party's liability for fraud, fraudulent misrepresentation or any other liability which cannot, by law, be excluded.

46.WAIVER

1.1No delay, neglect, or forbearance on the part of either Party in enforcing against the other Party any term or condition of this Agreement shall be or shall be deemed to be a waiver or in any way prejudice any right of that Party under this Agreement. Any waiver by either Party of any of its rights under this Agreement must be in writing and only applies to the transaction or series of transactions expressly referred to in such waiver.

47.CORPORATE SOCIAL RESPONSIBILITY, COMPLIANCE WITH LAWS AND LLOYDS CENTRE OF EXCELLENCE

Anti-Bribery

1.1Each Party shall comply with all Relevant Laws relating to anti-bribery and anti-corruption including (but not limited to) the UK Bribery Act 2010 and all relevant US requirements.

Modern Slavery

1.2Without prejudice to any other provisions in this Agreement, the Service Provider shall, and shall procure that all persons who will or may be used in performing or to support the performance of this Agreement in any part of the world ("Supply Chain") shall, at all relevant times:

1.1.1comply with the provisions of the Modern Slavery Act 2015 and all Relevant Laws made under it or relating to it ("MSA"), and ensure that all relevant Service Provider Personnel have received appropriate training on the same;

1.1.2comply with any Customer policy relating to modern slavery and/or human trafficking as is notified to the Service Provider by the Customer from time to time; and

1.1.3immediately notify the Customer's Head of Procurement in writing if it has reason to believe that it or any member of its Supply Chain is in breach or is likely to breach any of the MSA or any provisions of these clauses 47.2 to 47.4 (or would do so if it were a party to this Agreement), or if it receives a communication from any person alleging breach of any of the MSA.

1.3The Service Provider shall maintain detailed, accurate and up-to-date records setting out:

66

Confidential

1.1.1its staff hiring procedures;

1.1.2its supplier selection processes; and

1.1.3the steps it takes to ensure that it and each member of its Supply Chain is not engaged in the activities prohibited by the MSA, and shall promptly provide copies of such records to the Customer on the Customer's request.

1.4On the Customer's reasonable request, the Service Provider shall make, and shall require any relevant member of its Supply Chain to make, such adjustments to its processes that relate to staff hiring and supplier selection as the Customer reasonably considers to be desirable to address any risk of non-compliance with the MSA.

Environment

1.5The Service Provider shall ensure that its performance of the Services shall comply with all applicable environmental laws, statutes, regulations and relevant government issued guidance.

Health & Safety

1.6The Service Provider shall at times throughout the Term comply with all Relevant Laws relating to health and safety including (but not limited to) the Health and Safety at Work etc. Act 1974 and shall maintain a written health & safety policy.

Equal Opportunities

1.7The Service Provider shall at all times throughout the Term comply with all Relevant Law relating to equal opportunities, including, (but not limited to) the Equality Act 2010.

Compliance with Competition Laws

1.8The Service Provider confirms that it has not colluded with any third parties in relation to the Charges and that it shall comply with all Relevant Laws relating to competition and anti,-trust including (but not limited to) the UK Competition Act 1998 and all relevant US requirements.

Compliance with Import/Export Laws

1.9The Customer agrees to notify Service Provider of (1) any requirements for Deliverables or (2) any other technology, technical data or information to which the Service Provider will have access as a result of the Services that, in either case, will subject the Deliverables or the other technology, technical data or information to control under applicable export regulations under any classification other th.an EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Service Provider the applicable regulations (e.g.

67

Confidential

EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Service Provider may communicate to the Customer that reasonably are required to avoid violations. Subject to and except for the foregoing, the Service Provider agrees to notify the Customer of any technology, technical data or information that it will provide to the Customer pursuant to this Agreement that is subject to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Customer the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Customer may communicate to the Service Provider that reasonably are required to avoid violations. Subject to the foregoing the Service Provider shall comply with all Relevant Laws with respect to the Service Provider's export and/or import of systems, dual-use items, materials, data, information and technologies necessary for the provision of the Services to each Customer Site (including those comprising the Deliverables) and with applicable embargoes, sanctions, and similar restrictions in force from time to time (including by determining and obtaining all relevant import and/or export authorisations). Notwithstanding the foregoing, the Customer agrees that it will not provide the Service Provider with any technology, technical data or information that is subject to control under the International Traffic in Arms Regulations (ITAR). In the event that the Customer wishes to provide the Service Provider with ITAR-controlled technology, technical data or information, the Customer will notify the Service Provider in writing of such intent, and the Parties agree to cooperate to determine the appropriate agreements and controls, if any, required before the Customer makes such disclosure.

Lloyd's Centre of Excellence

1.10The Customer expects the Service Provider to demonstrate a commitment to developing its knowledge of the London insurance market during the Term. Accordingly, the Service Provider shall commit to:

1.1.1engaging with external consultants to develop training materials and to obtain a deeper understanding of Lloyd's of London performance standards and requirements;

1.1.2developing and delivering training and certification programmes for Service Provider Personnel delivering the Services;

1.1.3increasing the general pool of Service Provider staff who are familiar with Lloyd's of London operations;

1.1.4promoting the sharing of experience across the Service Provider's and its Affiliate's clients in the Lloyd's of London market including by promoting opportunities for such clients to network and share experiences;

68

Confidential

1.1.5inviting Lloyd's of London staff to participate as a guest teachers/ lecturers; and

1.1.6identifying best practices across all the clients of the Service Provider and its Affiliates in the insurance sector and applying such best practice to services in areas regulated by Lloyd's of London including by recommending enhancements to processes.

48.CUMULATIVE REMEDIES

1.1Except as otherwise expressly provided in this Agreement, remedies provided under this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either Party at law, in equity or otherwise.

49.DISPUTE RESOLUTION

1.1Any dispute between the Parties arising out of or relating to the Agreement, including with respect to the interpretation of any provision of the Agreement, shall be dealt with as follows:

1.1.1by the respective Contract Managers appointed under the Agreement; and if the dispute is not resolved by the Contract Managers;

1.1.2then by the Customer's Chief Technology Officer (or his or her designated nominee) and a person of equivalent standing in the Service Provider's organisation; and

1.1.3then by the Customer's Chief Operating Officer (or his/her designated nominee) and a person of equivalent standing in the Service Provider's organisation.

1.2Any dispute, controversy or claim arising under, out of, in connection with, or in relation to the Agreement which cannot be settled as provided for above may then be referred by the Parties to:

1.1.1mediation by a neutral mediator accredited by the Centre for Dispute Resolution (CEDR); and

1.1.2then, if the Parties fail to reach agreement during the mediation process within sixty (60) days of the mediator being appointed, Arbitration in London under the LCIA Rules,

in order for the Parties to attempt to resolve such dispute.

1.3Notwithstanding clauses 49.1 and 49.2, the Parties shall be free at any time to commence legal proceedings in order to seek emergency or injunctive relief.

50.COUNTERPARTS

1.1This Agreement may be executed in two or more counterparts, each of which will be deemed to be an original, but all of which together will constitute one

69

Confidential

Agreement binding on the Parties, notwithstanding that both Parties are not signatories to the original or the same counterpart.

51.GOVERNING LAW AND JURISDICTION

1.1The Agreement and all matters arising out of or in connection with it (including any dispute or claim) shall be governed and construed in accordance with the Laws of England and Wales and made subject to the exclusive jurisdiction of the Courts of England.

70

Confidential

AGREED by the Parties through their duly authorised representatives on the date written at the top of the first page of this Agreement:

For and on behalf of    )

ASPEN INSURANCE UK SERVICES LIMITED    )

/s/ Michael Cain

Name: Michael Cain

Title: Director

For and on behalf of    )

ASPEN INSURANCE U.S. SERVICES INC.    )

/s/ Michael Cain

Name: Michael Cain

Title: Director

For and on behalf of    )

ASPEN BERMUDA LIMITED    )

/s/ Mark Pickering

Name: Mark Pickering

Title: Director

71

Confidential

For and on behalf of    )

COGNIZANT WORLDWIDE LIMITED    )

/s/ Frank Marty

Name: Frank Marty

Title: Authorized Person

For the purposes of acknowledging that Cognizant Technology Solutions US Corporation will be providing services on behalf of Cognizant Worldwide Limited in the United States only:

COGNIZANT TECHNOLOGY SOLUTIONS US CORPORATION

/s/ Christopher H. Privette

Name: Christopher H. Privette

Title: Corporate Counsel

72

Confidential

SCHEDULE 1

DEFINITIONS

The Parties agree that for any defined term in this Agreement for which a definition has not been provided in this Schedule 1 (Definitions) but for which there is an ITIL definition, the ITIL definition in place as at the Effective Date shall apply.

