[CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN INTENTIONALLY OMITTED BECAUSE IT IS BOTH NOT MATERIAL AND CONFIDENTIAL.]

Exhibit 10

Execution Copy

MASTER SERVICES AGREEMENT

THIS MASTER SERVICES AGREEMENT (together with all Appendices, Exhibits, and Statements of Work hereunder, the “Agreement”) is entered into as of October 15, 2021 (“Effective Date”) by and between Global Atlantic Financial Company (the “Company”) and ExlService Holdings, Inc. (“Supplier”). The Company and Supplier may be referred to collectively as the “Parties” or each individually as the “Party”.

WHEREAS, Company, a leading U.S. annuity and life insurance company, seeks to outsource to a licensed third party administrator (“TPA”) substantially all aspects of the processing of new business and ongoing policy maintenance, using a third party technology platform selected by Company, all as more fully described herein and in the relevant Statement(s) of Work.

WHEREAS, Company conducted a competitive bid process for the provision of these TPA and related business processing services, and in connection therewith Company issued the Request For Proposals, dated July 31, 2020 (the “RFP”) to various TPAs including Supplier.

WHEREAS, in response to the RFP, Supplier submitted to Company the Proposal, dated August 19, 2020 as supplemented thereafter (the “Proposal”).

WHEREAS, based on the Proposal, Company engaged Supplier in discussions that have culminated in the formation of the relationship described in this Agreement.

NOW THEREFORE, the Parties agree as follows:

1. Services.

1.1General. This Agreement sets out the Parties’ agreement as to the provision of Services by Supplier for Company. Supplier will provide the Services to Company in accordance with this Agreement. The Parties agree that the Supplier may provide the Services and Deliverables through its Affiliates set forth on Exhibit O (Affiliates).

1.2Outsourced Services. During the Term, Supplier shall provide to Company the Outsourced Services as described in the applicable Statements of Work and in accordance with the terms and conditions of this Agreement, including those set forth in all Appendices thereto. For any changes to a Statement of Work, the Parties shall follow the Change Request process set forth in Exhibit I (Change Request Process) attached hereto.

1.3Implementation Services. With respect to Services to be provided by Supplier pursuant to a Statement of Work, Supplier shall perform and complete Implementation Services (as defined in Exhibit L (Implementation Services)), in accordance with the terms and conditions of this Agreement, including, as agreed by the Parties, those set forth in Exhibit L (Implementation Services) and all Appendices thereto.

1.4Support Services. With respect to Services to be provided by Supplier pursuant to a Statement of Work, Supplier shall provide support to Company in connection with the Services and in accordance with the terms and conditions of this Agreement including, as agreed by the Parties, those

Execution Copy

set forth in Exhibit C (Maintenance and Support Services) (the “Maintenance and Support Services”).

1.5Professional Services. During the Term, Company may engage Supplier to perform certain consulting services and/or provide Deliverables in connection therewith (“Professional Services”) and Supplier agrees to provide such Professional Services and Deliverables in accordance with this Agreement, as follows:

(a)Statements of Work. In each instance when Company desires to engage Supplier to perform Professional Services, the Parties shall enter into a Statement of Work in substantially the form attached hereto as Exhibit H (Form of Statement of Work), which SOW will define the Professional Services and Deliverables to be provided by Supplier thereunder and the Applicable Specifications, if any, for such Deliverables. At Company’s request, Supplier shall provide Company with status updates and written reports on a regular basis in order to inform Company about the progress of the Professional Services. Statements of Work shall be deemed incorporated into and made a part of this Agreement upon their execution by the Parties.

1.6Ancillary Services. If any ancillary administrative services or other similar ancillary functions or responsibilities not specifically described in this Agreement are necessary in order to perform the Services as set forth in this Agreement, such ancillary administrative services or other similar ancillary functions or responsibilities shall be deemed to be implied by and included within the scope of the applicable Services to the same extent as if specifically described in this Agreement and shall be provided at no additional cost or expense to Company.

1.7 Location for Provision of Services.

(a)Other than as expressly permitted in Exhibit N (Supplier Service Locations and Supplier Service Provider Locations) and subject to Supplier’s compliance with all applicable requirements and the terms and conditions set forth in this Agreement, including those set forth in Exhibit D (Cybersecurity Requirements and Compliance) and Exhibit N (Supplier Service Locations and Supplier Service Provider Locations), the Services shall be provided and performed from premises owned or leased by Supplier located in the United States (each a “Service Location” and collectively, the “Service Locations”). In the event the Business Continuity and Disaster Recovery Plan is in effect, the Services may be provided from such locations as permitted in the Business Continuity and Disaster Recovery Plan, provided that Supplier shall remain in compliance with all applicable terms and conditions set forth in this Agreement, including those set forth in Exhibit D (Cybersecurity Requirements and Compliance).

(b)Other than as set forth in the applicable SOW, the Service Locations shall be physically and logically segregated (including, segregated secure work areas and network and communication capabilities that are appropriately secured and, where agreed necessary, logically segregated) and the segregated portions of the Service Locations that are used to provide Services to the Company will be used solely for the benefit of the Company. Notwithstanding any provision in this Agreement to the contrary, mailroom, fulfilment and cloud-based technology infrastructure will not be required to be provided on a physically segregated basis. Supplier confirms that it has developed a process, which shall be shared with Company at Company’s request, to ensure that Supplier shall be able to provide notice to Company of any Key Personnel providing services to a Company Competitor;

2

Execution Copy

provided that Supplier is under no obligation to disclose the identity of the Company Competitor to Company. Supplier shall provide the Company with reasonable advance notice of its intention to deploy any Key Personnel to work on an engagement with a Company Competitor in order that Company shall have sufficient opportunity to exclude such Supplier Personnel from the performance of the Services without material adverse impact to the Services.

(c)Without limiting Supplier’s obligations under Section 13 below, Supplier will maintain and enforce at the Service Locations security procedures at least at the levels and in accordance with the standards, protocols, requirements and guidelines set forth in Exhibit D (Cybersecurity Requirements and Compliance) which is attached hereto and made a part hereof. Supplier will be responsible for and in violation of its obligations under this Agreement for any and all security breaches of every nature and type at its Service Locations in violation of the requirements in Exhibit D (Cybersecurity Requirements and Compliance) to the extent such security breaches were caused by the Supplier. For the avoidance of doubt, Supplier’s liability under this paragraph (c) shall be subject to the Augmented Cap.

(d)Supplier shall provide the Company with advance notice of its intention to relocate the Service Locations and shall obtain the Company’s written consent prior to relocating to any new Service Location as described below. Supplier shall not relocate to a new Service Location if such relocation would adversely affect the risk mitigation strategy reflected in the Business Continuity and Disaster Recovery Plan, provided, however, that, subject to the restrictions set forth in Section 1.7(a), the foregoing will not prevent Supplier from providing incremental Services from such alternate Service Location to the extent required to address unplanned short-term fluctuations in Service demand requirements. In the event that Supplier, subject to compliance with all applicable Laws, proposes to move the Services to a new Service Location, Supplier shall provide the Company with a written proposal describing, in detail:

(i)         the new Service Location and the comparative operational, technical and security features;

(ii)        Supplier’s assessment of whether such a relocation will impact Supplier’s ability to provide the Services in accordance with the Services Levels (if any) and this Agreement;

(iii)       the demographics of the area in which the new Service Location is located, including an assessment of the availability of qualified personnel, as well as any plans to relocate Supplier Personnel; and

(iv)       how the new Service Location will satisfy all applicable Company security requirements set forth in Exhibit D (Cybersecurity Requirements and Compliance) of this Agreement that are then in effect and required at the existing Service Locations (i.e., logical and physical security), as evidenced by completion of an appropriate site survey and/or reasonable methods, including but not limited to a SOC 1 Type I report and a generic SOC 1 Type II report, if applicable, for which security requirements at the new Service Location can be demonstrated to be met.

3

Execution Copy

The Company shall have thirty (30) days to evaluate, and to determine whether to consent to, such relocation proposal; such Company consent shall not be unreasonably withheld so long as: (1) the proposed new Service Location is located in the U.S. or at a non-U.S. location at which other Services under this Agreement are being provided; (2) the Company reasonably determines that such relocation will not detrimentally impact the Services or the obligations of the Supplier under this Agreement in any material respect; (3) such relocation will not adversely affect the risk mitigation strategy reflected in the Business Continuity and Disaster Recovery Plan; and (4) the new Service Location satisfies the applicable Company security requirements that are then in effect; and (5) the relocation will not impact the Charges or taxes payable by the Company in connection with the Services.

(e)Supplier shall supply Supplier and the third party Equipment, Software, networks, and other technological infrastructure necessary to perform the Services under the Agreement except as identified in the applicable Statement of Work as being provided by Company (collectively, “Supplier Services Infrastructure”), and Supplier shall be solely responsible for obtaining and maintaining licenses, upgrades and improvements to the Supplier Services Infrastructure necessary for Supplier to have access to and use of such Supplier Services Infrastructure to perform the Services and deliver the Deliverables. Company shall supply the third party Equipment, Software, networks, and other technological infrastructure necessary for Supplier to perform the Services under the Agreement identified in the applicable Statement of Work as being provided by Company (collectively, “Company Services Infrastructure”), and unless otherwise set forth in the applicable Statement of Work, Company shall be solely responsible, as between Supplier and Company, for obtaining and maintaining licenses, upgrades and improvements to the Company Services Infrastructure necessary for Supplier to have access to and use of such Company Services Infrastructure to perform the Services and deliver the Deliverables.

1.8Company Property. If Company agrees to provide any Company Property to Supplier for Supplier’s use in connection with Supplier’s performance of the Services, such Company Property is made available “AS IS” and “WHERE IS” and with all faults, errors or defects. Supplier will not use Company Property for any other purpose other than in connection with Supplier’s performance of the Services. Company Property is and shall remain the exclusive property of Company. While Company Property is in Supplier’s possession or under its control, and as applicable to the specific type of Company Property, Supplier will: (a) not alter, deface or modify any tags or labels identifying Company Property as such; (b) not assign or move, transfer, transmit, or otherwise make available any Company Property to any third party without the prior written approval of Company, unless (i) otherwise specifically set forth in a SOW or (ii) to an approved Affiliate or Service Provider in connection with the provisions of the Services in accordance with the terms of this Agreement; (c) maintain Company Property, where applicable, in good working order, ordinary wear and tear excepted; (d) if applicable, comply with any Company written policies made known to Supplier prior to the provisioning of the Company Property concerning access to, use of and security of Company Property; (e) keep Company Property free from all liens and encumbrances created by or through Supplier; and (f) bear all risk of loss of and/or damage to that Company Property within its control to the extent such loss or damage was caused by the Supplier or Supplier Personnel. Supplier will retain in a reasonably visible manner any legend added by the Company onto Company’s Property indicating Company’s ownership of any Company Property. Promptly upon Company’s written request or upon termination or expiration of this Agreement, Supplier will deliver to Company all Company Property (and, with respect to Company Confidential Information, subject to Section 13.5), in the same condition as originally received, ordinary wear and tear excepted.

4

Execution Copy

1.9No Exclusivity for all Outsourced Services; No Obligation to Order; Implementation Charges.

(a)Supplier agrees that its relationship with Company is not exclusive and, as such, Company may, in accordance with Section 4 below, if applicable, remove any part of the Services from the scope of this Agreement by performing such Services itself or contracting with any third party (each a “Company Third Party Contractor”) to perform such Services. Notwithstanding the foregoing, nothing in this Agreement shall be construed or interpreted as limiting the Company’s right or ability during the Term to change the requirements of the Company or increase or decrease its demand for Services.

(b)Company shall have no obligation to order any Service solely by virtue of entering into this Agreement or into a Statement of Work. Supplier acknowledges that neither this Agreement nor any Statement of Work constitutes a retainer, and that Company is not required to order Services hereunder or thereunder. Except as expressly set forth in a Statement of Work, Supplier is entitled to Charges only for Services ordered and performed under a Statement of Work. Charges shall be adjusted in accordance with the mechanisms set forth in Exhibit B (Pricing) upon any increase, reduction, or termination of Services, including as a result of adding or removing Statement of Work, Affiliates and/or Service Locations.

(c)Charges for any Services provided under Exhibit L (Implementation Services) shall be set forth in the applicable Statement of Work.

(d)Company acknowledges that Supplier provides services that are similar to the Outsourced Services to other Supplier insurance industry clients. Except as required to comply with Supplier’s obligations under this Agreement and provided that Supplier does not infringe, violate or misappropriate the Intellectual Property rights of Company or any third party, Supplier shall continue to be able to use its personnel, equipment, facilities or technology for such purposes.

1.10Cooperation with Company Personnel and Company Third Party Contractors. Supplier shall, at no additional cost or expense to Company, reasonably cooperate with and work in good faith with the Company or Company Third Party Contractors as described in this Section 1.10 or as reasonably requested by the Company, provided that (a) where the Company Third Party Contractor is a Supplier Competitor, the aforementioned obligations will apply to Supplier subject to the Parties’ agreement and (b) without limiting Supplier’s obligations under Section 21 below, Supplier shall not be required to disclose Supplier Confidential Information to any Supplier Competitor other than as agreed by the Parties in a Transition Plan. Such cooperation will include to the extent necessary for the applicable Services:

(a)providing reasonable access to any Service Location, as necessary for employees or agents of the Company (the “Company Personnel”) or Company Third Party Contractors to perform the work assigned to such Company Personnel or Company Third Party Contractors in furtherance of the Services or for the exercise of the Company’s rights under this Agreement, provided that any such Company Personnel or Company Third Party Contractors, as applicable, execute Supplier’s standard confidentiality agreement set forth in Exhibit S (Form of Non- Disclosure Agreement) (“Supplier NDA”);

5

Execution Copy

(b)providing electronic and physical access to the business processes and Supplier Services Infrastructure reasonably requested by the Company for Company Personnel or Company Third Party Contractors where such access is required to perform the work assigned to them in furtherance of the Services or for the exercise of the Company’s rights under this Agreement;

(c)providing then-available written requirements, standards, policies or other applicable documentation for the business processes and Supplier Services Infrastructure, but only to the extent reasonably requested by the Company for Company Personnel or Company Third Party Contractors where such documentation is required to perform the work assigned to them for the Company’s receipt and use of the Services or for the exercise of the Company’s rights under this Agreement;

(d)minimizing any degradation in the provision of the Services caused by the adjustments made by Supplier in transferring Services to Company Personnel or a Company Third Party Contractor; and

(e)providing any other cooperation reasonably requested for Company Personnel or Company Third Party Contractors to perform the work assigned to them by the Company for the Company’s receipt and use of the Services or for the exercise of the Company’s rights under this Agreement.

(f)Supplier and the Company shall each use commercially reasonable efforts to promptly notify the other Party when it becomes aware that an act or omission by a Company Third Party Contractor (“Company Third Party Contractor Act or Omission”) will cause, or has caused, a problem or delay in providing the Services. In such event, Supplier shall use commercially reasonable efforts to work with Company Personnel or, at the Company’s direction, the Company Third Party Contractor, to prevent (if possible) or circumvent the impact of such problem or delay. Supplier shall reasonably cooperate with the Company and Company Third Party Contractors (and the Company shall likewise instruct Company Personnel and Company Third Party Contractors to reasonably cooperate with Supplier) to resolve differences and conflicts arising between the Services and other activities undertaken by Company Personnel or Company Third Party Contractors. A Company Third Party Contractor Act or Omission shall not in and of itself excuse Supplier from the performance of any of its obligations under this Agreement unless and solely to the extent that such Company Third Party Contractor Act or Omission is a direct cause of Supplier’s inability to perform and Supplier has otherwise complied with the obligations of this Section 1.10(f).

(g)If requested by Company and agreed to by Supplier, including as set forth in an applicable Statement of Work, Supplier shall assist in evaluating third party contractor qualifications and independence, pricing rates and discounts; and assist Company in ordering, receiving, configuring, installing, testing, maintaining and distributing technology products for which Supplier has support obligations hereunder. Supplier shall provide such assistance as part of the Outsourced Services at no additional charge, provided, however, that if Supplier can reasonably demonstrate that the provision of such assistance in the context of the Outsourced Services as a whole will have a material impact on Supplier’s overall performance or costs, then such assistance will only be required to be made pursuant to a new Statement of Work.

6

Execution Copy

(h)In the event that the Company elects to offer certain Services to its Affiliates, Supplier will provide the same Services to such Affiliates on behalf of the Company in accordance with, and on the same, terms (including, pricing) of the applicable SOW then in effect and this Agreement.

1.11Divested Entities. If any entity, or any division, business unit or department within an entity, ceases to qualify as an Affiliate of Company (each such entity, division, business unit or department, a “Former Affiliate”), then, by written notice to Supplier, if elected by Company, Supplier will, at no additional cost, for a period of twelve (12) months after the date on which the applicable Former Affiliate ceases to qualify as an Affiliate or such other period as otherwise mutually agreed by the Parties in writing continue to provide the same Services from the same Services Locations to such Former Affiliate under the terms and conditions of the applicable Statement of Work then in effect (including pricing) and this Agreement. For the purpose of calculating volume discounts, rebates and similar incentives that may be earned by the Company, all services provided hereunder will be consolidated with those provided to the Former Affiliate during such transitional period.

1.12Rights in the event of Bankruptcy. In the event that Supplier files, or has filed against it, a petition under the federal Bankruptcy Code (11 U.S.C. Section 101 et. seq.), Company shall have the following rights, in addition to all other rights under the Bankruptcy Code and any other applicable Law:

(a)       Supplier acknowledges and agrees, and agrees not to contest any assertion by Company, that: (i) this Agreement is an executory contract as defined in the Bankruptcy Code (11 U.S.C. Section 101 et. seq.); (ii) the Supplier Property and the Intellectual Property rights therein constitute “intellectual property” as defined in 11 U.S.C. Section 101(35A); and (iii) Company is entitled to all of the rights and protections with respect to the Supplier Property as intellectual property, as provided in 11 U.S.C. Section 365(n).

(b)       In the event that any Person seeks to reject this Agreement pursuant to 11 U.S.C. Section 365(a), unless Company notifies Supplier in writing that Company has elected to treat this Agreement as terminated in accordance with Section 4.3 below, Supplier hereby agrees, and further acknowledges that this Agreement shall constitute a written request to Supplier pursuant to 11 U.S.C. Section 365(n)(4): (i) to perform all of its obligations under this Agreement and (ii) to not interfere with the rights of Company under this Agreement.

2. Testing and Acceptance.

2.1Supplier Quality Assurance. All Deliverables and new Services with respect to which Supplier is providing Implementation Services, together with applicable Documentation that have been agreed between the Parties, shall be substantially complete as per the Applicable Specifications set forth in the applicable Statement of Work and shall have successfully completed Supplier’s quality assurance process applicable to the Deliverable or the new Services prior to delivery to Company, or, if applicable, prior to the time at which Supplier provides remote access to Company. If applicable, Supplier shall also provide to Company a known defects list of any then-existing known Nonconformities. Supplier shall work in good faith to promptly correct all such known Nonconformities. “Delivery” shall not be deemed to have occurred, notwithstanding physical or

7

Execution Copy

electronic delivery of a Deliverable or the new Services, if the Deliverable or new Services have not undergone Supplier’s quality assurance process, as applicable.

2.2 [Intentionally Omitted]

2.3Testing and Acceptance of Deliverables Developed Pursuant to a SOW and New Services.

(a)With respect to any Deliverable developed under a Statement of Work or new Services with respective to which Supplier is providing Implementation Services: (i) Supplier shall provide notice to Company of such completion and shall deliver (or, as applicable, provide access to) any Deliverable or new Service to Company for Evaluation and (ii) Company shall be entitled to an Evaluation Period in which to Evaluate the Deliverable or new Service in accordance with the applicable Acceptance Criteria to determine if there is a Nonconformity. Such process shall be designed to validate the features and functionality of the Deliverables or the processing accomplished by the new Service, as applicable, are operational without errors or restrictions prior to the commencement of such Services and use of such Deliverables. The Statement of Work shall identify each critical milestone to achieve the Deliverables or implementation of the new Service (each, a “Critical Milestone” and collectively, the “Critical Milestones”), the date by which such Critical Milestones must be achieved and a framework for assigning Service Level credits to Company if Supplier is late in meeting a Critical Milestone. While a SOW may require that acceptance testing be conducted on an ongoing basis, Company’s acceptance of a Deliverable or new Service shall not be deemed to have taken place until Company Accepts such Deliverable or new Service. With respect to this Section 2.3, the only methods of acceptance are those provided in this Section 2.3, and no other method of acceptance, including those specified in Article 2 of the Uniform Commercial Code, shall apply to the acceptance of a Deliverable under this Section 2.3.

(b)Company shall be entitled to either: (i) Accept the Deliverable or new Service, as applicable; (ii) Accept the Deliverable or new Service, as applicable, with a non-material Nonconformity or Nonconformities, in which case, Company shall identify the Nonconformities and Supplier shall promptly correct all non-material Nonconformities; or (iii) if a material Nonconformity exists, reject the Deliverable or new Service, as applicable, in which case, Company shall promptly notify Supplier in writing but, in no event later than the end of the Evaluation Period of its rejection, and shall identify the material Nonconformities of the Deliverable or new Service that are the basis of the rejection. Persistent failures to develop and provide access to Deliverables or new Services on time shall be considered a material Nonconformity. The Supplier shall make commercially reasonable efforts to correct each material Nonconformity as promptly as possible, but in any event shall have no more than ninety (90) days from the date of Company’s rejection to correct each material Nonconformity. Supplier shall, at its own expense, promptly correct all Nonconformities and shall promptly deliver to Company the Deliverable or new Service, as applicable, containing such corrections, whereupon Company shall have another Evaluation Period to re-Evaluate the Deliverable (“Subsequent Evaluation Period”). To the extent Company fails to provide notice of acceptance or rejection by the end of the Evaluation Period or the Subsequent Evaluation Period, as the case may be, Supplier may request in writing that Company provide notice of acceptance or rejection and Company will use reasonable efforts to provide such notice of acceptance or rejection to Supplier promptly and acceptance shall not be unreasonably withheld by Company. Without limiting the foregoing,

8

Execution Copy

Company's payment for Deliverables or new Se1v ices, as applicable, shall not constitute Company's acceptance of such Deliverables or new Se1v ices, as applicable.

(c)In the event that Supplier fails to connect all Nonconformities identified during a Subsequent Evaluation Period to bring the applicable Deliverable or new Services, as applicable, in compliance with the Acceptance Criteria, then, Company, at its sole option, and without prejudice to such other legal rights as it may have hereunder or otherwise, may: (i) repeat the procedure set fo1th above; or (ii) extend the time for Supplier 's performance and require Supplier to formulate and implement a remediation plan, which may include an obligation to increase resources dedicated to complete the corrections; or (iii) return all or a portion of the rejected Deliverable or new Services, as applicable, and treat such failure as a material breach of the Statement of Work and terminate the Statement of Work in whole or in part, as applicable, in which case Supplier shall remit to Company the fees paid by Company for such rejected Deliverable or new Services, as applicable.

3. Fees and Invoicing.

3.1Fees. In consideration of the rights and licenses granted by Supplier to Company and the Services provided by Supplier to Company hereunder, Company shall pay to Supplier the fees set forth in the applicable Statement of Work and Exhibit B (Pricing) attached hereto, as applicable (the "Fees"). Except as expressly set forth in Exhibit B (Pricing) or in a Statement of Work, or as otherwise agreed upon by the Patties in writing, there shall be no expenses, Charges or fees payable in respect of Supplier's perfo1mance of its obligations pursuant to this Agreement. Unless otherwise specified or approved in writing in advance by the Company: (a) the Fees shall conf01m with the rates and discount schedule set forth in the applicable Statement of Work and Exhibit B (Pricing), as applicable; (b) actual Fees will not exceed the amount specified in the applicable Statement of Work or Exhibit B (Pricing), as applicable; and (c) Supplier shall be responsible for the payment of all of its expenses related to the provision of Services, and will not be reimbursed for such expenses by the Company, except as set forth in Section 3.2 below. The Fees and the Rates set forth in the applicable Statement of Work or Exhibit B (Pricing), as applicable, shall be fixed during the Term, except for any adjustments for inflation as set for within Exhibit B (Pricing) or the applicable Statement of Work.

3.2Expenses. Company shall not reimburse Supplier for administrative or account management fees, or incidental expenses, provided that Company will reimburse Supplier for direct expenses incurred by Supplier to prov ide the Services to the extent set forth in the applicable SOW. Company may reimburse Supplier for travel expenses. If Company agrees to reimburse Supplier for travel expenses: (a) all travel expenses must be pre-approved by Company; (b) Company shall reimburse only those expenses that comply with the expense policy attached hereto as Appendix I to

Notwithstanding the foregoing, travel and related expenses shall not be reimbursed if Supplier's or Supplier Personnel's place of business is located within a fifty (50) mile radius of the Company location where Se1v ices are being rendered. Unless otherwise specified in the applicable Statement of Work, the Company will not be required to pay for any time spent by Supplier traveling required to pe1fo1m the work identified in the relevant Statement of Work.

3.3 Invoices and Payment.

9

Execution Copy

(a)Supplier will submit itemized and detailed invoices for Charges to the Company and will provide appropriate supporting documentation reasonably requested by the Company. In order to be valid, an invoice must be consistent with the pricing set forth in the applicable Statement of Work and Exhibit B (Pricing), as applicable, in all material respects, be sent to the invoice address specified in Section 3.3(b) below, separately list each category of Charges and taxes (if any), and reference this Agreement and the applicable Statement of Work. Company may notify Supplier within ten (10) Business Days of receipt of any invoice if it has reasonable grounds to dispute such invoice, and the Parties will make good faith efforts to resolve such dispute. Any invoices that are not valid will be returned unpaid to Supplier for correction and re-submittal, as appropriate. All undisputed invoices submitted by Supplier in accordance with this Section 3.3 will be due and payable [Intentionally Omitted] after the Company’s receipt of Supplier’s invoice in the form set forth above. If Company disputes only part of an invoice, the Company shall make payment of the undisputed portion of the invoice. If the applicable Statement of Work does not specify when Supplier shall invoice Company for Services, Supplier shall invoice Company monthly in arrears for such Services. All amounts mentioned in this Agreement are in U.S. Dollars.

(b)Company may, upon written notice (including by e-mail) to Supplier, (without prejudice to any other provisions of this Agreement, including Company’s right to review and/or audit Charges in accordance with the terms set forth herein and its right to be reimbursed in connection with any erroneous charge by Supplier), withhold payment of particular Charges that it disputes in good faith. In the event of such dispute, Supplier shall continue to provide the Services and fulfill its obligations under this Agreement. Each Party will designate a Project Manager to meet promptly with the other Party’s Project Manager to resolve such dispute. If such Project Managers cannot resolve the dispute within thirty (30) days, then either Party may submit the dispute to the dispute resolution process described in Section 27 hereof.

Invoices will be sent to the following address:

10 West Market Street, Suite 2300, Indianapolis, IN 46204

or via electronic mail:

accountspayable@gafg.com

or such other address as the Company may direct in writing.

4. Term and Termination.

4.1Agreement Term; Renewal. The Agreement will commence on the Effective Date and will expire five (5) years from the Effective Date, unless earlier terminated as provided herein (the “Initial Term”). Thereafter, the Agreement shall automatically renew for one-year terms (each, a “Renewal Term;” the Initial Term and any Renewal Terms, including any period in which Transition Services are provided, shall be hereinafter referred to as the “Term”) upon written notice to Supplier within thirty (30) days of the end of the Initial Term or any Renewal Term, as applicable.

4.2               Statements of Work.

10

Execution Copy

(a)The term of each Statement of Work shall be for the period indicated therein and, to the extent not indicated, for the Term of this Agreement. The expiration or termination of any given Statement of Work shall not have any effect on any other Statement of Work in effect at such time.

(b)Company or the Company Affiliate that entered into a particular Statement of Work may terminate such Statement of Work, in whole or in part, by Service or a stand-alone component of a Service ("Services Component") at any time without cause by providing: (i) in the case of Outsourced Services [Intentionally Omitted] prior written notice to Supplier and payment of a termination fee [Intentionally Omitted] nd any other costs agreed to between the Parties in the applicable SOW or (ii) in the case of Professional Service, [Intentionally Omitted] prior written notice to Supplier, unless otherwise agreed by the Parties and set forth in an SOW pursuant to which the length of the term for Professional Services is greater than [Intentionally Omitted]. In the event of a termination of a portion of a Statement of Work, by Service or a Service Component, under this Section 4.2(b), the Fees under the applicable Statement of Work, from and after the effective date of such termination, shall be reduced in an amount equal to the fees payable for the terminated portion of such Serv ices or Service Component.

(c)Promptly following the effective date of termination or expiration of a Statement of Work, Company or such Company Affiliate, as applicable, shall be responsible only for the applicable Charges for Services under such terminated Statement of Work for Serv ices performed up to the date of termination of such Statement of Work or the applicable Service or Services Component, as the case may be.

(d)If Supplier materially breaches any of the terms of a Statement of Work, then, in addition to its other rights and remedies at law or in equity, Company shall have the right to terminate such Statement of Work without penalty if: (i) Company gives Supplier written notice of such breach stating Company's intention to terminate such Statement of Work if Supplier does not cure such breach (the "Default Notice"); (ii) Supplier fails to cure such breach within [Intentionally Omitted] following receipt of the Default Notice; and (iii) following such cure period, Company gives Supplier written notice of termination of such Statement of Work, which termination shall be effective upon Supplier's receipt of such notice, or, immediately, where such breach is not capable of cure.

4.3 Entire Agreement

(a)Company's Right to Terminate for Material Breach. If Supplier materially breaches this Agreement and such breach is capable of cure, then Company may terminate this Agreement in whole or in part without penalty if: (i) Company delivers a Default Notice to Supplier; (ii) Supplier fails to cure such breach within [Intentionally Omitted]     following the date of the Default Notice; and (iii) following such cure period, Company notifies Supplier of termination of this Agreement, which termination shall be effective upon the date specified in the notice. If Supplier materially breaches this Agreement and such breach is not capable of cure, then Company may terminate this Agreement in whole or in part without penalty immediately and notify Supplier of termination of this Agreement, which termination shall be effective upon the date specified in the notice. Notwithstanding anything to the contrary herein, if specified in Company's termination notice, termination of this Agreement shall terminate all outstanding Statements of Work.

11

Execution Copy

[Intentionally Omitted]

Notwithstanding anything to the contrary herein, any such compromise or breach shall entitle Company, in addition to its other rights and remedies at law or in equity, to immediately terminate this Agreement as of the date of its termination notice if Supplier fails to cure such breach within [Intentionally Omitted] following the date of the Default Notice.

(b) Additional Company Termination Rights.

(i)Failure to Achieve Acceptance Criteria or Acceptance Delay. If a material Nonconformity described in Section 2.3(c)(iii) occurs and such nonconforming Services or Deliverable constitutes a material part of the Serv ices being performed under the Agreement taken as a whole, Company shall have the right, in addition to its other rights and remedies at law or in equity, to terminate this Agreement in its entirety without penalty by providing written notice to Supplier specifying the effective date of termination and the Agreement shall be terminated as of the date set forth for such termination in the written notice.

(ii)Force Majeure and Law. Company shall have the right, in addition to its other rights and remedies at law or in equity, to terminate the applicable Statement of Work in part or in its entirety without penalty, upon the date specified in its written notice to Supplier, if during the Term: (A) notwithstanding the implementation of Supplier's BusinessContinuity and Disaster Recovery Plan, Supplier is unable or fails, for any reason, to restore and return the provision and/or performance of the Services in accordance with Supplier’s Business Continuity and Disaster Recovery Plan within [Intentionally Omitted]          of implementation; (B) if a Law or change of Law does or will (if implemented) prevent Supplier from providing the Services set forth in such Statement of Work and the Parties are unable, within [Intentionally Omitted] of written notice by one Party to the other of such Law or change of Law, to restructure the Serv ices so that Supplier is no longer prevented from providingsuch Services; and/or (C) if Supplieris indicted or prosecuted under the FCPA.

(c)Additional Remedies. Unless otherwise set fo1th in the applicable Statement of Work, in the event of any te1mination pursuant to Section 4.3(b) above, in addition to the Company's other rights and remedies at law or in equity, any amounts previously paid to Supplier for any Services not yet performed as of the date of such termination shall be refunded to the Company [Intentionally Omitted] of the applicable termination date.

(d)Supplier's Termination Rights. Supplier may upon provision of written notice to Company specifically stating Supplier's intent to te1minate, term [Intentionally Omitted]he notice of termination only: (i) the applicable Statement of Work, if (A) Company fails to pay Supplier when due undisputed charged [Intentionally Omitted] under such Statement of Work and (B) fails to make payment of such Charges within [Intentionally Omitted] of notice from Supplier of the failure to make payment; and (ii) this Agreement, if [Intentionally Omitted]

12

Execution Copy 

 (e)Both Parties. Each of Company and Supplier may terminate this Agreement if any one of the following events occurs: (i) the other files a voluntary petition in bankruptcy or an involuntary petition is filed against it (and such petition is not dismissed within sixty (60) days); (ii) the other is adjudged bankrupt; (iii) a court assumes jurisdiction of the assets of the other under a federal reorganization act, or other statute; (iv) a trustee or receiver is appointed by a court for all or a substantial portion of the assets of the other; (v) the other becomes insolvent, suspends business or ceases to conduct its business in the ordinary course; or (vi) the other makes an assignment of its assets for the benefit of its creditors. Each Party will give prompt written notice of any such event relating to it.

4.4Effect of Termination. Upon expiration or termination of this Agreement or any Services:

(a)Except as otherwise set forth in Section 4.6 (Survival of Obligations) below, the rights and obligations of the Parties under this Agreement or with respect to the applicable Services shall cease; and

(b)Supplier will promptly deliver to Company all Company Property and Deliverables. Subject to Supplier’s limited right to retain copies of certain Company Confidential Information pursuant to Section 13.5 (Return of Information), upon Company’s written request or upon termination or expiration of this Agreement as a whole or any Services, Supplier shall also deliver to Company or destroy (with Company’s prior written consent and in accordance with this Agreement, including the requirements set forth in Exhibit D (Cybersecurity Requirements and Compliance)) all devices, records, data, computer disks and tapes, notes, reports, proposals, lists, correspondence, specifications, drawings, blueprints, sketches, materials, Equipment, other documents or tangible property of any type comprising or containing any Company Data, and any and all copies and reproductions of any of such items in the possession or control of Supplier, in accordance with this Agreement. For clarity, with respect to the termination or expiration of only certain Services, the foregoing obligations shall apply only as related to such Services, as the case may be. Any permitted archives containing Company Data shall be used by Supplier solely for audit and recovery purposes and shall be maintained and used in accordance with Exhibit D (Cybersecurity Requirements and Compliance).

4.5Specific Performance. Supplier acknowledges that if it were to breach, or threaten to breach, its obligation to provide the Company with Transition Services, then: (a) the Company may be irreparably harmed; (b) money damages may not be an adequate remedy; and (c) continued provision of the Services and, to the extent relevant, Transition Services may best preserve the status quo pending resolution of any disputes then pending. Accordingly, the Company may seek to enforce Supplier’s obligation to provide Transition Services and other material portions of the Services by a preliminary or permanent mandatory injunction, decree of specific performance or other appropriate equitable remedy. Supplier agrees to waive any requirement that the Company post a bond, or demonstrate irreparable harm, in the event that the Company brings an action seeking such an injunction.

4.6Survival of Obligations. The rights and obligations of the Parties under the following provisions of this Agreement shall survive the termination or expiration of this Agreement: Section 3 (Fees and Invoicing), Section 4.4 (Effect of Termination), this Section 4.6 (Survival of Obligations), Section 8 (Taxes), Section 11 (Reports; Books and Records; Liens) (solely for the time period set forth

13

Execution Copy

therein), Section 12 (Proprietary Rights), Section 13.1 (Treatment of Confidential Information Generally), Section 13.3 (Exceptions), Section 13.4 (Mandatory Disclosure), Section 13.5 (Return of Information), Section 13.6 (Disclosures to Representatives; Obligations), Section 13.7 (Inadvertent Disclosures), Section 13.8 (Certain Remedies), Section 18 (Non-Solicitation) (solely for the time period set forth therein), Section 19 (Indemnification), Section 27.1 (Governing Law), Section 21.4 (Charges), Sections 22 (Assignment) through Section 40 (Equitable Relief) shall survive termination or expiration of this Agreement. For the avoidance of doubt, any termination of this Agreement or any Exhibit, Appendix or SOW shall not impact Supplier’s obligations under Section 21 of this Agreement.

5. Conduct of Supplier Personnel.

5.1 Compliance with Company Policies and Procedures.

(a)Whenever Supplier’s employees, agents, Representatives and, if permitted and approved by Company pursuant to this Agreement, Service Providers and their respective personnel (collectively, “Supplier Personnel”) are (i) present on Company Premises or (ii) providing Services directly to Company, Company Personnel or Company customers, Supplier shall cause such Supplier Personnel (collectively, “Front Line Personnel”) to comply with the Company’s policies and procedures, including safety and physical and information security procedures that are applicable to the Company’s premises as the same may be amended from time to time. The Company shall provide such policies and procedures in writing to Supplier Personnel with reasonable advance notice. At the Company’s request and expense, Front Line Personnel will attend one (1) or more training sessions with respect to the Company’s on-site rules of behavior, work schedule, security procedures and such other policies and procedures as the Company, in its sole discretion, may deem appropriate.

