Exhibit 4.9

(1)   ASPEN INSURANCE UK SERVICES LIMITED
- and -
(2)   ASPEN INSURANCE U.S. SERVICES INC.
- and -
(3)   ASPEN BERMUDA LIMITED
- and -
(4)   COGNIZANT WORLDWIDE LIMITED
OUTSOURCING AGREEMENT


CONTENTS
PART A DEFINITIONS AND INTERPRETATION 6
1.DEFINITIONS 6
2.INTERPRETATION 6
PART B TERM AND SERVICE PROVISION 6
3.TERM 6
4.SERVICES 8
5.DELAY 10
6.ACCEPTANCE 11
7.TRANSITION 12
8.GOVERNANCE, REPORTING AND PERFORMANCE13
9.CHANGE CONTROL 14
PART C PERFORMANCE AND QUALITY 14
10.HOLDBACK, SERVICE LEVELS AND LIQUIDATED DAMAGES 14
11.SERVICE IMPROVEMENT AND ADVANCES IN TECHNOLOGY 15
12.REFERENCE 15
PART D OPERATION OF THE SERVICES 16
13.ASSETS 16
14.CO-OPERATION AND THIRD PARTY CONTRACTS17
15.PERSONNEL 18
16.SERVICE LOCATIONS 19
17.SUBCONTRACTORS 20
18.DATA AND SECURITY REQUIREMENTS 20
19.BUSINESS CONTINUITY AND DISASTER RECOVERY 22
20.REGULATORY MATTERS AND AUDIT RIGHTS 22
21.CUSTOMER DEPENDENCIES 25
PART E PAYMENT 26
22.CHARGES 26
23.TAX 26
24.VALUE FOR MONEY/BENCHMARKING 27
PART F INTELLECTUAL PROPERTY, CONFIDENTIALITY AND DATA PROTECTION 27
25.INTELLECTUAL PROPERTY RIGHTS 27
26.CONFIDENTIAL INFORMATION 31
27.DATA PROTECTION32
28.PUBLICITY 35


PART G REPRESENTATIONS, WARRANTIES AND INDEMNITIES 35
29.REPRESENTATIONS AND WARRANTIES 35
30.INDEMNITIES 36
PART H IMPACT OF A FAILURE TO PERFORM38
31.FORCE MAJEURE 38
32.STEP IN 39
33.ENHANCED CO-OPERATION40
34.LIABILITY 42
35.INSURANCE 45
PART I TERMINATION 46
36.TERMINATION 46
37.TERMINATION ASSISTANCE/EXIT 48
PART J MISCELLANEOUS PROVISIONS49
38.COMPLIANCE WITH LAWS 49
39.TRANSFER OF THIS AGREEMENT 49
40.NO PARTNERSHIP, AGENCY ETC 50
41.NOTICES 50
42.THIRD PARTY RIGHTS 51
43.SURVIVAL 51
44.SEVERABILITY 52
45.ENTIRE AGREEMENT 52
46.WAIVER 52
47.CORPORATE    SOCIAL    RESPONSIBILITY,    COMPLIANCE    WITH    LAWS    AND
LLOYDS CENTRE OF EXCELLENCE52
48.CUMULATIVE REMEDIES 54
49.DISPUTE RESOLUTION55
50.COUNTERPARTS 55
51.GOVERNING LAW AND JURISDICTION 55
SCHEDULES
Schedule 1Definitions
Schedule 2Service Descriptions
Schedule 3Service Levels and Service Credits
Schedule 4Customer Dependencies
Schedule 5Sub-Contractor List
Schedule 6Standards and Policies
Schedule 7Security – IT & Physical


Schedule 8Transition Plan
Schedule 9Form of Local Agreement
Schedule 10Pricebook, Charges and Invoicing
Schedule 11Benchmarking
Schedule 12Governance and Service Management
Schedule 13Contract Change Control Procedure
Schedule 14Service Integration and Management
Schedule 15Exit Plan and Service Transfer Arrangements
Schedule 16Business Continuity and Disaster Recovery
Schedule 17Human Resources Provisions
Schedule 18Key Personnel
Schedule 19COTS Vendor Usage Restrictions and Related Obligations
Schedule 20SOW Pro forma
Schedule 21Data Transfer and Processing
Schedule 22Locations and Site Licence
Schedule 23Innovation Fund


THIS AGREEMENT is made on the date of final signature by the Parties to this Agreement.
BETWEEN:
(1)ASPEN INSURANCE UK SERVICES LIMITED a company incorporated in England with registered number 04270446, whose registered office is at 30 Fenchurch Street, London EC3M 3BD (the “UK Customer”);
(2)ASPEN INSURANCE U.S. SERVICES INC. a company incorporated in Delaware, United States, whose registered office is at 251 Little Falls Drive, Wilmington, DE 19808 (the “US Customer”);
(3)ASPEN BERMUDA LIMITED a company incorporated in Bermuda with company number 127314 and registration number 32866, whose registered office is at 141 Front Street, Hamilton, HM 19, Bermuda (the “Bermuda Customer”); and
(4)COGNIZANT WORLDWIDE LIMITED a company incorporated in England with registered number 07195160, whose registered office is at 280 Bishopsgate, London, United Kingdom, EC2M 4AG (the “Service Provider”).
Together, the UK Customer, the US Customer and the Bermuda Customer are referred to in this Agreement in the singular form as the “Customer”.
WHEREAS:
(A)The Customer and the Service Provider entered into an Outsourcing Agreement dated 31 August 2020 (“Original Agreement”) for the provision and management of the Customer’s information technology services. The Parties wish to re-negotiate the terms of the Original Agreement, and this Agreement sets out the new terms that have been negotiated between the Parties.
(B)The Service Provider is experienced in providing information technology services, including the provision of digital, technology and operations services and shall remain responsible for certain aspects of the provision and management of the Customer’s information technology services functions.
(C)The Customer now therefore wishes to procure and the Service Provider wishes to provide the Services to the Customer, subject to and in accordance with the terms and conditions set out in this Agreement.
IT IS AGREED as follows:


PART A DEFINITIONS AND INTERPRETATION
1.DEFINITIONS
1.1In this Agreement, unless the context otherwise requires, the capitalised terms used herein shall have the meanings set out in Schedule 1 (Definitions).
2.INTERPRETATION
2.1In this Agreement a reference to:
2.1.1a “person” includes bodies corporate and unincorporated associations of people;
2.1.2a clause, Schedule, paragraph, section, Exhibit, Appendix or Annex are, except where otherwise stated, a reference to a clause, Schedule, paragraph, section, Exhibit, Appendix or Annex to this Agreement. The Schedules form part of this Agreement and shall be read as though they were set out in this Agreement;
2.1.3a word importing one gender shall (where appropriate) include any other gender and a word importing the singular shall (where appropriate) include the plural and vice versa;
2.1.4any statute or statutory provision includes, except where otherwise stated, the statute or statutory provision as amended, consolidated or re-enacted from time to time and includes any subordinate legislation made under the statute or statutory provision (as so amended, consolidated or re-enacted) from time to time;
2.1.5including”, “includes” and “in particular” are illustrative, none of them shall limit the sense of the words preceding it and each of them shall be deemed to incorporate the expression “without limitation”. “Other” and “otherwise” are also illustrative and shall not limit the sense of the words preceding them;
2.1.6words denoting persons include bodies corporate and unincorporated associations and vice versa where the context requires. The words “subsidiary” and “holding company” shall have the meanings given to them in section 1159 and schedule 6 of the Companies Act 2006;
2.1.7the index and headings in this Agreement and any descriptive notes in brackets are for convenience only and shall not affect its interpretation; and
2.1.8in the case of any inconsistency between any provision of the Schedules to this Agreement and any term of this Agreement the latter shall prevail. In the case of any inconsistencies between any provisions of a SOW and this Agreement, the latter shall prevail. In the case of any inconsistencies between any provisions of a SOW and a Local Agreement, the latter shall prevail. In the case of any inconsistency between any provision of the Annexes or Appendices and any provision of the Schedules, the latter shall prevail.
PART B TERM AND SERVICE PROVISION
3.TERM
3.1Notwithstanding the date of signature of this Agreement, the term of this Agreement shall begin on the Effective Date and shall expire (unless terminated earlier or extended in accordance with the Agreement) at midnight on 31 December 2027 (such period being the “Initial Term”).


3.2The Customer may, in its sole discretion, extend the Initial Term by a further period of two (2) years from the expiry of the Initial Term, by giving written notice to the Service Provider at least ninety (90) days prior to the expiry of the Initial Term or an extension period, as applicable.
3.3The Service Provider shall provide notice to the Customer of the expiry of the Initial Term and any extension period at least one hundred and eighty (180) days prior to the same.
3.4The Customer may require that Local Agreements and/or Statements of Work are put in place between the Customer or its Affiliates and the Service Provider or, exceptionally, its Affiliates (it being agreed that wherever possible such arrangements shall be made with the Service Provider only) pursuant to which the provision of local delivery of certain of the Services may be managed or Change Project (under Statements of Work) provided. The Service Provider agrees that, subject always to agreement on the appropriate invoicing and taxation arrangements and Service Provider Applicable Regulations, it shall not unreasonably withhold its consent to the agreement of such Local Agreements and further agrees that any such Local Agreements shall (subject always to the liability provisions of clause 34) incorporate all of the terms of this Agreement save as specified and agreed by the executing parties in such Local Agreement and approved in writing by the relevant Customer(s) and the Service Provider.
3.5The Parties have agreed that:
3.5.1the UK Customer shall be entitled (acting as agent) to make decisions and provide instructions to the Service Provider and its Affiliates pursuant to this Agreement as “the Customer” for and on behalf of each of the US Customer and the Bermuda Customer and references to the Customer instructing the Service Provider or otherwise engaging with it in relation to the provision of instructions hereunder shall be understood to mean that, save with respect to SOWs entered into by the US Customer or the Bermuda Customer to which the UK Customer is not a party, the UK Customer can provide such instructions for and on behalf of the US Customer and the Bermuda Customer (and in the event of any conflict between any instructions received by the Service Provider from the UK Customer and either of the US Customer or the Bermuda Customer, the instructions of the UK Customer as agent will prevail);
3.5.2the UK Customer shall procure that the relevant Customer entity complies with the requirements of the relevant Customer Dependencies;
3.5.3notwithstanding clause 3.5.1, the UK Customer may appoint a local representative from each of the other Customers to give instructions to the Service Provider and its Affiliates working “on the ground” (a “Local Manager”), such appointment to be set out in writing between the Parties. In the event of any conflict between the Local Manager’s instructions and any instruction from the UK Customer, the instruction of the UK Customer shall prevail;
3.5.4the UK Customer, the US Customer and the Bermuda Customer shall have joint and several liability under this Agreement and any SOW to which they are all parties;
3.5.5the US Customer and the Bermuda Customer each hereby formally appoints the UK Customer as its agent for service of legal proceedings and hereby authorises the UK Customer to execute SOWs, formal variations to this Agreement and Change Control Notes on its behalf;
3.5.6any SOW or Change Control Note to which all three of the UK Customer, the US Customer and the Bermuda Customer are party shall be executed by each such entity