A.The Parties acknowledge that, save as set out in paragraph B below, for expediency they have not sought to amend the definitions set out in the Original Agreement to reflect the revised scope and structure of the Services in this Agreement as at the Effective Date. Accordingly, and notwithstanding any provision of this Agreement to the contrary, the Parties agree:

(i)a definition below shall only apply where such defined term is expressly used in either the front end of the Agreement or one of its Schedules or Annexes; and

(ii)if there is any ambiguity or error in relation to any definition set out below, the Parties shall resolve such ambiguity or error by reference to the Original Agreement in conjunction with this Agreement (which, for the avoidance of doubt, has been updated to reflect the contractual re-set as at the Effective Date) and/ or any applicable executed CCNs.

B.For information, certain new definitions have been added into this Schedule 1 to reflect the terms of the Agreement.

The following definitions apply in this Agreement:

3rd Party Support Services has the meaning given in section 2.9 of Schedule 2, Annex 2.

Acceptance Certificate means a written notice, issued by the Customer in accordance with clause 6.5, certifying that an Acceptance Item has passed (in full, or conditionally) the relevant acceptance tests.

Acceptance Criteria means the mutually agreed objective criteria which an Acceptance Item must satisfy during the acceptance tests as set out in this Agreement before the Customer is required to issue an Acceptance Certificate for that Acceptance Item.

Acceptance Item means any Deliverable or Service or any other item expressed to be subject to acceptance testing under this Agreement.

Acceptance Test means any test set out in this Agreement or agreed between the Parties for the acceptance of Acceptance Items pursuant to clause 6 of this Agreement and references to “accepting testing” and/or “Acceptance Testing” shall be construed accordingly.

Acceptance Test Plan means the plan for acceptance testing agreed between the parties whether pursuant to paragraph 4.1.4 of Schedule 8 (Transition and Transformation)or otherwise as part of the Change Projects.

Active Directory Management Services has the meaning given in section 2.7 of Schedule 2, Annex 2.

73

Confidential

Affiliate means any other person that, directly or indirectly, through one or more intermediaries, is controlled by or under common control with a Party or in the case of another legal entity, controlled by or under common control with such other legal entity. For the purposes of this definition, control (including, with correlative meanings, the terms controlled by and under common control with) as used with respect to any person, means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of such person, whether through the ownership of shares, the holding of voting power, by contract or otherwise.

Agreed Form NDA means the form of non-disclosure agreement set out in Schedule 15 (Exit Plan and Service Transfer Arrangements).

Agreement means this agreement, the schedules, appendices and attachments.    

Agreement Terms has the meaning set out in paragraph 2.1 of Schedule 9 (Form of Local Agreement).

Annual Minimum Spend Commitment has the meaning set out in paragraph 6 of Schedule 10 (Pricebook, Charges and Invoicing).

Applicable Data Protection Law has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).

Applicable Increase has the meaning set out in paragraph 4.2 of Schedule 10 (Pricebook, Charges and Invoicing).

Application means Customer used computer software or device software.

Application Management Charges means the Charges for the Application Management Services as set out in section 11 of Schedule 10.

Application Management Services has the meaning set out in paragraph 1.1.2(c) of Schedule 2 (Service Descriptions).

Approved Sub-contractor has the same meaning as Sub-contractor.

Asset Management has the meaning given in section 2.1 of Schedule 2, Annex 1.

At Risk Amount has the meaning given to it in paragraph 5.7 of Schedule 3 (Service Levels and Service Credits).

Availability Management has the meaning given in section 2.1 of Schedule 2, Annex 1.

BAFO has the meaning set out in Recital D.

Balanced Scorecard has the meaning given to it in paragraph 9.1 of Schedule 12 (Governance and Service Management) asfurther described in Appendix 12-A to Schedule 12 (Governance and Service Management).

Baseline Costs has the meaning given in clause 34.5.6.

BCDR has the meaning set out in paragraph 24.1 of Schedule 10 (Pricebook, Charges and Invoicing).

BCP Test has the meaning set out in paragraph 4.1 of Schedule 16 (Business Continuity and DR Plan).

74

Confidential

Benchmark means the process of carrying out a benchmark review pursuant to Schedule 11 (Benchmarking). ‘Benchmarking’ shall be construed accordingly.

Benchmark Notice has the meaning set out in paragraph 1.2 of Schedule 11 (Benchmarking).

Benchmark Parameters shall have the meaning given to it in paragraph 5.2 of Schedule 11 (Benchmarking).

Benchmark Report shall have the meaning given to it in paragraph 6.1.5 of Schedule 11 (Benchmarking) and is also referred to as a Benchmarking Report.

Benchmarked Services has the meaning given to it in paragraph 1.1 of Schedule 11 (Benchmarking).

Benchmarker has the meaning set out in paragraph 2.6 of Schedule 11 (Benchmarking).

Benchmarking Agreement has the meaning given to it in paragraph 2.7.1 of Schedule 11 (Benchmarking).

Benchmarking Report means the report of a Benchmarker commissioned by the Parties in accordance with Schedule 11 (Benchmarking), also referred to as a Benchmark Report.

Bermuda Customer has the meaning set out at the Parties section of the Agreement.

Bundle has the meaning set out in paragraph 15.3 of Schedule 10 (Pricebook, Charges and Invoicing).

Business Continuity Plan means the business continuity plan to be developed pursuant to Schedule 16 (Business Continuity and DR Plan).

Business Day means a day other than a Saturday, Sunday or Bank holiday in England, Bermuda or relevant US States.

Business Impact Initiatives has the meaning set out in paragraph 20.1 of Schedule 10 (Pricebook, Charges and Invoicing).

Calendar Quarter means any one of the following four periods of three months that make up a Calendar Year: 1st January to 31st March (quarter 1); 1st April to 30th June (quarter 2); 1st July to 30th September (quarter 3) and 1st October to 31st December (quarter 4).

Calendar Year means the period of 365 (or 366 as applicable) days starting from the first (1st) day of January and ending on the thirty first (31st) day of December.

Capacity Management has the meaning given in ITILas at the Effective Date.

Carried Over Pool Amount has the meaning set out in paragraph 21.1.6 of Schedule 10 (Pricebook, Charges and Invoicing).

Catalogue Item means an item listed as such in the Service Catalogue in Appendix 10-K.

Centre of Excellence or COE has the meaning given to it in paragraph 3.4.1 of Schedule 2 Annex 5.

Change means any change to this Agreement and/or provision of the Deliverables and/or Services agreed between the Parties in accordance with Schedule 13 (Contract Change Control Procedure).

75

Confidential

Change Authority means the entity with the responsibilities described in paragraph 6.1 of Schedule 12 (Governance and Service Management).

Change Control Note shall be a document agreed between the Parties in the form set out in Appendix 1 to Schedule 13 (Contract Change Control Procedure) that records a Change.

Change Management Advisory Board (CAB) has the meaning given in section 3.2.2 of Schedule 2, Annex 1.

Change Management Charges means the Charges for the Change Management Services as set out in section 13 of – Schedule 10.

Change Management Services has the meaning set out in paragraph 1.1.2(d) of Schedule 2 (Service Descriptions).

Change of Control means a change in Control of the Service Provider.

Change Project has the meaning set out in paragraph 3.3.1 of Annex 5 to Schedule 2and will include Large Projects and Small Projects.

Change Request means a written request from either party to vary the terms of this Agreement pursuant to the procedure set out in Schedule 13 (Contract Change Control Procedure).

Charges means the aggregate charges payable by the Customer to the Service Provider under this Agreement and as are more particularly set out in Schedule 10 (Pricebook, Charges and Invoicing).

CIO / Head of Change is the Service Provider’s senior management role assigned to oversee the entire Agreement and to lead the Change Management Services as defined in Schedule 17, section 1.9.