(b)Supplier Personnel shall at all times perform the Services in a safe and professional manner and comply with all Laws applicable to Supplier Personnel in performing the Services and its obligations under this Agreement, including Laws applicable to Supplier Personnel relating to the regulatory environment in which the Services are performed. Supplier shall be responsible for the acts and omissions of all Supplier Personnel in connection with the Agreement.

(c)At the Company’s reasonable request, Supplier will promptly replace any proposed or assigned Front Line Personnel providing Services under this Agreement.

(d)Supplier Personnel shall complete fraud and anti-money laundering training required by Company on an annual basis or ad hoc basis as directed by the Company.

5.2Treatment of Security Information. Supplier and Supplier Personnel performing Services under the Agreement shall treat all passwords, access information and information concerning Company’s security systems (physical, electronic, and otherwise) as Company Confidential Information in accordance with Section 13 (Confidentiality) of this Agreement without regard to any exclusion to Company Confidential Information set forth in Section 13.3.

5.3Continuity of Personnel. Supplier will deliver quarterly staffing reports to Company identifying the Supplier Personnel who are not Supplier or Supplier Affiliate employees. Without limiting Supplier’s obligations and restrictions set forth in this Agreement concerning Service Providers and any assignment rights, Supplier Personnel that are not employees of Supplier will not [Intentionally Omitted] of all then-currently engaged Supplier Personnel at any given time without

14

Execution Copy

Company’s prior written consent. If Company reasonably determines for any lawful purpose that any Supplier Personnel may be adversely affecting the Services, Company, Company’s business, operations or reputation, or is acting in a manner inconsistent with or detrimental to the proper performance and delivery of Services, is or may be disruptive or unqualified, or has violated any Laws or any Supplier or Company policies or requirements hereunder, Supplier will promptly remediate the situation, and if unable (within a reasonable period of time not to exceed ten (10) Business Days) to remediate the situation to the reasonable satisfaction of Company, or if Supplier determines instead to remove such individual, then Supplier shall promptly remove such individual from the Company account and shall replace such individual with another individual of suitable ability and qualification, including experience providing the Services. There will be no charge to Company for any orientation and training of any replacement employee necessary to properly take on the position and make a productive contribution commensurate with the requirements of the position.

5.4 Key Personnel and Knowledge Workers.

(a)The Parties agree that there are certain individuals that are essential to the accomplishment of the Services and that may be designated as “Key Persons” by Company, in its sole discretion, in the Statements of Work; provided that only FTEs with titles below Assistant Vice President may be designated as a “Key Person” and only up to [Intentionally Omitted] of such roles may be designated as “Key Personnel” (each, a “Key Person” and collectively “Key Personnel”). Key Personnel must be employees of Supplier or a Supplier Affiliate, and may not be independent contractors or subcontractors. If any Key Personnel are designated, Supplier shall perform Services related to such SOW through those Key Personnel and such additional Supplier Personnel as Supplier may from time to time determine to be required for the performance of Services. Company may from time to time request a change in the positions designated as Key Personnel under this Agreement and the change shall be with Supplier’s approval, which shall not be unreasonably withheld.

(b)Supplier shall cause each of the Key Personnel to devote the level of effort specified in the applicable Statement of Work, as the case may be, to the provision of Services for, at a minimum, the period specified in the applicable Statement of Work, as the case may be, from the date he or she assumes the applicable position. In the event of the voluntary resignation, termination for cause, illness, disability or death of one of its Key Personnel during or after the specified period, Supplier shall: (i) give the Company as much notice as reasonably possible of such development and (ii) expeditiously identify and obtain the Company’s approval of a suitable replacement. Except for the reasons set forth above, during the period specified in the applicable Statement of Work, as the case may be, Supplier shall transfer, reassign or remove any of its Key Persons only after: (A) giving the Company at least twenty (20) days prior notice of such action; (B) identifying and obtaining the Company’s approval of a suitable replacement at least ten (10) days prior to such transfer, reassignment or removal; (C) providing the Company with a plan describing the steps and knowledge transfer necessary to transition responsibility to the replacement; and (D) demonstrating to the Company’s reasonable satisfaction that such action will not have a material adverse impact on Supplier’s performance of its obligations under this Agreement. Without limiting the foregoing, without the Company’s prior written consent, Supplier shall not cause or permit any Key Personnel to perform similar services directly or indirectly for or to a Company Competitor while engaged in the provision of Services.

15

Execution Copy

(c)Supplier shall implement and maintain a reasonable retention strategy designed to retain Key Personnel on the Company account for the period(s) specified in the applicable Statement of Work, as the case may be. Supplier shall also maintain succession plans for each of the Key Personnel positions and shall share relevant portions of such retention and succession plans with the Company upon its reasonable request.

5.5Service Providers. With respect to any Affiliates, subcontractors and independent contractors of Supplier (collectively, “Service Providers”) that Supplier uses in connection with Supplier performing its obligations hereunder or carrying out its activities hereunder, Supplier: (a) must notify Company in writing of the scope of the proposed subcontract, the identity and qualifications of the Service Provider and the reasons for subcontracting the work in question (and allowing Company a reasonable period of time for evaluation of Supplier’s request); (b) must receive Company’s prior written consent to engage such Service Provider; (c) other than an Affiliate of Supplier (A) that is party to a Statement of Work or (B) for which Supplier is otherwise bound to ensure compliance with the terms of this Agreement and other than subcontractors providing non-material functions in the ordinary course of business that do not have access to Company Data, Company Networks or Company Personnel, will ensure that any such Service Provider is bound by a written agreement with Supplier that contains provisions substantially the same as the provisions set forth in the Agreement relating to confidentiality, data privacy and security, insurance, audit (as applicable to Service Providers), compliance with Law, Business Continuity and Disaster Recovery, Books and Records and Proprietary Rights; and (d) will be responsible for any services performed by, and acts and omissions of, such Service Provider and shall be liable hereunder to Company to the same extent as if Supplier performed such services or such acts or omissions were Supplier’s. Notwithstanding the Company’s approval of a Service Provider, Supplier shall: (i) promptly pay for all services, materials, equipment and labor used by any Service Provider; (ii) remain the Company’s sole point of contact for the subcontracted Services; and (iii) at the Company’s reasonable request, promptly remove and/or replace any Service Provider. On a quarterly basis at the request of Company, Supplier will prepare a report describing in reasonable detail: (1) a list of all Service Providers used by Supplier in connection with performing its obligations hereunder or carrying out its activities hereunder; (2) the functions performed by each such Service Provider; (3) Supplier Affiliate’s oversight arrangement with respect to subcontractors; (4) any instances where a Service Provider failed to meet their duties and obligations under agreements to which it is a party and/or failed to comply with Supplier’s internal controls and procedures, in each case, that affect the provision of the Services; and (5) any other details as Company may reasonably request from time to time (each, a “Service Provider Report”). As of the Effective Date, Company consents to the engagement of the Service Providers set forth on Exhibit O (Affiliates) attached hereto.

5.6Designation; Authority. Where applicable, Supplier and Company shall each designate a Project Manager who shall be the principal point of contact for all matters under the particular Statement of Work. The Project Managers designated in any Statement of Work as having such authority shall have the authority to represent each of their respective Parties, as the case may be, pursuant to the procedures set forth herein or therein. Subject to Section 5.4 above, Supplier and Company may each replace its Project Manager with a new Project Manager by providing written notice to the other Party’s Project Manager.

5.7 Supplier Personnel Screening.

16

Execution Copy 

(a)Without in any way limiting Supplier’s obligations hereunder in any Statement of Work, Supplier shall conduct the screening measures and background and security checks for Supplier Personnel as set forth in Company’s background check policy (the “Background Check Policy”).

(b)Supplier shall not allow any individual who does not meet the screening, background and security check criteria set forth in the Background Check Policy (as determined by the results of such screening, background and security check) to perform work in connection with any of the Services.

(c)Supplier shall: (i) not permit any Supplier Personnel to have access to Company Data or the premises of the Company or any Affiliate of the Company if such Supplier Personnel: (A) has been convicted of a crime or has agreed to or entered into a pretrial diversion or similar program in connection with: (1) a dishonest act or a breach of trust, as set forth in Section 19 of the Federal Deposit Insurance Act, 12 U.S.C. 1829(a); or (2) a felony; or (B) uses illegal drugs; or (C) appears on the Office of Foreign Asset Control (“OFAC”) list.

(d)If such screening measures and background checks were previously conducted by or for Supplier on an individual to be assigned to Company, Supplier need not perform such testing and checks on that individual unless otherwise required by the Background Check Policy (other than fingerprint checks unless required by law applicable to the Services, Company or Supplier).

(e)At Company’s request, Supplier agrees to provide Company with certification that the above-referenced screening was conducted on specific individuals in compliance with this Section.

(f)The Supplier shall keep copies of background screening documentation and provide certification of completion of such background screening to the Company when requested. The Company reserves the right, at its own expense, to conduct its own background screening (of whatever kind and as extensive as the Company sees fit, including credit checks and drug testing) on Supplier Personnel. The Supplier agrees to cooperate with the Company, its agents or Affiliates, in conducting such background checks, which includes, without limitation, assisting the Company, or any agent or Affiliate of the Company, in obtaining all necessary consents from, and providing appropriate disclosures to, the Supplier Personnel whose backgrounds are being checked.

(g)Notwithstanding the foregoing, the conduct of any such screening procedures or anything to the contrary herein, Supplier shall at all times be responsible for the actions and performance of all Supplier Personnel and for any breach of the terms hereof by Supplier Personnel.

6. Audits and Examinations.

6.1Applicability. Supplier agrees that during the Term it will submit to and comply with the testing, reporting, audit and examination requirements, standards, protocols and guidelines set forth in this Agreement.

6.2      Operational Audits.

17

Execution Copy

(a)Supplier acknowledges that Company determines (subject to Section 6.2(b) below) the number and type of audits required of its third party administrators based on Company’s risk assessments of such third party administrators, which may vary from time to time and will consider a variety of factors including Company’s ranking of the processes performed, systems and workflow complexity, the frequency of processing errors or other incidents and regulatory inquiries. Company may, in accordance with Section 6, conduct audits of Supplier by remote observation, or on-site visits to Service Locations; provided that, the use of any audit software shall be subject to discussion with and prior consent from Supplier. Supplier agrees to cooperate in good faith with Company’s reasonable audit activities that do not unduly affect the Supplier’s business operations.

(b)Company has the right to, by itself or by the assistance of a third party (other than a third party who is a Supplier Competitor) who shall execute a Supplier NDA, upon [Intentionally Omitted] written notice to Supplier (unless required to provide shorter notice by a government authority or regulatory agency), [Intentionally Omitted] per year (unless requested by a government authority or regulatory agency or upon the occurrence of a Cybersecurity Event), visit the Service Locations and/or any other location at which Company Data is accessed, processed or stored by Supplier or, its Affiliates or, to the extent agreed to by the applicable Service Provider, its other Service Providers, and conduct a review during Supplier’s normal business hours.

(c)Supplier shall facilitate Company’s reasonable requests to: (i) review records maintained by Supplier related to the performance of the Services to confirm compliance with this Agreement, including related to compliance with regulatory, anti-money laundering, fraud and privacy requirements, such as Charges billed to Company and other backup documents set forth in Section 6.6 (Back Up Documentation); (ii) examine the controls (e.g., organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls) and the security and back-up practices and procedures related to the performance of the Services and compliance with this Agreement; (iii) verify the integrity of data related to or concerning this Agreement and examine the systems that process, store, support and transmit such data; (iv) examine Supplier’s measurement, monitoring and management tools related to the Services and Service Levels; and (v) enable the Company and any Affiliate of the Company to meet applicable legal, regulatory and contractual requirements.

(d)Company will reasonably limit disruption to Supplier’s business operations during any audit activities. Supplier shall be entitled to accompany Company and its representatives while performing on-site audits. In connection with an audit, Supplier will provide Company with reasonable access to Supplier’s policies and procedures applicable to the Services and this Agreement.

(e)If any issues that materially adversely affect the Services, in Company’s good faith determination, are found during any audit, Supplier shall work in good faith with Company to provide a response plan (“Response Plan”) to Company within [Intentionally Omitted] following the completion of such audit. Supplier shall remediate each such issue in a timely manner in accordance with Supplier’s Response Plan, provided, however that, all such issues shall be remediated no later than [Intentionally Omitted] after the date on which the Response Plan is due to be provided to Company or such other timelines as agreed to between the Parties.

6.3Consequences of Overcharges. If it is determined in any Company review or audit that Supplier has overcharged Company, Company shall notify Supplier of the amount of such overcharge

18

Execution Copy 

and, Supplier shall promptly, no later than [Intentionally Omitted] from the date of notice of such overcharge,pay to Company the amount of the overcharge. Supplier shall notify Company of, and pay to Company, any overcharges that Supplier becomes aware of.

6.4Certifications. Supplier will provide to Company, promptly upon Company’s written request, copies of any certifications Company may reasonably request in connection with the Services, including any ISO certifications, to the extent Supplier holds such certifications in the ordinary course of its business that could be shared without breach of Supplier’s confidentiality obligations to third parties.

6.5Back-Up Documentation. In addition to Company’s audit rights set forth herein and in the attachments hereto, as part of the Services, Supplier shall provide Company with: (a) such back- up documentation as may be requested by Company from time to time in order to verify the accuracy of the reports provided by Supplier and (b) sufficient documentation from time to time to verify that Supplier’s performance of the Services is in compliance with the Service Levels and this Agreement.

6.6Regulatory Inspections. Unless prohibited by applicable Law, Supplier shall notify the Company promptly by telephone or by e-mail if any governmental audit authority requests an inspection in writing or makes informal or oral inquiries of Supplier regarding the Services, excluding routine Supplier inspections or inquiries. Unless otherwise required by applicable Law or law enforcement agency, Supplier shall not allow any governmental audit authority to have access to any information relating to activities specific to Company without giving Company the right to have a representative present. Unless otherwise required by applicable Law, Supplier and Company shall reasonably cooperate in resolving any concerns of any governmental audit authority regarding any aspect of the Services.

6.7Audit Reports. During the Term, Supplier shall maintain commercially reasonable internal controls and processes commensurate with control processes maintained by service providers to the financial services industry of substantially similar size as Supplier with access to personal information and records of the type and scope to which Supplier has access. In addition to the third party audits required under the Agreement, including Exhibit D (Cybersecurity Requirements and Compliance), (collectively, “Audit Reports”), Supplier shall deliver a SSAE SOC-1 Type II Report and SOC-2 Type II Report along with applicable bridge letters on an annual basis (such SOC-1 and SOC-2 reports will be provided by Supplier to the Company no later than January 15^th of the following year and bridge letters should be received by January 30th of the following year). Supplier shall provide the Audit Reports required under the Agreement to Company in the applicable time frame hereunder and shall bear all costs and expenses associated with obtaining and delivering SSAE SOC- 1 Type II Reports to Company. Unless otherwise agreed to by the Supplier, Company shall bear all costs and expenses associated with obtaining and delivering SSAE SOC-2 Type II Reports. Upon Company’s written request, within [Intentionally Omitted] of the issuance of an Audit Report, Supplier will review the findings of such Audit Report with Company. Further, Supplier, shall, at its own cost and expense, take prompt corrective action to rectify any qualifications identified in such Audit Reports, to the extent applicable, in accordance with management’s response attached to the Audit Report and for those items that will improve Supplier’s overall operating environment, as applicable.

6.8Additional Reports. Upon Supplier becoming aware of any material failure to meet the performance standards committed to Company under this Agreement, Supplier will report such

19

Execution Copy

failure to Company, specifying the failure, the actions taken and to be taken to remediate such failure and to prevent reoccurrence of such failure, and any adverse results caused by the failure. The foregoing report will be provided in writing.

6.9Service Provider Audits. Supplier shall use commercially reasonable efforts to ensure that its Service Providers are bound, under their agreements with Supplier, to allow Company to conduct audits of such Service Provider consistent with those permitted with respect to Supplier under this Section 6, and to remediate any material deficiencies and non-compliance discovered as a result of any such audits.

7. Independent Contractor.

7.1Supplier Status. The status of Supplier will be that of independent contractor, and none of the Supplier Personnel will be deemed employees or agents of the Company or any of its Affiliates. None of the terms set forth in this Agreement will be construed as creating a partnership, joint venture, agency, master-servant, employment, trust or any other relationship between the Company and Supplier or any of Supplier’s employees. Supplier and Supplier Personnel are not eligible for, nor may they participate in, any employee benefit plans of the Company.

7.2Supplier Responsibilities. Supplier agrees to be solely responsible for: (a) paying all wages and other compensation of all Supplier Personnel who provide Services to the Company or any of its Affiliates hereunder in compliance with applicable Laws; (b) making all necessary deductions and withholdings from Supplier Personnel wages and other compensation in accordance with applicable Laws and regulations; (c) paying any and all contributions, taxes and assessments, including by way of example, federal social security, state unemployment compensation and federal withholding of income tax laws on all wages and other compensation of such Supplier Personnel; and (d) complying with Laws relating to the provision of paid or unpaid leaves and/or other benefits. All matters governing the employment of Supplier Personnel shall be Supplier’s full responsibility.

7.3Relationship of Supplier Personnel. Supplier represents and warrants that each of its Supplier Personnel based in the United States of America has certified to it that it has completed the I- 9 Process and that they are therefore authorized to work for Supplier in the United States of America. Supplier shall be responsible for handling and processing all immigration and employment-related issues and requirements (including processing visas and ensuring compliance with all applicable Laws) arising in connection with any of its Supplier Personnel who is an employee of the Supplier, and with respect to Service Providers, Supplier shall require such Service Providers to comply with the foregoing requirements with respect to their personnel. Supplier shall, upon Company’s written request, to the extent permitted by Law, provide documentation reasonably required by Company to verify that Supplier has complied with the requirements of this Section 7.3 and that Supplier Personnel have valid work authorizations and visas that permit them to perform the Services in the manner and locations set forth in this Agreement.

8. Taxes.

8.1Company Obligations. The Company will pay to Supplier any sales, excise, value- added, consumption, service or use tax, whether federal, state or local, imposed on or arising out of the delivery of Services by Supplier. Any taxes for which Company is responsible must be listed as

20

Execution Copy

separate line items on Supplier’s invoice, including the listing of tax charges by jurisdiction. The Company shall not be responsible for paying any other taxes or fees of Supplier, including Supplier’s licensing or business fees or assessments that are not specified as a sales or use tax. Once the Company has paid such tax to Supplier, the Company shall have no other responsibility with respect to such sales and use taxes and Supplier shall be responsible for promptly paying such tax to the appropriate taxing authority. If it is later determined that such tax, or any portion thereof, was not due, Supplier will pursue the appropriate refund and remit such refund to the Company when Supplier has recovered such amount from such taxing authority. Supplier shall, on every taxable event, make all reasonable efforts to limit any and all tax consequences to the Company. Supplier is solely responsible for paying any and all taxes (including social security, employment and income) required by any Law or regulation pertaining to Supplier Personnel relating to this Agreement. Notwithstanding the above, the Company will also be responsible for any real or personal property taxes on property it owns or leases, for franchise and privilege taxes on its business and for taxes based on its net income or gross receipts (including withholding taxes imposed in lieu of income taxes).

8.2Supplier Obligations. Supplier shall be responsible for: (a) franchise and privilege taxes on its business; (b) taxes based on its net income or gross receipts (including withholding taxes imposed in lieu of income taxes); and (c) sales, use, excise, value-added, services, consumption and other taxes and duties payable by Supplier on goods or services used or consumed by Supplier in providing the Services where the tax is imposed on Supplier’s acquisition or use of these goods or services and the amount of tax is measured by Supplier’s costs in acquiring these goods or services; provided that, if Company has agreed to reimburse Supplier for the cost of such goods or services, the Company shall be responsible for the sales, use, excise, value-added, services, consumption and other taxes and duties imposed on such goods and services.

8.3Tax Audits. If a Party comes under audit by any taxing authorities and an audit issue arises that would create liability for the other Party in connection with this Agreement, to the extent permitted by law, then such Party must notify the other Party of such audit issue within thirty (30) days of the audit notice from the taxing authorities to allow such other Party at its option and expense to participate in and jointly control the challenge of the potential assessment.

9.Business Continuity and Disaster Recovery. At all times during the Term of this Agreement, Supplier shall maintain and comply with its Business Continuity and Disaster Recovery Plan in accordance with the terms of Exhibit D (Cybersecurity Requirements and Compliance). Any additional costs associated with changes to the Business Continuity and Disaster Recovery Plan shall be determined and mutually agreed to by the Parties at the time such changes to the Business Continuity and Disaster Recovery Plan are required.

10. Force Majeure.

10.1In General. For the purposes of this Agreement, “Force Majeure Event” shall include any event, condition or circumstance set forth in the following sentence: (a) to the extent that and provided that such event, condition or circumstance is beyond the reasonable control of the Person affected thereby (the “Affected Party”); (b) the Affected Party is without fault in causing the event, condition or circumstance; and (c) despite all efforts of the Affected Party to prevent it or mitigate its effects (including, with respect to Supplier, efforts to implement its Business Continuity and Disaster Recovery Plan as required under this Agreement), such event, condition or circumstance prevents or

21

Execution Copy

materially hinders the performance by the Affected Party of its applicable obligations hereunder. Subject to the above, only the following events may be considered Force Majeure Events under this Agreement: (i) explosion and fire; (ii) flood, earthquake, storm or other natural calamity or disaster or other acts of God; (iii) war, insurrection, act of terrorism or riot; or (iv) pandemic. For the avoidance of doubt, the acts and omissions of Service Providers shall be deemed within the control of Supplier.

10.2Occurrence of a Force Majeure Event. Upon the occurrence and during the continuance of a Force Majeure Event, the obligation of the Affected Party to perform the affected obligations (including the obligation to meet applicable Service Levels) shall be suspended and, if any Services are suspended during such period, the Company shall not be required to pay the pro rata portion of the Charges for such Services that are suspended for the period during which such Services are suspended. The Affected Party shall give written notice of the Force Majeure Event to the other Party (the “Unaffected Party”) as soon as practicable after such event occurs (but in no event more than two (2) Business Day), which notice shall include information with respect to the nature, cause and date of commencement of the occurrence(s), and the anticipated scope and duration of the delay. Upon the conclusion of a Force Majeure Event, the Affected Party shall take all reasonably necessary steps to resume the obligation(s) previously suspended. Notwithstanding the foregoing, an Affected Party shall not be excused under this Section 10.2 for any non-performance of its obligations under this Agreement having a greater scope or longer period than is justified by the Force Majeure Event. Nothing contained herein shall be construed as requiring an Affected Party to settle any strike, lockout or other labor dispute in which it may be involved.

11. Reports; Books and Records; Liens.

11.1 Reports. Without limiting Supplier’s obligations under the Agreement, during the

Term:

(a) Supplier shall provide Company with the reports identified in Exhibit M (Reporting) or as otherwise agreed pursuant to this Agreement.

(b)Company may identify and reasonably request additional reports to be generated by Supplier and delivered to the Company on an ad hoc or periodic basis. Further, Company may from time to time adjust the type, nature and distribution of reports. Upon Company request, Supplier shall use commercially reasonable efforts to answer any questions that Company may have regarding any report.

(c)Preparation and delivery of the reports set forth in Exhibit M (Reporting) will be considered part of the Services, and there will be no additional Fees to Company for such reports.

11.2Books and Records. To the extent not covered in any Statement of Work as it relates to specific Outsourced Services, Supplier will maintain accurate books and records regarding the Company and the Services (the “Records”) in accordance with Exhibit E (Policies and Procedures). Such Records will be maintained until the last to occur of: (a) seven (7) years after expiration or termination of this Agreement or (b) any retention requirements under applicable Law have elapsed (the “Retention Period”). Supplier shall maintain and provide access upon request to the Records required by this Section 11.2 and/or to meet Company’s audit rights under this Agreement.

22

Execution Copy 

11.3Destruction of Records. Supplier shall purge all Records only after the end of the Retention Period applicable to such Records and will perform such purge in a secure manner and in accordance with the terms of Exhibit D (Cybersecurity Requirements and Compliance) and Exhibit E (Policies and Procedures) attached hereto. Before destroying or otherwise disposing of such information, Supplier shall provide Company with sixty (60) days’ prior notice and offer Company the opportunity to recover such information or to request Supplier to deliver such information to Company. Company will also be entitled to request that Supplier not purge certain Records regardless of the Retention Period, and Supplier will not purge such Records and shall continue to maintain such Records in accordance with the terms of this Section 11 until otherwise notified in writing by Company.

11.4Delivery of Records. Upon Company’s written request, Supplier shall provide to Company, or if directed by Company in writing, to a government authority or regulatory agency, copies of Records, within a reasonable time period requested by Company in writing. Supplier shall be not be entitled to bill Company for such services unless otherwise agreed by the Parties in writing.

11.5Discovery Requests. Supplier shall reasonably cooperate with any legal discovery requests made by Company in writing. Supplier shall be entitled to bill Company for such services, as they pertain to third party claims made only against Company, at Supplier’s then-current rate for comparable services; provided, however, that Supplier shall not be entitled to any Charges or expenses which were not pre-approved by Company in writing.

11.6No Limitations. The provisions of this Section 11 shall in no way qualify or limit Supplier’s covenants and obligations under Exhibit E (Policies and Procedures) attached hereto and made a part hereof.

12. Proprietary Rights.

12.1 Retention of Rights.

(a)Pre-existing IP. Company and Supplier shall each retain exclusive ownership of all right, title and interest in and to their respective pre-existing Intellectual Property, including, but not limited to, their respective business methods and processes, workflows, Software, documentation, ideas, procedures, know-how, methods, as well as any improvements, modifications, enhancements and Derivative Works of such Intellectual Property and all related Intellectual Property rights and their respective Confidential Information (collectively referred to as “Pre-existing IP”). Except for the rights expressly granted by a Party to the other Party in this Agreement, neither Company nor Supplier grants, assigns or in any way transfers any right, entitlement, privilege, permission, claim, title, ownership or interest in any Pre-existing IP, either implicitly or explicitly, by operation of law or otherwise. Supplier hereby grants to the Company and its Affiliates an irrevocable, unrestricted, non- exclusive, paid-up, perpetual, worldwide, transferable license to use, duplicate, modify, sublicense, distribute, display and otherwise engage any Supplier Pre-existing IP as necessary to enable the full use and benefit of the Services and Deliverables for any and all purposes. Company hereby grants to Supplier and its Affiliates an unrestricted, non-exclusive, paid-up, worldwide, license to use, duplicate, modify, sublicense, distribute, display and otherwise engage any Company Pre-existing IP solely to the extent necessary to enable the Supplier to provide Services hereunder during the Term.

23

Execution Copy

(b)Supplier’s Ownership. As between Supplier and Company, Supplier is and shall remain the sole and exclusive owner of all Supplier Property and accordingly, Supplier may use Supplier Property with other clients. Except for the rights and licenses expressly set forth in this Agreement, no other right is granted, no other use is permitted and all other rights are expressly reserved by Supplier.

(c)Company’s Ownership. As between Supplier and Company, Company is and shall remain the sole and exclusive owner of all Company Property. Except for the rights and licenses expressly set forth in this Agreement, no other right is granted, no other use is permitted and all other rights are expressly reserved by Company.

12.2Ownership of Deliverables. All rights, including all Intellectual Property rights, title and interest in and to all Deliverables and all technology and materials contained therein, other than Supplier Property, shall be owned solely and exclusively by Company. Except to the extent a Deliverable comprises Supplier Property, Supplier shall assign, and hereby perpetually and irrevocably assigns, to Company, all of its right, title and interest in and to the Deliverables (and all future modifications, Derivative Works and improvements thereto) throughout the world, including all uses in all media now known or in the future developed in any jurisdiction and all lawful means and forms of exploitation now known or in the future developed in any jurisdiction. In the event the foregoing assignment is not recognized by Law, Supplier shall grant and hereby grants to Company and its Affiliates an exclusive, unrestricted, worldwide, royalty-free, fully paid-up, transferable, irrevocable, license to use, copy, and display, modify, and create Derivative Works in the Deliverables and Supplier agrees not to use the Deliverables, except as contemplated under this Agreement, in any manner without the express written consent of Company. Notwithstanding any provision herein to the contrary, (a) Supplier shall retain ownership of Supplier Property as well as improvements, enhancements and Derivative Works to Supplier Property, to the extent not derived from Company Property and (b) any pre-existing third party materials licensed or provided to Supplier and included in a Deliverable shall be subject to any applicable terms and conditions imposed by such third party. Supplier shall not include any Supplier Property or third party materials in any Deliverables without the express prior written consent of Company.

12.3License to Supplier Property Embedded in Deliverables. To the extent a Deliverable contains Supplier Property, Supplier shall grant and hereby grants to the Company and its Affiliates a non-exclusive, unrestricted, worldwide, royalty-free, fully paid-up, irrevocable, license to use, copy, and display, modify, and create Derivative Works in any Supplier Property embedded or incorporated in the Deliverables to the extent reasonably necessary or appropriate for the use of such Deliverable. Notwithstanding the licenses granted herein, Supplier shall at all times retain ownership of all Supplier Property. Company shall not reverse engineer, decode, disable, decompile or otherwise translate or convert the Supplier Property or any part thereof, or sublicense or rent or loan any Supplier Property. Company will not remove any copyright, confidentiality, proprietary or similar notices from any Supplier Property without Supplier’s prior written consent. Supplier’s written consent is required prior to the disclosure by Company to third parties of any Supplier Property; other than with respect to Supplier Property embedded in a Deliverable to be used by a third party vendor or service provider of the Company solely for Company’s internal business purposes.

12.4Further Assurances. Supplier shall take such further actions, and shall cause Supplier Personnel to take such further actions, including the execution and delivery of instruments of

24

Execution Copy

conveyance, as may be necessary or appropriate to give full and proper effect to the assignment of Deliverables to Company. Supplier hereby represents and warrants that it has not entered into any agreement to assign any ownership rights of the Deliverables to any third party, including but not limited to Supplier’s employees, which may cause the above assignment to be invalid, illegal, unenforceable or limited in any way. Supplier shall cooperate and provide any assistance reasonably necessary for, and shall cause Supplier Personnel to cooperate and provide any assistance reasonably necessary for, the preparation, prosecution, perfection, registration, recordation, or defense to any challenge to, any application for registration of any Intellectual Property in any Deliverable.

12.5Copyright Notice. Supplier will place on each copy of all Deliverables created under this Agreement a copyright notice in a form directed by the Company.

12.6Company Marks and Company Property. Company hereby grants Supplier a worldwide, non-exclusive license to access and use the Company Marks during the Term solely for providing the Services and delivering the Deliverables hereunder. Supplier will be responsible for assuring that all Supplier Personnel are fully familiar with and abide by the Company’s rules and guidelines governing the usage of the Company Marks. Supplier recognizes the validity of the Company Marks, and the ownership thereof by the Company, and will not at any time take any action nor fail to act, the result of which would either: (a) contest, impair or jeopardize in any way any of the Company’s right, title and interest in and to the Company Marks or cause the validity or enforceability of the Company Marks or the Company’s ownership thereof to be called into question or (b) invalidate or impair the Company Marks or tarnish, disparage, degrade, dilute or injure the Company Marks (or the goodwill associated therewith) or the reputation of the Company or any of its Affiliates. Except for the limited license rights granted in this Agreement in connection with and solely in furtherance of the performance of the Services, the Supplier will not acquire any right, title or interest in or to the Company Marks, nor will it be deemed to have made any usage of the same which may accord any such rights by the performance of obligations under this Agreement. The Company hereby grants a non-exclusive, limited, non-transferable, non-sublicensable, non-assignable (except to the extent that this Agreement is permitted to be assigned), worldwide, fully paid-up, royalty-free license to Supplier (and any Service Providers providing Services) to use, create Derivative Works, practice, copy, analyze, modify and maintain any Company Property solely to the extent necessary for Supplier to perform the Services and deliver the Deliverables.

12.7Company Feedback. In connection with the activities under this Agreement, Company may from time to time provide Feedback to Supplier. Notwithstanding any provision in this Agreement to the contrary, all Feedback is Company Property (for the avoidance of doubt, in the event that Supplier creates a modification of Supplier Property based on Feedback, such modification shall be deemed to be Supplier Property). Company hereby grants Supplier a perpetual, non-exclusive, worldwide, royalty-free right and license to use, copy, and display, modify, and create Derivative Works of such Feedback for all commercial purposes. For avoidance of doubt, Feedback will not include any of Company’s Confidential Information and Supplier agrees not to identify or designate Company as the source of such Feedback. Feedback is provided “AS IS” without warranty of any kind and Company hereby disclaims all warranties with respect to the Feedback, including, without limitation, all implied warranties of non-infringement, merchantability and fitness for any particular purpose. For avoidance of doubt, all specifications and requirements provided by Company, including without limitation those included in a SOW, are Company’s Confidential Information. Company

25

Execution Copy 

grants Supplier a non-exclusive license to use specifications and requirements provided by Company for purposes of providing the Services to Company.

13. Confidentiality; Data Safety, Security and Privacy.

13.1Treatment of Confidential Information Generally. The Parties acknowledge and agree that all information that one Party receives (the “Receiving Party”) from, or on behalf of, the other Party (the “Disclosing Party”) (or any of its Affiliates or their respective customers and clients) which is marked confidential or should reasonably be understood to be confidential because, without limitation, the disclosure of such information could result in competitive or other disadvantage to the Disclosing Party is private and confidential (“Confidential Information”). Confidential Information includes, but is not limited to: (a) documents, records, communications, reports, forecasts, projections, product and service specifications, risk management strategies, regulatory matters and related strategies, litigation matters and related strategies, statistical models, formulae and algorithms, designs, pricing methods and policies, processes, methods of operation, techniques, arrangements, procedures, tools, strategic initiatives, insights or plans, business opportunities and strategies, proposals, creative plans and strategies, personnel information, policies, trade secrets, ideas, concepts, know-how, intangible rights, inventions, research and development, source code, systems, architecture, computer programs and database technologies, proprietary programs or initiatives, and such other trade secrets or information as may be supplied by or on behalf of the Disclosing Party and which is not generally ascertainable from public or published information; (b) information belonging or relating to the Disclosing Party’s clients, clients’ customers, service providers, consultants and other business relationships, including the existence or status of, and any non-public information concerning, arrangements between the Disclosing Party and its vendors; (c) non-public business, operational or financial results and projections, product development initiatives, trade secrets, business methods or processes, expansion plans and revenue and expense information; and (d) information which a reasonable person should know is confidential. In addition, the term “Confidential Information” shall be deemed to include: (i) any notes, analyses, compilations, abstracts, studies, interpretations, memoranda or other documents prepared by or on behalf of a Party that contain, reflect or are based upon, in whole or in part, any Confidential Information; (ii) the fact that Confidential Information has been made available to the Receiving Party; and (iii) the existence or status of, and any information concerning any project or this Agreement.

13.2Confidentiality Obligations. Except as otherwise provided herein or by agreement of the Parties, Receiving Party shall not disclose, sell or transfer Confidential Information to any other person or entity and shall not otherwise use Confidential Information, individually or in the aggregate (including any anonymized Company Data), for any purpose other than to fulfill the purposes of this Agreement, and Receiving Party agrees to not disclose Confidential Information to any Personnel for which disclosure is not reasonably necessary to the performance or receipt of Services and delivery or receipt of the Deliverables. Receiving Party agrees that it will not, directly or indirectly, disclose any of Company’s Confidential Information to any third party, or use any of Company’s Confidential Information, for any purpose other than in furtherance of this Agreement, except with Disclosing Party’s prior written consent. Receiving Party shall ensure that all Confidential Information disclosed to any Personnel shall be marked as confidential or otherwise provided in a manner that clearly communicates the confidential nature of such information. Receiving Party shall ensure that all Personnel performing work pursuant to the Agreement are subject to confidentiality and security obligations and restrictions and are bound to maintain the confidentiality of all the Disclosing Party’s

26

Execution Copy 

Confidential Information as required under this Agreement. As between Supplier and Company, Supplier Confidential Information shall at all times belong solely and exclusively to Supplier and Company Confidential Information shall at all times belong solely and exclusively to Company.

13.3Exceptions. Notwithstanding anything in this Agreement to the contrary, the term “Confidential Information” shall not include any information that: (a) is or becomes generally known to the public other than as a result of a disclosure in breach by Receiving Party of this Agreement or Receiving Party’s omission; (b) is lawfully in the possession of Receiving Party prior to its receipt from Disclosing Party; (c) is received by Receiving Party in good faith and without restriction from a third party having the right to make such disclosure and not under a confidentiality obligation to Disclosing Party and which third party rightfully, to Receiving Party’s knowledge, acquired such information; or (d) is independently developed by Receiving Party without reference to Disclosing Party’s Confidential Information as evidenced by written records. The foregoing exceptions shall not apply to any non-public Personal Information. For the avoidance of doubt, Company shall be permitted to disclose to third parties the nature of Services provided by Supplier in its sole discretion.

13.4Mandatory Disclosure. Receiving Party may disclose Confidential Information of the Disclosing Party if disclosure is required pursuant to the lawful requirement of any governmental agency or by any subpoena, summons, order or other judicial process, but only after giving advance written notice to the Receiving Party of the requirement to disclose to reasonably allow for an opportunity for the Disclosing Party to secure an appropriate protective order or other measure limiting disclosure. Receiving Party shall cooperate with Disclosing Party, at Disclosing Party’s cost and expense, in Disclosing Party’s reasonable, lawful efforts to resist, limit or delay disclosure. Disclosure of any of the Disclosing Party’s Confidential Information under the circumstances described in the preceding sentence shall not be deemed to render such Confidential Information as non-confidential and Receiving Party’s obligations with respect to such Disclosing Party’s Confidential Information shall not be changed or lessened by virtue of any such disclosure.