albeit that, pursuant to clause 3.5.3, the execution may be carried out by the UK Customer for and on behalf of the US Customer and the Bermuda Customer respectively;
3.5.7invoices for the Charges payable in respect of Services delivered to all of the UK Customer, the US Customer and the Bermuda Customer under this Agreement and SOWs entered into by all three Customer Parties shall be apportioned in accordance with the mechanisms set out in Schedule 10 (Pricebook, Charges and Invoicing);
3.5.8pursuant to clause 34.10, the UK Customer shall be the only Party entitled to bring a claim against the Service Provider in connection with this Agreement or any SOW to which (i) all three of the UK Customer, the US Customer and the Bermuda Customer are party; or (ii) the UK Customer and one of the US Customer and the Bermuda Customer are a party. Accordingly, where a loss is suffered by a Customer (the UK Customer, US Customer or Bermuda Customer) under this Agreement or a SOW to which all three of the UK Customer, US Customer and Bermuda Customer are parties then the UK Customer shall bring that claim (unless prohibited by law); and
3.5.9Where the UK Customer is not a party to any SOW and there is more than one other Customer entity contracting, then the Parties agree that:
3.5.9.1the SOW shall set out applicable terms for governance and management of the SOW in place of the terms of this clause 3.5 and appoint a managing agent;
3.5.9.2the relevant Customer contracting entities shall have joint and several liability under that SOW;
3.5.9.3appropriate mechanisms for invoicing in relation to each relevant Customer contracting entity shall be set out in the SOW; and
3.5.9.4the party nominated as the managing agent for the purposes of that SOW under 3.5.9.1 shall be the only party entitled to bring claims for losses suffered under that SOW (unless prohibited by law).
4.SERVICES
General
4.1The Service Provider shall provide the Services to the Customer and the Customer Group in accordance with the terms of the Agreement and also:
4.1.1in accordance with the requirements set out in the applicable Schedules save for immaterial or cosmetic deviations;
4.1.2with diligence, professionalism and in accordance with Good Industry Practice;
4.1.3with sufficient, suitably trained and qualified resources to provide the Services;
4.1.4in a cost-effective manner, but without prejudice to the level of quality and performance required;
4.1.5in accordance with the relevant time frames specified or if none are specified, within a reasonable time frame;
4.1.6in material compliance with the Customer Standards and Policies made available to it in writing from time to time (with changes to the versions listed in Schedule 6 (Standards


and Policies) notified by Customer to Service Provider and managed via the Contract Change Control Procedure);
4.1.7to meet or exceed any Service Levels; and
4.1.8at Customer Locations or from Service Provider Service Locations approved in writing by the Customer or, where agreed in writing by the Parties, from Remote Locations in accordance with clause 16.3; and
4.1.9in accordance with the processes set out in Schedule 23 (Innovation and Investment).
4.2The Customer shall, and shall ensure that all Customer Personnel who are necessary or appropriate for the successful implementation of the Services, co-operate with the Service Provider in all matters relating to the Services and, on reasonable notice: (a) are available to assist the Service Provider Personnel by answering business, technical and operational questions and providing requested information, documents, guidelines and procedures in a timely manner; (b) participate in the Services as set out in the SOW; (c) participate in those meetings as set out in Schedule 12 (Governance and Service Management); (d) contribute to any software and system testing, including testing of the Deliverables in accordance with clause 6; (e) provide such information and documentation as the Service Provider may reasonably require, and ensure the accuracy of the same; and (f) are available to assist the Service Provider with any other activities or tasks required to complete the Services in accordance with the SOW.
4.3The Customer shall ensure that all Customer Personnel: (i) do not access any of Service Provider’s or its other clients’ premises without the prior written consent of Service Provider; and (ii) comply at all times Service Provider Cognizant’s security policy and instructions when at Service Provider’s premises.
4.4The Service Provider shall adopt processes and related behaviour that shall:
4.4.1support closely the Customer’s business model and business objectives;
4.4.2enable the Customer and its Service Provider to respond promptly and effectively to predictable and unpredictable change;
4.4.3promote rational, fact based problem solving;
4.4.4increase ease of communication and understanding;
4.4.5increase openness, reliability and consistency;
4.4.6facilitate the identification and deployment of creative solutions to optimise value; and
4.5reflect the partnership principles set out in the annex that will form part of the Schedule 12 (Governance and Service Management). The Customer considers “scope creep” to be a particular risk in any outsourcing project and considers that its suppliers, as experts in the field, should take responsibility for managing the downside risk of scope creep. Accordingly, if any services, functions or responsibilities are not specifically described in the Agreement or any are required being necessary or inherent for, the performance and provision of the Services, they shall be implied by and automatically included within the applicable Schedule and the agreed Charges, to the same extent and the same manner as if specifically described in the Agreement.
4.6The Service Provider shall increase or decrease the amount of the Core Services according to the agreed forecast demand for these Services, the Customer’s other requirements and, in any event, the Customer reserves the right to add or remove Services comprising the Core Services.


Such additions or removals shall be effected using the systems agreed in the applicable Service Description, Schedule 10 (Pricebook, Charges and Invoicing) or pursuant to the Contract Change Control Procedure.
4.7Except as otherwise expressly provided in this Agreement, the Service Provider shall be responsible for providing all the facilities, personnel and other resources necessary to provide the Services.
4.8Without prejudice to the obligations of the Customer in relation to the Contract Committed Revenue and the Contract Committed Revenue set out in paragraph 6 of Schedule 10 (Pricebook, Charges and Invoicing), the Customer reserves the right, in its sole discretion, to provide any or all of the Services itself or to contract with third party suppliers to perform all or any part of the Services at any time.
4.9In respect of any New Service required by Customer, Service Provider shall submit bids that are competitively priced and demonstrate that Service Provider has taken advantage of technological and efficiency advances. Where it can demonstrate the same, Service Provider shall be considered the preferred service provider for such New Service during the Initial Term. In this regard the parties recognise that:
4.9.1by meeting the requirements of this clause and otherwise providing a competitively priced bid, as well as by leveraging its existing provision of Services and intimate knowledge of Customer as an incumbent vendor, it is anticipated that Service Provider would have a strong possibility of success when bidding for New Services; but
4.9.2due to Customer’s corporate governance processes, which require an equal and fair assessment be undertaken as part of any New Services, providing a bid for New Services will not always guarantee that Service Provider will have New Services awarded to it. Where this is the case, Customer will provide reasoning for non-award in writing to the Service Provider.
4.10The Service Provider agrees that the Customer has the right to call off project work under Statements of Work incorporating the full terms of this Agreement and the particular arrangements for doing so are set out in Schedule 2 (Service Descriptions).
5.DELAY
5.1If the Service Provider becomes aware that the provision of the Services or any other activity under this Agreement is being, or in its reasonable estimation is likely to be, delayed or interrupted (for whatever reason), such that it shall not meet any of its obligations under this Agreement, then the Service Provider shall, unless otherwise agreed by the Customer, give written notice immediately to the Customer of the relevant circumstances (the “Delay Notice”). The giving of such notice shall not prejudice the Customer’s rights under this Agreement.
5.2The Delay Notice shall:
5.2.1identify the cause or causes of the delay or interruption;
5.2.2state whether, and to what extent, the delay or interruption is, or is expected to be, caused by a Force Majeure Event;
5.2.3provide details of the delay or interruption and its expected duration;