Claim has the meaning set out in clause 30.4.1.

Commercially Reasonable Efforts means that the Party obliged to perform shall take all such steps and perform in such a manner as if it were acting in a determined, prudent and reasonable manner in order to achieve the desired result for its own benefit.

Commercial Review Meeting means the ITO Commercial Board Meeting described in section 4.2(c) of Schedule 12.

Committed Transformation means the Transformation Projects to be completed prior to or after completion of Transition in order to deliver committed price reductions and/or service improvements and whose scope is either agreed prior to the Effective Date or identified prior to the Effective Date with a plan to finalise the details of the same to be agreed during Transition, as further described in Part B of Appendix 1 of Schedule 8.

Committed Transformation Managers has the meaning given to it in paragraph 5.2 of Schedule 8 (Transition & Transformation)

Committed Transformation Services means the services provided by the Service Provider to deliver Committed Transformation.

Common Service Charges means the Charges for the Common Services as set out in section 8 of Schedule 10.

76

Confidential

Common Services has the meaning set out in paragraph 1.1.2(a) of Schedule 2 (Service Descriptions).

Comparative Charges has the meaning set out in paragraph 1.3 of Schedule 11 (Benchmarking).

Comparators has the meaning given to it in paragraph 5.2 of Schedule 11 (Benchmarking).

Compromise Assessment means an objective survey of the Customer’s Environment and its devices to discover unknown security breaches, malware and unauthorised access.

Confidential Information means in relation to either Party to this Agreement (“first party”) any and all information in whatever form (whether oral, tangible or documented), that (a) is by its nature confidential; or (b) the other party knows or ought to know is confidential; or (c) is designated by the first party as confidential including the following which are hereby designated by the first party as confidential information of that party: (i) in the case of the Customer, all Deliverables; (ii) information relating to the financial position of the first party (or any of its Affiliates) and in particular includes information relating to the assets or liabilities of the first party (or any of its Affiliates), budgets, sales, and any other matter that does or may affect the financial position or reputation of the party (or any of its Affiliates); (iii) information relating to the business strategies of the first party (or any of its Affiliates) and in particular including marketing, public relations, advertising and commerce plans, ideas, strategies, projections and other information (including related to electronic sales), business plans, real estate plans, strategic expansion plans, products and product designs; (iv) information relating to the first party’s (or any of its Affiliate's) customers, contractors or sub-contractors; (v) any information derived from the information described in (i) to (iv) above; and is disclosed to or otherwise learnt, acquired or developed by the other Party in connection with this Agreement (or its subject matter).

Configuration Items has the meaning given in ITIL as at the Effective Date.

Configuration Management has the meaning given in section 2.1.6 of Schedule 2, Annex 1.

Consultant has the meaning given in clause 33.1 (Enhanced Co-operation).

Consultant Costs has the meaning given in clause 33.10 (Enhanced Co-operation).

Continual Service Improvement or CSI means the same as the ITIL term “Continual Improvement” as at the Effective Date.

Continuation Services means the Services (other than Termination Assistance) which the Customer may continue to require the Service Provider to provide during the Termination Assistance Period.

Contract Change Control Procedure or ‘CCP’ means the process for modifying the provision of the Services or the Agreement as set out in Schedule 13 (Contract Change Control Procedure).

Contract Manager means the person appointed by each party to represent it in relation to day to day matters arising in relation to the Services and this Agreement, as defined in Schedule 12, paragraph 1.3.

Contract Year means each twelve (12) month period from 1 January to 31 December, with Contract Year 0 starting on the Effective Date and ending on 31 December 2020 and Contract Year 1 starting on 1 January 2021 and ending on 31 December 2021.

Control shall mean the direct or indirect power to direct or cause the direction of the management and policies of a company or other business entity, whether through ownership of fifty percent (50%) or more of the voting interest, by contract, or otherwise.

77

Confidential

Control Assessment has the meaning given in Section 6.1 of Schedule 8 Appendix 08-A.

Core has the meaning given in paragraph 13.4 of Schedule 10.

COTS Vendor has the meaning set out at clause 25.12.1.

Critical Service Level means a Service Level listed in Appendix 3-A which has Service Credits allocated to it.

Customer Applicable Regulations means (i) Relevant Laws which are in force from time to time during the Term, including any amendments to any or all of them, and which apply to the Customer and the Customer Group and/or their use of or receipt of the Services but which in each case are not Service Provider Applicable Regulations; and (ii) those things deemed to be Customer Applicable Regulations pursuant to the definition of Service Provider Applicable Regulations.

Customer Change ManagementLead means the Customer representative that is responsible for Change Management activity.

Customer COE Lead means the Customer’s primary contact point for the relevant COE.

Customer Data means information regarding or relating to the Customer or the Customer Group that is provided to the Service Provider pursuant to this Agreement.

Customer Dependencies means the obligations of the Customer which are identified as a Customer Dependency in the Agreement, a SOW, Schedule 4 (Customer Dependencies), or Appendix 1 of Schedule 8 (Transition and Transformation).

Customer Environment means the Customer’s IT and business operations which receive the Services.

Customer Equipment has the meaning given to it in clause 13.1 (Equipment and Software).

Customer Future Transformation Manager has the meaning given to it in paragraph 7.1.2 in Schedule 8 (Transition and Transformation).

Customer Group means each of the UK Customer, US Customer and Bermuda Customer and their Affiliates.

Customer Group Company has the meaning set out in Schedule 9 (Form of Local Agreement).

Customer Indemnified Items means all Customer Material, Customer Software, Customer Hardware, Customer Equipment, Customer Data and Customer IPR (other than modifications or enhancements to any of the foregoing delivered by the Service Provider, its Affiliates and/or its Sub-contractors).

Customer Indemnities has the meaning set out in clause 30.2 of this Agreement.

Customer Individual has the meaning set out in paragraph 1.3(a) of Schedule 12 (Governance and Service Management).

Customer IPR means any IPRs owned by or licensed to the Customer or its Affiliates (including Third Party Materials) and licenced by or otherwise made available by or on behalf of the Customer to the Service Provider or its Affiliates (including modifications and enhancements) to be used by the

78

Confidential

Customer (including its Group) or the Service Provider in receiving or providing the Services (including development of any Deliverables).

Customer Locations or Customer Sites means the locations and sites from which the Customer operates and to which the Service Provider will require access in order to provide the Services from time to time, as set out in the Procedures Manual and/or Schedule 22 (Locations and Site Licence).

Customer Location Policies has the meaning set out in clause 16.1.

Customer Material means any Material owned by or licensed to the Customer or its Affiliates (and any modifications to that Material).

Customer Parties means the UK Customer, the US Customer and the Bermuda Customer, each being a Customer Party.

Customer Personal Data means any personal data described in a SOW or Schedule 21 (Data Transfer and Processing) and supplied by a Customer Group company to the Service Provider or a Service Provider Affiliate under this Agreement for processing and/or which the Service Provider (and/or any Sub-contractor) generates, collects, stores, transmits or otherwise processes on behalf of a Customer Group company or as a data processor in connection with this Agreement.

Customer Personnel means the directors, officers, employees, agents, agency workers, contractors and sub-contractors of the Customer Group and its sub-contractors (other than the Service Provider and its Affiliates).

Customer Representative means the Customer Contract Manager or its appointed alternative contact.

Customer SME means an appropriate Customer representative.

Customer Software means the computer programs (whether in machine or optically readable format) and all Materials relating to such computer programs, owned, licenced or used by the Customer and/or its Affiliates.

Customer Systems means the Customer Software and any Equipment and/or Tools owned or used by the Customer and/or its Affiliates.

Data Exporter has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).

Data Importer has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).

Data Protection Legislation means all laws relating the processing of Personal Data, privacy and security, including, without limitation, the EU Data Protection Directive 95/46/EC (as will be superseded by the EU General Data Protection Regulation 2016/679 (“GDPR”)), the EU Privacy and Electronic Communications Directive 2002/58/EC, and the Bermuda Personal Information Protection Act 2016, as implemented in each jurisdiction, and all amendments, or all other applicable international, regional, federal or national data protection laws, regulations and regulatory guidance. The terms data controller, data processor, data subject, personal data, process/processing, special categories of data and supervisory authority shall have the meanings ascribed to them in the GDPR.