13.5Return of Information. Without limiting Company’s rights set forth in Section 11.3 (Destruction of Records) Receiving Party shall, upon termination or expiration of this Agreement or at any time upon written demand by Disclosing Party, promptly return to Disclosing Party any and all Disclosing Party Confidential Information together with any copies or reproductions thereof and, destroy (by rendering unreadable and unusable) in accordance with the requirements set forth in Exhibit D (Cybersecurity Requirements and Compliance) all related data in its computer and other electronic files. If Disclosing Party’s Confidential Information cannot be erased from all forms of magnetic and electronic media, Receiving Party will use its commercially reasonable efforts to ensure that it cannot be recovered or accessed. Receiving Party shall at such time provide Disclosing Party with a certificate signed by an officer of Receiving Party certifying that all Disclosing Party Confidential Information has been returned to Disclosing Party or destroyed in accordance with the requirements set forth in this Agreement. Receiving Party shall state in writing the method of data destruction and the date completed. Notwithstanding the foregoing, Receiving Party will be permitted to retain Disclosing Party’s Confidential Information if such retention is strictly necessary to meet Receiving Party’s legal compliance obligations, is done pursuant to Receiving Party’s fully implemented and documented records management program, and is limited to the minimum Disclosing Party Confidential Information and minimum retention period needed to meet these obligations.

27

Execution Copy

13.6Disclosure to Representatives; Obligations. Receiving Party shall be liable to Disclosing Party under this Agreement for any breach of this Section 13 by Receiving Party’s Representatives. With regard to any Representative of Receiving Party (other than Receiving Party’s employees) which will have access to Confidential Information, the Receiving Party shall: (a) ensure all Representatives are bound to confidentiality and security obligations and restrictions substantially similar to those contained in this Agreement and (b) advise such Representative of the obligations and restrictions set forth in this Section 13.

13.7Inadvertent Disclosures. In the event Receiving Party obtains Confidential Information from Disclosing Party which is not intended for Receiving Party then, Receiving Party shall: (a) immediately notify Disclosing Party that such Confidential Information has been made available to Receiving Party after identifying that such information is not intended for Receiving Party; (b) after such identification, Receiving Party shall not review, disclose, release or in any way use the Confidential Information other than for the purposes of returning or destroying such Confidential Information; (c) provide Disclosing Party reasonable assistance at Disclosing Party’s sole expense in returning such Confidential Information to Disclosing Party or destroying such Confidential Information (subject to Disclosing Party’s generally-applicable record retention policies); and (d) deliver to Disclosing Party a notice (which may be by e-mail) confirming, to the reasonable knowledge of Receiving Party, that all such Confidential Information in Receiving Party’s possession or control has been delivered to Disclosing Party or destroyed as required by this provision (subject to Receiving Party’s generally-applicable record retention policies).

13.8Certain Remedies. The restrictions contained in this Section 13 are necessary for the protection of the Confidential Information and goodwill of the Parties and are considered by the Parties to be reasonable for such purpose. Receiving Party recognizes, acknowledges and agrees that any breach by Receiving Party or its Representatives of any of the provisions contained in this Section 13 will cause the Receiving Party immediate, material and irreparable injury and damage, and there is no adequate remedy at law for such breach. Accordingly, in the event of a breach of any of the provisions of this Section 13 by Receiving Party, in addition to any other remedies it may have at law or in equity, all of the rights and remedies of Disclosing Party being cumulative, the Receiving Party shall be entitled immediately to enforcement of this Agreement in a court of competent jurisdiction by means of a decree of specific performance, an injunction without the posting of a bond or the requirement of any other guarantee or other security, and any other form of equitable relief, and the Disclosing Party, to the extent it prevails in any such action, is entitled to recover from Receiving Party the reasonable and documented costs and attorneys’ fees it incurs to enforce this Agreement. This provision is not a waiver of any other rights or remedies which Disclosing Party may have under this Agreement, including the right to recover money damages.

13.9Data Security and Privacy. Supplier shall comply with the provisions of Exhibit D (Cybersecurity Requirements and Compliance). Supplier shall advise Company promptly in the event that it has reason to suspect a threatened or actual disclosure or improper use of Company’s Confidential Information contrary to this Agreement. In the event there is a compromise or breach of any Supplier Equipment that contains Personal Information, Company Data or any other Confidential Information, Supplier shall comply with the standards, protocols, requirements and guidelines related to such compromises or breaches set forth in Exhibit D (Cybersecurity Requirements and Compliance).

28 

Execution Copy

13.10Compliance with Privacy Policy. In addition to any other obligation of Supplier hereunder, Supplier shall comply with its own privacy policy applicable to the Services provided by Supplier under this Agreement, and, upon request by Company, shall provide Company with written updates to such policy promptly as they may become effective from time to time.

13.11Notification of Threat of Identity Theft. If, in the course of performing Services hereunder, any Supplier employee who is dedicated to providing support for Company has actual knowledge of indicators of potential identity theft (e.g., identity theft red flags under the FTC Red Flags Rule or SEC Regulation S-ID) concerning an employee, individual shareholder or customer, or other person to whom such Services relate, Supplier shall promptly, unless prohibited by Law or law enforcement agency, notify Company in writing of such situation.

13.12Use of Third Party Data. Supplier acknowledges that Company Data includes information, including security and market data (the “Third Party Data”) licensed to Company by third party providers (“Third Party Data Providers”). Supplier acknowledges and agrees that the receipt and use of the Third Party Data by Supplier hereunder is subject to certain other terms and conditions required by the applicable Third Party Data Providers and Supplier hereby agrees to comply with any conditions, restrictions or limitations imposed by any such Third Party Data Providers. Without limiting the foregoing, Supplier shall only use, and shall ensure that Supplier Personnel shall only use, the Third Party Data on behalf of Company as necessary to provide the Services under this Agreement and for no other purpose whatsoever.

14. Representations and Warranties; Covenants.

14.1Supplier’s Warranties, Representations, and Covenants. Supplier warrants, represents and covenants to Company that on a continuing basis during the Term:

(a)       Supplier is a company duly formed, validly existing and in good standing under the Laws of the jurisdiction in which it is organized, and is duly qualified and in good standing in each other jurisdiction where the failure to be so qualified and in good standing would have an adverse effect on its business, activities, ability to perform its obligations under this Agreement or compliance with any of its promises, representations and warranties hereunder;

(b)       Supplier is financially solvent and has the ability to perform its obligations hereunder;

(c)       Supplier has all necessary corporate power and authority to enter into this Agreement including each SOW and to perform its obligations hereunder and thereunder, and the execution and delivery of this Agreement, including each SOW, and the consummation of the transactions contemplated hereby and thereby, have been duly authorized by all necessary corporate actions;

(d)       Supplier has all necessary power and authority to own, lease and operate its assets and to carry on its business as presently conducted and as it will be conducted pursuant to this Agreement;

(e)        [Intentionally Omitted]

29 

Execution Copy

(f)Supplier shall perform its responsibilities under this Agreement in a timely, professional and workmanlike manner, consistent with generally accepted industry practices and procedures applicable to such Services and Supplier shall provide sufficient qualified personnel to perform Supplier’s obligations hereunder, which personnel shall have appropriate credentials, skill, training and experience similar or related to the tasks to which they are assigned to perform;

(g)the Services shall be performed in compliance with the relevant Exhibits, SOWs, all Applicable Specifications and the terms and conditions of this Agreement, including the applicable Service Levels set forth in Exhibit F (Service Level Agreements) and the applicable Statement of Work and as may be otherwise established in writing by Supplier and Company;

(h)any Deliverables delivered under this Agreement shall conform to all Applicable Specifications and shall be free from all liens and encumbrances or other similar restrictions;

(i)to the best of Supplier’s knowledge, the Services and the Deliverables do not knowingly infringe or misappropriate upon any Intellectual Property right, other proprietary right or contractual license right of any third party and shall be delivered to Company free and clear of any claim of third party infringement of any Intellectual Property;

(j)Supplier: (i) is either the owner of, or authorized to use, all information and material used in connection with this Agreement, including, but not limited to the Supplier Property and (ii) is fully authorized to grant Company all rights and licenses granted under this Agreement, including, all rights, title, interest and ownership in and to all Deliverables;

(k)to the best of Supplier’s knowledge, there are no pending suits or actions threatened against Supplier that would affect the Services or its performance of obligations;

(l)Supplier shall comply with all Laws applicable to Supplier in performing the Services and its obligations under this Agreement, including Laws applicable to Supplier relating to the regulatory environment in which the Services are performed, which, to the extent relating to Laws applicable to Company and not to Supplier in the ordinary course of business, shall be notified in writing by Company to Supplier and included in the Applicable Specifications;

(m)Supplier shall cause Supplier Personnel to treat Company customers and clients in any direct or indirect dealings with respect and courtesy at all times in order to maintain the positive image and goodwill of Company;

(n)Supplier shall have no finder fee or similar arrangement with any third party that Supplier may recommend to Company;

(o)Supplier has not, and to Supplier’s knowledge no Representative of Supplier or any other person on Supplier’s behalf has, in connection with this Agreement, offered or given anything of value to: (i) any official, member, employee or customer of a governmental entity, any political party or official thereof, or any candidate for political office; (ii) any government-owned enterprise or member of the government; or (iii) any other person, in such case while knowing or having reason to know that all or a portion of such money or thing of value would be offered, given or promised, directly or indirectly, to any government agency customer, government-owned enterprise,

30 

Execution Copy

member of the government or candidate for political office for the purpose of: (A) influencing any action or decision of such person, in his official capacity, including a decision to fail to perform his official function; (B) inducing such person to use his influence with any government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality to assist Supplier in obtaining or retaining business; (C) securing any improper advantage; (D) where such payment was contingent upon the award of a government contract to Supplier; or (E) where such payment would constitute a bribe, kickback or illegal payment. Supplier maintains a system of internal accounting controls adequate to insure that Supplier maintains no off-the-books accounts and that Supplier’s assets are used only in accordance with Supplier’s management directives; and

(p)with respect to Company Networks and Deliverables, Supplier covenants and agrees that Supplier shall not knowingly insert, introduce or include, and Supplier shall use industry standard Virus detection mechanisms to ensure that any third party will not insert, introduce or include, any program code, programming instruction or set of instructions constructed with the ability or the intention to damage, interfere with, interrupt or otherwise affect computer programs, data files or operations in any manner without the authorization, knowledge or approval of any actual or intended user, operator, administrator, publisher, licensor or licensee, or any worms or so called ‘Trojan Horses’ or logic bombs, or any back door, trap door or other access means or portal which would enable an entity or device to access any programs, data, systems or communications devices, without the knowledge or authorization of the owner, operator or user of the programs, data, systems or communications devices, or any other code typically designated to be a virus or other form of malicious code (collectively, “Virus”); and

(q)Supplier shall not allow any third party interests or any encumbrances to be placed upon Company Property.

14.2     Company’s Representations and Warranties. The Company represents and warrants that:

(a)        Company is a company duly formed, validly existing and in good standing under the Laws of the jurisdiction in which it is organized, and is duly qualified and in good standing in each other jurisdiction where the failure to be so qualified and in good standing would have an adverse effect on its business, activities, ability to perform its obligations under this Agreement;

(b)        Company is financially solvent and has the ability to perform its obligations hereunder;

(c)        Company has all necessary corporate power and authority to enter into this Agreement including each Statement of Work and to perform its obligations hereunder and thereunder, and the execution and delivery of this Agreement, including each Statement of Work, and the consummation of the transactions contemplated hereby and thereby, have been duly authorized by all necessary corporate actions;

(d)to the best of Company’s knowledge, Company (i) is either the owner of, or authorized to use or provide, all information and material provided to Supplier for use in connection with this Agreement, including, but not limited to the Company Property and (ii) is fully authorized to grant Supplier all rights and licenses granted under this Agreement; and

31 

Execution Copy

(e)Company (i) has obtained all necessary written consents and authorizations as required by applicable Law from individuals whose data will be disclosed to Company and used by Supplier and (ii) will use secure, industry standard means (such as SFTP) for any transfer, storage and protection of such personal or sensitive information.

14.3Disclaimers. EXCEPT AS OTHERWISE SPECIFICALLY SET FORTH IN THIS AGREEMENT OR, WITH RESPECT TO A PARTICULAR SERVICE, IN THE RELEVANT STATEMENT OF WORK, NEITHER PARTY MAKES ANY REPRESENTATION OR WARRANTY, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE, ALL OTHER WARRANTIES BEING EXPRESSLY DISCLAIMED BY EACH PARTY AND WAIVED BY THE OTHER PARTY. THE COMPANY UNDERSTANDS THAT SUPPLIER IS PERFORMING THE SERVICES HEREUNDER USING SYSTEMS, DATA AND MATERIALS THAT HAVE BEEN PROVIDED TO SUPPLIER BY THE COMPANY, OR BY THIRD PARTIES ACTING ON BEHALF OF THE COMPANY, AND FOR WHICH SUPPLIER HAS NO RESPONSIBILITY OTHER THAN THE DUTY OF DUE CARE IMPOSED BY APPLICABLE LAW AND COMPLIANCE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT.

15. Additional Obligations.

15.1Services and Services Infrastructure Improvement and Evolution; Roadmap. Supplier will cause the Supplier Services Infrastructure and the Services to evolve and to be modified, enhanced, supplemented and replaced as reasonably necessary for the Supplier Services Infrastructure and the Services to keep pace with overall industry standard improvements and technological advances in the provision of like services; provided that any changes to the Services arising from regulatory changes shall be made at the direction and instructions of Company. Supplier shall effect productivity improvements throughout the Term as set forth in Exhibit U (Technology Refresh Requirements) and Exhibit V (Innovation Plan) and, on an annual basis, Supplier shall provide a [Intentionally Omitted] roadmap for such improvements which shall be updated by Supplier annually throughout the Term of its plans to evolve and update the Supplier Services Infrastructure and the Services. Any proposals raised in such roadmap shall be agreed upon between the Parties prior to implementation of such proposal.

15.2Performance Reviews. Within twelve (12) months of each Service Level Commencement Date identified in Exhibit F (Service Level Agreements) or the applicable Statement of Work and at least annually thereafter (after all initial Service Level Commencement Dates have passed, the Parties shall agree to synchronize to a single date for future use), or as otherwise agreed by the Parties, Supplier and the Company will review and adjust the Service Levels (and, if and as agreed applicable, the associated Charges), to reflect any improved performance capabilities associated with advances in the technology and methods used to perform the Services implemented by the Parties, material changes in volumes and metrics used to determine the Service Levels.

15.3      Company Satisfaction Surveys.

(a)At the intervals specified in Exhibit K (Company Satisfaction Surveys), Supplier shall conduct the satisfaction surveys described in Exhibit K (Company Satisfaction Surveys) in accordance with the survey protocols and procedures specified therein. To the extent Supplier

32 

Execution Copy

engages an independent third party to perform all or any part of any satisfaction survey, such third party shall be subject to preapproval in writing by the Company. Unless otherwise agreed, Supplier shall be responsible for the cost of all such surveys conducted pursuant to this Section 15.3(a) and Exhibit K (Company Satisfaction Surveys).

(b)In addition to the satisfaction surveys to be conducted pursuant to Section 15.3(a), the Company may from time to time survey satisfaction with Supplier’s performance. At the Company’s reasonable request, Supplier shall review and comment on the survey questions, protocols, procedures and the execution of such surveys.

15.4      Procedures Manual.

(a)        With input and instructions from Company as noted below, Supplier shall:

(i)ensure that the procedures manual (“Procedures Manual”) is consistent with the Company policies and procedures provided by Company to Supplier;

(ii)no later than thirty (30) days prior to the completion of the Implementation Services, deliver a draft Procedures Manual to Company for Company’s review, comment, and approval; provided, however, that Company’s approval of the Procedures Manual does not constitute a certification of the processes or procedures contained therein or a waiver of any of Company’s rights;

(iii)finalize version 1.0 of the Procedures Manual, incorporating amendments as requested by Company, and deliver it to Company no later than ninety (90) days after delivery of the draft pursuant to paragraph (ii) above;

(iv)      comply with its obligations under the Procedures Manual; and

(v)periodically update the Procedures Manual to reflect changes in the operations or procedures described therein, and provide the updated Procedures Manual to Company for review, comment, and approval.

(b)        The Procedures Manual will describe:

(i)        how the Supplier will perform and deliver the Services;

(ii)procedures for interaction and communications between the Supplier and end users covering topics such as call lists, software distribution, implementation change, problem management and escalation procedures, project priority and approval procedures, testing, and quality assurance procedure;

(iii)the activities the Supplier proposes to undertake in order to provide the Services, including those direction, supervision, monitoring, staffing, reporting, planning and oversight activities normally undertaken at facilities that provide services of the type the Supplier will provide under this Agreement;

33 

Execution Copy

(iv)the checkpoint reviews, testing, acceptance, and other procedures for Company to ensure the quality of the Supplier’s performance;

(v)the procedures the Supplier will use to track its performance under this Agreement against the Service Levels and the project milestones;

(vi)the procedures the Supplier will use to safeguard against the destruction, loss or alteration of, or unauthorized access to, Company Data; and

(vii)     Company’s policies and procedures.

(c)At least once every twelve (12) months the Supplier will prepare a draft update to the Procedures Manual to reflect any changes to the way in which the Supplier provides the Services (as approved by Company) and submit the draft to Company for approval.

(d)Once Company has approved the Procedures Manual (or any update to it), the Supplier will provide the Services in accordance with the Procedures Manual. In no event will any provision of the Procedures Manual vary or override any provision of this Agreement.

15.5      Benchmarking.

(a)        Commencing at any time after the Effective Date, and no more frequently than[Intentionally Omitted] the Company will have the right to require that the Parties use an independent, specialist third party (a “Benchmarker”) to benchmark Supplier’s performance of, and Charges for, some or all of the Services (“Benchmarking”); provided, however, that Benchmarking of less than substantially all Services shall encompass one (1) or more discrete categories of Service (such, as for example, Charges for particular functions or classes of functions) as mutually agreed to by the Parties.

(b)Within [Intentionally Omitted] after the date the Company notifies Supplier that the Company wishes to conduct a benchmark of the Services, the Company will select one of the entities specified in Exhibit J (Pre-approved Benchmarkers). The Parties will jointly engage the Benchmarker, subject to the Benchmarker’s standard terms and conditions, and Company will pay the costs and expense of hiring the Benchmarker and the preparation of any Benchmarking Results (as defined below); subject, however, to the terms of Section 15.5(d) below. In the event an approved Benchmarker acquires or is merged with a Company Competitor, such approved Benchmarker will be removed from Exhibit J (Pre-approved Benchmarkers) and replaced with a mutually acceptable substitute.

(c)The Benchmarker may convene meetings of the Parties, obtain documents and information and require or permit such presentations, as it deems appropriate, using an agreed process to make a like-for-like comparison of Supplier’s then-current fees and performance against other global outsourcing providers in the marketplace who provide service at a level and from a geographic location similar to the benchmarked services with respect to: (i) scope and nature of overall services (including, complexity, specification, volume and any economies of scale); (ii) quality standards and Service Levels (including, performance criteria); (iii) client industry, service delivery location and service recipient location; (iv) duration of contractual commitment; and (v) skills set of the applicable personnel performing the applicable services (including, the relative tenure and experience of such

34 

Execution Copy

personnel) (the “Comparators”). There shall be [Intentionally Omitted]

if the Comparator information available to the Benchmarker is comprised of a lesser number of Comparators. The Benchmarker shall make adjustments to the Comparators as it determines in its professional judgment to be necessary to permit a normalized comparison. For each Comparator used to calculate the Benchmarking Results, the Benchmarker shall disclose to Company and Supplier the demographic data (e.g., the total number of resource units or other basis on which Charges are based, a general description of the quality of services and service environment and other similar data) reasonably required for the Parties to understand the basis upon which the Benchmarker selected the Comparators.

(d)The Company and Supplier will each provide the Benchmarker with any documents or other information reasonably requested and necessary for the Benchmarker to perform services as described in this Section 15.5. Such information may include: (i) a profile of the Services used by the Company; (ii) the volume of each Service; (iii) the Charges and taxes paid by the Company for each Service; (iv) the Service Levels; (v) the complexity, scale, global coverage and start-up costs incurred at the time such costs were incurred; (vi) deferred revenue flow, if any, under this Agreement; (vii) technological advances and advances in methods of delivery of services adopted by the Parties; and (viii) any other special considerations relating to the Services; provided, however, that Supplier will not be required to provide any information relating to its margins, costs or cost elements or disclose any confidential, proprietary or trade secret information of its other clients. The Benchmarker will execute a reasonable non-disclosure agreement with confidentiality obligations at least as protective as the confidentiality obligations specified in this Agreement, and conduct the benchmarking so as not to unreasonably disrupt Supplier’s operations.

(e)If the Benchmarker finds that the Charges on a like-for-like basis paid by the Company for the Services subject to the Benchmarking process are greater by [Intentionally Omitted] or more than the average of the fees being charged by the Comparators (the “Benchmark Standard”), the Benchmarker will submit a written report setting forth such findings and conclusions (the “Benchmarking Results”), and the cost of the Benchmarking will be borne by Supplier. The Benchmarker will be required to include in such report the following:

(i)The Benchmarking methodology including but not limited to the metrics which were benchmarked, the approach and assumptions used to normalize data across the sample group studied by the Benchmarker and Supplier, and any limitations of the Benchmarking process; and

(ii)The data and analysis supporting such comparison and normalization, including information as to any material differences in the comparison criteria such that comparisons will be normalized to account for differences in volumes of service, complexity, service levels, investments in assets, transfers of personnel, start-up costs, variations in configurations, unique or unusual requirements and other appropriate criteria.

(f)For a period of no more than [Intentionally Omitted] , the Parties will be entitled to review the draft version of the Benchmarking Results and discuss such Benchmarking Results with (and provide comments to) the Benchmarker prior to the Benchmarker’s delivery of the final version of the Benchmarking Results (it being understood that Benchmarker will make updates to or otherwise respond to comments received prior to issuing its final report as it reasonably deems appropriate).

35 

Execution Copy

During the [Intentionally Omitted] period following the Benchmarker’s delivery of the final version of the Benchmarking Results, the Company and Supplier will review the Benchmarking Results and Supplier will then have the opportunity to provide a proposal to the Company to address the Services, Service Levels and the Charges to eliminate any unfavorable variance (the “Benchmarking Adjustment Plan”).

(g)If the Parties are unable to reach agreement upon a Benchmarking Adjustment Plan, then for a period of [Intentionally Omitted]           from delivery of the Benchmarking Adjustment Plan, the Company shall have the right, at its option, upon               [Intentionally Omitted] written notice, to terminate the Services that are subject to the disagreement without penalty. The Company’s right to terminate in this Section 15.5 shall expire [Intentionally Omitted]          after delivery of the Benchmarking Adjustment Plan.

15.6Development of Company-Requested Functionality and Enhancements. Without limiting Company’s rights and Supplier’s obligations under Section 15.1 above, from time to time during the Term, Company may request Supplier in writing (including by e-mail) to develop certain functionality and/or enhancements for the Services, as determined by Company in its sole discretion based on its business needs. The Parties will handle all such requests in accordance with the process set forth for in Section 1.5 (Professional Services). Supplier acknowledges and agrees that unless a request is either wholly unreasonable or not technically feasible, Supplier shall develop the requested functionality and/or enhancements for the Services in the commercially reasonable time period requested by Company, in accordance with the Applicable Specifications agreed to and at the rates set forth in Exhibit B (Pricing) and subject to the terms of such Exhibit, as documented in a Statement of Work.

15.7Prior Notice of Material Changes. Prior to making any material changes to the manner in which the Services are provided under this Agreement, including changes to processes, IT systems, specifications, or other operational aspects of the Services, in each case which are reasonably likely, to the extent of Supplier’s knowledge, to materially affect the Services, or the performance of Supplier’s obligations under this Agreement, or the manner in which Company uses the Services, Supplier shall provide reasonable notice of such anticipated change to Company (which notice need not conform to the requirements of Section 26 but will be via e-mail communication), at the request of Company, discuss such change in good faith with Company, and shall not implement such change absent Company’s consent thereto (not to be unreasonably withheld or delayed); provided, however, that, subject to Company’s rights under Section 2 (Testing and Acceptance), Company’s consent to such change will not be required to the extent that such change does not result in any: (a) cost or expense to Company (including capital expenditure (CAPEX) costs) or (b) significant adverse effect on the Services, the performance of Supplier’s obligations under this Agreement, or the manner in which Company uses the Services.

15.8Notice of Material Events. Supplier shall promptly notify Company in writing of any Material Event (as defined below) of which Supplier becomes aware through exercise of due care throughout the Term. Any such notice will be provided to the relationship manager of Company, and the relationship manager of Supplier will be available then to discuss the circumstances leading to the events which are the subject matter of the notice provided for above. For purposes hereof, “Material Event” means any event or series of events that, to Supplier’s actual knowledge, is reasonably likely to materially adversely impact the business or reputation of Supplier as it relates to the Services or otherwise materially adversely impacts the performance of Services hereunder. Any such disclosures

36 

Execution Copy

by Supplier will expressly be subject to the provisions of Section 13 (Confidentiality; Data Safety, Security and Privacy).

15.9Additional Information. Company may at any time request from Supplier reasonable additional information with respect to the Services, and/or data related to Company's use of the Services, and Supplier shall provide such information at no additional cost to Company. If Supplier cannot itself provide the requested info1mation, then Company may request that Supplier have appropriate subject matter experts provide such additional information. In the event that such request exceeds what is commonly requested by Supplier's similarly-situated clients in general, Supplier and Company will mutually agree on additional compensation to Supplier for such efforts. Additionally, in the event that Supplier has actual knowledge: (a) that Supplier has breached this Agreement or (b) of material issues or errors that adversely affect performance of the Services, Supplier will provide Company with facts specific to the situation and Supplier's assessment of the impact on Company.

15.10Permits. As part of the Serv ices, except as otherwise set forth herein or in an Exhibit or Appendix, Supplier will be responsible for obtaining, maintaining and complying with all applicable licenses, authorizations, consents, approvals and pe1mits required of Supplier to perfo1m the Services (collectively, "Permits").

16. Liability Insurance.

16.1Insurance Coverages. Supplier will, at its own cost and expense, obtain and maintain in full force and effect, with financially sound and reputable insurers having A.M. Best ratings of at least A- (VII) or better, liability insurance to cover Supplier's obligations under this Agreement Upon execution of this Agreement and before the commencement of any Serv ices, Supplier will provide the Company with certificates of insurance evidencing the following coverages and minimum amounts with such insurers:

COVERAGE	MINIMUM LIMITS OF LIABILITY
Workers’ Compensation & Employers Liability Insurance (as required by the state):
Workers’ Compensation: Employers Liability:    a. Bodily Injury by accident    b. Bodily injury by disease	Statutory Limits [Intentionally Omitted]
Commercial General Liability Insurance (Primary & Umbrella) or Equivalent:
Commercial General Liability Insurance including:    a. Bodily Injury    b. Broad Form Property Damage    c. Contractual Liability    d. Complete Operations (2 years after substantial completion of entirety of project)	[Intentionally Omitted]

37 

Execution Copy

COVERAGE	MINIMUM LIMITS OF LIABILITY
Comprehensive Automobile Liability Insurance:
To include non-owned, hired or rented vehicles as well as owned vehicles:    a. Bodily Injury    b. Property Damage	[Intentionally Omitted]
Umbrella/Excess Liability Insurance:
Excess/Umbrella Coverage providing additional limits for Comprehensive Automobile liability, Employer’s Liability, and Commercial General Liability Insurance Coverages	[Intentionally Omitted]
Other:
Fire or Extended Coverage Insurance on Equipment, tools and materials ow	[Intentionally Omitted]
Cybersecurity Insurance:
Cybersecurity Insurance Coverage for Losses from cyber incidents, including:    a. Liability for network/computer security breaches and privacy breaches, including liability arising out of unauthorized access to Company Confidential Information or wrongful disclosure of Company Confidential Information, alleged violations of any breach notice laws or privacy regulations, and government actions, and government actions and fines. Company shall be named as an additional insured on this policy on a primary, non-contributory basis.    b. First party coverage for breach notification costs, including the costs to notify those individuals whose confidential information is the subject of a privacy breach.     c. First party coverage for PCI-DSS fines and costs assessed against the Supplier under a merchant services agreement.	[Intentionally Omitted]

38 

Execution Copy

COVERAGE	MINIMUM LIMITS OF LIABILITY
d. First party coverage for ransom amounts to respond to a cyber extortion threat or terminate an ongoing ransomware attack.     e. First party coverage for data restoration and recovery.     f. First party coverage for a network interruption.	[Intentionally Omitted]

All insurance shall be primary and not contributing with any insurance coverage maintained by the Company or its Affiliates. The limits of insurance required under this Section 16 shall not be construed as a representation of Supplier’s maximum liability nor as an opinion of the adequacy of such limits, nor shall: (a) any liability cap in the Agreement limit Supplier’s ability to recover under the relevant insurance policy or (b) the insurance serve to cap Supplier’s indemnification obligations as stated in this Agreement.

16.2Insurance Policies. Company will receive thirty (30) days’ advance written notice in the event of a cancellation or material change in Supplier’s insurance policy. Any insurance policy: (a) shall not be modified, altered or canceled without thirty (30) days’ prior written notice to Company and (b) shall be primary and not contributing with any insurance coverage maintained by Company. When any insurance policy is renewed or replaced, the policy retroactive date must coincide with, or precede, the commencement of Services on any Statement of Work. In any insurance policy other than a policy for Professional Liability, Supplier will name Company, its Affiliates and their respective officers, directors, employees and agents as additional insureds.

16.3Claims-Made Policies. In any policies written on a “claims-made” basis: (a) Supplier shall ensure that continuous coverage is maintained or an extended coverage period will be exercised for a period of not less than [Intentionally Omitted]     , beginning from the time of issuance of final payment; (b) in the event a “claims-made” policy is not renewed or replaced, such policy must have an extended reporting period of [Intentionally Omitted]     and (c) the policies shall not contain any exclusion for claims arising out of purely business activities in which the insured professional is engaged as a sole proprietor, partner, officer, director or shareholder of a business enterprise.

16.4Service Provider Insurance Coverage. Unless otherwise agreed with the Company, Supplier shall also ensure and require by contract that all subcontractors with access to Company Confidential Information maintain at all times during the term hereof the following insurance coverage: Liability for network/computer security breaches and privacy breaches, with a limit of liability of [Intentionally Omitted], including liability arising out of unauthorized access to Company Confidential Information or wrongful disclosure of Company Confidential Information, and alleged violations of any breach notice laws or privacy regulations. Additionally, Supplier shall include in its agreement with subcontractor a provision stating that “Global Atlantic shall be named as an additional insured on this policy on a primary, non-contributory basis.”

39 

Execution Copy

17. Compliance with Laws.

17.1     General Compliance Obligations.

(a)Each Party is responsible for complying with all Laws that are applicable to such Party and in its and its Personnel’s performance of their respective obligations under this Agreement, including Laws relating to (in the case of Supplier) the provision or (in the case of Company) receipt of the Services, such as the United States Foreign Corrupt Practices Act, as amended, or any comparable Laws applicable to the Services (collectively, “FCPA”), Immigration Reform and Control Act of 1986 (“IRCA”), and other Laws relating to the employment or engagement of Personnel, employee tax withholding applicable to Personnel, and environmental and health and safety Laws. The Supplier shall implement on Company’s behalf and pursuant to Company’s instructions, and subject to costs in accordance with Section 17.1(c), any change in Laws applicable to Company and its Personnel’s use of the Services prior to the deadline imposed by the regulatory or governmental body having jurisdiction for such requirement or change. For the avoidance doubt, this Section 17.1 shall not limit any applicable indemnities in this Agreement.

(b)Supplier acknowledges that Company’s receipt of the Services is subject to applicable Laws including SEC and FINRA content and filing requirements, broker-dealer Laws, Sarbanes-Oxley Act of 2002 requirements and Laws regarding the handling, protection and sharing of Personal Information. If at any time Company is notified (orally, in writing, via electronic communication or otherwise) by any of its customers, clients, FINRA, the SEC or any other governmental or regulatory agency (including self-regulatory organizations) that any part of the Services is not in compliance with any Laws that are applicable to such Services, and such organization or agency requests that Company or Supplier change its processes or activities associated therewith, Supplier shall reasonably cooperate with Company to address such concerns in accordance with this Agreement.

(c)Supplier shall provide whatever changes, as determined by the Parties, to the Services as reasonably necessary to comply prior to the applicable deadline with the Laws and deliver related Deliverables reasonably necessary to assist Company to comply with such requirements, to the extent they are related to the Services. Supplier shall provide such assistance and deliver such Deliverables to Company as may be reasonably required by Company in writing, as follows: If changes in existing Laws either: (i) require substantial modifications to the Services hereunder or (ii) materially increase the cost of performance of the Services hereunder, a fee may be charged by Supplier for the amount actually incurred by Supplier as a direct result of compliance with such regulatory changes under either (i) or (ii) above, as applicable, as evidenced by reasonable written records provided by Supplier to Company and detailing the amount of such fee and Supplier’s calculation methodology of the fee (the “Additional Cost”). Company shall reimburse Supplier for its pro-rata portion (or other equitable methodology) the Additional Cost. Any Additional Cost in providing the Services shall be mutually agreed to by the Parties.

(d)Supplier shall comply with all applicable provisions of the California Insurance Frauds Prevention Act and 10 CCR 2698.33. Supplier shall include the following provisions in any agreement the Supplier may enter into with any subcontractor for personnel to perform functions such as the processing, investigating, or litigation pertaining to payment or denial of a claim or application for adjudication of a claim or application for insurance on behalf of Company. These personnel may

40 

Execution Copy

include claims handlers, underwriters, policy handlers, call center staff within the claims or policy function, legal staff, and other employee classifications that perform similar duties for Supplier on behalf of Company, (collectively, “the anti-fraud services”):

(i)Supplier shall provide the California Department of Insurance, Fraud Division (“Fraud Division”) a complete and executed copy of any such agreement between Supplier and its subcontractor, including all attachments, exhibits and amendments thereto, upon request by the Fraud Division,

(ii)Any such agreement between Supplier and its subcontractor shall conform to the requirements set forth in subdivisions (c)(1), (c)(2), (c)(3), and (c)(4) of 10 CCR 2698.33, and

(iii)In the event any subcontractor to Supplier contracts with any other entity or entities to perform the anti-fraud services on behalf of Company, the agreement between the subcontractor and the entity so contracted (hereinafter a “sub-subcontractor”) shall contain the following provisions:

(1) Sub-subcontractor shall conform to the requirements set forth in subdivisions (c)(1), (c)(2), (c)(3), and (c)(4) of 10 CCR 2698.33

(2) The sub-subcontractor shall provide, upon request by the Fraud Division, a complete and executed copy of any such agreement between the subcontractor and its sub-subcontractor, including all attachments, exhibits and amendments thereto, and

(3) Sub-subcontractor shall under no circumstances permit, or contract with, any other entity to perform the anti-fraud services which the sub- subcontractor has contracted with the subcontractor to perform on behalf of Company.

17.2Equal Opportunity Employer. Supplier represents that it provides equal employment opportunities for all individuals without regard to race, color, religion, national origin, sex, age, disability, sexual preference or other characteristics protected by Law and that Supplier provides a workplace free of discrimination or harassment. Supplier will not recruit, hire, train, assign, compensate, discipline, promote, transfer or discharge any individuals who may be assigned to provide Services in violation of this equal employment opportunity policy.

17.3USA Patriot Act and OFAC. Without limiting any other provision hereof, Supplier agrees that it shall not perform any Services, or subcontract with any third party to perform any Services from a location in any country that is: (a) subject to the Office of Foreign Assets Control sanctions that prohibit contractual arrangements such as those contemplated by this Agreement or (b) designated as being of primary money laundering concern pursuant to the provisions of the United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act of 2001).

17.4ADA Compliance. Supplier agrees that all web pages, digital content, and applications provided under this Agreement (the “Digital Deliverables”) to the extent such Digital Deliverable is

41 

Execution Copy

owned or licensed by Supplier for Company’s use in connection with providing the Services and made publicly available by Supplier under this Agreement will conform with the Web Content Accessibility Guidelines (WCAG) 2.0, levels A and AA. With respect to Digital Deliverables that are provided by Supplier to Company under this Agreement as part of the Supplier Services Infrastructure, and to which Authorized Users will have access, Supplier agrees to cooperate in good faith at Company’s reasonable request to ensure compliance with the Web Content Accessibility Guidelines (WCAG) 2.0, levels A and AA as agreed by the Parties pursuant to a Statement of Work as an Additional Cost in accordance with Section 17.1(c) above.

18. Non-Solicitation.

18.1Non-Solicitation Obligation. Without the prior written consent of the other Party, during the Term of this Agreement, neither Party nor any of Supplier’s Affiliates or Company’s subsidiaries will solicit to employ or employ (including pursuant to a consulting relationship): (a) any of the employees of the other Party or its Affiliates, so long as such employee is employed by the other Party or its Affiliates or (b) any individual contingent workers or consultants currently providing services to the other Party (collectively, “Restricted Persons”). Notwithstanding the foregoing, nothing shall prevent a Party or its Affiliates from employing a Restricted Person who: (i) responds to a general employment advertisement when such solicitation is not specifically directed at one or more Restricted Persons; (ii) are directed to such Party by employment search firms where such employment search firms are not directed by such Party or its Affiliates to initiate discussions with respect to the prospective employment of a Restricted Person; or (iii) contact such Party or its Affiliates on his or her own initiative without any direct or indirect solicitation by such Party or its Affiliates.