5.2.4identify clearly which Services, Milestones (if any), Performance Standards and/or other Agreement obligations are likely to be affected and, in the reasonable opinion of the Service Provider, the extent to which they are likely to be affected; and
5.2.5identify as far as possible the extent to which the Service Provider’s fulfilment of the relevant obligations under this Agreement will be delayed, interrupted or otherwise affected.
5.3If the Service Provider fails to achieve a Milestone other than in the circumstances described in clause 21.2, at no additional charge to the Customer, and without prejudice to the Customer’s other rights, the Service Provider shall (as the case may be):
5.3.1continue to provide the Services so as to meet the Milestone as soon as possible after the Milestone Date; or
5.3.2re-perform the Services so as to meet the Milestone as soon as possible after the Milestone Date.
5.4If the delay or interruption continues for more than five (5) Business Days, the Service Provider shall provide the Customer periodically (and at least on a weekly basis) with updated information in relation to the matters referred to in clause 5.2, notwithstanding any discussions or negotiations relating to the continued performance of this Agreement following a Force Majeure Event or the Customer exercising its other rights.
6.ACCEPTANCE
6.1Where applicable, the Parties shall agree and set out Acceptance Criteria for each Acceptance Item and the rest of this clause 6 shall apply. If no such procedures or criteria are set out, the Services provided under the Agreement shall be deemed accepted upon receipted delivery to the Customer and the remaining clauses of this clause 6 shall not apply, save that in the case of documentary Deliverables any failure to comply with a requirement that they be clearly and concisely set out with no material errors or omissions shall entitle the Customer to require that they be rectified and redelivered at no additional charge.
6.2The Service Provider must undertake its own internal testing of any Acceptance Item before submitting it to the Customer for acceptance testing.
6.3The Service Provider must provide the Customer with at least seven (7) Business Days’ notice prior to submitting any item for acceptance testing.
6.4Unless otherwise agreed between the Parties, the Customer shall conduct the acceptance testing promptly after receiving the Acceptance Item and promptly notify the Service Provider whether it accepts, rejects or conditionally accepts the Acceptance Item. The Customer shall promptly issue an Acceptance Certificate if it accepts or conditionally accepts the Acceptance Item.
6.5The Service Provider shall provide all reasonable support to the Customer in relation to conducting the acceptance testing at no additional charge.
6.6If the Service Provider conducts the acceptance testing, the Customer shall be entitled to observe the acceptance testing and shall provide reasonable support to the Service Provider in relation to the conduct of the acceptance testing.
6.7If an Acceptance Item is rejected, the Customer shall provide reasons for such rejection, and the Service Provider shall remedy the relevant defects at no additional charge and re-submit the Acceptance Item to the Customer as soon as reasonably practicable but in all cases within seven


(7) Business Days or such longer period as may be reasonable in the circumstances and as such longer period is stipulated in the applicable Change Control Note.
6.8If an Acceptance Item is rejected a second time, without prejudice to any other rights the Customer may have, the Customer shall have the option to:
6.8.1require the Service Provider to rectify any defects and re-submit the Acceptance Item for acceptance;
6.8.2accept the Acceptance Item subject to an equitable reduction in fees (which shall be at least 10%) and, in this scenario, such Acceptance Item shall be treated as if it were fully accepted; or
6.8.3immediately terminate the Service related to the Acceptance Item and any other affected Services for material breach and be refunded all Charges paid under this Agreement in connection with the same provided that all Acceptance Items related to such termination are returned to the Service Provider.
6.9In no circumstances (other than those referred to in clause 6.1 and clause 6.9) shall the Customer be deemed to have accepted an Acceptance Item, other than where it is unconditionally accepted and an Acceptance Certificate is issued. Notwithstanding the foregoing, the Customer agrees that if it puts an Acceptance Item into live, productive use without either the prior written consent of the Service Provider or having agreed as part of the original Acceptance Testing approach that the final test is live use or as part of any conditional acceptance that this would happen then it shall be deemed to have accepted the Acceptance Item.
6.10Notwithstanding clause 6.9, the Service Provider may issue an invoice for the relevant Milestone payment if the Customer has not confirmed acceptance or rejection within one month of the due date for acceptance of the Acceptance Item. For the avoidance of doubt, the lack of confirmation of acceptance shall not be ground for the Customer to claim that the invoice has been improperly rendered pursuant to paragraph 3.7 of Schedule 10 (Pricebook, Charging & Invoicing).
6.11If the Customer conditionally accepts an Acceptance Item, it shall notify the Service Provider of the conditions to which the acceptance is subject and the Acceptance Item shall not be fully accepted until such conditions have been met. The Charges related to the relevant Acceptance Item shall be subject to an equitable reduction (which shall be at least 10%), with the balance paid when the defects or backlog of issues have been completed.
7.TRANSITION
7.1The Parties agree to complete a Transition Plan with sufficient detail, Milestones and obligations to realise the benefits set out in Appendix 10-C.
7.2The Transition Plan will be agreed within four (4) weeks of the date of signature of this Agreement and the Parties will amend Schedule 8 (Transition Plan) accordingly via the Contract Change Control Procedure. Such Transition Plan shall include inter alia:
7.2.1Specific activities with associated Milestones to transition to the new model and realise benefits;
7.2.2The Duration of Commitment for each Key Personnel in Schedule 18 (Key Personnel).