79

Confidential

Data Protection Model Clauses means standardised contractual clauses to ensure that any personal data leaving the EEA will be transferred in compliance with Data Protection Legislation, a copy of which is set out in the Annex to Schedule 21 (Data Processing and Transfer).

Database Management Services has the meaning given in section 2.5 of Schedule 2, Annex 2.

Dedicated Licences are licences which the Service Provider has purchased specifically for the Customer to use to receive the Services and excludes licences for Service Provider Tools and COTS Vendor software or services.

Dedicated Third Party Contracts means a third party contract designated as such in Schedule 15 (Exit Plan and Service Transfer Arrangement).

Delay Notice as defined in clause 5.1 (Delay).

Deliverable means any tangible item or output required to be provided by the Service Provider to the Customer under this Agreement or a SOW.

Deliverable Acceptance Document means a document setting out the acceptance requirements for the relevant Deliverable as may be agreed between the Parties pursuant to Schedule 8 (Transition and Transformation).

Design Authorities has the meaning set out in paragraph 6.1 of Schedule 12 Governance and Service Management.

Designated Areas means those areas designated as such in accordance with Schedule 22 (Location and Site Licence) to this Agreement.

Deskside Support has the meaning given in section 1.1 of Schedule 2, Annex 3.

Detailed Design or Detailed Design Phase refers to the design phase of a project where the exact scope and requirements are defined and agreed for all Committed Transformations stated in Part B of Appendix 8-A (Transition and Transformation).

Developed IPR means those materials and Intellectual Property Rights created specifically for the Customer pursuant to this Agreement or any SOW or Local Agreement but excluding: (i), modifications, enhancements or derivatives of Service Provider IPR; or (ii) any materials or other Intellectual Property Rights the creation of which falls outside the scope of the Services.

Digital Product has the meaning set out in clause 25.11 of this Agreement.

Disaster means any disruption to the performance or receipt of the Services (whether caused by a natural or a man-made phenomenon or occurrence) that requires the implementation of the Disaster Recovery Plan and which is acknowledged to be a Disaster by the Customer.

Disaster Recovery Plan means a disaster recovery plan to be developed pursuant to Schedule 16 (Business Continuity and DR Plan).

Disclosing Party means the Party which discloses its Confidential Information to the other Party.

Discount Percentage means the volume discount to be applied to the Change Management Charges pursuant to section 21 of Schedule 10.

80

Confidential

Dispatch Sites means those Customer Locations that do not have a Service Provider On-Site based presence.

Dispute Resolution Procedure means the procedure set out in clause 49 (Dispute Resolution).

Divested Affiliate means any entity which has been, during the term of this Agreement, an Affiliate of the Customer, and which subsequently ceases to be an Affiliate of the Customer.

Documentation means all documentation including user manuals or other operating manuals relating to a Deliverable or the Services.

Duration of Commitment has the meaning set out in paragraph 1 of Schedule 18 (Key Personnel).

Effective Date means 23rd November 2020.

Employment Costs has the meaning set out in clause 15.2 (Personnel).

Employment Liabilities mean all claims and employment related costs, including but not limited to claims for salary and benefits, redundancy payments, unlawful deductions from wages, unfair, wrongful or constructive dismissal compensation, compensation for age, sex, race or disability discrimination or discrimination on the grounds of religion, belief, age or sexual orientation or claims for equal pay, compensation for less favourable treatment of part-time workers, and any other claims whether in tort (including negligence), contract or statute or otherwise, and any demands, actions, proceedings and any award, compensation, damages, tribunal awards, fine, loss, order, penalty, disbursement, payment made by way of settlement and costs and expenses reasonably incurred in connection with a claim or investigation, and any expenses and legal costs on an indemnity basis.

End-to-End Service has the definition set out in Schedule 14.

End User means an individual authorised by the Customer to use and access the Customer’s systems and who is enabled on the Customer’s active directory.

End User Contact has the meaning given in section 3.1.1 of Schedule 2, Annex 3.

End User Devices means the devices as listed in Appendix 2-B tab “End User”.

Environment means the composite Hardware, Software, Network Resources and Services required for the existence, operation and management of an Enterprise IT service.

Equipment means all components, materials, plant, tools, test equipment, hardware, firmware, computing and data communications equipment and any related documentation used in the provision of the Services.

Equivalent Services has the meaning given to it in paragraph 1.3 of Schedule 11 (Benchmarking).

Escrow Agreement means an agreement entered into by the Parties pursuant to clauses 25.14 and 25.15, on the then applicable NCC standard form single user terms.

Executive Escalation (a) has the meaning given in clause 8.5.1.

Executive Escalation (b) has the meaning given in clause 8.5.2.

Executive Sponsor is the person in the Service Provider’s organisation who is a member of the executive leadership of the Service Provider (UK or globally) and ultimately responsible to the Service

81

Confidential

Provider’s corporate leadership for the success of the IT outsourcing arrangement. As at the Effective Date, this is the Head of the Service Provider’s UK and Ireland region.

Existing Performance Data has the meaning set out in paragraph 2.6 of Schedule 3 (Service Levels and Service Credits.

Existing Service Levels means those Service Levels defined as Service Level Type 1 in Appendix 3-A of Schedule 3 (Service Levels and Service Credits).

Exit Information has the meaning given to it in paragraph 5.1 of Schedule 15 (Exit Plan and Service Transfer Arrangements).

Exit Milestones are the applicable Milestone Dates set out the Exit Plan developed in accordance with Schedule 15 (Exit Plan and Service Transfer Arrangements).

Exit Plan the plan to be developed pursuant to Schedule 15 (Exit Plan and Service Transfer Arrangements) that shall set out in such detail as is reasonably required by the Customer a plan by which the Services shall be transferred to the Customer or a Successor Service Provider following the termination or expiry of this Agreement in whole or in part.

Expected Service Level means, in respect of any Service Level, the required level of performance which the Service Provider shall meet or exceed in its performance of the relevant Services.

Final Milestone means, in respect of Transition, the relevant Service Commencement Date or, with respect to Committed Transformation or agreed Future Transformation, the agreed ‘Go Live’ date.’

Financial Distress Event means any or all of the following:

(a)the credit rating of the Service Provider Group dropping two or more levels below its rating as at the Effective Date (provided that this is not part of a general downgrading of the credit ratings of a significant proportion of organisations in the digital and information technology services market);

(b)the Service Provider Group issuing a profits warning to a stock exchange or making any other public pronouncement about a material deterioration in its financial position or prospects which, in each case, envisages a reduction in profit of 25% or more on the same period in the previous year;

(c)a public or regulatory investigation into improper financial accounting and reporting, suspected fraud or other financial impropriety of the Service Provider Group holds that there has been actual improper financial accounting, reporting, fraud or other financial impropriety committed by the Service Provider Group,

where, in each case, this will have a material adverse impact on the continued performance and delivery of all or a significant part of the Services in accordance with this Agreement.

First Service Commencement Date has the meaning set out in clause 3.1.

Flex has the meaning given in paragraph 13.4 of Schedule 10.

82

Confidential

Force Majeure Event means any act of God, war, civil disturbance, strike (other than strikes of Service Provider Personnel), flood, fire, or other cause not within that Party’s reasonable control.

Forecast Volumes has the meaning set out in paragraph 18.2 of Schedule 10 (Pricebook, Charges and Invoicing).

Future Equipment has the meaning given to it in clause 13.4 (Assets).

Future Transformation means the Transformation Projects that will take place during the Term following Transition and which go beyond the Committed Transformation activities agreed to be performed as at the Effective Date.

Future Transformation Services means the Transformation Services to be agreed between the Parties in accordance with Appendix 2 of Schedule 8 (Transition and Transformation) of this Agreement.

Gainshare Initiatives has the meaning set out in paragraph 20.2 of Schedule 10 (Pricebook, Charges and Invoicing).

Go Live Date means the date agreed for the completion of a Committed Transformation.

Good Industry Practice means that degree of skill, care, prudence, foresight and practice which would ordinarily be expected of a skilled, experienced and leading supplier of services of the same or a similar nature to the Services and which, for the avoidance of doubt, includes compliance with standards akin to applicable British Standards Institute and International Standards Organisation standards.

Hardware means the physical material parts of a computer or other system.