19. Indemnification.

19.1      Supplier Indemnity Obligations.

(a)        Infringement or Misappropriation of Intellectual Property.

(i)Supplier shall defend, indemnify and hold the Company Indemnitees harmless from and against all Losses based on, arising out of or otherwise in connection with any claim (threatened or actual) made by a third party not affiliated with Company based upon infringement or misappropriation of any Intellectual Property rights to the extent arising in connection with the Supplier Property, Deliverables or Services provided under this Agreement.

(ii)In the event of any claim (threatened or actual) described in Section 19.1(a)(i), Supplier, at its expense and discretion, may take one or more of the following actions: (A) modify the applicable Supplier Property, Deliverables or Services, as the case may be, so that it is no longer infringing (provided its functionality is not impaired); (B) replace the applicable Supplier Property, Deliverables or Services, as the case may be, with functionally equivalent products, materials or services; (C) obtain the right for Supplier to continue to provide the applicable Supplier Property, Deliverables or Services, as the case may be, to Company or the right for Company to continue using the Supplier Property, Deliverables or Services, as the case may be; (D) if Supplier is subject to an injunction that prevents it from performing any Services for Company or if none of the above options (A)through (C) can be implemented by Supplier in a commercially reasonable fashion or can be obtained by Supplier on commercially reasonable terms, terminate Company’s rights under this

42 

Execution Copy

Agreement with respect to any applicable Supplier Property, Deliverables or Serv ices that are not critical to Company's operations or Company's use of the Services; or (E) if Supplier is subject to a non-appealable injunction that prevents it from performing any Services for Company or if Company consents in writing, terminate Company's rights under this Agreement with respect to any applicable Supplier Property, Deliverables or Services that are not subject to Section 19.l (a)(ii)(D). If Supplier exercises the rights described in Section 19.l (a)(ii)(D) or Section 19.l(a)(ii)(E), to the extent that the applicable Supplier Property, Deliverables or Services are separately charged, Supplier shall refund to Company any prepaid and unused fees attributable to such Supplier Prope1ty, Deliverables or Services. Notwithstanding any such replacement, modification, licensing or termination, Supplier's obligations to defend and indemnify Company in accordance with this Agreement shall not be diminished or eliminated. Supplier shall have no obligation to indemnify Company Indemnitees with respect to any portion of the Supplier Property, Deliverables or Serv ices, to the extent that such portion was: (x) (I) compliant with written specifications provided and required by Company and Supplier was unaware that such specifications were potentially infringing and (2) where such written specifications, as delivered by Company, infringe the Intellectual Prope1ty rights of the third-party bringing the claim; or (y) misused or modified by or on behalf of Company or its Indemnitees and such misuse or modification was not made or permitted by Supplier.

(b)Other Indemnification Obligations. Supplier shall defend, indemnify and hold the Company Indemnitees harmless from and against all Losses based on, arising out of or otherwise in connection with any claim (threatened or actual made by a third party not affiliated with Company, arising out of or otherwise in connection with:

[Intentionally Omitted]

except, in each case of (i)-(vii) above, to the extent the claimed Losses are based on, arising out of or otherwise in connection with (1) Company's breach of its obligations under this Agreement; or (2) any event with respect to which Company otherwise has the obligation to indemnify Supplier under Section 19.2 of this Agreement.

19.2Company Indemnity Obligations. Company shall defend, indemnify and hold the Supplier Indemnitees harmless from and against all Losses based on, arising out of or otherwise in connection with any claim (threatened or actual) by a third party not affiliated with Supplier, arising out of or otherwise in connection with: [Intentionally Omitted]

43

Execution Copy

[Intentionally Omitted]; except, in each case of (a) through (f), to the extent the claimed Losses are based on, arising out of or otherwise in connection with (i) Supplier's breach of its obligations under this Agreement; or (ii) any event with respect to which Supplier otherwise has the obligation to indemnify Company under Section 19.l (a) or (b) of this Agreement. Where a Company IP Claim would not have arisen but for Supplier's use of a product or service provided by a third party vendor to Company, Company's sole obligation is to pass through to Supplier any indemnity that may be available to Company under the terms and conditions of the agreement between Company and such third party vendor, except to the extent such Company IP Claim arises out of Company's breach of its agreement with such third party vendor ("Company Third Party Vendor IP Breach Claims"), in which case such claim shall be subject to the Augmented Cap.

19.3Indemnification Procedure. In the event of a claim by a third party for which a Company Indemnitee or Supplier Indemnitee (each, as applicable an "Indemnitee") seeks indemnification hereunder ("Third Party Claim"), the Indemnitee shall promptly notify the other Party (the "Indemnitor") in writing of any such Third Party Claim and forward all related documents received with the Third Party Claim to the Indemnitor. Indemnitor shall have sole control of the defense of any Third Party Claim, except that:

(a)The Indemnitees reserve the right to be represented by counsel and the Indemnitees and their counsel shall have the right to participate in the defense or settlement of any Third Party Claim. Such representation shall be at the expense of the Indemnitees, except that Indemnitor shall, at its own expense, assign separate counsel to itself and to the Indemnitees if: (i) the employment of separate counsel by the Indemnitees has been previously authorized by Indemnitor; or (ii) the Indemnitees shall have reasonably concluded that there may be a conflict of interest between the Indemnitor and the Indemnitees in the conduct of any defense; or (iii) Indemnitor does not continue to retain counsel to fulfill its indemnification obligation under this Section 19.

(b)Indemnitor shall not agree to any settlement of any Third Party Claim without the Company's prior written consent, as relates to a Third Party Claim against a Company Indemnitee, or without Supplier's prior written consent, as relates to a Third Party Claim against a Supplier Indemnitee, which consent shall not be unreasonably withheld. Any such settlement shall include a confidentiality agreement prohibiting disclosure of the terms of such settlement.

(c)Notwithstanding anything to the contrary herein, with respect to: (i) any Third Party Claim that alleges a criminal offense, regulatory (including self-regulatory organizations) fines and/or penalties or (ii) any Third Party Claim under Section 19.l(a) with respect to which the

44

Execution Copy

Indemnitor: (A) notifies the other Party that it refuses to assume the defense or (B) does not promptly assume the defense in accordance with this Agreement, the other Party shall have sole control of the defense and settlement of such claim, and the other Party 's reasonable costs and expenses incurred in such defense and settlement shall be deemed Losses indemnifiable by the Indemnitor hereunder.

19.4No Limitation. The foregoing indemnities will not be limited m any manner whatsoever by any required or other insurance coverage maintained by Indemnitor.

19.5Exclusion of Consequential Damages. [Intentionally Omitted] neither Supplier nor Company shall be liable to the other for any special, indirect, incidental, punitive, or consequential damages arising in connection with this Agreement, whether in an action in contract, tort, strict liability or negligence, or tother actions, even if advised of the possibility of such damages. [Intentionally Omitted].

19.6      Limitation of Liability.

(a)        The Base Cap. [Intentionally Omitted]

This is an aggregate limit for any and all of Supplier's or Company's Claims in relation to this Agreement. The existence of more than one Claim shall not enlarge this limit.

(b)       [Intentionally Omitted]

(c)       The Augmented Cap. [Intentionally Omitted]

45

Execution Copy

19.7Separate and Distinct Claim Caps. The Base Cap and the Augmented Cap are separate and distinct caps, and Losses that count toward one cap will not count toward the other cap.

19.8[Intentionally Omitted]

19.9[Intentionally Omitted]

19.10   Mitigation. Each Party will use reasonable efforts to mitigate its damages.

20.Company Affiliates. Supplier acknowledges and agrees that the Company is the legal entity designated to acquire external resources that are utilized by the Company and its "Affiliates." For purposes of this Agreement, "Affiliates" shall mean any Person directly or indirectly controlling, controlled by or under common control with a party hereto as of or after the Effective Date, for so long as such relationship is in effect (including Affiliates subsequently established by acquisition, merger or otherwise). For the purpose of the foregoing, an ownership interest of fifty percent (50%) or more of an entity shall be deemed to represent control of such entity.

21. Transition Services.

21.1In General. In anticipation of the expiration or termination of this Agreement or any portion hereof or of any Services, Supplier shall provide to Company, or at Company's request, to Company's designee, such reasonable cooperation, assistance and services as required by Company to facilitate the orderly wind-down, transition or migration of the Services to Company or Company's designee (the "Transition Services"). Transition Services shall include, at Company's request, Supplier providing another supplier to Company with information and assistance reasonably needed to transition services replacing the Services to that other supplier's systems, provided that such other supplier is subject to duties of confidentiality no less restrictive than the terms of this Agreement. Transition Services shall be provided for a period determined by Company, stating upon the date any written notice of non-renewal or te1mination (or such other date mutually agreed in writing by the Parties) and continuing until the completion of the Transition Services ("Transition Period"). All Transition Services shall be provided subject to and in accordance with the terms and conditions of this Agreement.

46

Execution Copy

21.2Transition Plan. The Parties will agree on a plan for each Service and/or Statement of Work, as applicable, which will set out details of the Transition Se1v ices as further delineated in Exhibit G (Transition Se1v ices), (each, a "Transition Plan") and will attach the plan to the Agreement within ninety (90) days of the Effective Date of the Serv ices or Statement of Work, as applicable. If a Transition Plan for a Serv ice or Statement of Work is not attached to the Agreement, the Parties will agree on one for the within ninety (90) days after Company provides notice to Supplier that it wishes to develop such a plan. Exhibit G (Transition Se1v ices)sets forth the process for the Parties to negotiate and agree upon a Transition Plan (as defined in Exhibit G (Transition Serv ices)) and the Transition Serv ices (as defined in Exhibit G (Transition Serv ices)). To the extent the Parties are unable to finalize a Transition Plan as set forth in Exhibit G (Transition Serv ices), Supplier shall provide Transition Serv ices as reasonably requested by Company, based upon the outline of the Transition Specifications (as defined in Exhibit G (Transition Serv ices)) set fort h in Exhibit G (Transition Serv ices).

21.3Continued Services. Until Transition Services are completed, Supplier shall continue to provide all Services in accordance with the terms of this Agreement. Supplier's obligation to provide the Transition Services does not restrict either Party from seeking any remedies that may be available to it when it has terminated this Agreement or a Service, or Statement of Work.

21.4Charges. The Transition Services shall be provided for the fees or rates set out in the Transition Plan, or if no such fees or rates are set out in such plan, at the fees or rates for similar services set out in a Statement of Work, or if no fees or rates for similar services are set out in a Statement of Work, at commercially reasonable fees or rates (which fees and rates shall not be greater than Supplier's then-current fees and rates for similar services under this Agreement)("Transition Rates") [Intentionally Omitted].

22.Assignment. Supplier may not, without the prior written consent of the Company, assign any of its rights or delegate any of its duties pm-suant to this Agreement. Any attempted assignment without the Company's written consent will be void and invalid. The Company may assign this Agreement and its rights hereunder to any successor in interest whether by sale of assets, equity, merger or othe1wise and othe1wise as permitted hereunder.

23.Right to Offset. Subject to prior discussion with Supplier, Company shall have the right to offset: (a) amounts due to Company hereunder and unpaid, or any unpaid damages incurred by Company as a result of Supplier 's material, uncured breach of this Agreement after such damages have either been awarded to Company in a final, non-appealable adjudication or mutually agreed in a settlement between the Penalties or (b) any amounts due to Supplier hereunder.

24. Use of Name and Publicity.

(a)Without the prior written consent of Company: (i) Supplier will not disclose, advertise or publish or permit the disclosure, advertisement or publication of the fact that Supplier has finished or contracted to finish to Company any of the Services and (ii) Supplier will not use or permit the use of a name, trade name, trademark, service mark, logo or other branding of Company in any advertising, marketing or promotional materials, press releases or any other non-internal document or communication, whether in digital, electronic, paper, oral or other f01m . Under no circumstances

47

Execution Copy

will Company be required to provide any endorsements or recommendations of any kind to Supplier or any party as it pertains to the Services, this Agreement or otherwise.

(b)Company shall, in accordance with its corporate policy, consider in good faith, on a case by case basis and subject to being provided with sufficient notice, any reasonable request from Supplier to engage in any activity that would without Company’s consent otherwise violate Section 24(a).

25. Notices. All notices under this Agreement shall be in writing, properly addressed and shall be: (a) mailed by first-class or express mail, postage prepaid; (b) sent by reputable overnight delivery service; or (c) personally delivered to the receiving party. Each notice shall be deemed given upon receipt of such notice by the other Party. All notices shall be sent to the other Party at its address as set forth below or at such other address as such Party has specified in writing. Any notices not addressed as specified shall be deemed to not have been given or received.

If to the Company:

Global Atlantic Financial Company

30 Hudson Yard

New York, New York 10001

Attn: General Counsel

If to the Supplier:

320 Park Avenue, Floor 29

New York, NY, 10022

Attn: General Counsel

Email: general.counsel@exlservice.com

26.Severability. In the event any provision of this Agreement, in whole or in part, is invalid, unenforceable or in conflict with any applicable Laws, such provision will be replaced, to the extent possible, with a provision which accomplishes the original business purposes of the provision in a valid and enforceable manner, and the remainder of this Agreement will remain unaffected and in full force.

27. Governing Law; Dispute Resolution.

27.1Governing Law. This Agreement, and any dispute that arises between the Parties relating to, arising out of or in any way connected with this Agreement (including any transaction in connection therewith and any negotiation and discussion leading thereto, and including any Exhibit, Schedule, SOW or Appendix) or any term or condition hereof, or the performance by either Party of its obligations hereunder, will be governed by and construed and enforced in accordance with the Laws of the State of New York, excluding its principles of conflicts of law. The Parties hereby submit to the exclusive jurisdiction and venue of the courts of the State of New York located in New York City and the United States District Court for the Southern District of New York for purposes of all legal proceedings arising out of or relating to this Agreement. The Parties hereby irrevocably waive, to the fullest extent permitted by applicable law, any objection which they may now or hereafter have to the laying of venue of any such proceeding brought in such a court and any claim that any such proceeding brought in such a court has been brought in an inconvenient forum. The Parties hereby irrevocably waive any and all rights to trial by jury.

48

Execution Copy

27.2Disputes Generally. If any dispute arises between the Parties relating to, arising out of or in any way connected with this Agreement (including any transaction in connection therewith and any negotiation and discussion leading thereto, and including any Exhibit, SOW or Appendix) or any term or condition hereof, or the performance by either Party of its obligations hereunder, the Parties shall seek to resolve such dispute by following the procedures set forth in this Section 27 prior to pursuing other available remedies; provided, however, that nothing herein shall preclude either Party from seeking preliminary restraining orders, preliminary injunctions or other equitable relief from a court of competent jurisdiction pending the completion of the procedure set forth herein.

27.3Process. If any such dispute arises, the Party raising such dispute shall provide written notice of the dispute to the other Party, and the Project Managers designated by the Parties in connection with such dispute shall work diligently and in good faith to resolve such dispute. If such dispute is not resolved by such Project Managers after thirty (30) days following the date of the written notice of such dispute, each Party shall promptly appoint a representative holding the title Vice President or higher and having the decision-making authority to resolve the dispute on behalf of such Party. Such representatives shall promptly meet and shall work diligently and in good faith to resolve such dispute. Each Party shall treat all discussions and negotiations conducted by the Parties, including those conducted by the Project Managers, relating to such dispute as confidential and all such negotiations shall be considered to be compromise and settlement negotiations for purposes of applicable rules of evidence.

27.4Right to Seek Additional Remedies. In the event such dispute is not resolved by the appointed representatives described in Section 27.3 above within thirty (30) days following the date of the written notice of such dispute (and the Parties agree that upon the lapse of such thirty (30) day period, their respective Representatives will be deemed to have promptly met and worked diligently and in good faith to resolve such dispute and acted pursuant to the other provisions of this Section 27), then each Party shall be free to pursue any and all remedies available to such Party, at law or in equity, subject to the terms of this Agreement. If any such dispute arises following the termination of this Agreement, each Party shall use its commercially reasonable efforts to follow a process consistent with that set forth in this Section 27.

27.5This Agreement and the transactions contemplated herein are not and will never be subject to the Uniform Computer Information Transactions Act (prepared by the national Conference of Commissioners on Uniform State Laws) as currently enacted by any jurisdiction or as may be codified or amended from time to time by any jurisdiction.

28.Negotiated Terms. The language, terms, conditions and provisions of this Agreement are the result of negotiations between the Parties and this Agreement will not be construed in favor of or against any Party by reason of the extent to which any Party or its professional advisors participated in the preparation of this Agreement or based on a Party’s undertaking of an obligation under this Agreement. This Agreement shall not be construed against any Party, and no consideration shall be given or presumption made, on the basis of which Party drafted this Agreement, or any particular provision hereof, or supplied the form of Agreement. The Parties hereto have participated jointly in the negotiation and drafting of this Agreement and the other agreements and documents contemplated herein, including any SOWs. In the event an ambiguity or question of intent or interpretation arises under any provision of this Agreement or any other agreement or documents contemplated herein, this Agreement and such other agreements or documents shall be construed as if drafted jointly by the

49

Execution Copy

Parties thereto, and no presumption or burden of proof shall arise favoring or disfavoring any Party by virtue of authoring any of the provisions of this Agreement or any other agreements or documents contemplated herein.

29. Changes and Modifications. The terms and conditions of this Agreement may not be amended, waived or modified, except in a writing signed by both Parties.

30.Headings. Section and paragraph headings used herein are for convenience only and will not be used to broaden or limit this Agreement.

31.Prohibition on Multiple Agreements. During the Term, Supplier shall not enter into any other agreement, of any type whatsoever, with the exception of a Statement of Work, with any Affiliate, company, business unit, department, division, organization or employee of the Company without first obtaining prior written approval of the Company. Supplier understands that the purpose of this provision is to allow the Company to manage effectively its relationships with the numerous external resources that are utilized in transactions, which are critical to its business success.

32.Waiver. Failure of either Party to complain of any act or omission of the other Party, no matter how long the same may continue, shall not be deemed to be a waiver by such Party of any of its rights hereunder. No waiver by any Party at any time of any other provision of this Agreement shall be deemed a waiver or breach of any other provision of this Agreement or consent to any subsequent breach of the same of any other provision hereunder. If any act or omission by any Party shall require the consent or approval of another Party, such consent or approval of such act or omission on any one occasion shall not be deemed a consent to or approval of said act or omission on any subsequent occasion or consent to or approval of any other acts or omission on the same or any subsequent occasion. Waiver of any right or remedies must be in a signed writing by the waiving Party.

33.Counterparts. This Agreement may be signed in one or more counterparts, each of which shall be an original, with the same effect as if the signatures were upon the same document. A copy of this Agreement executed by a Party hereto that is provided to the other Party via facsimile or other electronic means shall have the same effect as the original executed copy of this Agreement, as the case may be.

34.Entire Agreement. This Agreement (including all Exhibits, Schedules and Appendices) constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes all other communications, including but not limited to all prior agreements including the Engagement Letter dated December 13, 2019, between the Parties with respect to such subject matter.

35.        Third Party Beneficiaries. Except with respect to Company Indemnitees and Former Affiliates, which shall constitute third party beneficiaries hereunder, this Agreement is for the sole benefit of the Parties and their respective permitted successors and assignees.

36.        Cumulative Remedies. Remedies provided for in this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either Party at law (subject to the limitations set forth in this Agreement) or in equity.

37.Conflicts; Precedence of Terms. In the event of a conflict between the terms and conditions of the main body of this Agreement and the terms and conditions of any Exhibit or Appendix, the terms

50

Execution Copy

and conditions of such Exhibit or Appendix shall control; provided, however, that in the event of a conflict between any of the terms and conditions of Section 1.8 (Company Property), Section 4 (Term and Termination), Section 5 (Conduct of Supplier Personnel), Section 6 (Audits and Examinations), Section 11 (Reports; Books and Records; Liens), Section 12 (Proprietary Rights), Section 13 (Confidentiality; Data Safety, Security and Privacy), Section 19 (Indemnification), Section 21 (Transition Services), or Sections 22 (Assignment) through Section 40 (Equitable Relief) of this Agreement and the terms and conditions of any Exhibit or Appendix, the terms and conditions of such sections of this Agreement shall control. Any exceptions expressly included in a particular Exhibit or Appendix, or any such conflict in which the terms and conditions of an Exhibit or Appendix control, shall apply only for purposes of the applicable Exhibit or Appendix, as the case may be, and shall not be deemed to in any way amend, modify, cancel, or waive the provisions of this Agreement or any other Exhibit or Appendix. In the event of a conflict between the term of this Agreement and a Statement of Work, the terms of this Agreement shall control.

38.Prior Agreement. With respect to that certain Engagement Letter dated December 13, 2019 (the “Original Agreement”), the Parties agree that on the Effective Date, the Original Agreement shall automatically terminate and such termination shall have no effect upon this Agreement or upon the continued provision under this Agreement of the services previously provided under the Original Agreement. Accordingly, the statement of works under the Original Agreement listed on Exhibit X (Original Agreement SOWs) (the “Original Agreement SOWs”) hereto shall be governed by this Agreement as of the Effective Date and considered Statements of Work under this Agreement.

39.      Protective Procedures. Without limitation to any other provisions of this Agreement, if a Supplier Change of Control occurs with respect to Supplier and the Acquiring Person or an Affiliate thereof is a Company Competitor, in the event Supplier Personnel is working in Supplier systems, Supplier shall prepare, implement and maintain an ethical wall to ensure that personnel of such Acquiring Person or Affiliate thereof do not have access to Company Confidential Information to the extent such information may be used by such personnel to compete with Company (the “Protective Procedures”).

40.Equitable Relief. Each Party acknowledges and agrees that any failure by such Party to perform its obligations under this Agreement may result in irreparable harm to the other Party, because monetary damages alone will not provide sufficient relief, and that the other Party is therefore entitled to seek specific performance or an injunction (without any need or requirement to post a bond) to enforce all of its rights under this Agreement in accordance with the terms of this Agreement.

51

Execution Copy

IN WITNESS WHEREOF, the Parties have executed and delivered this Agreement as of the date first written above.

Global Atla ti Fi ilc		ExlService H ldi I
Signature:		Signature:
Print Name:	David Wilken	Print Name:	Anand Logani
Title:	President	Title:	SVP, Head of L&A Business
Date:	10/15/2021	Date:	10/20/2021

52

Confidential

List of Exhibits and Appendices:

Exhibit A	Definitions
Exhibit B	Pricing
	Attachment 1 to Exhibit B – Expense Policy
Exhibit C	Maintenance and Support Services
Exhibit D	Cybersecurity Requirements and Compliance
Exhibit E	Policies and Procedures
Exhibit F	Service Level Agreements
Exhibit G	Transition Services
Exhibit H	Form of Statement of Work
Exhibit I	Change Request Process
	Attachment 1 to Exhibit I – Change Request Form
Exhibit J	Pre-approved Benchmarkers
Exhibit K	Company Satisfaction Surveys
Exhibit L	Implementation Services
Exhibit M	Reporting
Exhibit N	Supplier Service Locations and Supplier Service Provider Locations
Exhibit O	Affiliates
Exhibit P	Intentionally Omitted
Exhibit Q	Intentionally Omitted
Exhibit R	Intentionally Omitted
Exhibit S	Form of Non-Disclosure Agreement
Exhibit T	Intentionally Omitted
Exhibit U	Technology Refresh Requirements
Exhibit V	Innovation Plan
Exhibit W	Governance

Execution Copy

Exhibit X                 Original Agreement SOWs

Execution Copy

EXHIBIT A

DEFINITIONS

For the purposes of this Agreement, the definitions set forth in this Exhibit A shall apply to the respective capitalized terms:

1.“Accept” shall mean as to any Deliverable, Company’s written notice of its confirmation that Company has determined that: (a) such Deliverable conforms with the relevant Acceptance Criteria applicable to such Deliverable and (b) the Documentation accurately describes the operation, use of and functionality of the Deliverable.

2.“Acceptance Criteria” shall mean those tests, processes, procedures and criteria, including Applicable Specifications, developed jointly and agreed to in writing by Supplier and Company pursuant to which Deliverables shall be Evaluated.

3.“Acquiring Person” shall mean a Person or a group of Persons acting in concert that is or are, as the case may be, the acquiring party(ies) in a Supplier Change of Control; provided, however, that for the purpose of a Supplier Change of Control, a Person that is an Affiliate of Supplier immediately prior to the consummation of the Supplier Change of Control shall not be deemed an Acquiring Person in such a Supplier Change of Control.

4. “Additional Cost” has the meaning set forth in Section 17.1(c).

5. “Affected Party” has the meaning set forth in Section 10.1.

6. “Affiliates” has the meaning set forth in Section 20.

7. “Agreement” has the meaning set forth in the Preamble.

8.“Anonymized Data” means Company Data from which all Personal Information is removed.

9.“Applicable Specifications” shall mean the specifications, technical, business, operational, and functional requirements, standards and descriptions including the applicable format and content parameters, if any, applicable to the Services and Deliverables, as described in, and/or referenced by, the applicable Exhibit or Appendix, any applicable Documentation, or other written document mutually agreed upon by the Parties.

10. “Audit Reports” has the meaning set forth in Section 6.7.

11. “Augmented Cap” has the meaning set forth in Section 19.6(c).

12.“Authorized User(s)” shall mean, unless otherwise defined in an Exhibit or Appendix, in which case the definition set forth in such Exhibit or Appendix shall apply, an individual authorized by Company and assigned a user ID to access and use the Services.

13. “Background Check Policy” has the meaning set forth in Section 5.7(a).

Exhibit A-1

Execution Copy

14. “Base Cap” has the meaning set forth in Section 19.6(a).

15. “Benchmark Standard” has the meaning set forth in Section 15.5(e).

16. “Benchmarker” has the meaning set forth in Section 15.5(a).

17. “Benchmarking” has the meaning set forth in Section 15.5(a).

18. “Benchmarking Adjustment Plan” has the meaning set forth in Section 15.5(f).

19. “Benchmarking Results” has the meaning set forth in Section 15.5(e).

20.“Business Continuity and Disaster Recovery Plan” shall mean Supplier’s contingency plans, recovery plans, including disaster recovery plans, and proper risk controls designed to ensure Supplier’s continued performance under this Agreement, as such plans may be updated by Supplier from time to time subject to the provisions of Section 9.

21.“Business Day” shall mean the period between 12:00 AM EST and 11:59 PM EST every day, except Saturday, Sunday, or NYSE holidays.

22. "Change Request” has the meaning set forth in Exhibit I (Change Request Process).

23.“Charges” shall mean any charges or fees paid or payable (and with respect to Charges that are payable, for Charges payable for completed Services) by Company to Supplier (or its Affiliates) under this Agreement. “Charges” shall include, but shall not be limited to, the Fees.

24. “Claim” has the meaning set forth in Section 19.6(a).

25. “Company” has the meaning set forth in the Preamble.

26.“Company Agent” shall mean the agents, contractors, subcontractors, suppliers and representatives of Company (excluding Supplier and Supplier Personnel).

27.“Company Competitor” means those Persons listed on Exhibit T (Competitors) as Company Competitors.

28.“Company Data” shall mean the following data and information, whether provided or produced before, on, or after the Effective Date,: (a) all data and information that is provided by or on behalf of Company, or by or on behalf of Company Agents, customers and clients, to Supplier and/or Supplier Personnel hereunder by means of, or in connection with, this Agreement; (b) all data and information about a Company customer or end user that is generated through the use of the Services or performance of Services hereunder or is a derivative thereof; and (c) all reports produced by Supplier containing or derived from information described in clauses (a) and (b) and any data and information included therein, pursuant to this Agreement. Without limiting the generality of the foregoing, Company Data includes Anonymized Data and Personal Information collected or derived in connection with the use of the Services and/or performance of the Services.

Exhibit A-2

Execution Copy

29.“Company Indemnitee(s)” shall mean Company, its Affiliates, and their respective officers, directors, shareholders, employees and agents (as such persons and entities may exist at any time during the term of this Agreement and thereafter), and their respective successors and assigns.

30. “Company IP Claims” has the meaning set forth in Section 19.2.

31. “Company Marks” means the Company’s name, trademark(s), service mark(s), logos

or slogans.

32.“Company Networks” shall mean collectively, all Software and Equipment owned or leased by or licensed to Company or a Company Agent.

33. “Company Personnel” has the meaning set forth in Section 1.10(a).

34. “Company Premises” shall mean the premises of Company or a Company Affiliate.

35.“Company Property” shall mean any and all property belonging to Company or an Affiliate of Company and provided to Supplier (or access to which is provided to Supplier in connection with this Agreement), including: (a) all documents, materials and tangible property, including all tangible embodiments of Company Confidential Information, and all reports, communications, designs, data, analyses, source code, Software, tools, digital images, methodologies, specifications, models, prototypes, samples, and any other materials including improvements, enhancements and Derivative Works thereto and thereof; (b) Company Confidential Information; (c) Company Networks; (d) Company Marks; (e) Feedback; (f) Deliverables; (g) Company Data; and (h) the Procedures Manual.

36. “Company Services Infrastructure” has the meaning set forth in Section 1.7(e).

37. “Company Third Party Contractor” has the meaning set forth in Section 1.9(a).

38.“Company Third Party Contractor Act or Omission” has the meaning set forth in Section 1.10(f).

39.“Company Third Party Vendor IP Breach Claims” has the meaning set forth in Section 19.2.

40. “Comparators” has the meaning set forth in Section 15.5(c).

41. “Confidential Information” has the meaning set forth in Section 13.1.

42. “Critical Milestone” has the meaning set forth in Section 2.3(a).

43. “Default Notice” has the meaning set forth in Section 4.2(d).

44.“Deliverables” shall mean any items specified as “deliverables” in a SOW or in an Exhibit thereto.

45. “Delivery” has the meaning set forth in Section 2.1.

Exhibit A-3

Execution Copy

46."Derivative Work" shall mean a work that is based upon one or more preexisting works and that, if prepared without the authorization of the owner of the preexisting work, would constitute a copyright infringement, or any improvement, enhancement, modification or adaptation of or to a preexisting work.

47.    "Digital Deliverable" has the meaning set forth in Section 17.4.

48.    "Disclosing Party" has the meaning set forth in Section 13.1.

49."Documentation" shall mean documentation describing the design, features and functionality of the Services or a Deliverable and describing the use thereof.

50.     "Effective Date" has the meaning set forth in the Preamble.

51."Equipment" shall mean computers and related equipment, including central processing units and other processors, controllers, modems, communications and telecommunications equipment (voice, data and video), cables, storage devices, printers, terminals, other peripherals and input and output devices, and other tangible mechanical and electronic equipment intended for the processing, input, output, storage, manipulation, communication, transmission, networking and retrieval of info1mation and data.

52."Evaluate" or "Evaluation" means with respect to a Deliverable, inspect, test or othe1wise evaluate the Deliverable against the applicable Acceptance Criteria.

53.“Evaluation Period” shall mean [Intentionally Omitted].

54.    "FCPA" has the meaning set fo1th in Section 17.1(a).

55."Feedback" shall mean any idea, suggestion, recommendation, feedback or design made to the Services or any Deliverable or Documentation associated with the Services, and specifically including specifications, requirements, designs and the like that Company provides to

Supplier in connection with this Agreement , including with respect to Company-requested

enhancements, modifications, customizations or other changes or additions.

56."Fees" has the meaning set fo1th in Section 3.1.

57.     "Force Majeure Event" has the meaning set fo1th in Section 10.1.

58.     "Former Affiliate" has the meaning set fo1th in Section 1.11.

59.     "Fraud Division" has the meaning set fo1th in Section 17.l(d)(i).

60.     "Front Line Personnel" has the meaning set fo1th in Section 5.1(a).

61."Full Time Equivalent" or "FTE" shall mean a service unit equivalent to 1,800 hours of work per year (or pro rata thereof if the Term of a SOW is less than one (1) year).

Exhibit A-4

Execution Copy

62.“I-9 Process” shall mean Supplier’s and its Supplier Personnel’s employment eligibility and record keeping requirements under the Immigration Reform and Control Act of 1986, the Immigration Reform Act of 1990 and the Illegal Immigration Reform and Immigrant Responsibility Act of 1996, as the same shall be amended from time to time.

63.       “Implementation Services” means the Services set forth in Exhibit L.

64.       “Indemnitee” has the meaning set forth in Section 19.3.

65.       “Indemnitor” has the meaning set forth in Section 19.3.

66.       “Initial Term” has the meaning set forth in Section 4.1.

67.“Intellectual Property” means all: (a) ideas, designs, concepts, methods, processes, techniques and apparatus; (b) patents, patent applications, patent disclosures, inventions, discoveries and/or improvements (whether patentable or not); (c) trademarks, service marks, trade dress, trade names, logos, corporate names, Internet domain names, and registrations and applications for the registration thereof together with all of the goodwill associated therewith (“Marks”); (d) copyrights and copyrightable works (including computer programs and mask works) and registrations and applications thereof; (e) trade secrets and know-how; (f) any work of authorship, including any associated copyright, industrial design or moral rights recognized by Law; (g) waivable or assignable rights of publicity, waivable or assignable moral rights; (h) unregistered and registered design rights and any applications for registration thereof; (i) database rights and all other forms of proprietary technology or material; and (j) all statutory, common-law, and other similar rights in any and all jurisdictions and countries related to any of the foregoing.

68.       “IRCA” has the meaning set forth in Section 17.1(a).

69.       “Key Person” or “Key Personnel” has the meaning set forth in Section 5.4(a).

70.“Laws” shall mean any law, declaration, decree, standards, legislative enactment, order, ordinance, regulation, rule or other binding restriction of or by any federal, state, municipal, local, territorial, or other governmental department, regulatory authority, judicial or administrative body, domestic, international, or foreign, and any rules and regulations of self-regulatory organizations that may be applicable to a Party and its Affiliates in the provision or receipt and use of the Services and/or Deliverables hereunder, in each case that are in effect from time to time during the Term of this Agreement.

71.“Loss” or “Losses” shall mean any and all damages, losses, costs, obligations, claims, causes of action, demands, assessments, judgments, settlements or liability, including regulatory and other fines and penalties, and all reasonable costs and expenses (including prejudgment interest and other interest, penalties and reasonable attorneys’, accountants’ and/or expert witness fees and disbursements) of defending any of the foregoing or of enforcing this Agreement.

72.      “Maintenance and Support Services” has the meaning set forth in Section 1.4.

73.     “Material Event” has the meaning set forth in Section 15.8.

Exhibit A-5

Execution Copy

74.“Nonconformity” or “Nonconformities” shall mean a failure of a given Service or Deliverable, or a component of any of the foregoing, to conform to the Applicable Specifications or Acceptance Criteria, which may include (a) descriptions of services errors and (b) compatibility requirements with Company Networks.

75.       “OFAC” has the meaning set forth in Section 5.7(c).

76.“Outsourced Services” shall mean: (a) the services described in the Statements of Work that are not Professional Services and (b) all services and products necessary for the use of the services described under subsection (a) above, including, but not limited to Transition Services and certain development, customization, design, documentation, processes and other implementation services related thereto as well as all ancillary services.

77.       “Party” or “Parties” has the meaning set forth in Preamble.

78.       “Permits” has the meaning set forth in Section 15.10.

79.“Person” shall mean an individual, partnership, corporation, limited liability company, joint venture, trust, unincorporated association or any other entity.

80.“Personal Information” shall mean any personally identifiable information or data (including each of the following: name, social security number, telephone number, bank account or other financial institution account number, credit or debit card number, driver’s license number, passport number and any other government-issued identification number) of, concerning or relating to an employee, customer or prospective customer of Company or a client of Company, or any information or data that identifies or that could be used to identify an individual or otherwise relates to an identified individual that Supplier collects, receives or derives hereunder from interactions with an employee, customer or prospective client/customer of Company or a client of Company (including investors in investment companies managed by Company).

81.       “Personnel” shall means Supplier Personnel or Company Personnel (as applicable).

82.       “Pre-existing IP” has the meaning set forth in Section 12.1(a).

83.       “Procedures Manual” has the meaning set forth in Section 15.4(a)(i).

84.       “Professional Services” has the meaning set forth in Section 1.5.

85.       “Project Manager(s)” shall mean those individual designated as “Project Managers,” “Designated Contacts” or any similar designation set forth in an Exhibit or Appendix.

86.       “Proposal” has the meaning set forth in the Recitals.

87.       “Protective Procedures” has the meaning set forth in Section 38.

88.       “Receiving Party” has the meaning set forth in Section 13.1.

89.       “Records” has the meaning set forth in Section 11.2.

Exhibit A-6

Execution Copy

90.      “Renewal Term” has the meaning set forth in Section 4.1.

91.      “Representatives” shall mean Personnel and attorneys, accountants and other advisors to Supplier or the Company (as applicable).

92.      “Response Plan” has the meaning set forth in Section 6.2(e).

93.      “Restricted Persons” has the meaning set forth in Section 18.1.

94.      “Retention Period” has the meaning set forth in Section 11.2.

95.      “RFP” has the meaning set forth in the Recitals.

96.      “Service Level” has the meaning set forth in Exhibit F (Service Level Agreements).

97.      “Service Location” or “Service Locations” has the meaning set forth in Section 1.7(a).

98.      “Service Provider Report” has the meaning set forth in Section 5.5.

99.      “Service Providers” has the meaning set forth in Section 5.5.

100.“Services” shall mean any services performed or provided by Supplier or on behalf of Supplier and as permitted under this Agreement, including the Outsourced Services, Maintenance and Support Services, Professional Services, and Transition Services.