8.GOVERNANCE, REPORTING AND PERFORMANCE
Governance
8.1The Service Provider shall comply with the Customer’s governance requirements as set out in Schedule 12 (Governance and Service Management) at no additional charge.
Procedures Manual
8.2The Service Provider shall endeavour to develop within 20 Business Days following the completion of the Transition Plan a policy and procedures manual (the “Procedures Manual”) that describes how the Services will be performed and delivered. The minimum content of the Procedures Manual shall include the following at a minimum:
8.2.1how the Services are to be performed and delivered;
8.2.2the Equipment and Software to be used;
8.2.3the relevant Documentation including operations manuals and user guides;
8.2.4the quality assurance procedures approved by the Customer;
8.2.5the supervision, monitoring, staffing, reporting, planning and oversight activities to be undertaken by the Service Provider;
8.2.6the Service Provider’s problem management escalation procedures;
8.2.7other pertinent Service Provider standards and procedures; and
8.2.8the Standards and Policies.
8.3The Service Provider shall update and maintain the Procedures Manual at such frequency as agreed during the Transition Plan, but for the avoidance of doubt, at least annually and the Customer and the Service Provider shall agree on any policies and procedures to be included within the same.
8.4Until the Procedures Manual is approved, the Service Provider shall perform the Services consistent with existing Customer Standards and Policies.
Escalation
8.5The Service Provider agrees that if an agreed trigger event occurs (it being agreed that this shall include if: (i) there are repeated delivery or service failures; (ii) there is a major one-off failure; (iii) and/or it fails to comply with its rectification obligations) then it will commit to executive escalation as follows:
8.5.1as a first level of executive escalation (“Executive Escalation (a)”) the Service Provider has agreed that should Executive Escalation (a) be triggered then Service Provider’s Executive Sponsor (as identified during the Transition Plan) shall be available during Business Hours and attend regular meetings to lead the Service Provider’s team and to explain progress; and the Service Provider’s UK CEO or his or her nominee who shall be a main board member of the Service Provider’s UK entity shall telephone the Customer’s CEO once each week to report progress. Without prejudice to its other rights and remedies the Customer may in its sole and absolute discretion elect to waive or defer Executive Escalation (a); and


8.5.2as a second level of executive escalation (“Executive Escalation (b)”) the Service Provider has agreed that should Executive Escalation (a) not result in the successful resolution of the issue that gave rise to Executive Escalation (a) then the Service Provider’s UK CEO or his or her nominee who shall be member of the leadership of the Service Provider’s UK business (and not the person already identified as Executive Escalation (a)) shall be available during Business Hours and attend regular meetings to lead the Service Provider’s team and to explain and report progress. Without prejudice to its other rights and remedies the Customer may in its sole and absolute discretion elect to waive or defer Executive Escalation (b).
9.CHANGE CONTROL
9.1No variation of this Agreement shall be effective unless made in writing, signed by or on behalf of all of the Parties and expressed to be such a variation. Pursuant to clause 3.5, the Parties agree that the UK Customer may bind all of the UK Customer, US Customer and Bermuda Customer with respect to agreeing such variations.
9.2Day-to-day operational changes to the Services shall be effected through an operational change management process, which shall be agreed by the Parties before the Effective Date and incorporated into the Procedures Manual. Such changes shall not result in any alteration to the Charges.
9.3Additions of new Services, major alterations to the Services or other variations to this Agreement shall be effected through Schedule 13 (Contract Change Control Procedure).
PART C PERFORMANCE AND QUALITY
10.HOLDBACK, SERVICE LEVELS AND LIQUIDATED DAMAGES
10.1If the Service Provider fails to achieve a Key Milestone for any reason other than a Force Majeure Event or a failure by the Customer to meet a Customer Dependency, without prejudice to its other rights and remedies, the Customer may claim the Liquidated Damages associated with that Key Milestone (if any) to the extent agreed and set out in an applicable SOW, in which case:
10.1.1the Liquidated Damages amount shall be deducted from the next invoice or paid to the Customer if there are no further invoices due to be rendered under the Agreement within thirty (30) days from the date of the invoice issued by the Customer; and
10.1.2the Parties agree that the Liquidated Damages are a genuine pre-estimate of some of the loss the Customer is likely to suffer as a result of the Service Provider’s failure to achieve a Milestone.
10.2The Parties acknowledge that, prior to the commencement date for a particular Service, the mechanisms in Schedule 3 (Service Levels and Service Credits) and clause 32 (Step-In) are not applicable.
10.3Holdback
10.3.1The Parties agree that with respect to Change Projects, a holdback mechanism may apply which allows interim time and materials or fixed price invoicing but with a proportion of each interim invoice being held back for release on successful conclusion of the project (“Holdback”) and, if agreed to be applicable, shall be documented in the relevant SOW. The Service Provider shall not unreasonably withhold its agreement to include such a Holdback.


10.4The Service Provider acknowledges that material or repeated failures to provide a Service to a Performance Standard may have a material adverse impact on the business and operations of the Customer and that, accordingly, it shall:
10.4.1at all times achieve or exceed the Performance Standards in respect of the Services; and
10.4.2perform the Services with at least the same level of performance (including in respect of accuracy, quality, timeliness, responsiveness and efficiency) as was provided by or for the Customer prior to the Effective Date (unless expressly agreed to the contrary in the Agreement) or, if higher, in accordance with Good Industry Practice.
10.5Each Party acknowledges and agrees that any Service Credits that may become payable are an adjustment to the Charges and that the payment and receipt of Service Credits and/or Liquidated Damages is without prejudice to any other right or remedy available to the Customer as a result of the Service Provider’s failure to meet the relevant Service Levels or achieve the relevant Milestone (as applicable).
10.6In addition to Service Levels, the Service Provider shall measure other key indicators of performance of the Services as agreed between the parties in writing (including by carrying out a customer satisfaction survey) and shall provide such measurements to the Customer in order for the Customer to fully understand the levels of performance of the Service being provided by the Service Provider.
10.7At the Customer’s election, Service Levels may be added, deleted or revised due to change in the Customer’s business requirements once suitable agreement on the impact of such changes on the Service and the Service Credits has been reached through the Contract Change Control Procedure.
11.SERVICE IMPROVEMENT AND ADVANCES IN TECHNOLOGY
11.1Other than the Standards and Policies, the Service Provider shall keep the systems, methodologies and processes used and owned or licenced by the Service Provider in performing the Services current and the Customer shall receive the benefits of any available upgrades in the same through increases in efficiency and productivity.
11.2The Service Provider shall cause the delivery of the Services, as approved by the Customer, to evolve and be modified, enhanced, supplemented and replaced as necessary for the Services to keep pace with advances in the methods of delivering services, where such advances are at the time pertinent and in general use. Accordingly, the Service Provider shall proactively seek out new technologies by surveying the market and the technology landscape more generally to identify advances or changes in technology that are appropriate and beneficial to the Customer. In particular, the Service Provider shall ensure that it complied with its obligations under Schedule 23 (Innovation and Investment) at all times in respect of the delivery of the Services.
12.REFERENCE
12.1The Service Provider shall use the Customer as a referee in relation to at least two (2) bids each year. Such bids shall be for services broadly similar to the Services for clients of a similar size to the Customer. Failure to do this shall, without limitation, require the Service Provider’s UK and Ireland CEO to provide detailed reasons for such failure to the Customer’s CIO.