Holdback has the meaning given in clause 10.4.1 of the Agreement.

IMACD     means Installations, Moves, Additions, Changes, Deletions.

Implementation Plan means any plan for the implementation of Transition or Transformation Services as described in Appendix 1 of Schedule 8 (Transition and Transformation) to this Agreement.

Incident has the meaning given in ITIL as at the Effective Date.

Incremental Innovation Pool has the meaning set out in paragraph 21.1.3 of Schedule 10 (Pricebook, Charges and Invoicing).

Indexation Date has the meaning set out in paragraph 4.1.2 of Schedule 10 (Pricebook, Charges and Invoicing).

Indexation Sensitivity has the meaning set out in paragraph 4.1.1 of Schedule 10 (Pricebook, Charges and Invoicing).

Inflight Project Handover Statement has the meaning set out in paragraph 19.7 of Schedule 10.

Inflight Projects has the meaning set out in paragraph 19.1 of Schedule 10 (Pricebook, Charges and Invoicing).

Infrastructure means hardware and software in scope for support as part of the Infrastructure Management Services, Operations and Service Delivery Services, Network Management Services

83

Confidential

and Security Services. The initial hardware is listed in Appendix 2-B (Ops & Service Del. Supported Hardware).

Infrastructure Change Services has the meaning given in section 2.10 of Schedule 2, Annex 2.

Infrastructure Management Charges means the Charges for the Infrastructure Management Services and the Security Services, as set out in paragraph 9 of Schedule 10.

Infrastructure Management Services has the meaning set out in paragraph 1.1.2(b) of Schedule 2 (Service Descriptions).

Infrastructure Monitoring Services has the meaning given in section 2.1 of Schedule 2, Annex 2.

Infringing Item has the meaning set out in clause 30.3.

Initial Term has the meaning set out in clause 3.1.

Innovation Pool has the meaning set out in paragraph 21 of Schedule 10 (Pricebook, Charges and Invoicing).

Innovation Project/Initiative has the meaning set out in paragraph 21.2 of Schedule 10 (Pricebook, Charges and Invoicing).

Insolvency Event means one or more of the following events:

(a)a Party becomes unable to pay its debts or is deemed to be unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;

(b)a Party enters into liquidation either compulsory or voluntary (save for the purposes of a solvent reconstruction or amalgamation) or a provisional liquidator is appointed in respect of that Party;

(c)an administrator, administrative receiver, receiver or manager, liquidator or similar officer is appointed in respect of the whole or any part of that Party’s assets (save for the purposes of a solvent reconstruction or amalgamation) and/or a winding up petition is issued against that Party;

(d)that Party proposes to enter or enters into any composition or arrangement with its creditors generally or any class of creditors; or

(e)that Party is subject to an event analogous to any of the above in any other jurisdiction.

Intellectual Property Rights or ‘IPR’ means all patents, rights in inventions, rights in designs, trade marks, trade and business names and all associated goodwill, rights to sue for passing off or for unfair competition, copyright, Moral Rights and related rights, rights in databases, topography rights, domain names, rights in information, tools and methodologies and all other similar or equivalent rights subsisting now or in the future in any part of the world, in each case whether registered or unregistered and including all applications for, and renewals or extensions of, such rights for their full term.

84

Confidential

Interim Expected Service Levels means, in respect of any Services to which New Service Levels apply, the Expected Service Levels that apply from the Effective Date up until the end of the Service Level Observation Period to which Service Credits shall not be applicable.

Interim Minimum Target Levels means, in respect of any Services to which New Service Levels apply, the Minimum Service Levels that apply from the Effective Date up until the end of the Service Level Observation Period to which Service Credits shall not be applicable.

Internal Audit has the meaning set out at clause 20.14 (Internal Audit).

Inventory has the meaning given in paragraph 9.1.4.1 of Schedule 2.

ITIL means the Information Technology Infrastructure Library which is a proprietary framework for IT service management.

ITO Commercial Board is the meetingdescribed in section 4.2(c) of Schedule 12.

Key Milestone means any Milestone identified as such by the Parties in accordance with Schedule 8 (Transition and Transformation) and in relation to any Change Management Services.

Key Performance Indicators means the service measures required by the Customer as set out in Appendix 3-A of Schedule 3 which are not Service Levels

Key Personnel means those individuals identified as such in Schedule 18 (Key Personnel).

Knowledge Management has the meaning given in ITIL as at the Effective Date.

Landed Resource means Service Provider Personnel performing Services not from one of the Service Providers main offshore service centres but who is normally based at such centres.

Large Project is a Change Project with a value of greater than USD 50,000 (as further described in section 3.3.3 of Annex 5 to Schedule 2).

Legacy Agreement means any agreements (including purchase orders, work orders or statements of work) in place between any member of the Service Provider Group and any member of the Customer Group as at the Effective Date and any draft or under negotiation agreements in relation to which work may have commenced but excludes any agreements (including purchase orders, work orders or statements of work) agreed between the Parties (or their respective Affiliates) prior to the Effective Date where the services referenced in the same has been completed prior to the Effective Date.

Legacy Security Environment has the meaning given in Section 6.1 of Schedule 8 Appendix 08-A.

Liquidated Damages means any fixed or pre-determined sum of damages agreed by the Parties to this Agreement, to be payable should certain defined events occur as set out in this Agreement.

Local Agreement means an agreement entered into on the terms set out in Schedule 9 (Form of Local Agreement) to this Agreement.

Maintenance and Support Charges means the Charges for the Maintenance and Support component of Operations and Service Delivery Services as set out in section 10 of Schedule 10.

Major Incident has the meaning given in ITIL as at the Effective Date.

Managed Agreements has the meaning set out in clause 14.3.

85

Confidential

Managing Customer Party has the meaning set out in clause 1.2 of Schedule 9 (Form of Local Agreement).

Market Competitive has the meaning set out in paragraph 1.3 of Schedule 11 (Benchmarking).

Material means methodology or process, documentation, data or other material in whatever form, including without limitation any reports, specifications, business rules or requirements, user manuals, user guides, operations manuals, training materials and instructions, but excluding Software.

Material Adverse Change means any of the following occurring in relation to the Service Provider:

(a)a Financial Distress Event;

(b)the Service Provider allowing the benefit of other contracts entered into by it to be assigned or novated from the Service Provider without the Service Provider’s prior written consent or otherwise allowing (whether by act or omission) a situation to arise where the Customer is the only significant customer of the Service Provider; or

(c)in the event the Service Provider’s Parent Company ceases to be listed, the Service Provider Personnel identified in clause 8.5.2 failing within a reasonable period of time to respond in a substantive manner to queries raised by the Customer as to the Service Provider’s financial well-being; priorities for and intentions regarding the Service Provider; and/or its activities over the next twelve (12) months following the query.

Material Service Failure means the events identified as such in this Agreement including those identified as such in paragraph 4.10 of Schedule 3 (Service Levels and Service Credits).

Measurement Period means a calendar month.

Measurement Window means the period over which a specific Service Level or Key Performance Indicator is measured, as set out in the relevant column of Appendix 3-A.

Messaging Management Services has the meaning given in section 2.6 of Schedule 2, Annex 2.

Milestone means a milestone identified and agreed between the Parties for the performance of any element of the Service under this Agreement.

Milestone Date: means, in relation to an agreed Milestone, the date by which such Milestone is to be achieved.

Minimum Spend Commitment means the Annual Minimum Spend Commitment and the Total Minimum Spend Commitment as applicable.

Minimum Target Level means, in respect of any Service Level, the level of performance below which, certain provisions of paragraph 4 and paragraph 5 of Schedule 3 (Service Levels and Service Credits) apply.

Minor Enhancement is a Change Project with effort equal to or less than 32 person hrs (as further described in section 3.3.3 of Annex 5 to Schedule 2).

Moral Rights has the meaning set out in Chapter IV of the UK Copyright, Designs and Patents Act 1988.

MSA means Modern Slavery Act 2015 as set out in clause 47.2 (Modern Slavery) of this Agreement.

86

Confidential

Network means Customer corporate data connectivity between computers and devices, incorporating both LAN (Local Area Network) and WAN (Wide Area Network) and voice connectivity, both internally and externally.

Network Management Charges means the Charges for the Network Management Services as set out in section 12 of Schedule 10.