101.      “Services Component” has the meaning set forth in Section 4.2(b).

102.“Software” shall mean any software programs and programming, applications, operating systems, utilities and interfaces, and all documentation relating thereto, together with all corrections, improvements, updates, releases and new versions thereof.

103.      “Specified Termination Sections” has the meaning set forth in Section 21.4.

104.“Statement of Work” or “SOW” shall mean a statement of work describing the Outsourced Services or Professional Services that was agreed to and signed by the Company and the Supplier as of the Effective Date or during the Term of this Agreement that specifically references this Agreement.

105.      “sub-contractor” has the meaning set forth in Section 17.1(d)(iii).

106.      “Subsequent Evaluation Period” has the meaning set forth in Section 2.3(b).

107.      “Supplier” has the meaning set forth in the Preamble.

108.“Supplier Change of Control” shall mean the occurrence of a transaction or a series of transactions by which: (a) an Acquiring Person: (i) acquires the direct or indirect ownership of a majority of the applicable Supplier’s (or its ultimate controlling Person’s) outstanding capital stock (or other form of equity interests); (ii) with respect to Supplier, obtains the voting power to elect a majority of the directors of the Supplier’s board of directors (or other similar governing body); or (iii) acquires

Exhibit A-7

Execution Copy

directly or indirectly all or substantially all of the applicable Supplier’s (or its ultimate controlling Person’s) assets to this Agreement or (b) the applicable Supplier (or its ultimate controlling Person) becomes an Affiliate of a Person that is a Company Competitor.

109.“Supplier Competitor” means those Persons listed on Exhibit T (Competitors) as Supplier Competitors.

110.“Supplier Indemnitee(s)” shall mean Supplier and Supplier’s Affiliates, and their respective officers, directors, shareholders, employees, and agents (as such persons and entities may exist at any time during the term of this Agreement and thereafter), and their respective successors and assigns.

111.      “Supplier NDA” has the meaning set forth in Section 1.10(a).

112.      “Supplier Personnel” has the meaning set forth in Section 5.1(a).

113.“Supplier Property” shall mean (a) Supplier’s Pre-existing IP; (b) Intellectual Property licensed to Supplier to provide the Services (but not including any Company Property); (c) any ideas, designs, concepts, methods, processes, techniques, apparatus or other Intellectual Property developed by Supplier after the Effective Date that are not developed in the performance of the Services or the creation of Deliverables; and (d) all improvements, customizations, enhancements and modifications to the foregoing.

114.      “Supplier Services Infrastructure” has the meaning set forth in Section 1.7(e).

115.      “Term” has the meaning set forth in Section 4.1.

116.      “the anti-fraud services” has the meaning set forth in Section 17.1(d).

117.      “Third Party Claim” has the meaning set forth in Section 19.3.

118.      “Third Party Data” has the meaning set forth in Section 13.12.

119.      “Third Party Data Providers” has the meaning set forth in Section 13.12.

120.      “TPA” has the meaning set forth in the Recitals.

121.      “Transition Period” has the meaning set forth in Section 21.1.

122.      “Transition Plan” has the meaning set forth in Section 21.2.

123.      “Transition Rates” has the meaning set forth in Section 21.4.

124.      “Transition Services” has the meaning set forth in Section 21.1.

125.      “Unaffected Party” has the meaning set forth in Section 10.2.

126.      “Virus” has the meaning set forth in Section 14.1(p).

Exhibit A-8

Execution Copy

EXHIBIT B

PRI CING

[Intentionally Omitted]

Exhibit B-1

Execution Copy

APPENDIX 1 to EXHIBIT B

Global Atlantic Financial Group Limited Travel and Expense Policy

A. Policy Amendment during Covid-19

The following additional rules are being enacted due to the CO VID-19 Pandemic, and will remain in effect going forward. Please note that you should also review the Company’s COVID-19 Workplace Safety Policy, which covers other COVID-19 safety reimbursements and supersedes this T&E policy where they conflict.

· All office-based GA employees that are currently working from home in some capacity, beginning with the month of August 2020, may submit for reimbursement of mobile data and home office phone/internet charges:

o Maximum allowable reimbursement for both mobile data and home office phone/internet charges combined is limited to $50/month

o Documentation for charges is required (e.g. first page of bill or statement showing total charge and date)

o Please refer to these detailed instructions on how to submit for reimbursement

o Remote and Field-based employees will continue to follow existing policies and practices

· Travel

o External facing field sales follow the guidance within the Life and Retirement Distribution groups

o For all other employees, interoffice and any other travel is currently prohibited. For any exception requests employees should email security@gafg.com

B. Policy Statement

Global Atlantic Financial Group Limited (“Global Atlantic” or the “Company”) will reimburse employees for all reasonable and necessary expenses incurred for business expenses that comply with this policy. The company reserves the right to refuse reimbursement of any out- of-pocket expenses that do not comply with this policy. Violation of the Travel and Expense Policy can result in disciplinary action up to and including termination.

This policy covers all expenses related to air travel, hotel accommodations, ground transportation, and business meals. For gift and entertainment expenses, employees should refer to the most recent GAFG Policy on Gifts and Entertainment located on the intranet.

Exhibit B-2

Execution Copy

C. Purpose

The objectives of this policy are:

· To ensure that all employees have a clear and consistent understanding of the company’s policies and procedures for business travel and meal expenses

· To provide business travelers with service and comfort while being mindful of cost

· To ensure that all business expenses incurred directly by employees are used to accomplish business objectives in a cost-efficient manner, in accordance with prudent business judgment, and are reimbursed in a timely manner

· To maximize the company’s ability to negotiate discounted rates with preferred suppliers and reduce travel expenses

D. Scope

This policy applies to Global Atlantic and all of its subsidiaries, including all departments and employees. The policy framework and its guidelines and processes should be adhered to Company-wide.

E. Business Expenses

This policy is limited to travel and entertainment expenses only. Business-related expenses should be managed through Accounts Payable whenever possible. For practical reasons, it may not be possible for some business expenses to be managed through Accounts Payable (e.g., Bermuda vendors that will not accept USD check or wire payment, one-time vendors, or professional fees). Employees should consult the Accounts Payable Team or the Vendor Management team with questions on these expenses. If a corporate card must be used for a business-related expense, the expense must be thoroughly documented in Concur on an expense line basis and be submitted to the correct department. Employees should notify the departmental budget owner of any significant expenses submitted via Concur.

F. Expense Reimbursement Process

Expenses incurred directly by employees will only be reimbursed upon the submission of a properly documented expense report via the Concur system. All employees are required to complete a profile on Concur.

Corporate Credit Cards

Employees who expect to travel twice per year or more are required to carry a corporate credit card. Other employees are eligible to obtain a corporate credit card, subject to the approval of the employee’s manager and the Expense Management Team.

All corporate credit cardholders are required to use the company issued and paid corporate card when charging all reimbursable expenses, including meals, air travel, lodging, and ground transportation, except when not accepted by the vendor.

Exhibit B-3

Execution Copy

Employees are prohibited from using a corporate card for personal expenditures. Improper use of the corporate credit card may include disciplinary action, up to and including termination of employment. The employee must immediately flag and submit any personal expenses paid with a corporate card through the Concur system and should reimburse the company immediately via check.

Reports

The individual claiming reimbursement or his/her assistant must submit an expense report through the Concur system with all supporting receipts, invoices, and documentation. All expenses in Concur should be assigned to the appropriate department. For tracking purposes, report names should be as specific as possible.

Employees should submit an expense report within 30 days of incurring an expense. The company will suspend the corporate cards of employees with outstanding expenses older than 60 days. The company reserves the right to refuse reimbursement of expenses submitted more than 60 days after being incurred.

Original itemized receipts should be submitted for all expenses over $25. In some limited cases where a receipt cannot be obtained, approval may be granted for a Missing Receipt Memo to be submitted instead. The memo should include the vendor, amount, date of charge, description of purchase, and the reason for the missing receipt. Please contact the Travel & Expense Team for additional information.

All out-of-pocket expenses require an itemized receipt, except items under $10 for which receipts are typically not available (e.g., hotel tips).

Approval

The immediate manager of the employee submitting expenses for reimbursement must approve all expenses, unless he/she is not an Assistant Vice President or above. Exceptions to this standard need to be approved by Expense Management. Managers should review and approve expense reports as soon as possible but no later than 30 days after submission. The Expense Management team will maintain approver information in the Concur system.

In addition to being reviewed and approved by the employee’s direct manager, all business expense reports are subject to review by Expense Management and may also be subject to review by Internal Audit as part of periodic audits.

Any expense greater than $10,000 that is not associated with a sales event coordinated through the Marketing team must be approved by an Executive Committee member.

Out-of-Policy Expenses

Any expenses incurred that do not comply with this policy will be tracked and reported to the employee’s manager as well as the relevant budget owner and EXCOM member.

G. Air Travel

Booking

Exhibit B-4

Execution Copy

In order to obtain the lowest possible fares, employees should book air travel at least 7 calendar days prior to departure when circumstances permit. Employees are expected to plan ahead in order to minimize change fees.

Employees should book air travel through Direct Travel. Users are encouraged to book air travel online, as online booking fees are lower than fees for booking travel by email or phone.

Class of Service

Employees must use the lowest logical airfare available. Air travel is restricted to economy class for all domestic flights. Employees may select preferred seating options within economy class, when reasonably priced given the length of the flight. Business class is acceptable when it does not cost any additional amount. Business class is also acceptable for international flights lasting 5 or more hours (2 connecting international flights that are 5+ hours in total will not qualify). First class is only acceptable for such flights when business class is not available. Receipts should show the cost and class of service.

Upgrades and Frequent Flyer Benefits

The employee may accept upgrades that do not incur any additional costs. Upgrades that incur additional costs are treated as a personal expense and should not be purchased with a corporate credit card. Employees may retain frequent flyer benefits, but such benefits must not influence flight selection or otherwise result in incremental charges to the company. Any fees associated with membership in frequent flyer programs or other rewards programs are not reimbursable. Any fees associated with optional security clearance services are not reimbursable (TSA Pre- Check, Clear, etc).

Overnight Delays

In the event that delay necessitates an overnight stay, the traveler must first attempt to obtain complimentary lodging from the airline. If unsuccessful, the traveler should contact Direct Travel.

Cancellations

Employees must notify Direct Travel when a trip is cancelled so that the ticket value may be applied to a future trip.

Lost Luggage

In the event that an employee’s luggage is lost or delayed by the airline, the company will reimburse the employee for emergency personal items, up to $100. The airline is responsible for replacing lost luggage, and replacement of lost luggage is not reimbursable by Global Atlantic.

Exhibit B-5

Execution Copy

Reimbursable Expenses

Global Atlantic will reimburse baggage fees for up to 2 bags per employee. Airline club membership costs are not reimbursable. Optional security clearance services are not reimbursable (TSA Pre-Check, Clear, etc).

H. Hotel Accommodations

Booking

All hotel accommodations should be booked through Direct Travel. Employees are required to select Global Atlantic preferred hotels in order to maximize the company’s ability to negotiate discounted rates. If a preferred hotel is not available, the employee should exercise good business judgement and select a competitively priced hotel while maintaining a reasonable level of comfort and convenience. Conference attendees should book rooms directly with the hotel in order to obtain the conference negotiated rate unless a better rate is available through Direct Travel.

Employees are encouraged to book hotel accommodations online, as online booking fees are lower than fees for booking travel by email or phone. Any hotel reservation changes or cancellations should be made through Direct Travel.

Upgrades and Benefits

Hotel upgrades may be accepted by the employee if they incur no additional costs. Membership in frequent hotel programs is acceptable if it does not cause any incremental costs to the company. Any fees associated with membership in frequent hotel programs are not reimbursable.

Reimbursable Expenses

Gym and internet expenses during travel are reimbursable (including in-flight and airport Wi- Fi; note that membership in loyalty or point programs often includes free Wi-Fi). Laundry expenses are reimbursable for trips lasting 5 or more days. Personal calls are not reimbursable; employees should utilize personal devices or tools like skype when available.

I. Ground Transportation

Selection

Employees should use the most economical mode of transportation when choosing among use of personal car, car service, taxi, and rental car. When traveling from the airport, traditional car service should only be used in special circumstances (e.g., late arriving flight, traveling with clients, airports with limited taxi options). The preferable option is a local taxi or similarly priced car service (e.g., Uber, Lyft).

Car Rentals

Car rentals may be used when entertaining customers or when other means of transportation are unavailable, more costly, or impractical. Employees should book car rentals through Direct Travel and should select a preferred car rental vendor. Employees should select an

Exhibit B-6

Execution Copy

intermediate size car or smaller, unless 3 or more employees are sharing a vehicle. Upgrades may be accepted if they incur no additional costs. Global Atlantic has procured auto insurance coverage for employees, and the employee should not purchase any additional insurance. Employees are expected to refuel before returning the car to the rental car agency in order to save on refueling costs.

Personal Cars

Employees are reimbursed for the use of a personal vehicle in business travel at the IRS business standard mileage rate (57.5 cents per mile as of Jan 1, 2020), which includes fuel and insurance (i.e., gas is not separately reimbursable). As supporting documentation, employees must submit either (1) a mileage log that includes starting and ending locations, total mileage, and the business purpose of the trip or (2) a mileage calculation and supporting map from a web navigation service (e.g., Google Maps) in any expense report requesting mileage reimbursement. It is the responsibility of the employee to carry adequate personal auto insurance.

Parking

Parking expenses are reimbursable for business travel. Employees should use the most economical parking facilities within a reasonable area. Parking charges for commuting are not reimbursable.

Late Night Taxis

When working past 9:00 PM, employees are entitled to take a taxi or car service home.

J. Rail Travel

When traveling by train, business class is acceptable.

K. Meals

· Client meals include meals with clients, agents, and potential business partners. The names of attendees at client meals must be documented, as required in Concur. Employees should refer to the GAFG Policy on Gifts and Entertainment for non-meal entertainment expenses.

· Intra-company meals (business meals with other employees) are reimbursable for appropriate purposes (e.g., employee from out of town). The names of attendees must be documented, as required in Concur.

Exhibit B-7

Execution Copy

· Travel meal expenses in excess of the stated limits are treated as a personal expense.

· Employees working in excess of 12 hours and in the office past 8:00 PM are entitled to an overtime meal, to be purchased for consumption in the office. Employees for whom weekend or holiday work is not part of their regularly scheduled work week are entitled to lunch and dinner at the overtime meal rate listed above when working for 4 or more hours in a single day on the weekend.

L. Other Travel Information

Combining Business and Personal Travel

Mixing of business and personal travel such as a weekend stay or the accompaniment of a spouse/guest is allowed as long as there are no additional costs to the company. Additional incremental expenses need to be properly flagged within the Concur system as personal expenses. Upgrades (hotel, air fare, car rental) are also allowed as long as the additional incremental cost is paid by the employee.

Travel Assistance and Business Travel Accident Insurance

U.S. employees may receive Travel Assistance Services, provided through both ACE USA Travel Assistance Services and US Bank Visa. In addition, ACE and US Bank Visa provide employees with Business Travel Accident coverage.

M. Self-Managed Expense Budgets

Employees with self-managed expense budgets may not be subject to all of the restrictions in this policy. These employees should discuss questions on appropriate expenses with a direct manager or the Expense Management team. All expenses are expected to fall within reasonable limits. Employees may be required to reimburse Global Atlantic for unreasonable expenses.

Exhibit B-8

Execution Copy

N. Non-Reimbursable Expenses

Non-reimbursable expenses include, but not limited to:

n Airline Club Membership Dues

n Annual Fees for Credit Cards and/or Credit Card Reward programs

n Babysitting

n Barbers and Hairdressers

n Car Washes for Personal or Rental Cars

n Clothing

n Country Club Dues

n Baggage Charges, Beyond 2 Bags Per Employee

n Fees for Membership in Frequent Flyer and Frequent Hotel Programs

n Helicopter Services for Airport Transfers

n Hotel Room Safekeeping Fees (Unless Holding Company Property)

n House-sitting

n Laundry Services, Except When Traveling for 5+ Days

n Loss/Theft of Personal Funds or Property

n Luggage or Briefcase Purchases

n Magazines, Books, Newspapers

n Medical Bills During Domestic Travel

n Movies (Incl. In-Flight, Hotel Room)

n "No-Show" Charges for Hotel or Car Service (Within Traveler's Control)

n Non-Compulsory Insurance Coverage

n Optional security clearance services (TSA Pre-Check, Clear, etc)

n Optional Travel or Baggage Insurance

n Parking or Traffic Tickets

n Personal Accident Insurance

n Personal Entertainment, Incl. Sports Events

n Personal Gifts (including gifts to other employees)

n Personal Property Insurance

n Personal Telephone Calls

n Personal Toiletries

n Personal/Vacation Expenses on Business Trip

n Pet Care

n Postage, Postcards

n Replacement costs of lost luggage

n Routine Car Maintenance/Tune-Ups or Insurance Premiums

n Saunas and Massages

n Shoeshine

n Sporting Club Fees, Except for Client Entertainment

n Tobacco Products

n Video Games

Exhibit B-9

Execution Copy

REVISION HISTORY

Policy adopted as of October 25, 2016

Version	Status	Reason for Change	Date
V 1.0	Initial Adoption & Publication	New Policy Issuance
V 2.0	Revision	Policy revised in conjunction with rollout of new travel and corporate	10/25/2016
V 2.1	Revision	Policy revised to return to per- meal travel allowance (vs. per diem)	1/3/2016
V 3.0	Revision	Miscellaneous revisions	10/10/2018
V 4.0	Revision	COVID related temporary revisions	8/26/2020

Policy Owner (Department): Finance Management; Expense Management Policy Owner (Individual): Kirsten Loreen; David Jacoby

Exhibit B-10

Execution Copy

EXHIBIT C

MAINTENANCE AND SUPPORT SERVICES

This Exhibit C (this “Exhibit”) forms a part of, and shall be governed by, the terms of the Master Services Agreement by and between Company and Supplier dated as of the Effective Date (the “MSA”). In the event of any conflict between the terms hereof and the terms of the MSA, the terms hereof shall prevail. In the event of any conflict between the terms hereof and the terms of the applicable SOW, the terms of the applicable SOW shall prevail. Capitalized terms used in this Exhibit C that are not defined herein have the meanings ascribed to them in the MSA or in the other Exhibits, Appendices or applicable SOW entered into pursuant to the MSA.

For mutual consideration, the receipt and adequacy thereof is hereby acknowledged by each of the Parties, the Parties hereby agree as follows:

41. General With respect to Supplier owned Equipment, Supplier Systems or Software that is made available to Company or its Authorized Users as part of the Services (“Supplier Owned Equipment”), unless otherwise set forth in the applicable SOW or other written agreement between the Parties, Supplier shall provide to Company Maintenance and Support Services as set forth in this Exhibit at no additional cost or expense to Company. With respect to third party Software licensed to Supplier and third party Equipment for the provision of Services, the Supplier shall procure the appropriate maintenance and support services from the relevant third party owner of the Software to resolve any incidents.

42. Definitions

42.1 “Enhancement” shall mean a change or addition other than a Maintenance Modification that improves the function, including all new Releases, provided by Supplier to customers that add new function or improve performance of the Service.

42.2 “Incident” means any failure of the Services to conform to the Applicable Specifications.

42.3 “Initial Resolution” means, as to any Incident, Supplier has performed an initial analysis and identified possible causes of the Incident and Supplier has implemented a temporary workaround to temporarily resolve the Incident in a manner that is reasonably acceptable to Company. Where the Incident involves an outage or degradation of that renders the Service unavailable, Initial Resolution shall include a restoration of service.

42.4 “Final Resolution” means Supplier has corrected the cause of the Incident in a manner that is reasonably acceptable to Company. To the extent that after reasonable investigation of an Incident, the Parties mutually determine that Company has contributed to the cause of the Incident, upon Supplier’s request,

Exhibit C-1 

Execution Copy

Company shall provide reasonable assistance to Supplier in Final Resolution of the Incident.

42.5 “Maintenance Modifications” shall mean all modifications or revisions to a Service or Documentation, which correct errors, support new releases of the operating systems with which the Service is designed to operate, support new input/output (I/O) devices, or provide other updates or corrections, but Maintenance Modifications do not include Enhancements.

42.6 “Releases” shall mean any release or version of a Service that adds new features or functionality to the Service or redesigns the Service.

42.7 “Resolution” means Initial Resolution or Final Resolution, as the case may be.

42.8 “Severity Level 1 Incident” means: (a) one or more Services cannot be accessed or used in accordance with Applicable Specifications and would result in Company’s breach of Laws, or (b) 50% or more Services cannot be accessed or used in accordance with Applicable Specifications and cannot be otherwise performed at that time; or (c) temporary or permanent loss or corruption of Company Data that may result in Company’s breach of Laws or material Loss to Company, its clients, or customers; or (d) a breach of privacy or security in connection with the Services has occurred; or (e) any circumstance which does or would result in reputational damage to Company; or (f) any significant disruption to Company’s business operations or any outage that has a material adverse effect on the receipt of the Services.

42.9 “Severity Level 2 Incident” means: (a) 50% of Services cannot be accessed or used in accordance with Applicable Specifications and (i) would not likely result in Company’s breach of Laws, and (ii) cannot be otherwise performed at that time or (b) a feature or functionality of the Services is not operating substantially in accordance with Applicable Specifications, resulting in a material disruption to Company’s use of the Services; or (c) any circumstance or event that if not Resolved may result in a Severity Level 1 Incident within forty-eight (48) hours.

42.10 “Severity Level 3 Incident” means one or more Services are operational and available to Company with functional limitations or restrictions that are not critical to Company’s operations or Company’s use of such Services, but nonetheless makes continued use of the Services by Company inconvenient and reduce the value and efficacy of the Services.

43. Maintenance Obligations

43.1 During the Term, subject to Exhibit I (Change Request Process), Supplier shall deliver, install (if applicable) and implement for Company Maintenance Modifications, Enhancements, and/or Releases for Supplier Owned Equipment. All such Software and other components included in any Maintenance Modification, Enhancement and Release (whether proprietary or licensed from a third party) will be (a) interoperable with any third party software required,

Exhibit C-2 

Execution Copy

recommended or provided by the Supplier, if any; (b) backwards and forwards compatible as between different versions of the same Software and (c) subject to testing and Acceptance by Company. All Maintenance Modifications, Enhancements, and Releases will be designed in a manner to minimize any adverse effect on Company’s environments, business and operations. Supplier shall provide Company with Documentation explaining the use and operation of all material features and functions of the Maintenance Modifications, Enhancements and Releases with or before making them available to Company.

43.2 Supplier shall insure the migration path for all Maintenance Modifications, Enhancements and Releases will incorporate a process to allow Company to regress from the Maintenance Modification, Enhancement or Release, as applicable, if a problem develops that Company perceives to be attributable to the Maintenance Modification, Enhancement or Releases Update. Supplier shall document and test the process methodology before the delivery. In all cases, Supplier will ensure that changes are reversible to enable back out if necessary.

43.3 Supplier shall inform Company in writing of any changes to the Supplier Owned Software: (i) at least sixty (60) days in advance prior to installation and implementation of an Enhancement or Release; and (ii) within a commercially reasonable period of time prior to installation and implementation of a Maintenance Modification. Without limiting the foregoing, Company shall have the option to install and implement any Maintenance Modification, Enhancement and/or Release made available by Supplier exclusively for Company only if any rejection of such Maintenance Modification, Enhancement or Release does not impair Supplier’s ability to protect against vulnerabilities to the applicable Supplier Owned Equipment.

44. Support Services

44.1 General Obligations. During the Term, Supplier shall provide to Company Services to respond to Incidents and other issues related to the Services and resolve such Incidents and related issues, as the case may be. In addition, Supplier shall promptly respond to any inquiries by Company related to the Services.

44.2 Company Support Contacts. The technical support contacts for Company shall be provided by Company (each, a “Company Support Contact”) and shall be authorized to coordinate with Supplier Personnel with respect to the technical support services. Company shall be entitled to designate other technical support contacts or change a Company Support Contact at any time by providing written notice (including by e-mail) to Supplier.

44.3 Accessing Supplier Support. Reports of Issues and other requests for support may be directed to Supplier, as follows:

Exhibit C-3 

Execution Copy

a. Telephone support: support requests may be placed during normal business hours between 8 am - 8 pm Eastern Standard Time by dialing the following toll-free number: 18557603560.

b. E-mail support: emails requesting support may be sent anytime (24/7) by emailing: GA-Exlsupport@exlservice.com.

c. Online support: support may be requested online via Supplier’s customer ticketing system anytime (24/7) by accessing the following URL: TBD.

44.4 Incident Reporting, Tracking, Monitoring.

Supplier will perform Incident reporting, tracking and monitoring in a systematic manner consistent with Supplier’s support processes and as set forth herein. Supplier will report all Incidents to Company by telephone and email as soon as possible using the contact information set forth in the MSA or the applicable Schedule or Exhibit thereto. If it is unclear which Severity Level to assign to an Incident, then Company will reasonably and in good faith determine and assign the Severity Level and communicate such determination to Supplier.

Supplier shall document and record all Incidents identified or reported by Company, detailing all items and relevant information including, without limitation, the information listed below in this Section 4.4(b) (each, an “Incident Report,” and collectively, the “Incident Reports”). The aforementioned Incident Reports or initial draft of such Incident Reports shall be delivered to Company within forty-eight (48) hours of a Severity Level 1 Incident or a Severity Level 2 Incident and at such times as reasonably requested in writing by Company. Incident Reports shall include, without limitation: (a) the description of the Incident and the date of the Incident; (b) the root cause of the Incident; (c) the method for Incident correction; (d) how the Incident was identified; (e) when the Incident was identified; (f) when the Incident was resolved or expected to be resolved; (g) Services, products, and number of Company clients and customers impacted, number of accounts, and dollar value of impacted accounts, to the extent applicable; (h) interim and remedial corrective actions taken; and (i) action(s) taken to avoid the occurrence of similar Incidents and proposed process changes. The foregoing shall not limit Supplier’s obligation to maintain such Incident Reports in accordance with the terms of the MSA and the applicable Schedules and Exhibits thereto.

44.5 Incident Resolution. Supplier shall respond to Incidents, whether identified or reported by Company or by Supplier itself, and achieve Resolution according to the severity of the Incident and in accordance with the requirements and time frames set forth in the applicable SOW. Company shall have the right to declare the severity level of each Incident, based upon its assessment of the current and/or potential impact to Company’s business.

44.6 Incident Management. Supplier will participate, when requested by Company in writing, in Company’s internal incident management processes and meetings and

Exhibit C-4 

Execution Copy

Supplier will support service recoveries which reasonably require Supplier’s participation. In addition, if an event or circumstance requires a services recovery, and that Company requires assistance from Supplier in connection therewith, Supplier shall take necessary action to assist Company .

44.7 Systematic Failure Event. In addition to any other action required to be taken or any other obligation of Supplier under the Agreement and this Exhibit C (Maintenance and Support), in any event where Supplier becomes aware of (a) a recurring Incident or chronic issue or (b) a recurring event or circumstances that result or are likely to result in future or recurring Incidents (each, a “Systematic Failure Event”), Supplier will provide a written report with respect to such Systematic Failure Event as soon as practicable but not later than [Intentionally Omitted] after becoming so aware of such Systematic Failure Event that will include at least the following information: (1) a root cause analysis; (2) any remedial action proposed by Supplier, to the extent identified; (3) the identity and contact details of the Supplier executive assigned to address such Systematic Failure Event (the “Executive in Charge”); and (4) the potential impact on the quality of the Services. The Executive in Charge of each Systematic Failure Event will be available during Supplier’s normal business hours to discuss with Company the remedial action with respect to the Systematic Failure Event and will send to Company a weekly written report with respect thereto until the root cause for such Systematic Failure Event has been addressed and removed (a “Systematic Failure Event Resolution”). Promptly following the Systematic Failure Event Resolution, the Executive in Charge will deliver a written report to Company listing all actions taken with respect to the Systematic Failure Event Resolution with reasonable documentation and materials evidencing such Systematic Failure Event Resolution.

44.8 Escalation Support Procedures. Supplier shall participate in escalation calls initiated by the Company to resolve outage incidents affecting Supplier availability or performance of production systems regardless of the source or cause of such outage incident. Supplier shall provide Subject Matter Experts (SMEs) to participate on the escalation call(s) to provide technical assessment, coordinate recovery actions, and identify estimated time to recovery. A designated Supplier point of contact will remain on the escalation call to provide support during recovery at the Company’s discretion up to and including the duration of the call or at another time mutually agreed upon to reconvene.

45. Reporting Requirements.

Without limiting Supplier’s obligations under the Agreement and under this Exhibit, Supplier will provide to Company with respect to each calendar month during the Term by [Intentionally Omitted] of the immediately following month a report of its performance under this Exhibit during such calendar month that will set forth a summary of: (a) all Incidents discovered, reported or opened by Supplier or Company during such month, classified by severity level; (b) whether a Resolution has been provided for such Incident; and (c) with respect to an Incident for which a Resolution has not yet been

Exhibit C-5 

Execution Copy

provided, the length of time the Issue has remained unresolved and the status of the applicable action plan.

Exhibit C-6 

Execution Copy

EXHIBIT D

CYBERSECURITY REQUIREMENTS AND COMPLIANCE

ARTICLE 1: GENERAL

Beginning on the Effective Date of the Master Services Agreement (the “Agreement ”) and continuing as long as Supplier or any Service Provider (i) accesses, controls, possesses, stores, transmits, or processes Company Data, (ii) accesses, uses, hosts, or manages Company Systems, or (iii) uses Supplier Systems to provide services to Company (each as defined below), Supplier will comply with the obligations set forth in this Exhibit and, without limitation of any Supplier obligations in the Agreement, Supplier will comply with all laws, rules, and regulations applicable to Supplier and its performance under the Agreement, or to the Company Data, relating to privacy and data protection. If there is any conflict between this Exhibit and the Agreement, the terms of this Exhibit shall control. The Parties agree that this Exhibit is a material part of the Agreement.

ARTICLE 2: CONFIDENTIAL INFORMATION

No Exclusion: Any exclusion from the definition of Confidential Information contained in the Agreement will not apply to any personal data, personally identifiable information, personal information or similar data under applicable laws, regulations or guidance relating to the privacy and/or security of such data.

ARTICLE 3: INFORMATION SECURITY

3.1 Definitions. (i) “Company Data” means (A) any information or data provided or made available by, or relating to, Company or its affiliates and/or its or their respective former, current or prospective customers, clients, employees, vendors or consultants, (B)Personal Data as defined in Article 4 (Privacy and Data Protection), and (C) any information or data derived from any of the foregoing, in each case that is collected, accessed, used, stored, transmitted or otherwise processed by Supplier (or its agents or subcontractors); (ii) “Information Systems” means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial/process controls systems, telephone switching and private branch exchange systems, and environmental control systems and the facilities in which they are hosted; (iii) “Company Systems” means Information Systems owned or provided by Company or its other vendors and made available to Supplier; and (iv) “Supplier Systems” means Information Systems, other than Company Systems, that are used by Supplier (including any of its agents and/or subcontractors) to collect, access, use, store, transmit or otherwise process Company Data, to interface, integrate, or otherwise connect with Company Systems, to perform Services under the Agreement. Terms not defined in this Exhibit shall have the meaning assigned to such term(s) in the Agreement.

3.2 Security Safeguards. Supplier represents, warrants and covenants that it will maintain and comply with an appropriate comprehensive written information security program,

Exhibit D-1 

Execution Copy

including written policies and procedures, to ensure the confidentiality, security, integrity and availability of the Company Data and Supplier Systems and that includes administrative, technical and physical safeguards (including reasonable disposal and degaussing measures) to safeguard Company Data and Supplier Systems against unauthorized access, use, disclosure, modification, unavailability and deletion, and that Supplier will operate and maintain such safeguards in accordance with the requirements of this Exhibit, all applicable laws and regulations and commercially reasonable industry best practices. Without limiting the foregoing, such safeguards shall include, at a minimum:

(i) Training: no less than once annually, mandatory security awareness training for all Supplier personnel (including management and consultants), which includes (A)training on how to implement and comply with its information security program; and (B) promoting a culture of security awareness through periodic communications from senior management with employees;

(ii) Security Technologies and Practices: use of up-to-date and industry standard cybersecurity technologies and practices, including firewalls, malware detection and prevention, intrusion detection and prevention, hardened internet perimeter, multi-factor authentication and other access controls and monitoring (e.g., establishment of and forced routine changes to passwords, appropriate logs and reports regarding access), as well as encryption of Company Data in transit and at rest, and hard drive encryption of all laptops on which Supplier receives, stores, or accesses Company Data;

(iii) Physical Security: physical security procedures, including security guards, and camera surveillance and electronic logging of facilities access (e.g., key cards) systems, in each case, at entry points to critical work areas (including data centers) that provide a sufficient audit trail of area entry;

(iv) Background Checks: background checks on employees, consultants and other personnel with access to Company Data or Supplier Systems in accordance with Section 5.7 (Supplier Personnel Screening);

(v) restriction on access to and use and copying of Company Data on a “need-to- know” basis and only at or from authorized locations;

(vi) regular monitoring of the transport and storage of Company Data and the associated Supplier Systems;

(vii) Penetration Testing and Vulnerability Scans: no less than annual penetration testing and vulnerability assessments of Supplier Systems, prompt remediation of any found deficiencies and prompt notification to Company with detail to allow Company to take action, if any, to mitigate any adverse impact on Company or Company Systems. In the case of any findings rated high, critical or other similar rating, Supplier shall remediate such findings in no event later than [Intentionally Omitted] ollowing that date such finding was discovered;

(viii) due diligence and regular monitoring relating to operational stability, reputation, security and technical abilities of Service Providers performing Services, working on Supplier Systems and/or facilities or working on Company Systems and/or facilities;

(ix) logical segregation of Company Data from other information and/or data accessed, stored or hosted by Supplier (or any of its Service Provider or other third party);

Exhibit D-2 

Execution Copy

(x) ethical walls and internal procedures when providing Services to Company or any third party to prevent breach of confidentiality and to avoid any conflict of interest;

(xi) security measures to manage (including the means to remotely wipe) mobile devices that transmit, store or process Company Data;

(xii) promptly upon termination of employment or engagement, as applicable, of Supplier personnel with access to Supplier Systems, Company Data and/or Company Systems, disabling all such access and (if applicable) notifying Company to disable any Company-controlled access methods or permissions with respect to such terminated personnel;

(xiii) Data Destruction Standards: when erasing or destroying Company Data, Supplier shall employ data destruction procedures that meet or exceed the National Institute of Standards and Technology ("NIST") Special Publication 800-88 Guidelines for Media Sanitization or another standard for data destruction that is widely accepted in the information security industry; and

(xiv) Patch Management: policies and procedures for obtaining, testing and installing patches and upgrades for software and technology, including open source software, that is obtained from a third party.

Supplier will promptly provide such information regarding its information security systems, policies and procedures as Company may request in writing, including, the complete written reports conducted by external third party auditors or examiners (i.e., SSAE 18 Report, SOC 2 Report and reports conducted under successor standards issued by the relevant governing body) related to the Services and relating to Supplier’s due diligence and monitoring measures of Service Providers; provided that, for any internal policies or procedures, Supplier may supply summaries of such policies or procedures upon reasonable request by the Company. In any such cases, Supplier shall also allow Company view the complete versions of such policies and procedures virtually by web conference. Supplier shall, upon Company’s written request, provide Company with a list of the location(s) (including countries and states) where Company Data is or will be collected, accessed, used, stored or otherwise processed by Supplier (or its Service Providers). Supplier agrees that Company Data will not be collected, accessed, used, stored or otherwise processed by Supplier (or its Service Providers) in any countries, except the countries that Company approves of either in writing or via a feature made available to Company on the Supplier System.

Supplier shall maintain designated personnel with responsibility for the management and oversight of personnel who maintain Supplier’s information security program and perform information security and information risk management.

Supplier shall promptly notify Company in the event that Supplier is unable to comply or has reason to believe that it will be unable to comply, with any requirements of this Exhibit.

3.3 Asset and Information Management. Supplier shall maintain an inventory of (a) all applications, systems, databases, platforms, and other technology that are a component of the Supplier Systems or that receives, stores, processes, handles, or has access to

Exhibit D-3 

Execution Copy

Company Data, (b) all locations where Supplier receives, stores, processes, handles, or enables access to Company Data in physical form, and (c) all categories of physical computing and software assets that are a component of the Supplier Systems of that Supplier uses in the performance of the Services under the Agreement. Upon request by Company, Supplier shall make such inventory available to Company for its review. Supplier shall: (i) uniquely identify each individual that has access to Company Data, whether in electronic or physical form, and (ii) grant access to Company Data only to authorized individuals based on the principle of least privilege.

3.4 Use of Company Data and Company Systems. Supplier will use Company Data and Company Systems only as necessary to provide the Services under the Agreement and in accordance with Article 8 (Privacy and Data Protection), and will act only as permitted in writing by Company in relation thereto. As between Company and Supplier, Company retains all right, title and interest in and to all Company Data and Company Systems.

3.5 Information Security Incident Management; Breach Notification and Remediation Requirements

3.5.1. Supplier shall establish and maintain, and periodically test, a written information security incident response plan that includes processes for: (a) responding to, containing, remediating and recovering from a Cybersecurity Event (as defined below) or any other information security incident; (b) notifying customers whose information was involved in the incident; (c) preserving evidence; (d) informing and working with law enforcement, government agencies, and similar third parties as appropriate; (e) performing forensic and root cause analysis of the incident; and (f) complying with obligations imposed by applicable laws on Supplier or its customers in connection with the incident.