PART D OPERATION OF THE SERVICES
13.ASSETS
Equipment
13.1In the event the Customer deems it necessary to require the Service Provider to use equipment owned or operated by the Customer (“Customer Equipment”), the Service Provider shall be responsible for transfer of the Customer equipment    to   the Service   Provider’s sites/environments. As at the Effective Date, the Parties do not envisage any Customer Equipment being installed on the Service Provider’s sites/environments.
13.2The Customer makes no warranties with regard to the Customer Equipment (if any).
13.3The Service Provider shall be fully responsible for monitoring the operation of and maintenance of the Customer Equipment (if any) and shall promptly notify the Customer of any issues with the same that may impact the provision of the Services or achievement of the Service Levels.
13.4The Service Provider may, where directed to do so by the Customer, acquire future equipment (“Future Equipment”),  including modifications, upgrades, enhancements, additions and replacements of the Customer Equipment, as necessary or appropriate to provide the Services. Such Future Equipment shall be acquired in the name of the Customer and title shall vest in the Customer and, unless agreed to the contrary pursuant to the Contract Change Control Procedure, the Customer shall pay the vendor directly for such Future Equipment.
13.5The Customer shall have the right to approve any software or Service Provider Tools used by the Service Provider in relation to the Services and installed on Customer Systems prior to the Service Provider’s use of the same in order to provide the Services, such approval shall not be unreasonably withheld or delayed. The Service Provider shall be responsible for:
13.5.1in consideration of the Core Charges, installing, operating and maintaining the Service Provider Software and Service Provider Tools;
13.5.2in consideration of the Core Charges, managing and using any other Software, Systems or Materials (including the Customer Software, Customer Systems and Customer Materials) required to provide the Services; and
13.5.3in consideration of any agreed Flex Charges, modifying such other Software, Systems or Materials (including the Customer Software, Customer Systems and Customer Materials) where the same is agreed as part of the relevant Change Management Services.
Risk of Loss
13.6Each Party shall be responsible for risk of loss of, and damage to, Equipment, Software or other Material in its possession or under its control, provided that the Service Provider will notify the Customer prior to installing any single piece of Equipment worth more than £50,000 at a Customer Location.
13.7The Service Provider shall be responsible for the risk of loss of, and damage to, any property, systems or material used by it to provide the Services, except to the extent that any loss of, or damage to, any such property, systems or materials is caused by an intentional wrongful act or omission of the Customer or Customer Personnel.


14.CO-OPERATION AND THIRD PARTY CONTRACTS
14.1The Service Provider acknowledges that it will be delivering the Services to the Customer in a multi-vendor environment. Accordingly, the Service Provider shall co-operate in good faith with the Customer, to the extent relevant to obtain the benefit of the Services, and with the Customer’s other suppliers to facilitate the integrated and efficient carrying out of the Customer’s operations and the provision of the Services. Such co-operation shall include providing advice, assistance, data and information as reasonably required by the Customer and (subject to reasonable confidentiality provisions being in place and applicable requirements under Relevant Law) its suppliers.
14.2Where applicable to its service model, the Service Provider will agree to specific operation level agreements with those Third Party Suppliers of the Customer identified by the Parties from time to time and, without prejudice to the generality of clause 14.1, the Service Provider shall comply with such co-operation obligations.
14.3Notwithstanding Schedule 14 Appendix A, the Parties will identify any third party contracts under which a Third Party Provider furnishes or provides services to the Customer that are associated with the Services and which are required to be maintained in the name of the Customer (or its Affiliates) and managed by the Service Provider in accordance with Schedule 14 (Service Integration) ("Managed Agreements"). Any such contracts not already included in Schedule 14, Appendix 14-A will be added to it by written agreement of the Parties. For the avoidance of doubt, the Parties agree that no such services are required at the Effective Date.
14.4Without prejudice to the generality of its obligations under clauses 14.1 and 14.2, the Service Provider agrees that in relation to any such Managed Agreements, it will monitor the performance of each applicable Third Party Service Provider and take steps to address with each Third Party Service Provider any issues arising with its performance and shall promptly escalate any concerns it may have with respect to such performance to the Customer.
14.5The Service Provider shall ensure that reasonable knowledge transfer takes place between it and the applicable Third Party Service Providers including in relation to:
14.5.1difficulties and issues such Third Party Service Providers may encounter in delivering their services in the context of the Service Provider’s provision of the Services;
14.5.2information regarding the operating environment, system constraints and other operating parameters applicable to the provision of the Services by the Service Provider as a supplier with reasonable technical skills and expertise would find reasonably necessary in order to perform its work; and
14.5.3such information as is necessary to assist each such Third Party Service Provider to ensure that the results of its services have the ability to interoperate with the Services.
14.6The Parties acknowledge that from time to time the Service Provider may need to appoint third parties as its subcontractors in order to enable it to perform aspects of the Services. The Service Provider agrees that the Customer shall have the right to propose certain Third Party Suppliers to be its subcontractors in relation to such Services. Where requested to do so by the Customer, the Service Provider shall act reasonably to seek either to manage such contracts on the Customer’s behalf or to enter into direct contracts with such Third Party Suppliers provided, in such latter case, that: (i) the Service Provider is able to reach a commercial agreement in relation to the same; and (ii) the relevant Third Party Supplier passes the Service Provider’s ethics, security and compliance checks. Where requested to enter into a direct subcontract with a third party pursuant to this clause, the Service Provider shall negotiate in good faith and use its reasonable