Network Management Services has the meaning set out in paragraph 1.1.2(f) of Schedule 2 (Service Descriptions).

New Service means a service additional to the Services.

New Service Level means those defined as Service Level Type 2 in Appendix 3-A along with any other service levels which the Service Provider may introduce during the Term.

Non-Dedicated Licences are licences which the Service Provider has not purchased specifically for the Customer to use to receive the Services.

Non-Dedicated Third Party Contracts means a third party contract designated as a non-dedicated in Schedule 15 (Exit Plan and Service Transfer Arrangements) of this Agreement.

Non-Site Based has the meaning given in paragraph 8 of Schedule 2.

Notice has the meaning set out in clause 30.4.1.

Offshore means at the approved Service Provider Service Location in India.

Onshore means at the approved Service Provider Service Location in the countries in which Services are received.

On-Site means at the Customer Locations, Customer Sites and / or the Customer datacentres.

Offshore Service Desk Option has the meaning set out in paragraph 10.6 of Schedule 10.

OLA has the definition set out in Schedule 14.

Operational Boards has the meaning as set out in Schedule 12 section 4.2.

Operational Reporting has the meaning as set out in Schedule 2 section 4.1.2

Operational Risk has the meaning given to it in paragraph 10.1 of Schedule 12 (Governance and Service Management) of this Agreement.

Operations and Service Delivery Charges means the Charges for the Operations and Service Delivery Services as set out in section 10 of Schedule 10.

Operations and Service Delivery Services has the meaning set out in paragraph 1.1.2(c) of Schedule 2 (Service Descriptions).

Original Agreement has the meaning given in Recital A of the Agreement.

Other Sites means any other Customer Site which is not subject to a Site Licence under Schedule 22 (Locations and Site Licence) which the Customer may procure access pursuant to Schedule 22 (Locations and Site Licence).

87

Confidential

Outgoing Service Provider means a third party provider of services which will be replaced by the Services.

Outsourcing Agreement has the meaning set out in the Background of Schedule 9 (Form of Local Agreement).

Patch Management Services has the meaning given in section 2.8 of Schedule 2, Annex 2.

Performance Standards means the standards of performance the Service Provider is required to meet pursuant to Schedule 3 (Service Levels and Service Credits).

Person means any body corporate, association, partnership, joint venture, organisation, individual, business or other trust or any other entity or organisation of any kind or character, including a court or other governmental authority.

Physical IMAC or IMACD means the Installation, Move, Add, Change, and Disposal of computer equipment.

Pool Percentage (or Pool %) is the proportion of the At Risk Amount allocated to a specific Critical Service Level as shown in the relevant column of Appendix 3-A.

Post-Transformation Service Levels means the Service Levels agreed pursuant to section 3 of Schedule 3 (Service Levels and Service Credits).

Pre-existing IPR means any IPR (i) owned, acquired or developed by, or licensed to, a Party on or prior to the Effective Date (including Third Party Materials) and any modifications, enhancements or derivatives of such Intellectual Property Rights (including in the case of the Service Provider the Service Provider Tools); or (ii) arising in any materials or items the creation of which falls outside the scope of this Agreement (including any modifications, enhancements or derivatives of the same), but excluding in both cases Developed IPR.

Pricebook means the document set out in Appendix 10-A to Schedule 10 (Pricebook, Charges and Invoicing) (as the same may be updated during the Term) setting out the basis on which the Charges shall be calculated.

Problem has the meaning given in ITIL as at the Effective Date.

Procedures Manual or ‘SOP’ as defined in clause 8.2 (Procedures Manual).

Pro Forma SOW means the document at Appendix 20-A of Schedule 20.

Project means a Change Project as defined in Schedule 2 Annex 5 section 3.3.1.

Project Board means the team responsible for the success of a project. The Project Board manages the constraints in which a project manager operates and represents all stakeholders in the Project.  The Project Board assumes there is a business sponsor who specifies products (and typically justifies investment for the Project) and a supplier who delivers the product.

Project Brief means a written summary of the requirements of the Customer in respect of a Project, which may have been written by the Customer, the Service Provider or jointly and has been approved by the Customer.

88

Confidential

Project Steering Committee has the meaning given in paragraph 7.1 of Schedule 12 (Governance and Service Management).

QA Report has the meaning given to it in paragraph 9.6 of Schedule 11 (Benchmarking).

QA Requirements means the standards to which the Services are to be delivered as defined in Schedule 3 (Service Levels and Service Credits).

QA Review means the quality assurance review to be performed pursuant to section 9 of Schedule 11.

Rate Card means the rate cards set out in in Appendix 10-I of Schedule 10 (Pricebook, Charges and Invoicing)) used to calculate certain Charges payable under this Agreement.

Receiving Party means the Party which receives Confidential Information of the other Party.

Reconciliation Sum has the meaning set out in paragraph 3.4 of Schedule 10 (Pricebook, Charges and Invoicing).

Recovery Item has the meaning set out in paragraph 25.1.1 of Schedule 10.

Reference Groups shall have the meaning given to it in paragraph 5.2 of Schedule 11 (Benchmarking).

Regular Future Transformation Update has the meaning set out in paragraph 1.5 of Appendix 2 to Schedule 8 (Transition & Transformation).

Regulator or Regulatory Body means any person, body or regulatory authority responsible for ensuring compliance with statutory requirements and all other rules, guidance regulations, instruments and provisions in force from time to time including the rules, codes of conduct, codes of practice, and practice requirements guidance, which a Party or its Affiliates may be subject to from time to time.

Regulatory Change means any change to any Customer Applicable Regulations or Service Provider Applicable Regulations.

Release has the meaning given in ITIL as at the Effective Date.

Release & Deployment Management has the meaning given in ITIL as at the Effective Date.

Relevant Law means:

(a)any statute, regulation, by-law, ordinance or subordinate legislation in force from time to time to which a Party is subject including Data Protection Laws;

(b)the common law as applicable to the Parties from time to time;

(c)any binding court order, judgment or decree;

(d)any applicable industry code, policy or standard, in each case enforceable by law; and

(e)all applicable statutory and all other rules, guidance regulations, instruments and provisions in force from time to time including the rules, codes of conduct, codes of practice, practice requirements guidance and accreditation terms, in each case of mandatory effect and

89

Confidential

stipulated by any regulatory authority to which a Party or its Affiliates is subject from time to time.

Relief Event means either a Force Majeure Event or where, following a failure by the Customer to comply with a Customer Dependency (and provided always the Service Provider has complied with clause 21 (Customer Dependencies) of the Agreement), the Service Provider is entitled to relief from its own failure to perform any of its obligations pursuant to clause 21.

Remaining Minimum Spend Commitment has the meaning give to it in paragraph 25.1.1 (Termination for Convenience Remaining Minimum Spend Commitment payment) of Schedule 10 (Pricebook, Charges and Invoicing).

Replacement Services means the provision of services by an entity other than the Service Provider or a member of the Service Provider Group in substitution of the Service Provider following the expiry or termination of all or part of the Services.

Reports means those reports to be provided by the Service Provider to the Customer in accordance with this Agreement, as defined in Schedule 12, section 5 and Schedule 2 Annex 1, section 6.

Residual Knowledge has the meaning given to it in clause 25.15 (Residual Knowledge).

Response has the meaning set out in Recital D.

Retained Organisation means the organisation, service and resources retained by the Customer following the relevant Service Commencement Date.

RFP has the meaning set out in Recital D.

Run Charges means the Charges for the Run Services.

Run Service Change Pool has the meaning given in section 2.4 of Schedule 2 Annex 1.

Run Services means the Common Services, Infrastructure Management Services, Operations and Service Delivery Services, Application Management Services and Network Management Services.

Security Control Requirements has the meaning set out in para 3.1.1 of Schedule 7.

Security Gap has the meaning given in Section 6.1 of Schedule 8 Appendix 08-A.

Security Incident means any actual or suspected unauthorised access or disclosure, accidental or unlawful destruction or accidental loss or alteration of Customer Data.

Security Safeguards has the meaning given in section 6.1 of Schedule 8 Appendix 08-A.

Security Services has the meaning set out in paragraph 1.1.2(f) of Schedule 2 (Service Descriptions).