3.5.2 If Supplier learns, or has reason to believe, or suspects, that: (A) there has been actual or threatened unauthorized access, use, modification or deletion of Company Data or Company Confidential Information (as defined in the Agreement), or (B) there has been actual or threatened unauthorized access or use of Company Systems or Supplier Systems (each, a “Cybersecurity Event”), Supplier will promptly, but in no event later than twenty-four (24) hours from becoming aware of or reasonably suspecting the Cybersecurity Event, provide notice of the Cybersecurity Event to Company (and without waiting for the conclusion of any internal investigation of such event). Such notice must be in writing or sent to an email address approved in writing by Company and must include all material details of the Cybersecurity Event, which material details Supplier shall retain for at least three (3) years from the date of such notice.

3.5.3 If Supplier or any of its Service Providers experience a Cybersecurity Event in Supplier Systems, Supplier will, at Supplier’s sole cost and expense): (A) promptly use all required and/or appropriate remediation efforts, including by promptly taking all measures to contain, control, minimize the effect of and remediate any Cybersecurity Event to prevent its recurrence, and (B) provide

Exhibit D-4 

Execution Copy

updates to Company, upon request, relating to the investigation and resolution of the Cybersecurity Event.

3.5.4 Supplier shall not knowingly allow any Cybersecurity Event to persist for any amount of time in order to determine the identity of the perpetrator or for any other reason, except as required by law, as requested by a law enforcement agency or as deemed necessary by Supplier to stop the Cybersecurity Event or prevent further compromise. In addition to any other right of Company at law or in equity, including termination under the Agreement, and in addition to any other related obligations of Supplier hereunder: (i) Supplier shall reasonably cooperate with Company to resolve any Cybersecurity Event, and to prepare and deliver any notifications to individuals or entities affected by such incident; (ii) except to the extent prohibited by applicable law, Supplier shall promptly provide Company all available information regarding such Cybersecurity Event, including but not limited to a description of the Cybersecurity Event, the type of data that was the subject of the Cybersecurity Event, any remedial steps taken (or planned to be taken) and any other information that Company may reasonably request in writing concerning the Cybersecurity Event; and (iii) comply with any other obligations imposed by the Privacy Laws or any other applicable law as a result of such Cybersecurity Event. Supplier acknowledges and agrees that: (A) Company shall have the right to determine, in its sole discretion, when notice is appropriate under the circumstances of a particular Cybersecurity Event; (B) Company shall prepare such notice, or have another party prepare such notice on its behalf; and (C) Company shall have sole control over the content of each such notice. In the event of a Cybersecurity Event experienced by Supplier or any of its Service Providers relating to any Supplier Systems or systems of Service Providers used to provide Services to Company with respect to any Company Data stored or processed by Supplier, and Supplier caused such Cybersecurity Event or otherwise is or was in breach of its data security obligations under the Agreement, Supplier shall pay all costs and expenses and reimburse Company for all reasonable costs and expenses associated with such Cybersecurity Event, including but not limited to costs and expenses relating to: (1) preparing and providing any notification to the individuals or entities affected by the Cybersecurity Event and/or any governmental agency or regulatory body as determined in Company’s reasonable judgment applying the same procedures and processes in all material respects as it uses to make such determination in substantially similar situations; and (2) reasonable investigation and other related services (including forensics, counsel, crisis management, call center, and identity theft protection services, such as, but not limited to credit monitoring (as elected by individuals affected by the Cybersecurity Event)). The parties acknowledge and agree that any and all Losses (as defined in the Agreement) described in subsections (1) and (2) of the foregoing sentence shall be deemed direct Losses under the Agreement.

3.6 Disposition of Company Data. Upon written request by Company (which may be made via any feature or functionality made available by Supplier in its services) and upon termination or expiration of the Agreement or any Statement of Work for any

Exhibit D-5 

Execution Copy

reason, at no cost to Company, Supplier will promptly return to Company all copies of Company Data in Supplier’s possession or control, and such Company Data may be returned via any feature or functionality made available by Supplier in its Services from which Company Data may be downloaded or by delivering to Company physical storage media (e.g., hard drives or disks) containing Company Data; provided, in all cases, such Company Data will be in a format so that such Company Data may be accessed, understood, searched and manipulated by Company via commercial off-the- shelf software. Promptly thereafter, with Company’s prior written approval or instruction (which may be given via any feature or functionality made available by Supplier in its services), except as otherwise provided in the Agreement, Supplier shall destroy and/or delete all copies of Company Data in Supplier’s possession or control using means and methods that prevent unauthorized access to, use of, or recovery of the Company Data. Upon request by Company, an officer of Supplier will promptly certify in writing to Company that all such Company Data has been, as applicable, returned and/or destroyed and deleted.

3.7 Attestation. No more than once annually, Supplier will provide Company with a written attestation signed by an officer of Supplier that Supplier complies with this Article 3. Upon request, Supplier shall arrange for appropriate personnel of Supplier to meet, either in person or via call, with Company to review the underlying details of such attestation of compliance with this Article 3.

3.8 Inspections/Reviews. Where Supplier uses any multi-tenant cloud or “-as-a-Service” provider (such as Amazon, Google, or Azure) (“Cloud Providers”) as part of the Supplier Systems, and such Cloud Providers reasonably restrict access for customer audits, then as an alternative, in accordance with and subject to the terms set forth in Section 6 of the Agreement, Supplier will demonstrate to Company (or its agents or regulators) Supplier’s environment and/or operations at the Cloud Provider in order for Company to ensure that such Cloud Provider’s security configurations and controls (including policies and procedures) substantially conform to the requirements of this Exhibit and are at least as strong as industry practices for similar services of top tier providers. In the event Company notifies Supplier of any deficiencies or noncompliance identified in this Section 3.8 (“Findings”), Supplier will remediate such Findings. For all Findings classified as “critical”, Supplier shall remediate such Findings within [Intentionally Omitted] notice, and for all Findings classified as “high risk”, Supplier shall remediate such Findings within [Intentionally Omitted] of notice. Company will have the right to conduct follow-up audits and demonstrations, as applicable, to confirm remediation of such Findings.

3.9 Due Diligence Questionnaires. Without limiting any other provision of the Agreement (including any exhibit or Statement of Work), if Supplier has provided responses to Company’s information security and/or security architecture questionnaire(s) or other written inquiries, Supplier will comply with Supplier’s information security policies, plans, procedures, standards and other information set forth or referenced in Supplier’s responses to such information security and/or security architecture questionnaire(s) or other written inquiries and any responses to any follow up questions related thereto, and any updated information provided by Supplier;

Exhibit D-6 

Execution Copy

provided, however, that in no event will Supplier’s performance of its security obligations be less protective of Company and Company Data than that which is otherwise required by this Exhibit, applicable laws and regulations, or industry best practices. Supplier agrees that Company may periodically deliver an information security and/or security architecture questionnaire(s), and Supplier agrees to promptly and completely respond to the questionnaire. In addition, Supplier will promptly provide such information regarding Supplier’s information security systems, policies, plans, procedures, and standards as Company may reasonably request from time to time.

3.10 Certifications; Reports; and Alignment.

3.10.1 Supplier will maintain a data processing environment and internal controls that provide at least the same level of protection as evidenced by the controls described in Supplier’s then-current SSAE 18 and SOC 2 Report. If Company reasonably believes that Supplier’s reports, described above, do not address any requirements set out in this Exhibit, Supplier will include the missing requirements in the next such reports.

3.10.2 Supplier will employ and maintain a cybersecurity program for the Services provided to Company that complies with then-current ISO 27001l standards or an equivalent nationally or internationally recognized standard, e.g. NIST, (“Security Standards”), which Security Standards Supplier will identify to Company in writing. In addition, Supplier will remain certified for compliance by the governing body of such Security Standards or becomes certified under substantially equivalent replacement or successor Security Standards of which it has notified Company. Upon Company’s request, Supplier will provide evidence regarding such compliance and/or certification with such Security Standards.

3.10.3 At any time required by Company, to the extent reasonably necessary, Supplier shall cooperate with Company to align Supplier’s control framework to Company’s control framework and to identify any material gaps in how well Supplier’s controls (including, without limitation, controls that restrict unauthorized access to systems, data and programs) support or enable the delivery of the Services. Supplier shall remedy any identified gaps or deficiencies promptly.

3.11 Risk Assessment.

Supplier’s cyberssecurity program shall include regular risk assessments on an annual basis or if there is a change in risk posture that: a) identify reasonably foreseeable internal and external threats that could result in unauthorized access, disclosure, misuse, alteration, or destruction of any of the Company Data; b) assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of the Company Data (and any special risks or issues identified by Company); and, c) assess the sufficiency of the policies, procedures, information

Exhibit D-7 

Execution Copy

systems, technology, and other arrangements that Supplier has in place to control such risks.

Based on such risk assessments, Supplier shall develop (or modify, as appropriate) and implement a security plan consisting of security procedures, measures, and products designed to achieve Company’s security objectives and reasonably manage and control the risks identified during the risk assessment, commensurate with the sensitivity of the Company Data and any specific additional requirements reasonably identified by Company, as well as the complexity and scope of the activities of Supplier (the “Security Plan”). Such Security Plan shall include administrative, organizational, technical, and physical safeguards appropriate to (a) the size, complexity, nature, and scope of Supplier’s business, (b) the nature and scope of the Services, (c) the size, complexity, nature, and scope of Company’s business and the Company Data and (d) any special requirements reasonably identified by Company. Such Security Plan shall also take into account then-available technology and the cost of implementing the specific measures, and must implement a reasonable level of security appropriate to the harm that might result from a breach of security and the nature of the data to be protected.

Supplier shall regularly test the key controls, systems, and procedures of its Security Plan (including as applicable to its Supplier Service Providers) to cause them to be properly implemented and effective in addressing the threats and risks identified. The frequency and nature of such tests should be determined by Supplier’s risk assessment. Tests should be conducted or reviewed by staff independent of those that develop or maintain the security programs. Supplier shall also monitor compliance with its Security Plan, both internally and by its Supplier Service Providers.

Supplier shall regularly monitor, evaluate, and adjust, as appropriate, its Security Plan in light of any relevant changes in applicable Laws, technology, the sensitivity of the Company Data, internal or external threats to the Company Data, and Supplier’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.

ARTICLE 4: PRIVACY AND DATA PROTECTION

In the event that Supplier collects, accesses, uses, stores, transmits, discloses, makes available, retains, or otherwise processes (collectively, “Processing”) on behalf of Company any information that, on its own or combined with other information, (i) identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household; (ii) relates to an identified or identifiable natural person; or (iii) is other information not covered by the foregoing but that is information protected as personal data, personal information, personally identifiable information or similar information (collectively, "Personal Data") under applicable laws, rules, regulations or guidance relating to privacy or data protection including but not limited to, to the extent applicable, (i) Title V of the Gramm-Leach-Bliley Act, as it may be amended, and any regulations promulgated thereunder; (ii) federal and state data security Laws, including but not limited to Massachusetts General Laws Chapter 93H and 201 CMR 17.00, the

Exhibit D-8 

Execution Copy

California Consumer Privacy Act (CCPA) and the Cybersecurity Requirements for Financial Services Companies issued by the New York State Department of Financial Services (NYDFS) (23 NYCRR §500); and (iii) all applicable foreign data protection and security laws, treaties and or regulations including without limitation the General Data Protection Regulation (GDPR) (collectively, "Privacy Laws"), Supplier shall (unless Company and Supplier have entered into a separate agreement addressing Personal Data in which case the terms more protective of Personal Data shall apply): (I) Process Personal Data, where relevant to the applicable Privacy Laws, as a service provider or as processor on behalf of Company as controller on Company’s written instructions, only for the specific purpose of performing the Services, only to the extent necessary to perform its obligations under the Agreement, and not for any other purpose (including not for any other commercial purpose), and not “sell” the Personal Data (as such term is defined by applicable Privacy Laws); (II) permit Personal Data to be Processed by a third party on behalf of Company only with Company's prior written consent and subject to the further conditions in Article 5 (Subcontracting) and in accordance with the Agreement; (III) ensure that persons and/or entities authorized to Process Personal Data have contractually committed themselves to the confidentiality, security and use/access restrictions regarding Personal Data set forth in this Exhibit or are under a statutory duty of confidentiality, security and use/access restrictions relating to Personal Data; (IV) take appropriate administrative, technical, organizational and physical measures, including at a minimum those set out in Section 3.2 (Security Safeguards), to safeguard against the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or use of, or access to, Personal Data transmitted, stored or otherwise Processed by Supplier; (V) make available to Company all information necessary to demonstrate compliance with Privacy Laws and Supplier’s obligations in this Exhibit regarding Personal Data and allow for and contribute to audits (including inspections) conducted by Company or an auditor engaged by Company; (VI) promptly assist the Company with responding to and comply with requests from individuals to whom the Personal Data relates in relation to their Personal Data in accordance with Privacy Laws, and promptly forward to the Company communications from Data Subjects, regulatory bodies and other third parties concerning the Personal Data and not respond to or act on such communications without the Company’s prior consent; (VII) as directed by Company, return to Company or delete in accordance with Section 3.6 (Disposition of Company Data) all Personal Data (and all copies thereof) in Supplier’s possession upon the earlier to occur of Company’s request, end of the Processing activities, when no longer needed for the purpose of the Agreement, or termination or expiry of the Agreement, except to the extent permitted by applicable Privacy Laws in which case Supplier shall continue to observe the privacy, confidentiality and security obligations in this Exhibit; and (VIII) comply with all applicable Privacy Laws.

Supplier shall not Process Personal Data outside of the United States without the prior written consent of Company. In addition, upon reasonable request from Company, Supplier acknowledges and agrees that it shall certify annually in writing that it has read, understands, and has complied with all applicable Privacy Laws. Without limiting the terms hereof, Supplier covenants not to disclose or cause or allow the disclosure of any Personal Data.

Exhibit D-9 

Execution Copy

ARTICLE 5: SUBCONTRACTING

Supplier shall enter into and maintain written services agreements with all Service Provider (other than Service Providers providing non-material or administrative functions in the ordinary course of business that do not have access to Company Data or Company Systems) that include terms and conditions that are at least as protective of Company, Company Systems and Company Data as this Exhibit.

ARTICLE 6: BUSINESS CONTINUITY AND DISASTER RECOVERY.

6.1	Business Continuity and Disaster Recovery. Supplier represents, warrants and covenants that it will maintain and comply with an appropriate comprehensive business continuity and disaster recovery program, including policies and procedures, to ensure the continuous and uninterrupted operation and availability of the Supplier Systems and Services, and maintain such program in accordance with the requirements of this Exhibit, all applicable laws and regulations and (if more protective) industry best practices (“BC/DR Plan”). Without limiting the foregoing, such BC/DR Plan shall include: (i) written business continuity and disaster recovery plans that include information and procedures regarding (A) the location and availability of IT and other key personnel and infrastructure, (B) the speed at which personnel and back-up Supplier Systems will be available (including at back-up work locations and data centers which will each be at least fifty (50) miles from the primary work and data center locations, or sufficient distance to provide infrastructure diversity (e.g., power grid, etc.), and (C) storage of Company Data and continuity of use of Supplier Systems and Services; (ii) at least annually, testing resiliency and recovery simulations of the BC/DR Plan; (iii) continuous monitoring and documented risk assessments of Supplier Systems, risk analysis, business impact analysis, and recovery strategies for different Disruption and Health Event (as defined below) scenarios covering all areas of operations necessary to deliver the Services pursuant to this Agreement; (iv) at least daily backups of Supplier Systems and Company Data; (v) vital records protection and testing plans; (vi) identification of alternative service providers for Supplier Systems that would support Supplier in given markets; (vii) contingency plans for total destruction or unavailability of Supplier’s business operations and a situation in which the relevant percentage (as agreed between the Parties in the BC/DR Plan) of Supplier Personnel are unavailable or unable to perform their job duties for any reason, including but not limited to a Health Event, for a period
	[Intentionally Omitted]
	longer; and (viii) at least annually upon request, providing to Company an executive summary of such plans and testing. Business Impact Analysis will include mutually agreed upon targets for Recovery Time Objective (RTO) and Recovery Point Objective (RPO). Supplier shall invoke the BC/DR Plan when appropriate in accordance with its terms. A summary of Supplier’s BC/DR Plan has been provided by Supplier to Company. Supplier represents that such summary accurately describes Supplier’s BC/DR Plan as of the date hereof and that such BC/DR Plan addresses the Services to be provided under this Agreement and all of Supplier’s facilities, Equipment, Supplier Personnel (as such terms are defined in the Agreement) and operations associated with the Services.

Exhibit D-10

Execution Copy

6.2 Changes to Supplier BC/DR Plan. Supplier shall not make any changes to its BC/DR Plan that, in Supplier’s reasonable judgment, would jeopardize Supplier’s ability to provide the Services to be provided hereunder in the event Supplier suffers a Disruption or Health Event. If Supplier otherwise makes any material changes to its BC/DR Plan, Supplier shall promptly notify Company of such changes and provide Company with an updated summary of its BC/DR Plan. Notwithstanding the foregoing, Supplier agrees that it will not make any changes that may degrade or lessen the protections and procedures of the BC/DR Plan.

6.3 Disruptions and Health Events. Supplier’s BC/DR Plan shall address testing, control functions, accountability and corrective actions to be implemented in accordance with its terms, as necessary, in the event of either: (a) a short-term or long-term business disruption caused by an event such as (but in no way limited to) power outages; communication or data processing systems failure(s) or losses; hazards or destruction at a Supplier Service Location; work stoppage issues affecting Supplier or Supplier Personnel; natural disasters; adverse weather conditions; political events; or other unplanned events (a “Disruption”) or (b) a pandemic or epidemic, quarantine or government health alert that prohibits or restricts travel by any member of Supplier Personnel or prevents any member of Supplier Personnel from reporting to a work location (a “Health Event”).

6.4 Certain Alternative Means. The BC/DR Plan shall provide, without limitation, for alternative means of transmitting and processing data and off-site back-up of critical data files, program information, software, documentation, forms and supplies. Short term disruptions must be protected through workarounds, redundancy, and network diversity.

6.5 Company BC/DR Plan; Testing. Supplier shall cooperate with Company in the development, implementation, execution, and reasonable testing of Company’s own business continuity and disaster recovery plan with respect to the Services and will reasonably assist Company in the execution of its business continuity testing in accordance with Company’s timing requirements, which will be communicated to Supplier reasonably in advance. If Supplier provides electronic interchange of data with Company, Supplier shall participate, if requested, in Company data center exercises to validate recovery connectivity, which will also be communicated in writing to Supplier reasonably in advance. Supplier shall continue to provide the Services to Company in the event Company activates its own business continuity and disaster recovery plan or moves to an interim site to conduct its business, including during tests of Company’s contingency operations plans.

6.6 Occurrence of an Event. In the event of a business continuity and/or disaster recovery event, Supplier will provide Company with prompt notice, which in no event will be later than twenty-four (24) hours from the occurrence of such event, details thereof, and actions Supplier is taking and/or any actions that Company may take to mitigate and/or resolve the impact of such event. Notwithstanding the foregoing, Supplier agrees to allocate its resources to restoring Company’s use of the Services and access to Company Data in a manner that is no less favorable to Company than the allocation of resources to any of its other customers affected by such events and who are using the same or similar

Exhibit D-11

Execution Copy

BC/DR Plan as the Company. In the case of a Health Event, Supplier also shall contact Company and secure its permission prior to sending any Supplier Personnel onto Company Premises. Supplier shall comply with all applicable federal and state government-imposed requirements regarding any Health Event.

Exhibit D-12

Execution Copy

EXHIBITE

Policies and Procedures

Supplier shall refer to and abide by the following Customer Policies, Procedures and Service Definitions. Supplier can request, in writing, current versions of the listed documents and Company will provide Supplier with current versions of documents within reasonable timeframe.

Company reserves the right to refresh its Policies and Procedures on periodic basis and in its sole discretion.

1. List of policies referenced in the MSA:

#	Policy Name
1	Record Retention Policy
2	Expense Policy
3	Background Check Policy

2. List of example procedures for inclusion in the SOW (but not limited to):

#	Procedure Name
1	AML requirements, procedures, controls (including OFAC)
2	Fraud requirements and procedures for detection and identity theft
3	IGO and NIGO rules and procedures
4	Death claim procedures
5	Delayed settlement interest rules and procedures
6	Check handling rules and procedures
7	Procedures related to financial and non-financial confirmations

ExhibitE-1

Execution Copy

EXHIBIT F

SERVICE LEVEL AGREEMENTS

1.General Principles. The Parties will prepare service levels in each SOW as applicable (the “Service Levels”) and service credits payable upon failure to meet the Service Levels (the “Service Level Credits”). The Service Level Credits set forth in each SOW shall be provided to Company in addition to any other remedy to which Company may be entitled under the Agreement or any Schedule or Exhibit to the Agreement. Service Level Credits will be applied cumulatively as a credit against the Charges on the monthly invoice in the calendar month immediately following the calendar month in which the Service Level Credit has been accrued. The Service Levels in each SOW shall be subject to the mutually agreed baselining periods (if any) set forth in such SOW and Service Credits shall not apply during such baselining period.

2.Measurement of Performance. Supplier shall be responsible for measuring its performance against the applicable Service Levels as described in the SOWs. In addition, Supplier will provide Company with access to the information used by Supplier to measure the Service Levels. Supplier shall reasonably cooperate with Company in the establishment of Company monitoring mechanisms, as reasonably requested by Company in writing. Supplier shall reasonably cooperate with Company in the establishment of Company monitoring mechanisms, as reasonably requested by Company in writing. Supplier shall prepare for each month during the Term and deliver to Company no later than the fifteenth (15th) day of the following month a scorecard showing Supplier’s performance against these Service Levels during the prior month and any Service Level Credit to which Company is entitled.

3.Corrective Action Plan. Supplier will promptly investigate all Service Level defaults and provide to Company a root cause analysis report of any such default within [Intentionally Omitted] of the end of the month in which such default occurred. Supplier shall review the results of such investigation with Company and discuss the investigative methodology used and the affected Services. In addition to remedies listed above and elsewhere in the Agreement, upon the occurrence of a Service Level default, Company would have the right to require Supplier to formulate and implement a remediation plan, which may include the obligation to increase resources dedicated to correcting the cause of the failure. Company shall have the right and option to participate in any root cause analysis and remediation planning.

4.New, Changed and Improved Service Levels. The relationship managers will review the Service Levels for the preceding 12 months during the last calendar quarter of every contract year and Supplier shall improve Service Levels in light of process evolution and advances in technology. At any time during the Term, the Parties shall discuss and determine changes to the Service Levels where such changes are feasible. Further, Supplier shall cooperate in good faith as reasonably requested by Company in any benchmarking process conducted by Company to determine if the Service Levels and Service Level Credits equal or exceed the standards for which comparable services are provided based on the size of the information technology environment, the scope of the services and the industry sector. If Company discovers as a result of such benchmarking process that there is a deviation adverse to Company between the benchmarking results and the Service Levels and Service Level Credits, then, the Relationship Managers will jointly review the benchmarking results. If the benchmarking results credibly demonstrate that the Service Levels and Service Level Credits do not equal or exceed the

Exhibit F-1

Execution Copy

more favorable service levels and service level credits, then Supplier agrees to improve the Service Levels and Service Level Credits within a reasonable time after the date of the conclusion of the benchmarking process and the Parties shall document such improvements in an amendment to the applicable SOWs.

Exhibit F-2

Execution Copy

EXHIBIT G

TRANSITION SERVICES

This Exhibit G forms a part of, and shall be governed by, the terms of the Master Services Agreement by and between Company and Supplier dated as of the Effective Date (the “MSA”). In the event of any conflict between the terms hereof and the terms of the MSA, the terms hereof shall prevail. Capitalized terms used in this Exhibit G that are not defined herein have the meanings ascribed to them in the MSA or in the other Exhibits or Appendices entered into pursuant to the MSA.

For mutual consideration, the receipt and adequacy thereof is hereby acknowledged by each of the Parties, the Parties hereby agree as follows:

1. Definitions. As used in Exhibit G (Transition), each of the following terms shall have the corresponding meaning set forth below:

a. “Transition” shall mean the orderly wind-down, transition or migration of any or all of the Services to Company or Company’s designee.

b. “Transitioned Services” shall mean any Transition Services with respect to Company.

c. “Transition Specifications” shall mean the terms for provision of the Transition Services.

2. Transition Plan. The Parties will agree on a Transition Plan for each Service, as applicable, which will set out details of the Transition Services and will attach such Transition Plan to the SOW for the applicable Service within ninety (90) days of the Effective Date of each Service. If a Transition Plan for a Statement of Work is not attached to the MSA, the Parties will agree on one within ninety (90) days after Company provides notice to Supplier that it wishes to develop such a plan. The cost Transition Services shall be determined in accordance with Section 21.4 (Charges) of the MSA.

(a) Resources. Each of the Parties agrees to (and agrees to cause its applicable Affiliates to) designate, at its discretion, the reasonably necessary personnel and other resources required to fully negotiate on an expedited basis, each Transition Plan, which will include business, operations, technology, legal, and project management personnel of adequate levels of seniority (the “Transition Plan Resources”). Without limiting the foregoing, each Party will make commercially reasonable efforts to cause its Transition Plan Resources to attend in-person or telephonic meetings at locations and times, as reasonably required by Company to complete each Transition Plan.

(b) Each Transition Plan shall: (i) describe in reasonable detail the activities, timelines, and tasks required to complete a specific Transition for specific Transitioned Service; (ii)  delineate the roles and responsibilities of personnel from both Parties; (iii) specify the Parties’ obligations related to knowledge transfer, software licenses, third party authorizations, assignment of contracts, removal of assets, delivery of documentation

Exhibit G-1

Execution Copy

and data; and (iii) specify the Key Personnel responsible for performing the Transition Services as well as all other material resources that will be required to perform the Transition Services. At a minimum, the Transition Services will include the following tasks and services to the extent applicable:

(i) mapping Company Data in the form and format hosted by Supplier at the time of the applicable Transition to the file layouts of Company or Company’s designee;

(ii) establishing all applicable dates and detailed action items for the applicable Transition;

(iii) developing and testing Company Data conversion files, including extracting Company Data from Supplier systems and providing data to Company or Company’s designee;

(iv) extracting and either returning to Company or delivering to Company’s designee, as designated by Company in writing, all the Company Data, in the same format as such data is retained by Supplier and within the time frame reasonably required by Company to ensure no impact to the Outsourced Services. If requested by Company, Supplier shall download Company Data onto Company-designated storage devices within the time frame reasonably required by Company;

(v) executing mock conversions and participating in go/no go testing as reasonably requested by Company;

(vi) cooperating with Company’s designee as reasonably directed by Company to effectuate the Transition, including providing necessary information to Company’s designee (e.g., technical specification and responding to inquiries regarding mock conversion test results) and participating in test data conversions with Company’s designee;

(vii) otherwise cooperating with and assisting Company as reasonably required in connection with the Transition, including by responding to questions and inquiries, attending meetings, generating status reports, etc.;

(viii) executing the actual conversion of the applicable Transitioned Outsourced Services in accordance with the terms hereof and of the Transition Plan, as applicable;

(ix) providing the Procedures Manuals and any other applicable process or procedure documentation associated with the Services subject to the Transition;

(x) the approval process for all documentation and knowledge bases (for example, the help desk knowledge base) that are submitted as part of the Transition Plan and planning process, including timelines, formats and deliverables; and

Exhibit G-2

Execution Copy

(xi) providing support to Company (including by responding to questions and inquiries, interpreting data, attending meetings, etc.) for a reasonable period of time requested by Company after conversion of the Company Data to Company’s designee (but in no event longer than six (6) months after such conversion).

(c) Each Transition Plan will provide for the provision of complete, detailed and sufficient information needed such that Company, its Affiliates and any replacement supplier or third-party personnel can assume full responsibility for the provision of the Services without interruption. Such information shall include, to the extent relevant, details of:

i.	records (including a summary of subcontractor/license/lease agreements entered into by EXL with third party vendors for services that are solely used to provide the Services and related warranty provisions)
ii.	configuration information
iii.	databases
iv.	asset registers
v.	programs
vi.	knowledge databases
vii.	asset maintenance history and status
viii.	manuals
ix.	process and procedure documentation
x.	current ticketed cases
xi.	ongoing project/program information
xii.	training materials used to train personnel on Company systems/applications
xiii.	any other similar items that Supplier used or produced during the course of, or for the purpose of, provisioning the Services.

3. Transition Staffing.

a. Each Party will provide the resources reasonably necessary to complete the applicable Transition in accordance with the Transition Plan. Each Party will use best efforts within commercially reasonable limits to ensure the continuity of such employees assigned to perform services related to a Transition. Each such employee will have the proper skill, training and background necessary to accomplish their assigned tasks and all work will be performed in a competent and professional manner, by qualified personnel and will conform to the specifications. Additional details with respect to the Transition staffing will be set forth in the Transition Plan. The foregoing provisions do not limit Supplier’s or Company’s obligations under the Agreement.

b. Without limiting its obligations under subsection 3(a) above, in the Transition Plan, each Party shall assign a project manager for the Transition who will, among other things, (i) serve as the primary point of contact for all Transition Services and Transition events; (ii) oversee all Transition activities and tasks for the applicable Party as well as the individuals who will perform the Transition Services; and (iii) participate in Transition planning, including conference calls, in each case or (i), (ii), and (iii) above as further described and in accordance with the Transition Plan.

Exhibit G-3

Execution Copy

4. Third Party Authorizations. Supplier will use commercially reasonable efforts to transfer agreements executed by Supplier and third party vendors for services that are solely used for provision of Services (for example, Company-specific work orders or maintenance arrangements) to Company as part of the Transition Services, if Company requests these contractual transfers as part of the Transition. Company acknowledges that such transfers may be subject to any additional terms, conditions or consents of the applicable third party vendor.

5. Software Licenses. Without limiting Company’s rights to the licenses previously granted to Company under the Agreement, Supplier will on termination of expiration of a SOW:

a. With respect to licenses applicable to the Services under such SOW, reassign to Company any such licenses assigned by the Company to Supplier pursuant to the Agreement. Supplier will return to Company such reassigned licensed materials with any updates that were provided to Supplier.

b. Provide commercially reasonable assistance to Company, its Affiliates and/or the replacement supplier in securing software maintenance (including all enhancements and upgrades) and support from third party software vendors at competitive rates, if Company requests this and for as long as Company requires these services. Company acknowledges, however, that Supplier does not control third party software vendors (if any). Company acknowledges that such software maintenance and support may be subject to additional terms, conditions or consents from the applicable third party software vendor.

c. Use its commercially reasonable efforts to co-operate to negotiate, in good faith, licenses with third party software vendors on commercially reasonable terms so that, following the Term of this Agreement, Company can use third party software that Supplier installed. Supplier will only agree to negotiate these software licenses for software that:

i.	Is not commercially available through another vendor;
ii.	Is necessary for the ongoing operation of Company’s systems; and
iii.	Does not have a commercially reasonable substitute or work-around.

6. Coordinated Removal of Supplier Assets. If applicable, Supplier will remove its assets (including any Supplier Equipment) from Company’s and its Affiliates facilities, as requested and in such manner approved by Company.

7. Post Termination Consulting Services. If the Transition is in connection with the termination of all the Outsourced Services, Company shall be entitled to receive consulting Services from Supplier at Supplier’s then-current time and materials rates for similar services (subject to annual cost of living adjustment increases no more often than once every twelve (12) months). Notwithstanding Section 4.8 (Survival of Obligations) of the Agreement, this Section 5 of this Exhibit G (Transition) shall survive the termination of the Agreement.

Exhibit G-4

Execution Copy

EXHIBIT H

FORM OF STATEMENT OF WORK

Statement of Work #:

SOW Effective Date:

THIS STATEMENTOF WORK (this "SOW') is entered as of the SOW Effective Date designated above, by and between [      ] ("Company") and ExlService Holdings, Inc. ("Supplier"). Each Party hereto acknowledges that it is entering into this SOW pursuant to the provisions of the Master Services Agreement, dated as of [ ] by and between [ ] and ExlService Holdings, Inc. (the "MSA" or "Agreement"). Each Party hereto further acknowledges and agrees that the provisions of the MSA are hereby incorporated by reference and shall apply to this SOW as though such provisions were set forth herein in their entirety. Capitalized terms not defined herein shall have the meanings ascribed to them within the Agreement.

1. Parties:

	Supplier	Company
Name:	[     ]	[     ]
Address:	[Address]

2. Statement of Work Name:

3.Statement of Work Term: This SOW shall commence on the SOW Effective Date and terminate on [•] (the "Completion Date "). [The Parties acknowledge and agree that time is of the essence.][To be included if SOW is time sensitive]

4. Statement of Work Leadership:

Project Managers	For Supplier	For Companv
Name:
Address:
Title
Phone:
Fax:
E-mail:

5.Description of Services and Deliverables (add attachment if needed): The Supplier will provide the Services described in this SOW. Please include any assumptions upon which the Statement of Work is based including volume and quality of output measures and quality assurance sample sizes.

Exhibit H-1

Execution Copy

Description of Services:

List of Deliverables (if any) created by Supplier for the Company:

List of Company dependencies:

6. Software

a.	Software that are owned or leased by the Supplier for the performance of the Services are:
	[Insert all Software owned or leased by the Supplier for performance of the Services.]

b.	Software that are owned or leased by the Company and provided to Supplier for the performance of the Services are:
	[Insert all Software owned or leased by the Company and provided to Supplier for performance of the Services.]

7. Deliverable Milestones (add attachment if needed):

Deliverable Deliverable Description Start Date Delivery Date

8.Acceptance Criteria/Specifications (attach specifications and other criteria if applicable):

9. Statement of Work Fees and Expenses:

Project based Statement of Work

Supplier will perform all Services and provide all Deliverables under this SOW for a fixed fee of Dollars ($xxx) utilizing the team resources for the number of days reflected in the table below. Note that this fixed amount is inclusive of all fees and expenses and Company shall not be responsible for paying any amount greater than this. If additional work is required it must be authorized by an executed amendment to this SOW or a new SOW in advance of any additional chargeable work being performed.

Or

Continuous or Ongoing Statement of Work

Supplier will perform all Services and provide all Deliverables for the professional fees outlined below

Exhibit H-2

Execution Copy

Resources

Role Level Annual FTE Price of FTEs Total

Non-Chargeable Resources:

Expenses: In addition to the professional fees outlined above, only actual, documented travel expenses incurred by the Supplier and approved by Company in writing shall be reimbursed. Expenses shall be submitted monthly, and shall not exceed twelve percent (12%) of the applicable professional fees set forth above.

The fees and expenses for the team resources outlined above shall not exceed the amount

of                                                  Dollars ($xxx). Company shall not be responsible for paying any amount greater than this. If additional work is required it must be authorized by an executed amendment to this SOW or a new SOW in advance of any additional chargeable work being performed.

10.Key Person(s): List any Key Personnel here that are important to the Services and will be engaged during the full term of the Services:

Key Personnel for Supplier Role

11.Background Check Level Supplier confirms all personnel designated to perform on this Statement of Work has passed Suppliers and Company agreed to background check standards.

12. Service Locations

13. Service Time Supplier personnel will be allocated to work during the following hours

  Days of the Week   Shifts   From   To   Per Person Total Hours
per shift

Exhibit H-3

Execution Copy

Primary Service Location- Service delivery will be performed at the following location:¹

Business Continuity Location – record Company required Business Continuity plan for this process.

14. Service Level Agreements:

15. Additional Terms:

14.1Supplier shall send all invoices to the following address:

[               ]

or via electronic mail to:

14.2It is expressly understood and agreed by Company and Supplier that (a) this SOW will be deemed to be part of the Agreement, and (b) in the event of any conflict between the provisions of this SOW and the Agreement, the provisions of the SOW will govern, unless otherwise expressly provided herein.

¹ If work from home is applicable to the Services, please specify Work from Home in this section.

Exhibit H-4

Execution Copy

IN WITNESS WHEREOF, each of the Parties hereto, through its duly authorized officer, has executed this SOW as of the date below.

[               ]:	[             ]:
By:	By:

Name:  Name: 

Title:  Title: 

Date:  Date: 

Exhibit H-5

Execution Copy

EXHIBIT I

CHANGE REQUEST PROCESS

This Exhibit I (this “Exhibit”) is made and entered into on the Effective Date by and between Company and Supplier. This Exhibit I forms a part of, and shall be governed by, the terms of the Master Services Agreement, dated as of the Effective Date, by and between Global Atlantic Financial Company and ExlService Holdings, Inc. (the “MSA”). Capitalized terms used in this Exhibit I that are not defined herein have the meanings ascribed to them in the MSA or in the other Exhibits or Appendices entered into pursuant to the MSA.