commercial endeavours to reach agreement and the Customer agrees to provide reasonable support to assist with such discussions (if requested to do so).
15.PERSONNEL
Staff Transfer
15.1The Parties shall comply with the terms of Schedule 17 (Human Resources Provisions). The Parties will agree via the Contract Change Control Procedure any amendments to Schedule 17 necessary to reflect any changes required but at the Effective Date the Parties do not envisage any Personnel will transfer under this Agreement in accordance with the Transfer Regulations.
General
15.2The personnel assigned to the Customer account by the Service Provider (or its Sub-contractors) will be and remain employees of the Service Provider (or such Sub-contractors) (“Service Provider Personnel”) and the Service Provider (or such Sub-contractors) shall be liable for all taxes, national insurance and other costs, compensation and benefits of such personnel, including salary, health, accident and workers’ compensation benefits, pensions and contributions that an employer is required to pay with respect to the employment of employees related to the Service Provider Personnel (“Employment Costs”).
15.3If the actions or inactions of Service Provider Personnel create:
15.3.1additional work in connection with the performance of the Services by the Service Provider that would have otherwise been unnecessary in the absence of such action or inaction; or
15.3.2additional work for the Customer to enable it to obtain the full benefit of the Services,
the Service Provider shall perform all such additional work at no additional charge to the Customer.
15.4The Customer shall have the right to require the removal of any member of the Service Provider Personnel assigned to perform under this Agreement where such Service Provider Personnel’s performance and competence, responsiveness, capabilities, cooperativeness, ability to work within the Customer’s culture, or fitness for a particular task of any person assigned by the Service Provider to perform Services, is insufficient to perform the Services in a manner acceptable to the Customer. In these circumstances, the Customer shall provide to the Service Provider written reasons for the request for removal. Without prejudice to the foregoing, the Service Provider shall furnish a qualified replacement as soon as reasonably practicable but in all cases, within twenty (20) days of the removal.
Key Personnel
15.5The Customer shall have the right to designate certain employees of the Service Provider or its Sub-contractors as key employees (the “Key Personnel”), provided that the Service Provider may reasonably refuse such designation. The Parties shall agree a maximum number of Key Personnel. The Key Personnel shall devote sufficient effort to perform their role in the delivery of the applicable Services. The Key Personnel will be listed in Schedule 18 (Key Personnel) to this Agreement.
15.6During their Duration of Commitment, the Service Provider shall only remove or change the Key Personnel with the written consent of the Customer except where the removal or change results from resignation, death, disability, or termination of employment of the Key Personnel in question


in which case the Service Provider must promptly notify the Customer of such removal and the proposed replacement. The Service Provider may review its team after the expiry of the initial Duration of Commitment set out in Schedule 18 (Key Personnel) and thereafter every twelve (12) months and advise which Key Personnel are to be changed in accordance with this clause 15.6 and clause 15.7 and any such changes will be made on at least six (6) months’ notice.
15.7The Service Provider may only assign or replace any Key Personnel with the Customer’s prior written consent (which in the circumstances set out above shall be deemed to have been given) and only after the Service Provider has provided the Customer with the relevant curriculum vitae of the relevant Key Personnel and with a reasonable opportunity to interview such Key Personnel. At no additional cost to the Customer, the Service Provider will provide for an appropriate transition (including overlap) period for the new individual so that there is no disruption to the performance of the Service Provider’s obligations or the Customer’s receipt of the Services under this Agreement.
Non-Solicitation
15.8Save for any exceptions agreed by the Parties in writing, and subject to the parties respective obligations set out in Schedule 17 (Human Resources Provisions), each Party agrees that during the period between 1 October 2024 and the earlier of: (i) the date falling six (6) months after the expiry or termination of this Agreement, or (ii) the date falling six (6) months after the date the relevant individual has left his or her employment , it will not and will procure that its Affiliates will not directly or indirectly, either on its own account or in conjunction with or on behalf of any other person, employ, hire, solicit or endeavour to entice away from the other Party (or its Affiliates) any person who, at any point since 1 October 2024:
15.8.1in the case of the Customer, has been an officer, manager, employee, agent or consultant of the Customer or its Affiliates; or
15.8.2in the case of the Service Provider, has been engaged in the provision of the Services to the Customer under this Agreement.
16.SERVICE LOCATIONS
16.1When working at any Customer facilities, Service Provider Personnel shall comply with the requirements of Schedule 22 (Locations and Site Licence) and all applicable Standards and Policies, including the Customer’s standard workplace security, administrative, safety and other policies and procedures applicable to the Customer’s own employees or contractors (“Customer Location Policies”) and the Customer IT and security policies as set out in Schedule 7 (Security – IT and Physical).
16.2The Customer shall notify the Service Provider of any subsequent modifications or amendments to the Customer Location Policies. Any such changes to the Customer Location Policies which impose materially increased obligations or costs on the Service Provider, shall be agreed through the Contract Change Control Procedure.
16.3Customer agrees and acknowledges that Service Provider has implemented a flexible working policy for its personnel. Under this flexible working policy, where agreed in writing by the Parties, Service Provider Personnel are permitted to work from Remote Locations. In connection with the foregoing, Service Provider shall: (i) procure that Service Provider Personnel comply with the terms and conditions under this Agreement, including performance obligations, and adherence to applicable Standards and Policies; and (ii) ensure that appropriate security measures are in place in relation to the delivery of Services by Service Provider Personnel working at locations other than Customer Locations or Service Provider Service Provider Service Locations