Server    means a Customer computer, device or a program that manages IT network resources, be it physical, virtual or cloud hosted.

Server Management Services has the meaning given in section 2.3 of Schedule 2, Annex 2.

90

Confidential

Service Areas means the scope of Annexures to Schedule 2 – Common Services, Infrastructure Management Services, Application Management Services, Network Management Services, Operations and Service Delivery, Change Management Services.

Service Catalogue means the list of services in Appendix 10-K.

Service Commencement Date has the meaning set out in clause 3.1 (Term).

Service Credit Allocation means the process of determining how Service Credits are to be applied in accordance with section 5 of Schedule 3 (Service Levels and Service Credits).

Service Credits means the credits (if any) which become payable to the Customer in accordance with section 5 of Schedule 3 (Service Levels and Service Credits).

Service Description has the meaning given in paragraph 1.1 of Schedule 2.

Service Desk provides an ITIL based single point of contact (SPOC) for all Incident and Problem resolution, Service Requests, and end-to-end management as described in Schedule 2, Annex 3, section 2.1.

Service Desk Charges means the Charges for Service Desk Services as set out in section 10 of Schedule 10.

Service Failure means a failure to meet the Expected Service Level.

Service Integration means the process by which various elements of the Services and third party and Customer provided services and inputs related to the Services are integrated with each other so as to create a seamless service for the Customer and the End Users, as set out in Schedule 14.

Service Integration Services means the Services to be performed by the Service Provider in order to enable Service Integration as further described in Schedule 14 (Service Integration and Management).

Service Integrator means the entity that takes responsibility for Service Integration pursuant to Schedule 14, in this Agreement that shall be the Service Provider. 

Service Lead means the Service Provider’s day-to-day operational run lead for a particular service component as defined in Schedule 12.

Service Level means the service levels required by the Customer as set out in Appendix 3-A of Schedule 3, as may be amended from time to time in accordance with Schedule 3 (Service Levels and Service Credits).

Service Level Observation Period has the meaning given to it in paragraph 2.10.1 of Schedule 3 (Service Levels and Service Credits).

Service Level Report has the meaning given to it in paragraph 4.3 of Schedule 3.

Service Management means the aspect of the Common Services described as such in Annex 1 of Schedule 2 (Services Descriptions) which the Service Provider shall ensure are delivered in line with ITIL and industry best practice.

Service Priority has the meaning given in paragraph 3 of Schedule 2.

91

Confidential

Service Provider Applicable Regulations means all Relevant Laws which are in force from time to time during the Term, including any amendments to any or all of them, and which apply to: (a) the Service Provider in its business specifically as a provider of information technology services, or (b) the Service Provider or any of its Sub-contractors or Affiliates in relation to the Service Provider’s delivery of the Services under this Agreement and, in each case, save to the extent that the Customer or its regulators require a specific approach to be taken as regards the delivery of the Services in which case, pursuant to clause 20.1, such specific approach shall not be a Service Provider Applicable Regulation and be designated a Customer Applicable Regulation.

Service Provider BC Representative has the meaning set out at paragraph 1.3 in Schedule 16 (Business Continuity and DR Plan).

Service Provider Delivery Lead means the individual designated as such in Schedule 18 (Key Personnel).

Service ProviderExecutive Members are the Executive Sponsor and UKI Insurance Head.

Service Provider Future Transformation Manager: has the meaning given to it in paragraph 7.1.1 of Schedule 8 (Transition and Transformation).

Service Provider Group means the Service Provider and its Affiliates.

Service Provider Individual has the meaning set out in paragraph 1.3(b) of Schedule 12 (Governance and Service Management).

Service Provider IPR means any IPR owned or licensed by the Service Provider, its Affiliates or Sub-contractors whether acquired or developed on, before or after the Effective Date (including Service Provider Software, Service Provider Tools and Service Provider Pre-existing IPR) and any materials or other Intellectual Property Rights the creation of which falls outside the scope of the Services (in each case including any enhancements, derivatives or modifications thereto) but excluding Developed IPR.

Service Provider Personnel has the meaning set out in clause 15.2.

Service Provider Service Locations means those locations, site or facilities from which Services shall be provided that from time to time are owned, leased or under the control of the Service Provider, its Affiliates, or their sub-contractors.

Service Provider Software means software owned by or licenced to the Service Provider.

Service Provider Systems Regulatory Change has the meaning given to it in paragraph 5.1.2(b) of Schedule 13 (Contract Change Control Procedure).

Service Provider Tools has the meaning set out in clause 25.11.2.

Service Request Management has the meaning given in ITIL as at the Effective Date.

Service Requests has the meaning given in ITIL as at the Effective Date.

Service Tower means each of the Common Services, Infrastructure Management Services, Operations and Service Delivery Services, Application Management Services, Change Management Services and Network Management Services as set out in the Annexes 1-6 (excluding Annex 5) of Schedule 2 (Service Towers Specification).

92

Confidential

Service Transfer means the transfer of the Services to the Customer or a Replacement Service Provider following the termination or expiry (whether in whole or in part) of this Agreement.

Service Transfer Date means the date on which the Services or services similar to the Services revert to the Customer or transfer to a Replacement Service Provider as the case may be

Services means the services agreed to be provided by the Service Provider to the Customer, each as set out Schedule 2 (Service Descriptions), or any agreed Change Control Note, or referred to in clause 4 of this Agreement.

Site Based has the meaning given in paragraph 8 of Schedule 2.    

Site Licence is a Licence agreed between the Parties in accordance with Schedule 22 (Locations and Site Licence) to this Agreement.

Sites means Customer Locations.

Small Project is a Change Project with effort greater than 32 person hrs and a value equal to or less than USD 50,000 (as further described in section 3.3.3 of Annex 5 to Schedule 2).

SME means “Subject Matter Expert”.

Software means any computer program (in object code or Source Code form), program interfaces and any tools or object libraries embedded in that Software.

Source Code means in relation to any Software used to perform the Services or provided as part of the Services, (i) electronic and hard copy versions of the set of human readable, higher level programming language instructions or statements in which the Software was written; and (ii) any additional documents and information as the Customer may reasonably require to maintain, modify, alter, upgrade, develop, or enhance the Software or any part of the Software.

Specification means the specification for a Deliverable as set out in Schedule 2 (Service Descriptions).

Standard Operating Procedures has the meaning given in paragraph 2.1.14 of Schedule 2.

Standards and Policies means those standard and policies set out in Schedule 6 (Standards and Policies).

Statement of Work or ‘SOW’ means any statement agreed between the Parties for a Change Project in accordance with the template(s) set out in Schedule 20 to this Agreement.

Steering Committee means the committee comprising two (2) senior management representatives of each Party, as appointed by each party from time to time, which decide on the priorities and strategic direction of the Services and whose representatives at the Effective Date are as set out in Schedule 12 (Governance and Service Management).

Step In means the right of the Customer to take control over the provision of the Services or any part of them in accordance with clause 32.1 (Step In).

Storage & Backup Management Services has the meaning given in section 2.4 of Schedule 2, Annex 2.

93

Confidential

Sub-contractor means those sub-contractors to the Service Provider approved in accordance with clause 17 and excludes, for the avoidance of doubt, any COTS Vendors, Affiliates of the Service Provider or suppliers of Service Provider Tools.

Sub-contractor List is the list of Sub-contractors set out in Schedule 5 (Sub-contractor List).

Subprocessor has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).

Subsequent Service Commencement Date has the meaning set out in clause 3.1.

Successor Service Provider means the third party or the Customer, or a Customer Affiliate appointed by the Customer to provide the Replacement Services.

Supply Chain has the meaning set out in clause 47.2.

System: means an interconnected grouping or electronic processes, including Equipment, Software and associated attachments, features, accessories, peripherals and cabling, and all additions, modifications, substitutions, upgrades or enhancements to such System, to the extent a party has financial or operational responsibility for such System or System components hereunder. System shall include all Systems in use or required to be used as of the applicable Service Commencement Date, all additions, modifications, substitutions, upgrades or enhancements to such Systems and all Systems installed or developed by or for Customer or Service Provider following the applicable Service Commencement Date.

Task Completion Date means the date for completion of Transition, Committed Transformation Future Transformation Tasks agreed between the Parties in accordance with Schedule 8 (Transition and Transformation) of this Agreement as set out in the relevant project plan.