For mutual consideration, the receipt and adequacy thereof is hereby acknowledged by each of the Parties, the Parties hereby agree as follows:

1.                 Company Change Requests. Company may, upon reasonable prior written notice to Supplier, request changes to a SOW (each, a “Change”) by completing the Change Request form (each, a “Change Request Form”) or mutually agreed upon format attached hereto as Appendix 1 (Change Request Form) (each, a “Change Request”) by email. Supplier agrees to review any Change Request submitted by Company within fifteen (15) Business Days of receipt and deliver a response to Company (each, a “Change Request Evaluation Response”) in a mutually agreed upon format within a reasonable time (considering the relevant business circumstances) of Company’s submission of the applicable Change Request. Any Change Request Evaluation Response shall set forth, in a detailed report attached to such Change Request Evaluation Response, responses to the following factors, and Supplier shall amend such report to include any other information reasonably requested or required by Company in writing: (a) estimates of work required to implement the Change; (b) key business and technical assumptions in the work and scope of the effort; (c) an itemized budget including fees, expenses, and hour impact for the Change; (d) the timing of the implementation of the Change; and (e) the likelihood of any delays. Supplier may only reject a Change Request from Company if such Change Request (i) would materially and adversely affect the risks to the health and safety of any person; (ii) would require Supplier to perform the Services in a way that would violate applicable Laws; or (iii) is technically impossible to implement, even though Supplier has the capacity and flexibility required to implement the proposed change. Supplier must notify Company of its decision (to reject the proposed Change Request) and its reasons for that decision on or before the date when Supplier is due to deliver the applicable Change Request Evaluation Response. If the Parties agree to such Change, the Parties will amend the SOW, as applicable, accordingly. No invoices may be issued by Supplier for increased fees until the Parties execute a new or revised SOW, as applicable, or mutually agreed upon document. Work performed by Supplier to prepare, analyze or respond to a Change Request shall not be chargeable to Company hereunder unless the work requires specialized resources to prepare, analyze or respond to a Change Request and Supplier must procure such resources from a third party, in which case the Supplier shall inform Company of such requirement and the Parties shall negotiate in good faith fees for such work, if any. Supplier’s implementation of a Change under a new or revised SOW, as applicable, shall not delay the performance of Services not reasonably affected by such Change.

2.                 Supplier Change Requests. Supplier may propose Changes by completing the Change Request Form or mutually agreed upon format. Any Changes proposed by Supplier shall set forth, in

 

Exhibit I-1

 

Execution Copy

a detailed report attached to the Change Request Form or mutually agreed upon format, responses to the following factors, and Supplier shall amend such report to include any other information reasonably requested or required by Company in writing in making a determination as to its acceptance or rejection of the Change: (a) estimates of work and resources required to implement the Change and resulting cost impact; (b) the opportunities for cost savings by Supplier (or Company, as the case may be) as a result of the Change; (c) the impact on Company; (d) the timing of the implementation of the Change; and (e) the likelihood of any delays. Company agrees to review any Change Request submitted by Supplier in writing within 15 Business Days and deliver a complete Change Request Evaluation Response or mutually agreed upon format to Supplier within a reasonable time of submission, and, based on the schedule proposed in such Change request, give Supplier written notice as soon as reasonably possible as to its acceptance or rejection, in its sole reasonable discretion, of the Change Request. Company may also require Supplier to modify the Change Request within ten (10) Business Days of receiving such a request. Supplier shall make appropriate Supplier Personnel reasonably available to assist Company in determining whether to accept a Change proposed by Supplier. No Change shall be implemented unless and until a Change is agreed to by Company in writing. Once a Change is accepted by Company, unless otherwise specified by Company in writing, all of Supplier’s ongoing obligations with respect to the Services shall include the Change, and the Change shall fall within the scope of the Services.

 

3. Authorized Approvers

 

i. The Parties will only consider communication about a Change Request to be valid under the Agreement if the request was sent to and received by Company’s Relationship Manager or Supplier's Relationship Manager, depending on which is more appropriate.

 

To initiate a Change Request, Supplier or Company, as applicable, will deliver a written request to the Supplier’s Relationship Manager or Company’s Relationship Manager as the case may be, specifying in reasonable detail to the extent known and in accordance with the format set out in the Change Request Template set out in Appendix 1 to this Exhibit I.

 

The Parties will not consider a Change Request to be valid if the request was not sent to either Company’s Relationship Manager or Supplier's Relationship Manager.

 

Exhibit I-2

 

Execution Copy

APPENDIX 1 TO EXHIBIT I

 

CHANGE REQUEST FORM

 

Insert Statement of Work/Project Name   

 

Requestor Party:   

 

Requestor Individual Name:   

 

Date Requested:  

 

Response Requested By:   

 

Change Requested:

 

(The requestor must insert (i) a detailed description of the change requested, (ii) the area of the Statement of Work being modified, (iii) risks (if change is approved as well as if not approved), (iv) impact to the Services, related Service Levels, Deliverables and resources that Company/Supplier believes would be required to affect the Change Request and (v) the benefits of making the change.)

 

Impact Assessment

(Attach completed Impact Assessment covering where appropriate:

·         Areas summarised below:

o        Risks (if change is approved as well as if not approved);

o        Amendments to the SOW, including proposed wording of required changes; and

o        An overview design document showing the service/technical design (if appropriate)

o        Impact to the Services, related Performance Standards (if any), Deliverables and resources that Company / Supplier believes would be required to affect the Change Request

o       Impact on change of Company

Likelihood of any delays

Implementation Plan: [Highlight any section(s) of Impact Assessment that address how the Change Request will be implemented]

Affected parts of the SOW: [What Schedules and/or other documentation under the SOW will be affected by the change SOW]

Service Levels Impacted

Assumptions:

·         key business and technical assumptions in the work and scope of the effort;

Acceptance Criteria (if any)

 

Exhibit I-3

 

Execution Copy

Estimated Schedule Impact:

(The requestor must provide an estimate of how the requested change will impact the schedule.)

 

Estimated Cost Impact:

 

(The requestor should provide an estimate of how the requested change(s) will impact costs, if at all. Any cost adjustments must comport with the pricing terms in the MSA, including Exhibit B or the applicable SOW.)

 

Change Request Received:

 

By:  

 

Individual:   

 

Date:  

 

Change Request No.:

 

Exhibit I-4

 

Execution Copy

EXHIBIT J

 

PRE-APPROVED BENCHMARKERS

 

Benchmarking Firms

 

Name	Address
HfS Research	One Mifflin Place, Suite 400 Harvard Square Cambridge, MA 02138
Novarica	280 Summer Street, 6th Floor Boston, MA 02210
KPMG	345 Park Avenue New York, NY, NY 10154-0102

 

The above list can only be amended by mutual agreement signed by both Company and Supplier.

 

Exhibit J-1

 

Execution Copy

EXHIBIT K

 

COMPANY SATISFACTION SURVEYS

 

Supplier shall work with Company to jointly develop the survey and procedures to determine Company’s overall satisfaction with the Services and carry out all relevant surveys.

 

1. Process

 

The methodology for the Satisfaction Surveys shall include administration by Supplier of survey instruments and/or phone or in-person interviews for stakeholder group(s) as agreed by the Parties. Details of the survey instrument for the Satisfaction Surveys shall be agreed to and approved by the Company Account Executive and the Supplier Account Executive, recognizing that the major objective of the Satisfaction Surveys is to collect comparative data based on a consistent approach and content. Supplier shall ensure that satisfaction survey items are consistent with the applicable Service Levels (if any).

 

a. Prior to Supplier conducting the satisfaction surveys Supplier shall submit to Company the following for review, input and approval at least 30 days prior to the scheduled release date for such survey

i. all satisfaction surveys,

ii. all satisfaction survey recipients,

iii. the satisfaction survey methodology,

iv. the satisfaction survey questions,

b. Each satisfaction survey shall measure Company’s satisfaction for each component of the

Services as applicable to the Company personnel surveyed

c. Supplier shall track survey response rates

d. Supplier shall receive and consolidate completed surveys from the surveyed Company personnel and tabulate the results of such surveys

e. Supplier shall utilize the survey results to plan and implement measurable improvement programs for mutually agreed areas requiring attention

 

2. Satisfaction Survey Timeframe

 

a. Supplier will conduct satisfaction surveys in the format and with the timing approved by Company and as directed by Company

b. Satisfaction survey data reports shall be provided by Supplier in the first week of the month following the completion of the Satisfaction Survey

 

3. Survey Details and Results

 

Supplier shall conduct all Satisfaction Surveys using industry standard surveying methodology including survey approach, frequency, media delivery, and sampling approaches.

 

Exhibit K-1

 

Execution Copy

The attributes of the Satisfaction Surveys shall include some or all the attributes set forth below as mutually agreed by the Parties:

a. performance;

b. knowledge;

c. reliability;

d. courtesy;

e. timeliness;

f. quality;

g. innovation;

h. partnership;

i. communication; and

j. overall satisfaction

 

Company may provide to Supplier any feedback for improvement of the Satisfaction Surveys. Such feedback may involve improvement in Supplier's administration, reporting, process, format and timing of the Satisfaction Surveys

 

Exhibit K-2

 

Execution Copy

EXHIBIT L

 

IMPLEMENTATION

 

This Exhibit L forms a part of, and shall be governed by, the terms of the Master Services Agreement by and between Company and Supplier dated as of the Effective Date (the “Agreement”). In the event of any conflict between the terms hereof and the terms of the Agreement, the terms hereof shall prevail. Capitalized terms used in this Exhibit L that are not defined herein have the meanings ascribed to them in the Agreement or in the other Exhibits or Appendices entered into pursuant to the Agreement.

 

For mutual consideration, the receipt and adequacy thereof hereby acknowledged by each of the Parties, the Parties hereby agree as follows:

 

1. General Obligation to Provide Implementation Services.

 

  1.1 Supplier will, at a cost to be mutually agreed between the Parties, subject to good faith negotiation by the Parties:

 

(a) perform the functions, tasks, and services described in, and as shall be designed and developed pursuant to, any applicable Implementation Project Plan (as defined in Section 2.1 below) and all ancillary services related thereto, and

 

(b) provide the Deliverables described in, and as shall be designed and developed pursuant to, the Implementation Project Plan, (the services described under Section 1.1(a) above and the other services described in this Exhibit L (Implementation), collectively, the “Implementation Services”).

 

2. Implementation Project Plan

 

2.1 For purposes of this Exhibit, “Implementation Project Plan” means, with respect to each SOW, a document containing: (1) a detailed description of the Implementation Services and the tasks, services, requirements, and deliverables necessary to perform and complete the Implementation Services (the performance and completion of all the Implementation Services shall be referred to herein as the “Implementation”); (2) the review and testing stages for the Services; (3) the applicable Implementation Dates (as defined in Section 4.1); (4) the applicable Critical Milestones (as defined in Section 4.2); (5) the identification and designation of the Supplier Implementation Team (as defined in Section 5.1). For each applicable Implementation, Supplier shall prepare a draft Implementation Project Plan for Company’s review and approval. Supplier acknowledges and agrees that, depending on the magnitude of the scope of the applicable Implementation and the complexity of such Implementation, the Implementation Project Plan may need to be further substantiated, detailed, updated, revised, and refined. Accordingly, after the Company’s approval of an Implementation Project Plan, Company may, upon reasonable advance written notice to Supplier: (a) remove or request reasonable modifications to the Implementation Services; or (b) add,

 

Exhibit L-1

 

Execution Copy

    consolidate, bifurcate, remove or otherwise modify tasks, dates, services, in each case as may be reasonably required to complete the Implementation as reasonably determined by Company. Any changes so requested or otherwise agreed to by Company (including any associated changes in costs agreed to by Company) shall be summarized in writing and be deemed incorporated into the Implementation Project Plan.

 

3. Review, Testing and Sign-Off

 

3.1 Each Implementation Project Plan shall include review and testing stages for the Services. The various review and testing stages (including the applicable acceptance testing processes and acceptance criteria for each stage) will be developed pursuant to the applicable Implementation Project Plan, which will reflect reasonable requirements as mutually discussed and agreed between the Parties. Supplier acknowledges and agrees that, in every instance where the Implementation Project Plan refers to “review,” “sign-off,” “review & signoff,” and/or “validation,” in any composition of the foregoing terms, Company will have the opportunity to review, test, and Accept or reject the applicable Implementation Services and Deliverables. Company shall not be bound to provide sign-off by the associated Implementation Date unless the Implementation Services and Deliverables met the applicable Acceptance Criteria and Company has Accepted such Implementation Services or Deliverables (as the case may be). Without limitation of any of Company’s rights or remedies, the Parties shall mutually discuss and, as applicable, the Supplier revise the Implementation Services and Deliverables to meet applicable Acceptance Criteria if any Implementation Services and Deliverables are rejected and the Implementation Date may be postponed to a later date accordingly as mutually determined by the Parties.

 

3.2 Company shall be entitled to an Evaluation Period in which to Evaluate the new Service in accordance with the applicable Acceptance Criteria to determine if there is a Nonconformity. Company’s acceptance of a Deliverable or of Implementation Services shall not be deemed to have taken place until Company Accepts such Deliverable or Implementation Services.

 

4. Implementation Dates

 

4.1 General. Supplier shall perform the Implementation Services and all tasks and activities associated therewith by the dates set forth in the Implementation Project Plan (each, an “Implementation Date” and collectively, the “Implementation Dates”). If any Implementation Date is missed by a Party, without limitation to any rights of the Parties, the matter will be promptly escalated pursuant to Section 5.3 (Escalation) below. As a part of the escalation process discussions, Company will propose replacement Implementation Dates based on Company’s needs in connection with the applicable Implementation, which replacement Implementation Dates will be subject to Supplier’s consent not to be unreasonably withheld, contingent, or delayed. Once agreed upon by Supplier, such replacement Implementation Date shall be deemed incorporated into the Implementation Project Plan.

 

Exhibit L-2

 

Execution Copy

4.2 Missed Critical Milestones. The Implementation Project Plan shall identify each critical milestone, to the extent applicable and as agreed by the Parties, to achieve the Implementation (each, a “Critical Milestone” and collectively, the “Critical Milestones”) and the date by which such Critical Milestones must be achieved. Critical Milestones will have defined Service Level Requirements. The Implementation Project Plan shall, to the extent applicable, include a framework for assigning Service Level credits to Company if Supplier is late in meeting a Critical Milestone.

 

5. Management and Governance of Implementation Services

 

5.1 Supplier Implementation Team. Supplier will staff and maintain until the completion of the Implementation a project team comprised of the Supplier Personnel listed in the Implementation Project Plan to manage and oversee Supplier’s performance of the Implementation Services and liaison with the Company Implementation Team (the “Supplier Implementation Team”).

 

5.2 Company Implementation Team. The Company Implementation team will be comprised of members of its Vendor Management Office and other individuals designated in writing from time to time by Company (the “Company Implementation Team”).

 

5.3 Escalation.

 

a. Escalation Process. For matters arising under this Exhibit L including, without limitation, disputes related to meeting a Critical Milestone, each Party may institute an escalation of such matters according to the following process. All issues shall be first escalated to Level 1 personnel, and, if the issues are not resolved by such personnel or if the Level 1 personnel wishes to make the Level 2 personnel aware of such issues, such issues shall be escalated to Level 2 personnel:

i. Level 1 is the Implementation work-stream lead (such work-stream lead may be a technical, operations or project manager) as would be identified by the applicable Party from time to time in writing, who will meet for the purpose of resolving the matter promptly upon communication of the escalation request.

ii. Level 2 is comprised of the Implementation leads and their counterparts on the Supplier Implementation Team as would be identified by Company from time to time in writing.

b. If a dispute or an issue is not resolved by Level 2 personnel, the dispute or issue shall be escalated to the Implementation program sponsors and if such dispute or issue is not resolved within ten (10) Business Days, either Party may commence the dispute resolution process described in Section 28 (Governing Law; Dispute Resolution) of the Agreement.

 

6. Company’s Obligations

 

Exhibit L-3

 

Execution Copy

6.1 Company shall use commercially reasonable efforts to perform all the obligations designated in the Implementation Project Plan as Company obligations (the “Company Obligations”).

6.2 For the avoidance of doubt, no delay in, or failure by Company to perform Company Obligations shall be deemed a breach of this Exhibit L (Implementation) or a breach of the Agreement, and Supplier shall not have any remedy against Company or anyone acting on its behalf in connection therewith. However, failures or delays by Company in performing Company Obligations may result in failures or delays in Supplier’s performance or delivery of related Implementation Services or Deliverables and additional cost to Company. To the extent Supplier can reasonably demonstrate that Company’s failure or delay caused failures or delays in Supplier’s performance of related Implementation Services or Deliverables, then Supplier’s performance of the affected Implementation Services or Deliverables shall be excused by Company for a time period reasonably determined by Supplier. The replacement Implementation Date(s) for Supplier’s performance or delivery of such Implementation Services or Deliverables will be added to the Implementation Project Plan.

7. Training

As part of the Implementation Services, Supplier shall provide at a cost to be mutually agreed between the Parties in the applicable SOW, such reasonable training to a reasonable number of individuals designated by Company with respect to the functionality and operation of the Services as implemented for Company as a part of the Implementation. Without limiting the foregoing, at Company’s written request, Supplier shall conduct reasonable “train-the-trainer” training sessions to enable the Company personnel to understand the functionality and operation of the Services and work product, as the case may be, sufficiently; provided, for NerveHub, “train-the-trainer” training sessions shall be conducted by the Supplier for the Company personnel in supervisory roles. “Train-the- trainer” training sessions can be provided as web meetings unless not reasonably practicable. Company is responsible for the development and approval of training material and/or operational procedures; however, Supplier shall provide to Company product guides and business resources as reasonably requested by Company to assist Company with such development efforts. Without limiting the foregoing, Supplier shall:

a.	Designate a training coordinator to work with the Company’s training coordinator;
b.	Provide baseline training materials from its training centers so that Company may create customized training materials;
c.	Train and assist Company to establish workflows and business rules, as applicable; and
d.	Make available during regular business hours subject matter experts to answer questions, provide guidance, and assist in the development of policies and procedures, data mapping and definitions, report generation, and any other implementation related activities deemed necessary by Company.

Exhibit L-4

Execution Copy

Notwithstanding any provision to the contrary training materials shall be subject to final sign off and approval by the Company.

8. Post Implementation Support

Without limitation to Supplier’s other obligations and Company’s rights under the Agreement, for a period of [Intentionally Omitted]      following the completion of the applicable Implementation, Supplier shall resolve any Nonconformities of the Services resulting from the Implementation at no Charge to Company.

Exhibit L-5

Execution Copy

EXHIBIT M

REPORTING

This Exhibit M forms a part of, and shall be governed by, the terms of the Master Services Agreement by and between Company and Supplier dated as of the MSA Effective Date (the “MSA”). In the event of any conflict between the terms hereof and the terms of the MSA, the terms hereof shall prevail. Capitalized terms used in this Exhibit M that are not defined herein have the meanings ascribed to them in the MSA or in the other Exhibits, Attachments or Appendices entered into pursuant to the MSA.

For mutual consideration, the receipt and adequacy thereof are hereby acknowledged by each of the Parties, the Parties hereby agree as follows:

Media

Supplier shall furnish to Company all reports in electronic form as agreed by the Parties. An online management dashboard should be made available to Company which should function as a reporting tool used to visually present information to ascertain the ongoing status (or “health”) and performance of various elements of the agreed-on services via key business and technical indicators. The dashboard should be web or email based and updated minimum on a daily and/or weekly basis or as negotiated. Provider might also be required to update Company owned dashboard(s). Access needs to be provided to designated Company personnel with the ability to review the underlying data.

Supplier shall prepare and transmit to Company the reports listed below at the frequency and time set forth below and in a form and format as reasonably requested by Company.

1. Daily and Monthly Reports

Via online portals that are available with the Services, Company will have access to various performance data for the Services on a daily and monthly basis, including any abnormalities and any events that require any actions by Company.

2. Quarterly Reports

A report showing the service level performance under Service Level Agreements for each calendar quarter, which report shall be available to Company on a mutual agreed upon timeframe (“Quarterly Business Review”). Unless otherwise agreed, Quarterly Business Reviews will occur in the second (2nd) month of each calendar quarter to cover the previous calendar quarter.

3. Summary of Key Reports:

(a) Reports to be considered for inclusion in MSA (but not limited to):

i.	Monthly Executive Summary Scorecard
ii.	Monthly Service Level Performance Report

Exhibit M-1

Execution Copy

iii.	Monthly Issue Management Report
iv.	Annual Executive Customer Satisfaction Results
v.	Annual Audit Reports (SSAE 18 SOC-1 type I, SOC-2 type II and with applicable Bridge Letters)
vi.	Quarterly Staffing Reports
vii.	Service Provider Report

(b) Reports to be considered for inclusion in SOW (but not limited to):

i.	SOW Project Billing
ii.	Daily Security Incident Report
iii.	Weekly/Monthly Applications Availability
iv.	Weekly/Monthly Incident Report
v.	Weekly/Monthly Service Desk Reports
vi.	Weekly/ Monthly Change Management Report
vii.	Biweekly report of lost policy holders
viii.	Monthly QA results to Company
ix.	Weekly/Monthly Suspense Report
x.	Automated fraud reports (monthly and on an as needed basis)
xi.	AML reports (including OFAC)

Exhibit M-2

Execution Copy

EXHIBIT N

SUPPLIER SERVICE LOCATIONS AND SUPPLIER SERVICE PROVIDER LOCATIONS

SUPPLIER AFFILIATES* 

us	1. ExlService.com, LLC		•10 Exchange Place, Suite 2200, Jersey City, NJ 07302 •111 Town Sq. place, Jersey City, NJ 07310	Business Processing Outsourcing
	2.	ExlService Holdings, Inc.	•320 Park Avenue, 29th Floor, New York, NY 10022	Corporate/holding company
	3.	RPM Direct, LLC	•24 Arnett Avenue Suite I00 Lambe1tville, NJ 08530	Analytics
	4.	Datasource Consulting LLC	•10 Exchange Place, Suite 2200, Jersey City, NJ 07302 •2399 Blake Street, Suite 170, Denver, CO 80205	Consulting
India	5.	ExlService.co m (India) Private Limited	•A-18, Sector 59, Noida 201301, Uttar Pradesh •C42A, Oxygen Complex, Sec 144 Noida 201301, Uttar Pradesh •Oxygen Complex, Tower-B, Plot No.7, Sector- 144, Noida 201306, Uttar Pradesh •5th to 8th Floor, Tower C, Oxygen Complex, Sector-144, Noida 201306, Uttar Pradesh •11th & 12th Floor, Tower 3, IT/ ITES SEZ of M/s Oxygen Business Park Pvt. Ltd, Plot #7, Sector-I44, Noida 201306, Uttar Pradesh •1st Floor & 7th Floor: Wing A & B, 8th Floor: Wing A, Building# Bl, IT/ITES SEZ of M/s Golde n Towe r Infratech Private Limited, Plot# 08, Sector 144, Noida 201306, Uttar Pradesh •8th Floor, Wing B, Building # Bl, IT/ITES SEZ of M/s Golden Tower Infratech Private Limited, Plot # 08, Sector 144, Noida 201306, Uttar Pradesh •4th Floor, Tower D, Building# 14, DLF Cyber City, Gurgaon, Ha1yana 122002 •18th Floor, Tower C, Building#l 4, DLF Cyber City, Gurgaon, Ha1yana 122002 •15th & 16th Floor, Block B & C, ASF Insignia SEZ Pvt. Ltd, Grand Canyon Building, Gurgaon Faridabad Road, Tehsil Sohna, Gwal Pahari, Gurgaon 122003 •Tower No 1, Ground Floor/First Floor, Magarpatta Citv, Hadapsar, Pune 411013	Business Processing Outsourcing

ExhibitN-1

Execution Copy

			•3rd Floor, Wing A & B, Tower 12, Cyber City, Magarpatta City, Hadapsar·, Pune 411013 •Tower 9, Wing A & B, Ground floor, SEZ, Magarpatta Citv, Hadapsar, Pune 411013
	6.	Inductis (India) Private Limited	•4th Floor, Tower D, Building# 14, DLF Cyber City, Gurgaon, Ha1yana 122002	Consulting, research and analytics
	7.	IQR Analytics Private Limited	•4th Floor, Tower D, Building# 14, DLF Cyber City, Gurgaon, Ha1yana 122002	Analytics
	8.	Datasource Consulting (India) LLC	•Tower 2D, Embassy Tech Village, Deverabeesanhalli, Outer Ring Road, Bangalore 560 103, Kamataka	Consulting
Philippines	9.	ExlService Philippines, Inc.	•6F One E-com, Harbor Drive, Mall of Asia Complex, Pasay City, Manila, 1308, Philippines •12F Two E-com, Sunset Drive, MOA Complex, Pasay City 1308 Philippines •16F Five E-Com, Mall of Asia Complex, Pasay City, Manila, Philippines •1OF Plaza E Building NorthGate Cyberzone, Filinvest City, Alabang, Philippines •8F North Tower 1, SM City No1t h EDSA Complex, EDSA comer No1th Avenue, Quezon City, Philippines •17F The Link Bldg., J.M del Mai· Ave. cor., Salinas Drive, Cebu IT Park Apas, Lahug Cebu City 6000, Philippines •l0F 2Quad Building, Cardinal Rosales Ave., Cor. Sumilon Road, Cebu Business Park, Cebu City 6000, Philippines •12F SM Strata Building, SM City Iloilo BPO Tower Sen. Benigno, Aquino Jr. Avenue Service Road, Brgy. Bohlao, Mandurriao, Iloilo City 5000, Philippines	Business Processing Outsourcing

* US-based, India-based and Philippines-based employees working on a remote basis due to the COVID-19 pandemic.

SUPPLIER DATA CENTER SITES

us	10. ExlService Holdings, Inc.	•CyrusOne Datacenter, Suite 10.4 (EXL), 800 Cottontail Ln, Somerset, NJ 08873	Data center
	11. EXLService.com	•1400 Kifer Rd, Sunnyvale, CA 94086	Data center

ExhibitN-2

Execution Copy

SUPPLIER SUBCONTRACTOR SITES

us	12. RICOH USA, Inc.	•300 Eagleview Boulevard, Ste. 200, Exton, PA 19341	Mailroom, printing and fulfilment
	13. CGI, Inc.	•11325 Random Hills Rd STE 800, Fairfax, VA 22030	Identity access management
India	14. CGI India	•95/1 & 95/2, Tower 2, E-City Software Park, Symbiosis - CGI Road, Electronics City phase 1, Bengaluru 560100, Karnataka	Identity access management

ExhibitN-3

Execution Copy

EXHIBIT O

AFFILIATES

SUPPLIERAFFILIATES

us	1. ExlService.com, LLC
	2. ExlService Holdings, Inc.
	3. RPM Direct, LLC
	4. Datasource Consulting LLC
India	5. ExlService.com (India) Private Limited
	6. Inductis (India) Private Limited
	7. IQR Analytics Private Limited
	8. Data source Consulting (India) LLC
Asia	9. ExlService Philippines, Inc.

SUPPLIER DATA CENTER SITES

US	10. ExlService Holdings, Inc.
	11. EXLService.com

SUPPLIER SUBCONTRACTOR SITES

US	12. RICOH USA, Inc.
	13. CGI, Inc.
India	14. CGI

Exhibit O-1

Execution Copy

EXHIBIT P

INTENTIONALLY OMITTED

Exhibit P-1

Execution Copy

EXHIBIT Q

INTENTIONALLY OMITTED

Exhibit Q-1

Execution Copy

EXHIBIT R

INTENTIONALLY OMITTED

Exhibit R-1

Execution Copy

EXHIBIT S

FORM OF NON-DISCLOSURE AGREEMENT

US Confidentiality and Nondisclosure Agreement

This Agreement (the “Agreement”) is made as of [Insert date] by and between ExlService Holdings, Inc., a Delaware corporation, with its principal office located at 320 Park Avenue, 29^th Floor, New York, NY 10022 (“ExlService”) and [Insert Company Name], a [Insert State Domiciled] [corporation/limited liability company], with its principal office located at_____________________________________(the “Recipient”). Recipient will visit the facility/ies of ExlService based in USA from where services are being provided by ExlService to Global Atlantic Financial Company pursuant to that certain Master Services Agreement, dated [ ], 2021, between Global Atlantic Financial Company and ExlService Holdings, Inc. (the “Assessment”). In connection with the Assessment, the Recipient may be given access to ExlService’s (or its affiliates’) confidential and proprietary information. This Confidentiality and Nondisclosure Agreement (the “Agreement”) confirms the agreement between ExlService and the Recipient regarding the manner in which all such confidential and proprietary information will be treated.

1.Confidential Information. “Confidential Information” means all information or data that is disclosed by ExlService or its Representatives (as defined below) to the Recipient or its Representatives (as defined below) under or in contemplation of this Agreement, including, but not limited to techniques, methods, pricing or practices, clients, developments, know-how, trade secrets, trademarks, copyrights, patents or other intellectual property rights, and any other information, oral or written, which, under the circumstances surrounding disclosure, ought to be treated as confidential or is otherwise identified as proprietary or confidential by ExlService or its Representatives (the “Confidential Information”). For purposes of this Agreement, “Representatives” means, collectively, with respect to each party, such party’s and its affiliates, and its and their officers, directors, employees, financial or other advisors, attorneys and accountants.

The term “Confidential Information” shall not include information that: (a) at the time of disclosure is, or thereafter becomes publicly available without breach of this Agreement; (b) is rightfully obtained by the Recipient or its Representatives, without any restriction, from third parties not under any obligation of confidentiality; (c) was lawfully available to the Recipient on a non-confidential basis prior to disclosure; or (d) is independently developed by the Recipient without use of information disclosed hereunder.

2.Confidentiality Obligations. The Recipient shall: (a) hold in confidence and not disclose (directly or indirectly, in whole or in part) any Confidential Information to third parties except as permitted herein or with the prior written consent of ExlService; (b) not use or in any way appropriate any Confidential Information for any purpose other than as contemplated by this Agreement; (c) limit the dissemination of and access to the Confidential Information to such of its Representatives or contracted third parties as may reasonably require such information, and ensure that any and all such persons are informed of and observe all of the obligations contained in this Agreement; (d) be responsible for any breach of this Agreement caused by any of its Representatives; and (e) protect and safeguard the confidentiality of all such Confidential Information with at least the same degree of care as it uses to protect its own Confidential Information, but in no event with less than a commercially reasonable degree of care.

Exhibit S-1

Execution Copy

Without ExlService’s prior written consent, the Recipient shall not, nor permit any of its Representatives to, disclose to any person: (i) that the Confidential Information has been made available to it or its Representatives; (ii) that discussions or negotiations may be, or are, underway regarding the Assessment; or (iii) any terms, conditions or other facts with respect to the Confidential Information or the Assessment, including the status thereof.

3.Required Disclosure. If requested or required by legal or regulatory process to disclose any Confidential Information, the Recipient shall, to the extent allowed by law or regulatory authority, promptly notify ExlService of such request or requirement so that ExlService may seek an appropriate protective order or other remedy and cooperate in responding to such request or requirement. If ExlService does not obtain a protective order, Recipient may disclose solely the Confidential Information required by law or regulatory process and solely to the entity to which such disclosure is required to be made.

4.Return or Destruction of Confidential Information. Within thirty (30) days of completion of the Assessment or otherwise upon ExlService’s written request, the Recipient shall promptly return to ExlService all documents and other information, including any and all copies in whatever form, to the extent they contain Confidential Information, or certify in writing the destruction of the same.

5.Audit Right. At any time during the term of this Agreement and for a period of two years from the termination date of this Agreement, upon ExlService’s prior written request, the Recipient shall provide to ExlService or its designated agents full access to the Recipient’s premises to inspect and audit the relevant books, records, procedures and practices of the Recipient to verify the Recipient’s compliance with the terms of this Agreement. ExlService shall conduct an audit only during the Recipient’s normal business hours and in a manner that does not unreasonably interfere with the Recipient’s business operations.

6.No Representations or Warranties. Neither ExlService nor any of its Representatives (a) make any representation or warranty, express or implied, as to the accuracy or completeness of any Confidential Information or (b) shall be liable to the Recipient or any of its Representatives relating to or resulting from the Recipient’s use of or reliance on any of the Confidential Information.

7.No Transfer of Rights, Title or Interest. ExlService hereby retains its entire right, title and interest, including all intellectual property rights, in and to all of its Confidential Information and any disclosure of such information shall not be construed as an assignment, grant, option, license or other transfer of any such right, title or interest whatsoever.

8.No Obligation. The parties agree that neither party has any obligation, by virtue of this Agreement, to enter into negotiations, discussions, any business or contractual relationship, transaction or any other activities except for the matters specifically agreed to herein.

9.Indemnification; Remedies. The Recipient agrees to indemnify and hold ExlService harmless from and against all claims, losses, liabilities, damages, expenses and costs (including, without limitation, attorneys’ fees) which result from the breach or threatened breach of this Agreement by the Recipient or any third party which obtains the Confidential Information with Recipient’s authorization. The Recipient agrees that money damages would not be a sufficient remedy for any breach or threatened breach of this Agreement and that ExlService shall be entitled to seek specific performance and injunctive and other equitable relief as a remedy for any such

Exhibit S-2

Execution Copy

breach or threatened breach, in addition to all other remedies available at law or equity, and the Recipient hereby waives any requirement for the securing or posting of any bond or the showing of actual monetary damages in connection with such claim.

10.No Solicitation of Employees. The Recipient hereby agrees that, during the term of this Agreement and for a period [Intentionally Omitted]s thereafter, it will not, nor will any of its Representatives, directly or indirectly, solicit or hire any employee of ExlService or its Representatives or induce any such employee to terminate such employee’s employment without the prior written consent of ExlService; provided that, the foregoing restriction shall not prohibit the Recipient from offering employment to any employee that directly contacts the Recipient after the date hereof in response to general non-directed public advertisements of employment opportunities (including the use of employment agencies).

11.Notice. Any notice or other communication hereunder shall be in writing and deemed given (a)when received if given in person or by courier, (b) on the date sent by facsimile or other wire transmission (with confirmation of transmission) or by email, if sent during normal business hours of the recipient, and on the next business day if sent after normal business hours of the recipient; provided that, with respect to notice sent via email, the recipient sends and the party providing notice receives, an email acknowledging (i) receipt of such notice and the (ii) formal nature of the notice provided; or (c) on the fifth business day after the date mailed, by certified or registered mail, return receipt requested, postage prepaid. Such communications must be sent to the respective parties at the addresses set forth on the first page of this Agreement (or to such other address as may be specified by either party in a notice).

12.Entire Agreement; Amendments. This Agreement constitutes the entire agreement of the parties with respect to the subject matter herein and supersedes all prior and contemporaneous agreements, understandings and proposals, both oral and written, between the parties regarding the same subject matter. This Agreement may only be modified, supplemented or amended in writing signed by each party hereto.

13.10b-5. Recipient hereby acknowledges to ExlService that it is aware (and, if applicable, that its Representatives who are apprised of this matter have been advised) that the United States securities laws prohibit any person who has material non-public information about a company from purchasing or selling securities of such company, or from communicating such information to any other person under circumstances in which it is reasonably foreseeable that such person is likely to purchase or sell such securities.

14.Waiver and Severability. No waiver by any party of any of the provisions hereof shall be effective unless set forth in writing and signed by the party waiving. If any provision of this Agreement is determined to be invalid or unenforceable, in whole or in part, the remaining provisions will continue in full force and effect as if this Agreement had been executed without the invalid provision.

15.Assignment. This Agreement may not be assigned by Recipient without ExlService’s prior written consent and any attempted or purported assignment of this Agreement without ExlService’s consent shall be void.

Exhibit S-3

Execution Copy

16.Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of New York, without giving effect to conflict of law principles. The Recipient hereby irrevocably and unconditionally consents and waives objections to the exclusive jurisdiction and venue in any federal or state court located in New York County, State of New York with respect to any actions, suits or proceedings arising out of or relating to this Agreement.

17.Survival. Except with respect to any Confidential Information that is not destroyed or returned to ExlService (for which Confidential Information the confidentiality obligations hereunder are indefinite), the obligations of the Recipient under this Agreement shall expire five years from the date of this Agreement.

18.Counterparts. This Agreement may be executed manually or electronically in counterparts including via “PDF” or other electronic means) each of which shall be deemed an original and all of which together shall constitute one and the same instrument. Signatures affixed by electronic means will have the same validity as manual signatures.

[Remainder of page intentionally left blank]

Exhibit S-4

Execution Copy

IN WITNESS WHEREOF, the parties hereto have executed this Agreement and agree to be bound by its terms and conditions.

EXLSERVICE HOLDINGS, INC.

By:

Print Name:

Title:

Date:

[RECIPIENT]

By:

Print Name:

Title:

Date:

Exhibit S-5

Execution Copy

INDIA CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT

This CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT (the “Agreement”) is executed on this [insert date], by and between:

Exhibit S-6

Execution Copy

ExlService.com (India) Private Limited, a company incorporated and registered under the Companies Act, 1956, having its registered office situated at 1^st & 7^th Floor – wing A&B, 8^th Floor – Wing A, IT/ITES SEZ of Golden Tower Infratech Private Limited, Plot #8 Sector 144, Noida, India, acting through and represented by its authorized signatory (hereinafter referred to as “Company”, which expression shall, unless repugnant to the context or meaning hereof, mean and include its successors in title, holding companies, subsidiaries, affiliates, group companies, agents, employees, legal representatives and permitted assigns) of the FIRST PART;

AND

____________________, having its registered office situated at ___________________and having branch office at ________________, acting through and represented by its authorized signatory ______________, holding designation as ____________________, who is duly authorized vide Board resolution dated __________ (hereinafter referred to as “Contractor”, which expression shall, unless repugnant to the context or meaning hereof, mean and include its successors in title, holding companies, subsidiaries, affiliates, group companies, agents, employees, officers, directors, authorized signatory, legal representatives and permitted assigns) of the OTHER PART.