Technical Design or Technical Design Phase refers to the technical design phase of Transformation as further described in Appendix 1 of Schedule 8 (Transition and Transformation).

Term means the Initial Term together with any extension of the Initial Term.

Termination Assistance means the Services to be provided by the Service Provider in the event of and/or in the lead in to the termination (in whole or in part) or expiry of the Agreement as further described in clause 37 (Termination Assistance) and Schedule 15 (Exit Plan and Transfer Arrangements).

Termination Assistance Period means the period agreed pursuant to clause 37 of this Agreement as further described in paragraph 3.1 of Schedule 15 (Exit Plan and Service Transfer Arrangements).

Termination Date has the meaning set out in paragraph 25.1.1 of Schedule 10.

Third Party Material: Material and/or Software and/or hardware or other third party items or services or tools (i) used by the Service Provider in the course of the Services or otherwise provided to the Customer or its Affiliates pursuant to this Agreement; or (ii) provided by or on behalf of the Customer to the Service Provider hereunder in each case (as applicable) in respect of which the Intellectual Property Rights are owned by a third party

Third Party Provider or TPP means a third party entity that provides goods or services to the Customer Group in relation to or otherwise connected to the End-to-End Services. 

Third Party Service Provider means the same as TPP.

94

Confidential

Tool means any program used for software development, testing, data search, analysis, project management, measurement and monitoring or system maintenance, including related know-how.

Tool Administration means administrative tasks required for backups and regulatory compliance as defined in the Standards and Policies.

Tooling Fund has the meaning set out in paragraph 21.5 of Schedule 10 (Pricebook, Charges and Invoicing).

Total Minimum Spend Commitment has the meaning set out in paragraph 6 of Schedule 10 (Pricebook, Charges and Invoicing).

Transferee has the meaning set out in clause 39.2.

Transformation means Committed Transformation and/or Future Transformation.

Transformation Acceptance Tests are as described in paragraph 4.1.3 (ii) of Schedule 8 (Transition and Transformation).

Transformation Charges means the Charges set out in section 14 of Schedule 10 (Pricebook, Charges and Invoicing) and the ‘Transformation’ tab of Appendix 10-A in respect of the Committed Transformations.

Transformation Deliverables means the Deliverables related to Committed Transformations and/or Future Transformations.

Transformation Manager means the Service Provider’s Onshore and/or Offshore Committed Transformation Manager(s) appointed in accordance with paragraph 5.2 of Schedule 8 (Transition and Transformation) and the Parties’ Future Transformation Managers as appointed from time to time in accordance with paragraph 7.1 of Schedule 8 (Transition and Transformation).

Transformation Phase means the relevant phase of the Transformation Projects set out in Appendix 1 of Schedule 8 (Transition and Transformation) including but not limited to “Initiation”, “Plan and Design”, “Build and Test” and “Go Live”.

Transformation Plan means (i) the detailed plan of activities and associated timescales for the implementation of the Transformation activities covering the Committed Transformations as set out in Appendix 1 of Schedule 8, or (ii) the plan to be agreed between the Parties pursuant to Appendix 2 of Schedule 8 (Transition and Transformation), in respect of Future Transformation Plan.

Transformation Project means (i) the projects set out in Appendix 1 of Schedule 8 (Transition and Transformation) in respect of Committed Transformations and (ii) where agreed between the Parties from time to time, Future Transformations.

Transformable Services has the meaning set out in paragraph 1.1(ii) of Schedule 8 (Transition and Transformation).

Transformation Services means the services agreed between the Parties pursuant to Schedule 8 (Transition and Transformation) including but not limited to Committed Transformation Services and, where agreed between the Parties from time to time, Future Transformation services.

Transformation Task means any transformation related tasks agreed between the parties pursuant to Appendix 1 of Schedule 8 (Transition and Transformation) including but not limited to Committed Transformation Tasks and, where agreed between the Parties, Future Transformation Tasks.

95

Confidential

Transformed Services means Transformable Services that have undergone Transformation.

Transition means implementation of those services to be provided by the Service Provider to the Customer in accordance with the terms of this Agreement and as more particularly described in Schedule 8 (Transition and Transformation).

Transition and Transformation Services Board means a board of representatives appointed by the Customer, Service Provider and other interested third parties and in accordance with paragraph 6.2 of Schedule 8 (Transition and Transformation).

Transition Charges means the Charges which may be payable for Transition as set out in section 5 of Schedule 10 (Pricebook, Charges and Invoicing).

Transition, Committed Transformation and Future Transformation Documentation has the meaning given to it in paragraphs 1.5.2 and 1.5.3 of Schedule 8 (Transition and Transformation).

Transition Deliverables means the Deliverables relating to Transition agreed between the parties in Appendix 1 to Schedule 8 (Transition and Transformation).

Transition Dependency means the Customer Dependencies in relation to Transition as set out in Appendix 1 of Schedule 8 (Transition and Transformation) to this Agreement.

Transition Exit Criteria is as defined in Schedule 8, Appendix 8-A per transition.

Transition Manager has the meaning set out in paragraph 5.2 of Schedule 8 (Transition and Transformation).

Transition Milestone Date dates for each transition milestone as defined in Part A Appendix 8-A.

Transition Phase means the phases of the Transition Project as set out in Part A of Appendix 8-A (Transition and Transformation) including but not limited to Planning, Knowledge Acquisition and Go Live.

Transition Plan the detailed plan of activities and associated timescales for the implementation of the Services set out in Schedule 8 (Transition and Transformation).

Transition Project means the project to deliver Transition for each Service Tower in Part A of Appendix 8-A (Transition and Transformation).

Transition Schedule means the schedule for Transition activities as agreed between the Parties pursuant to paragraph 3.1.1 of Schedule 8 (Transition and Transformation) as more further described in Part A of Appendix 8-A (Transition and Transformation).

Transition Services has the meaning set out in paragraph 1.1.1 of Schedule 8 (Transition and Transformation.

Transition Task means any task relating to transition that the Parties agree and set out in a relevant Transition Plan in accordance with Appendix 1 of Schedule 8 (Transition and Transformation) to this Agreement.

UK Customer has the meaning set out at the Parties section of the Agreement.

UKI Insurance Head is the head of the Service Provider’s Insurance vertical in the UK and Ireland region.

96

Confidential

Unified Communications means the consistent integrated user interface across multiple networked devices and media types including enterprise communication services, instant messaging (chat), presence information, voice (including IP telephony), mobility features (including extension mobility), audio, web and video conferencing.

Unit Rate means the charge for an individual unit of service as set out in various sections of Schedule 10.

US Customer has the meaning set out at the Parties section of the Agreement.

User Volume means the number of End Users from time to time.

VAT has the meaning set out at clause 23.1.

VIP has the meaning given in paragraph 7.1 of Schedule 2.

Virus means any form of harmful or surreptitious code, including malware, disabling devices, Trojan horses, system monitors, keyloggers, dialers, adware and adware cookies.

Volume Discount has the meaning given in paragraph 22.1 of Schedule 10.

Wilful Abandonment means the Service Provider deliberately abandoning ceasing the provision of all or a substantial part of the Services in breach of this Agreement without a bona fide attempt to resume such Services or to remedy the cause of such abandonment, but not where the Supplier has any contractual right under this Agreement to cease to deliver Services or is otherwise relieved of its obligations hereunder (including in respect of non-payment of fees by the Customer or where the Service Provider is entitled to relief)..

Wilful Default means any deliberate material breach of this Agreement by the Service Provider without any bona fide attempt to remedy.

Work Orders means Work Request.

Work Request means any statement agreed between the Parties for a Change Project in accordance with the template(s) set out in Schedule 20 (SOW and Work Request Pro formas) to this Agreement provided always that references to SOWs in this Agreement shall include Work Requests unless otherwise stated in the relevant provision (including, in particular, for the purposes of calculation of liability under clause 34).

Working Day means a day other than Saturday or Sunday or those days agreed between the Parties to be public holidays in respect of the Services provided to the UK Customer, US Customer and Bermuda Customer as per the holiday calendar set out in the Procedures Manual.

Working Hours means the usual hours in a Working Day as agreed between the Parties and set out in paragraph 16.4.1 of Schedule 10.

97