WHEREAS, Contractor will visit the facility/ies of EXL based in India from where services are being provided by Company to Global Atlantic Financial Company pursuant to that certain Master Services Agreement, dated [ ], 2021, between Global Atlantic Financial Company and ExlService Holdings, Inc. (hereinafter referred to as “Arrangement”);

AND WHEREAS, prior and subsequent to entering into the Arrangement, Company or any of its representatives may disclose to the Contractor either directly or indirectly, or the Contractor may ascertain, gather or learn, by virtue of the Arrangement with Company, or the Contractor might have access to, in any other way, certain information that is considered Confidential and Proprietary as defined below (hereinafter collectively referred to as “Confidential and Proprietary Information”);

AND WHEREAS, Company desires that all Confidential and Proprietary Information be subject to the confidentiality and non-disclosure restrictions imposed by this Agreement.

NOW THEREFORE, in consideration of the mutual covenants and premises set forth herein, this Agreement witnesseth as under:

1. The term “Confidential and Proprietary Information” as used in this Agreement shall include but not limited to all information of Company, its clients, clients’ customers, contractors, vendors, third parties, employees and other associates, whether electronic, website-based, or other form, that is not known by, or generally available to, the public at large and that concerns the business, financial affairs or technology of Company or any of its clients or clients’ customers, including but not limited to commercial, financial, technical information and know how, databases, documents, internal controls, data processing programs, software, drawings, designs, copyrights, trademarks, names, ideas, applications, routines, subroutines, techniques and systems, pricing structures, names and/or details of the clients or clients’ customers and employees, personal details and/or sensitive information of its employees including without limitation information covered by the privacy-related statutes and other statutes, contractors/vendors lists and records, costs, pricing and other business strategies, marketing plans and programs, business plans and methods of operation and proposed methods of operation, accounts, transactions and proposed transactions, and security procedures.

Exhibit S-7

Execution Copy

The term “Confidential and Proprietary Information” also includes any notes, summaries, analyses or other material derived from such Confidential and Proprietary Information. It also comprises all information pertaining to any transaction as contemplated or arising out of this Agreement or any other agreement between the parties, including the terms of this Agreement, Arrangement and such other agreements.

2. This Agreement is entered into to assure the protection and preservation of Confidential and Proprietary Information of Company.

3. This Agreement shall be effective from the date of execution of this Agreement until five (5) years thereafter.

4. The Contractor understands and acknowledges that the Confidential and Proprietary Information has been/shall be developed or obtained by Company by investing significant time, effort and expense and is a valuable, special and unique asset of Company, which provides it with a significant competitive advantage. The Contractor understands and acknowledges that unauthorized release of Confidential and Proprietary Information could be harmful to Company’s business interests. Therefore, the Contractor agrees and undertakes that:

(a) The Contractor shall treat all the Confidential and Proprietary Information as confidential, regardless of when or how it is disclosed or obtained and regardless of the form in which it is disclosed or obtained.

(b) Immediately upon receipt of any Confidential and Proprietary Information, the Contractor shall take steps for its safe custody. The Contractor shall keep all materials containing the Confidential and Proprietary Information in a safe and secure place at all times.

(c) The Contractor will hold all Confidential and Proprietary Information in the strictest confidence, will exercise the same degree of care and maintain the same adequate security measures to safeguard the Confidential and Proprietary Information from unauthorized access, use and misappropriation as it maintains with its own similar information that it does not wish publicly to disclose, publish or disseminate (which shall in no event be any less than reasonable care), and will not, without Company’s prior written & specific consent, copy, reproduce, modify, alter or disclose to any third party any Confidential and Proprietary Information, in whole or in part.

(d) To notify Company promptly of any unauthorized use, copying or disclosure of the Confidential and Proprietary Information of which the Contractor becomes aware and to provide all reasonable assistance to Company to terminate such unauthorized use or disclosure (or both).

(e) The Contractor will not, without the prior written & specific consent of Company, use any portion of the Confidential and Proprietary Information for any purpose other than the agreed Arrangement or in any way which would be harmful to Company; and

(f) The Contractor will restrict dissemination of the Confidential and Proprietary Information to only those persons within its organization who are directly involved in the provision of services under the Arrangement and who are required to be made aware of such Confidential and Proprietary Information; provided, however, that such information shall be disclosed only on a need to know basis; provided, further, that all persons, to whom

Exhibit S-8

Execution Copy

such disclosures are made shall enter into agreement to keep the information strictly confidential and to abide by the terms hereof.

5. The foregoing shall not prohibit or limit the Contractor’s use, disclosure, reproduction or dissemination of Confidential and Proprietary Information, which:

(a) is or becomes public domain information or material through no fault or breach on part of the Contractor;

(b) is, on written advice of counsel, required to be disclosed by law or legal process, after prior written notice has been given to Company;

(c) as demonstrated by the written records of the Contractor, was already lawfully known (without restriction on disclosure) to the Contractor prior to such information being disclosed to the Contractor by Company, or any representative of Company; or

(d) has been or is hereafter rightfully furnished to the Contractor without restriction on disclosure by a third party lawfully in possession thereof, provided that in this case the Contractor promptly notifies Company, in writing, of the circumstances establishing the exception.

It shall be presumed that any Confidential and Proprietary Information in possession of the Contractor that has been disclosed to it by Company or any representative of Company, does not fall within any of exceptions above, and the onus is on the Contractor to prove otherwise through records and documentation.

6. All Confidential and Proprietary Information (including tangible copies and computerized or electronic versions and summaries thereof) shall remain the property of Company and shall not be reproduced in whole or in part without Company’s prior written & specific consent. Company reserves the right to retain with itself the Confidential and Proprietary Information, in part or in whole, at any point of time, period or occasion, before, after or during the course of this Agreement.

7. For any work performed by the Contractor till, Company shall own and, to the extent permissible under applicable law, the Contractor shall assign to Company all proprietary rights in all such work or in any and all inventions conceived or reduced to practice by the Contractor in connection with the Arrangement, and in any and all other works of authorship fixed in a tangible means of expression by the Contractor in the course of performing services for Company. If requested by Company, the Contractor will sign documents and otherwise assist Company in perfecting such ownership and obtaining patents and registering copyrights.

8. This Agreement shall not be construed as granting or conferring any rights to the Contractor expressly or implicitly, in the Confidential and Proprietary Information. No license, express or implied, by estoppel or otherwise, under any trade secret right, trademark, patent, copyright or other proprietary right which is now or may hereafter be owned by Company, is granted by the disclosure of any information under this Agreement.

9. The Contractor understands and acknowledges that the information shall be provided on an “AS IS” basis and neither Company nor any of its employees, officers, agents, or advisors is making any representation or warranty, express or implied, as to the accuracy or completeness of the Confidential and Proprietary Information and that neither Company nor any of its

Exhibit S-9

Execution Copy

employees, officers, agents or advisors will have any liability to any person resulting from any use of the Confidential and Proprietary Information.

10. The Contractor agrees within thirty (30) days of completion of the Arrangement, or upon termination of the Arrangement, or at any time upon the request of Company, the Contractor will promptly:

(a) return or destroy, at the option of Company, all originals and copies of all documents and materials containing Company’s Confidential and Proprietary Information;

(b) deliver or destroy, at the option of Company, all originals and copies of all summaries, records, descriptions, modifications, negatives, drawings, adoptions and other documents or materials, whether in writing or in machine-readable form, prepared by it or under its direction or at its request from the documents and materials referred to in subparagraph (a); and

(c) provide a notarized written statement to Company, certifying that all documents and materials referred to in subparagraphs (a) and (b) have been delivered to Company or destroyed, as requested by Company.

11. The Contractor agrees and acknowledges that any breach of this Agreement by the Contractor would cause Company irreparable harm for which monetary damages would be inadequate. Accordingly, Company will be entitled to seek equitable relief and claim injunctive relief and damages, including consequential, special, indirect damages whether in contract, strict liability, tort or otherwise, to remedy any threatened or actual breach of this Agreement by the Contractor. The Contractor agrees to always & fully indemnify and hold harmless Company from the aforesaid or any claims including all claims of third parties related to the breach of this Agreement as well as wrongful disclosure of third parties’ confidential information by the Contractor.

12. This Agreement shall be binding upon, and shall inure to the benefit of and be enforceable by, the parties hereto and their respective successors and assigns.

13. The Contractor agrees that Company may, upon reasonable notice, examine the Contractor’s procedures and policies to ensure compliance with the provisions of this Agreement.

14. Additionally, without the prior written & specific consent of Company, the Contractor agrees not to issue or release any articles, advertising, publicity or other matter relating to any Confidential and Proprietary Information (including the fact that a meeting or discussion has taken place between the parties) or mentioning or implying the name of Company, except as may be required by law and then after providing Company with an opportunity to review and comment thereon.

15. This Agreement contains and sets forth the entire agreement between the parties with respect to the subject matter hereof. No prior or contemporaneous written or oral agreements and no subsequent oral agreements between the parties with respect to the subject matter hereof shall be binding upon the parties.

Exhibit S-10

Execution Copy

16. Nothing in this Agreement shall be construed so as to impose an obligation on Company to exchange Confidential and Proprietary Information or to purchase, sell, license, transfer or otherwise make use of any technology, services or products.

17. No failure or delay on the part of Company in exercising any of the rights, powers or privileges available to Company under this Agreement or otherwise shall be deemed to be a waiver thereof, nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power or privilege. Any waiver of compliance with the terms of this Agreement must be in writing and signed by the duly authorized representative of Company.

18. All notices, returns of material, requests, consents and other communications required, permitted or desired to be given hereunder to be served upon or given to the parties hereto shall be deemed duly served and given when received after being delivered by hand or sent by registered/speed post, return receipt requested, postage prepaid, addressed at the address aforementioned and deemed to be delivered & served after expiry of five days’ from the date of posting.

19.Contractor agrees that Contractor shall abide by all the applicable laws, rules and/or regulations including without limitation anti-bribery, anti-corruption, anti-discrimination, equal opportunities, data protection, data privacy, intellectual property rights, information technology, health and safety, child labour prohibition, employment, labour, immigration, export-import, environment, anti- harassment laws, regulations and rules framed thereunder.

20.This Agreement shall be governed by the laws of India, without regard to conflict of laws principles, which might result in the application of the laws of another jurisdiction. All matters concerning these presents shall be subject to the exclusive jurisdiction of Delhi Courts.

21.In case any one or more of the provisions contained in this Agreement is or are held to be invalid, illegal or unenforceable for any reason whatsoever, such invalidity, illegality or unenforceability shall not affect the operation, construction or interpretation of any other provision of this Agreement, and such provision(s) shall be deemed modified to the extent necessary to make it or them enforceable.

22.This Agreement does not create a partnership, joint venture, agency or any other business relationship between the parties. This Agreement shall not be assignable or transferable by the Contractor without the prior written and specific consent of Company. All additions or modifications to this Agreement must be made in writing and must be signed by both the parties.

23.The Contractor acknowledges that Company enters into this Agreement for itself and as agent for certain of its affiliates, subsidiaries, holding companies, group companies or other subsidiaries, affiliates or group companies of any holding company. Any losses sustained by any of those affiliates, subsidiaries, group companies or holding companies or other subsidiaries, affiliates or group companies of any holding company as a result of Contractor’s failure to perform its obligations under this Agreement shall be treated as losses sustained by Company, which shall be entitled to pursue the remedies provided for in and in accordance with, this Agreement in respect of such failure.

24.The Contractor will not, for the period of Arrangement and for [Intentionally Omitted] thereafter, solicit for employment, nor offer employment to any person currently employed by Company. This section 24 shall not prohibit the Contractor from employing any person currently employed by

Exhibit S-11

Execution Copy

Company who seeks employment with the Contractor on such person’s own initiative or who responds to a bona fide advertisement about a vacant position with the Contractor.

Exhibit S-12

Execution Copy

IN WITNESS WHEREOF, the parties hereto have executed this Agreement on the date first mentioned here-in-above.

Company ExlService.com (India) Private Limited	Contractor __________________________________
By:	By:
Name:	Name:
Title:	Title:
Witness:	Witness:
Name:	Name:
Signature:	Signature:
Address:	Address:

Exhibit S-13

Execution Copy

PHILIPPINES CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT

This CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT (the “Agreement”) is executed on this _____ day of ___________ (“Effective Date”), at ______________ by and between:

ExlService Philippines, Inc., a corporation duly organized and existing under the laws of the Philippines, with principal office address at the 6^th Floor One E-com Center, Harbor Drive, Mall of Asia Complex, Pasay City, 1308 Philippines, represented herein by Marilou A. Comia, its Senior Assistant Vice President – Commercial, hereinafter referred to as “EXL”;

and

                                          , of legal age, Filipino, with residence/postal address at

                                                                            , hereinafter referred to as the

“VISITOR”;

EXL and VISITOR are individually referred to as “Party” and collectively as “Parties”.

WHEREAS, VISITOR will visit the facility/ies of EXL based in Philippines from where services are being provided by EXL to Global Atlantic Financial Company pursuant to that certain Master Services Agreement, dated [ ], 2021, between Global Atlantic Financial Company and ExlService Holdings, Inc. (hereinafter referred to as the “Arrangement”);

AND WHEREAS, prior and subsequent to entering into the Arrangement, EXL or any of its representatives may disclose to the VISITOR either directly or indirectly, or the VISITOR may ascertain, gather or learn, by virtue of the Arrangement with EXL, or the VISITOR might have access to, in any other way, certain information that is considered Confidential and Proprietary as defined below (hereinafter collectively referred to as “Confidential and Proprietary Information”);

AND WHEREAS, EXL desires that all Confidential and Proprietary Information be subject to the confidentiality and non- disclosure restrictions imposed by this Agreement.

NOW THEREFORE, in consideration of the mutual covenants and premises set forth herein, this Agreement witnesseth that:

19. The term “Confidential and Proprietary Information” as used in this Agreement shall include all information of EXL, its customers, its customers’ clients, its vendors, employees and other associates, whether electronic, website-based, or other form, that is not known by, or generally available to, the public at large and that concerns the business, financial affairs or technology of EXL or any of its customers, including but not limited to commercial, financial, technical information and know how, databases, documents, internal controls, data processing programs, software, drawings, designs, copyrights, trademarks, names, ideas, applications, routines, subroutines, techniques and systems, pricing structures, names and/or details of the customers or customer’s customers and employees, personal details and/or sensitive information of its employees, including without limitation, information covered by the privacy related statues and other statutes, vendor lists and records, costs, pricing and other business

Exhibit S-14 

Execution Copy

strategies, marketing plans and programs, business plans and methods of operation and proposed methods of operation, accounts, transactions and proposed transactions, and security procedures.

The term “Confidential and Proprietary Information” also includes any notes, summaries, analyses or other material derived from such Confidential and Proprietary Information. It also comprises all information pertaining to any transaction as contemplated or arising out of this Agreement or any other agreement between the parties, including the terms of this Agreement and such other agreements.

20. This Agreement is entered into to assure the protection and preservation of Confidential and Proprietary Information of EXL.

21. This Agreement shall be effective from the Effective Date until five (5) years thereafter.

22. The VISITOR understands and acknowledges that the Confidential and Proprietary Information has been/shall be developed or obtained by EXL by investing significant time, effort and expense and is a valuable, special and unique asset of EXL, which provides it with a significant competitive advantage. The VISITOR understands and acknowledges that unauthorized disclosure of Confidential and Proprietary Information could be harmful to EXL’s business interests. Therefore, the VISITOR agrees and undertakes that:

(f) The VISITOR shall treat all the Confidential and Proprietary Information as confidential, regardless of when or how it is disclosed or obtained and regardless of the form in which it is disclosed or obtained;

(g) Immediately upon receipt of any Confidential and Proprietary

Information, the VISITOR shall take steps for its safe custody. The VISITOR shall keep all materials containing the Confidential and Proprietary Information in a safe and secure place at all times.

(h) The VISITOR will hold all Confidential and Proprietary Information in the strictest confidence, will exercise the same degree of care and maintain the same adequate security measures to safeguard the Confidential and Proprietary Information from unauthorized access, use and misappropriation as it maintains with its own similar information that it does not wish publicly to disclose, publish or disseminate (which shall in no event be any less than reasonable care), and will not, without EXL’s prior written and specific consent, copy, reproduce, modify, alter or disclose to any third party any Confidential and Proprietary Information, in whole or in part.

(i) To notify EXL promptly of any unauthorized use, copying or disclosure of the Confidential and Proprietary Information of which the VISITOR becomes aware and to provide all reasonable assistance to EXL to terminate such unauthorized use or disclosure (or both).

(j) The VISITOR will not, without the prior written and specific consent of EXL, use any portion of the Confidential and Proprietary Information for any purpose other than the agreed Arrangement or in any way which would be harmful to EXL; and

(f) The VISITOR will restrict dissemination of the Confidential and Proprietary Information only to those persons within its organization who

Exhibit S-15 

Execution Copy

are directly involved in the provision of services under the Arrangement and who are required to be made aware of such Confidential and Proprietary Information; provided, however, that such information shall be disclosed only on a need to know basis; provided, further, that all persons, to whom such disclosures are made shall enter into agreement to keep the information strictly confidential and to abide by the terms hereof.

23. The foregoing shall not prohibit or limit VISITOR’s use, disclosure, reproduction or dissemination of Confidential and Proprietary Information, which:

(a) is or becomes public domain information or material through no fault or breach on part of the VISITOR;

(b) is, on written advice of counsel, required to be disclosed by law or legal process, after prior written notice has been given to EXL;

(c) as demonstrated by the written records of the VISITOR, was already lawfully known (without restriction on disclosure) to the VISITOR prior to such information being disclosed to the VISITOR by EXL, or any representative of EXL; or

(d) has been or is hereafter rightfully furnished to the VISITOR without restriction on disclosure by a third party lawfully in possession thereof, provided that in this case the VISITOR promptly notifies EXL, in writing, of the circumstances establishing the exception.

It shall be presumed that any Confidential and Proprietary Information in possession of the VISITOR that has been disclosed to it by EXL or any representative of EXL, does not fall within any of exceptions (a) or

(d)above, and the burden is on the VISITOR to prove otherwise through records and documentation.

24. All Confidential and Proprietary Information (including tangible copies and computerized or electronic versions and summaries thereof) shall remain the property of EXL and shall not be reproduced in whole or in part without EXL’s written and specific consent. EXL reserves the right to retain with itself the Confidential and Proprietary Information, in part or in whole, at any point of time, period or occasion, before, after or during the course of this Agreement.

25. For any work performed by the VISITOR under the Arrangement, EXL shall own and, to the extent permissible under applicable law, the VISITOR shall assign to EXL all proprietary rights in all such work or in any and all inventions conceived or reduced to practice by the VISITOR in connection with the Arrangement, and in any and all other works of authorship fixed in a tangible means of expression by the VISITOR in the course of performing services for EXL. If requested by EXL, the VISITOR will sign documents and otherwise assist EXL, in perfecting such ownership and obtaining patents and registering copyrights.

26. This Agreement shall not be construed as granting or conferring any rights to the VISITOR expressly or implicitly, in the Confidential and Proprietary Information. No license, express or implied, by estoppel or otherwise, under any trade secret right, trademark, patent, copyright or other proprietary right which is now or may hereafter be owned by EXL, is granted by the disclosure of any information under this Agreement.

27. The VISITOR understands and acknowledges that the information shall be provided on an “AS IS” basis and neither EXL nor any of its employees, officers, agents, or advisors is making any

Exhibit S-16 

Execution Copy

representation or warranty, express or implied, as to the accuracy or completeness of the Confidential Information and that neither EXL nor any of its employees, officers, agents or advisors will have any liability to any person resulting from any use of the Confidential Information.

28. The VISITOR agrees within thirty (30) days of completion of the Assessment, or at any time upon the request of EXL, the VISITOR will promptly:

(a) return or destroy, at the option of EXL, all originals and copies of all documents and materials containing EXL’s Confidential and Proprietary Information;

(b) deliver or destroy, at the option of EXL, all originals and copies of all summaries, records, descriptions, modifications, negatives, drawings, adoptions and other documents or materials, whether in writing or in machine-readable form, prepared by it or under its direction or at its request from the documents and materials referred to in subparagraph (a); and

(c) provide a notarized written statement to EXL, certifying that all documents and materials referred to in subparagraphs (a) and (b) have been delivered to EXL or destroyed, as requested by EXL.

29. The VISITOR agrees and acknowledges that any breach of this Agreement by the VISITOR would cause EXL irreparable harm for which monetary damages would be inadequate. Accordingly, EXL will be entitled to seek equitable relief and claim injunctive relief and damages, including consequential, special, indirect damages whether in contract, strict liability, tort or otherwise, to remedy any threatened or actual breach of this Agreement by the VISITOR. The VISITOR agrees to indemnify and hold harmless EXL from

the aforesaid claims including all claims of third parties related to the breach of this Agreement as well as wrongful disclosure of third parties’ confidential information by the VISITOR.

30. This Agreement shall be binding upon, and shall inure to the benefit of and be enforceable by, the parties hereto and their respective successors and assigns.

31. The VISITOR agrees that EXL may, upon reasonable notice, examine the VISITOR’s procedures and policies to ensure compliance with the provisions of this Agreement.

32. Additionally, without the prior written and specific consent of EXL, the VISITOR agrees not to issue or release any articles, advertising, publicity or other matter relating to any Confidential and Proprietary Information (including the fact that a meeting or discussion has taken place between the parties) or mentioning or implying the name of EXL, except as may be required by law and then after providing EXL with an opportunity to review and comment thereon.

33. This Agreement contains and sets forth the entire agreement between the parties with respect to the subject matter hereof. No prior or contemporaneous written or oral agreements and no subsequent oral agreements between the parties with respect to the subject matter hereof shall be binding upon the parties.

34. Nothing in this Agreement shall be construed so as to impose an obligation on EXL to exchange Confidential and Proprietary Information or to purchase, sell, license, transfer or otherwise make use of any technology, services or products.

35. No failure or delay on the part of EXL in exercising any of the rights, powers or privileges available to EXL under this Agreement or otherwise shall be deemed to be a waiver thereof, nor shall any single or

Exhibit S-17 

Execution Copy

partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power or privilege. Any waiver of compliance with the terms of this Agreement must be in writing and signed by the duly authorized representative of EXL.

36. All notices, returns of material, requests, consents and other communications required, permitted or desired to be given hereunder to be served upon or given to the parties hereto shall be deemed duly served and given when received after being sent by confirmed facsimile transmission or delivered by hand or sent by registered or certified mail, return receipt requested, postage prepaid, addressed at the address aforementioned and deemed to be delivered & served after expiry of five days’ from the date of posting.

37. VISITOR agrees that VISITOR shall abide by all the applicable laws, rules and/or regulations including without limitation anti-bribery, anti-corruption, anti- discrimination, equal opportunities, data protection, data privacy, intellectual property rights, information technology, health and safety, child labour prohibition, employment, labour, immigration, export- import, environment, anti-harassment laws, regulations and rules framed thereunder.

38. This Agreement shall be governed by the laws of the Philippines, without regard to conflict of laws principles, which might result in the application of the laws of another jurisdiction. All matters concerning these presents shall be subject to the exclusive jurisdiction of the courts in Pasay City, Philippines.

39. In case any one or more of the provisions contained in this Agreement is or are held to be invalid, illegal or unenforceable for any reason whatsoever, such invalidity, illegality or unenforceability shall not affect the operation, construction or interpretation of any other provision of this

Agreement, Arrangement and such provision(s) shall be deemed modified to the extent necessary to make it or them enforceable.

40. This Agreement does not create a partnership, joint venture, agency or any other business relationship between the parties. This Agreement will not be assignable or transferable by the VISITOR without the prior written and specific consent of EXL. All additions or modifications to this Agreement must be made in writing and must be signed by both the Parties.

41. The VISITOR acknowledges that EXL enters into this Agreement for itself and as agent for certain of its subsidiaries, holding companies or other subsidiaries of any holding company. Any losses sustained by any of those subsidiaries or holding companies as a result of VISITOR’S failure to perform its obligations under this Agreement shall be treated as losses sustained by EXL, which shall be entitled to pursue the remedies provided for in and in accordance with, this Agreement in respect of such failure.

23. The VISITOR will not, for the period of the Arrangement and for [Intentionally Omitted]

thereafter, solicit for employment, nor offer employment to any person currently employed by EXL. This Section 23 shall not prohibit the VISITOR from employing any person currently employed by EXL who seeks employment with the VISITOR on such person’s own initiative or who responds to a bona fide advertisement about a vacant position with the VISITOR.

Exhibit S-18 

Execution Copy

IN WITNESS WHEREOF, the parties hereto have executed this Agreement.

EXLSERVICE PHILIPPINES, INC. VISITOR

By: By:

Name: Name:

Title: Title:

Exhibit S-19 

Execution Copy

REPUBLIC OF THE PHILIPPINES)

  ) S.S.

A C K N O W L E D G M E N T

Before me, a notary public for and in __________, Philippines, this __________, personally appeared the following, to wit:

Comm. Tax Certificate/

Name                            Passport No.              Date /Place of Issue

known to me and to me known to be the same persons who executed the foregoing instrument and who acknowledged to me that the same is their free and voluntary act and deed.

This instrument refers to a Confidentiality and Non-disclosure Agreement consisting of six (6) pages including the page on which this acknowledgment is written and signed on each and every page thereof by the parties and their instrumental witnesses.

WITNESS MY HAND AND NOTARIAL SEAL, on the date, and place first above written.

Doc. No. __________

Page No. __________

Book No. __________

Series of 2021.

Exhibit S-20

Execution Copy

EXHIBITT

Competitors

1, Company Competitors

Intentionally Omitted

2. Supplier Competitors

[Intentionally Omitted]

The above Supplier Competitors shall be deemed to include the business process outsourcing, analytics or claims processing platform business lines, including such business lines of their subsidiaries and affiliates, and any successor thereto.

Exhibit T-1

Execution Copy

EXHIBIT U

Technology Refresh Requirements

1. Technology Upgrades and Enhancements

Supplier will keep all Services under this Agreement current ("n") or n-1 with applicable industry advances and leading technology standards. To that end, Supplier may make recommendations to Company regarding hardware and software upgrades or replacements necessary to meet the Service Levels and recommended requirements.

Company shall make technology refresh and upgrade decisions in its sole discretion; however, in the event that the failure to repair or replace Company owned equipment in accordance with the third party vendor recommended requirements is a direct cause of Supplier's inability to consistently meet a Service Level, then Company shall allow Supplier a temporary waiver of Service credits associated with the affected Service Level, which will resume immediately upon repair, replacement or refresh of the affected Company owned equipment.

The Parties will coordinate implementation of such upgrades and enhancements. Supplier shall schedule all such upgrades and replacements in advance and in such a way as to prevent any interruption or disruption of, or diminution in, the nature or level of any portion of the Services and consistent with Company policies and timelines (including any technology freeze periods). Supplier shall supplement, modify, and enhance the Services over time to keep pace with industrywide advancements and improvements in the methods of delivering services like the Serv ices.

Without limiting the foregoing, Supplier shall maintain a level of technology used to provide the Services for which Supplier has financial responsibility:

a. that allows Company to take advantage of technological improvements and advances applicable to its business;

b. is at least n-1 current with the level of technology that Supplier uses in providing services to its other customers; and

c. is at least n-1 current with the level of technology generally adopted from time to time in Company's industries.

Technology upgrades will be executed through the Change Control Procedure.

2. Technology Refresh Plan

Please include refresh frequency of hardware, software and network for the Services provided.

Refresh Plan Name	Refresh Cvcle Frequency
Endpoint Computing	3-5 years
Software     (Endpoint     Network Components & Contact Center)	3 years or aligned to OEM software lifecycle
Active Network Components	5-7 years

Exhibit U-1

Execution Copy

3. Technologic Currency

Supplier will, without any additional fee, cause the Services (including equipment, software, tools and other components required to provide the Services in accordance with the Service Levels), as approved by Company, to evolve and to be modified, enhanced, supplemented and replaced as necessary for the Services to keep pace with technological advances and advances in the methods of delivering services. In particular, and without limiting the generality of the preceding sentence, Supplier's tools, utilities, methodologies, processes and other normal procedures for performing Services will be upgraded and enhanced as and when upgraded or enhanced for Supplier's own business and the support of its customers generally at no additional charge to Company unless such upgrade and enhancement was specific to the Company. Supplier will keep software on current or n-1 supported releases unless Company requests otherwise, consistent with good industry practice and as required to achieve agreed performance standards. Third party tools and utilities used to perform Services will be maintained on current, or near- current, supported releases unless Company requests otherwise. Adjustments in Services in accordance with this Section will be made and to be included within the scope of the Services through Change Control Procedure.

Exhibit U-2

Execution Copy

EXHIBIT V

Innovation Plan

By definition for this document, "innovation" encompasses technology and business change. The technology change can include specific technologies — such as automation and virtualization; new software applications; communications; and robotics. The business change can include industry- specific or general changes.

1. Purpose

The innovation process aims to:

a. Provide a framework to capture, screen and develop ideas, and to implement change based on those ideas.

b. Identify business or technology innovation opportunities, originating externally (typically new products or services entering the market) or internally (business problems requiring solutions, or new business and technology ideas).

c. Screen ideas and opportunities, according to practicality, risk, benefits and likely cost.

d. Develop a financial framework within which Company and Supplier can explore and possibly exploit promising ideas.

e. Provide an environment that encourages collaboration between Company and Supplier for creating and developing innovative ideas and solutions.

2. Activities

This section describes the key activities that Company and Supplier must undertake during the innovation process. These activities include those described below.

a.     Identify business and technology initiatives that may influence Company’s business and technology plans.

b.      Develop new and practical alternatives to those plans, including, but not limited to:

i.         Recognizing innovative IT processes and methodologies

ii.         Evaluating the impact on Company's business

iii.         Preparing, in a timely fashion, for approval and implementation of beneficial innovation

iv.         Establishing a budget for innovation along with success criteria

v.         Commit and align resources for innovation delivery

3. Innovation Plan Process

Company and Supplier will use its commercially reasonable efforts to initiate the innovation process, and both Parties will participate in a series of collaborative workshops to define business requirements and opportunities and the steps that a business and its IT organization can take to address them.

Exhibit V-1

Execution Copy

EXHIBIT W

Governance

1. General

This Exhibit W communicates the basis for the Parties' obligations and provides the framework that the Parties will use to effectively set up their relationship and establish effective governance. This Exhibit W includes the information needed to successfully establish the necessary sourcing governance mechanisms across the Parties’ respective organizations.

2. Governance Structure:

This section provides an example of committees that Company, and Supplier will establish to facilitate and steer the relationship on different levels of Company The Parties will manage relationships on three levels as shown below.

a. Management Committee

b. Steering Committee Governance

c. Execution Committee

a.     Management Committee

Sets strategic direction, final decision for dispute resolution, approves funding/budget

b.     Steering Committee Governance

Governs strategic partner performance (reporting, dashboard, sets agenda and facilitates quarterly business reviews and monthly business reviews). Develops budget, first level dispute resolution, manages change control (work assignments, contracts)

c.     Execution Committee

Execution, Business/Process owner, approves first level dispute recommendation, change orders, contract changes

2.1  RACI Table:

For each activity listed below, we use the RACI chart approach for all roles and responsibilities. RACI stands for R = responsible, A = accountable, C = consulted and I = informed. In some cases, both parties can be R, which means a joint and equal responsibility exists.

Exhibit W-1

Execution Copy

Roles & Responsibilities:

Execution of KPI/SLAs

SVP

VP

GA RM

Portfolio Lead

Workforce Mgt

GA Finance

Incident Mgt

Supplier Ops Leader

Supplier Associates

Supplier Tech Lead

Supplier Incident Mgt Lead

Supplier Relationship Manager

Global Atlantic

Supplier

Day-to Day Operations

Develop Operation Capacity Model

C

A

I

I

R

I

I

C

I

I

I

I

Staff Appropriately

A

R

I

I

I

I

I

R

I

I

I

I

Manage day-to-day volumes

I

I

I

I

I

I

I

A

I

I

I

R

Service Escalation

Contact GA

I

C

C

I

I

I

A/R

C

I

I

A/R

C

GA Works with Supplier To correct issue minimize Risk

I

I

C

I

I

I

A/R

R

I

I

A/R

C

Manage Incident

I

C

C

I

I

I

A/R

C

I

I

A/R

C

Communicate Service Issue

Notify Stakeholders

C

C

I

I

I

I

A/R

C

I

I

A/R

C

Certify Issue Resolved

Close issue

I

A/R

C

I

I

I

C

C

I

A/R

C

C

Assess KPI/SLA impact

Assess associated SLA Penalties

I

C

R

I

I

A

I

C

I

I

I

R

Communicate to Stakeholders

I

C

A/R

I

I

C

I

C

I

I

I

A/R

Note: Detailed RACI will be included in SOW

3.  Meetings

 This section details when committee meetings will take place, who will be involved and the principles that will guide the meetings.

3.1  Meeting Schedule:

a. Within thirty (30) days of the Effective Date, Company's and Supplier's Relationship Manager will agree on a series of relationship and contract management meeting agendas for inclusion in the governance procedure manual.

b. Company's and Supplier's Relationship Manager will meet monthly to review Supplier's performance in the preceding month regarding, but not limited to, achieving Service Levels, customer satisfaction, workload, work effort and billing. Table below indicates the routine meeting schedule.

Exhibit W-2

Execution Copy

Phase	Type	Frequency	Participants (GA and EXL)	Agenda
Implementation and Go Live	Project Governance	Weekly / Millstone Based	Key stakeholders, Managers and Transformation Management Office ( TMO”)	·TMO managers weekly cadence ·Tollgate review and sign offs with stakeholders (Milestone based)
Implementation and Go Live	Operations Review	Daily / Weekly	Key stakeholders, Ops Managers and TMO	·Daily and weekly operation review ·Progress & Status reporting ·Issues and risks ·Communications
Go Live and Steady State	Incident Mgt Review	Twice a Month	Key stakeholders, Managers	·Review Incident reports ·Review incidents where SLAs were met or not met
Go Live and Steady State	Monthly	Monthly	Key stakeholders, Managers	·Deep dive for a rotating set of initiatives ·Risk/Issue escalation point, review, and potential decision ·Change control review

Exhibit W-3

Execution Copy

Phase	Type	Frequency	Participants (GA and EXL)	Agenda
Go Live and Steady State	Budget Review	Monthly	Key Stakeholders and Managers	·Establishing and managing the overall budget in connection with the MSA ·Review all billing and financial issues and recommend corrective action
Go Live and Steady State	Monthly Business Review	Monthly	Head of Strategic Partnership and Relationship Manager	·Review previous month’s operations results ·Review tactical issues ·Last meeting of the quarter will focus on next quarter activity
Go Live and Steady State	Quarterly Business Review	Monthly	Steering Committee and Senior Executives	·Review previous quarter results ·Highlights from previous quarter ·Possible further strategic cooperation

4. Issue Escalation and Dispute Resolution

The Parties will first attempt to resolve any dispute, issue, controversy or claim arising under or in connection with a SOW informally, in accordance with the procedure set forth below.

a. First, the Company's and Supplier's Relationship Mangers will meet as often and as promptly as the Parties deem necessary to discuss the dispute and negotiate in good faith in an effort to resolve the dispute.

b. If the Company's and Suppliers Relationship Mangers are unable to resolve the dispute within thirty (30) days after the referral of the dispute to them for resolution, the dispute will be referred to the Management Committee. The

Exhibit W-4

Execution Copy

Management Committee will use reasonable efforts to resolve such dispute. The Management Committee will meet as often, and as promptly as the Parties deem necessary to discuss the dispute and negotiate in good faith in an effort to resolve the dispute.

c. Sharing of Information. The Party requesting escalation of an issue or dispute for resolution will be responsible for preparing a short memorandum containing a summary statement of the issue(s) for escalation and shall promptly submit such summary to the non-requesting Party.

d. Expedited dispute Resolution Process. Either Party, on a good faith basis, may designate a dispute as one requiring expedited resolution. A dispute may require an expedited resolution if based upon the nature or significance of the dispute, a delayed resolution may have significant financial and/or operational consequences to the Parties. In such case each Party will use its commercially reasonable efforts to make the applicable executives available to discuss and resolve the issues within the shortened timeframes

5.  Communications

This section documents how communications related to this Agreement will be handled and coordinated by and between the Parties.

Through comprehensive, integrated communications, Company and Supplier will work together to create, communicate and deliver relevant and timely information across Company — internally as well as externally — in ways that promote collaboration and benefit Company and its stakeholders particularly during the implementation stage.

Communications shall be structured to achieve one or more of the following objectives:

a. Help business and IT align and realize Company's strategy.

b. Use centralized, formal and approved communication processes and ensure that communication about outsourcing activities does not come from outside Company or Company directed communications process.

c. Create and distribute clear, relevant and consistent messages to foster a consistent culture and behaviour across the enterprise.

d. Use communication to ensure that all Parties (including Affiliates) have the same vision or, at the very least, understand the vision of each Party relative to the scope of the Agreement.

e. Use communication messages transmitted via media and channels (for example, documents or e-mails) as a permanent record of decisions and actions related to the Services and the relationship between the Parties.

To achieve these objectives, Company will direct, coordinate and/or implement communication processes and plans as the Parties reasonably determine are necessary to achieve the objectives of this Agreement.

Exhibit W-5

Execution Copy

EXHIBIT X

Original Agreement SOWs

1. Statement of Work for Global Atlantic – Finance and Accounting Support, dated October 19, 2020.

2. Statement of Work for Global Atlantic – Model Risk Management Support Services, dated April 15, 2021.

3. Statement of Work for SOX Services - Consulting, dated June 1, 2021.

4. Statement of Work for Global Atlantic – Sales and Marketing Data and Analytics Pilot, dated June 7, 2021.

5. Statement of Work for SOX Services – Consulting, dated July 12, 2021.

6. Statement of Work for Global Atlantic – Preparatory Services for Subpoena Review Process, dated August 30, 2021.

Exhibit X-1