17.SUBCONTRACTORS
17.1The Service Provider shall not delegate or subcontract any of its obligations under this Agreement without the prior written consent of the Customer and shall ensure that all Sub-contractors comply with obligations akin to those set out in Schedules 17 (Human Resources Provisions), 5 (Sub-Contractor List and Service Provider Tools), 7 (Security - IT and Physical), and 21 (Data Transfer and Processing).
17.2The Customer acknowledges and agrees that the consent required pursuant to clause 17.1 has been granted in respect of those Approved Sub-contractors identified in Schedule 5 (Sub-Contractor List) and any Sub-contractor it formally requires the Service Provider to use in connection with the provision of the Services pursuant to clause 14.6.
17.3The Customer may revoke its approval of a Sub-contractor if it has good faith doubts about the Sub-contractor’s ability to perform the sub-contracted Services.
17.4The Service Provider shall on request advise the Customer of the impact of any revocation action pursuant to clause 17.3 by the Customer including any impact on the timetable and the Charges.
17.5If the Customer wishes to proceed with the revocation action pursuant to clause 17.3 then any changes shall be agreed through the Contract Change Control Procedure.
17.6The Parties agree that there will be no impact on the Charges if the Customer revokes its approval of a Sub-contractor as a result of any fraud, fraudulent misrepresentation, Wilful Default or Wilful Abandonment or any other criminal act by a Sub-contractor or its employees.
17.7If the Customer consents to the Service Provider’s proposed use of a Sub-contractor to perform the Services (or part thereof) the Service Provider shall remain fully responsible and liable for the acts and omissions of the Sub-contractors to the same extent as if such acts and omissions were those of the Service Provider.
17.8Subject to ensuring that all Service Provider Applicable Regulations and the Customer Applicable Regulations that it has been made aware of pursuant to clause 20.1 in relation to the same are complied with (provided always that compliance with Customer Applicable Regulations shall be deemed where the Service Provider complies with and has taken the steps agreed between the Parties pursuant to clause 20.1), the Service Provider may engage any of its Affiliates to provide Services and Deliverables to the Customer and the Customer Group under this Agreement. Notwithstanding anything to the contrary in this Agreement, the Service Provider will remain fully liable for Services and Deliverables provided under this Agreement by its Affiliates.
17.9Any references to “sub-contracting” in this clause 17 and throughout this Agreement shall include sub-outsourcing.
18.DATA AND SECURITY REQUIREMENTS
18.1The Service Provider shall comply with the current Standards and Policies relating to IT and security and the requirements of Schedule 7 (Security – IT and Physical) at no additional cost to the Customer. If the Standards and Policies change these will be notified to the Service Provider by the Customer in accordance with clause 4.1.6 and the Service Provider will review such changes, and notify the Customer of any implications of such changes. Any such changes to this Agreement or the Services required as a direct result of the changes to the Standards and Policies and/or the requirements of Schedule 7 will be agreed through the Contract Change Control Procedure save that the Charges shall only be increased where the changes materially increase obligations or costs on the Service Provider.


18.2The Service Provider shall provide ongoing training for all the Service Provider Personnel employed or engaged in the provision of the Services in compliance with the Standards and Policies.
18.3Without limiting clause 18.1, the Service Provider shall comply and shall ensure that all Sub-contractors comply with vetting procedures and policies in respect of all Service Provider Personnel that comply with Good Industry Practice.
18.4The Service Provider shall ensure that principles aligned to ISO 27001 and ISO 9001 are reflected in its performance of the Services.
18.5The Customer shall retain exclusive rights and ownership of all of Customer Data and the Customer Data shall not be:
18.5.1used by the Service Provider for any purpose other than as required under the Agreement in connection with providing the Services;
18.5.2disclosed, sold, assigned, leased or otherwise provided to third parties by the Service Provider; or
18.5.3commercially exploited or otherwise used by or on behalf of the Service Provider, its affiliates, officers, directors, employees, or agents, other than in accordance with the Agreement.
18.6Upon request by the Customer and at its election and at no additional charge, the Service Provider shall promptly return to the Customer the Customer Data in the format and on the media as reasonably requested by the Customer, or erase or destroy Customer Data in the Service Provider’s possession, power or control (except that the Service Provide may retain one copy for legal records) and, if requested by the Customer to do so, shall provide the Customer with confirmation in writing signed by a corporate officer of the Service Provider.
18.7The Service Provider shall protect the Customer’s data in its possession, power or control so as to not lose, damage, destroy or corrupt the Customer Data.
18.8Pursuant to the requirements of Schedule 7 (Security – IT and Physical) the Service Provider shall establish and maintain all appropriate technical and organisational controls to safeguard against the destruction, loss or alteration of Customer Data and that are no less rigorous than those maintained by the Service Provider for the Service Provider’s own information of a similar nature or that otherwise comply with Good Industry Practice.
18.9Service Provider Personnel must not attempt to access, or allow access to, Customer Data to which they are not entitled or that is not required for the performance of the Services by Service Provider Personnel.
18.10The Service Provider acknowledges its obligations with respect to data security set out in this clause 18.8 and 18.9 apply to the same extent to any of the Customer’s Confidential Information that is received by the Service Provider. Similarly, the Customer shall ensure that any Service Provider Confidential Information is kept securely in a manner consistent with the data security requirements imposed on the Service Provider under clauses 18.8 and 18.9.
18.11The Service Provider acknowledges that the Customer is subject to the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500) (“NYDFS”) and that the Service Provider’s compliance with clauses 18.8 and 18.9 in relation to Customer Confidential Information is required for the Customer to comply with NYDFS. The Service Provider will also reasonably assist the Customer to comply with any additional requirements of NYDFS (at the


Customer’s cost) provided that the Parties agree in writing the scope of any such additional requirements via the Contract Change Control Procedure.
19.BUSINESS CONTINUITY AND DISASTER RECOVERY
19.1Without prejudice to any Services relating to disaster recovery or business continuity the Parties may agree, the Service Provider shall manage and maintain internal disaster recovery and business continuity policies and procedures consistent with Good Industry Practice and the requirements of Schedule 16 (Business Continuity and Disaster Recovery Plan) throughout the Term at no additional cost to the Customer.
20.REGULATORY MATTERS AND AUDIT RIGHTS
General
20.1The Service Provider shall comply with all Service Provider Applicable Regulations. Without prejudice to the generality of the foregoing, the Customer may notify the Service Provider of (i) any Customer Applicable Regulations it specifically requires the Service Provider to comply with (including any requirements set out in the Standards and Policies to either comply with Customer Applicable Regulations referenced there or to ensure compliance with Customer Applicable Regulations by following certain policies or procedures) and/or (ii) if it requires compliance with what would otherwise be a Service Provider Applicable Regulation in a Customer specific way (such specific compliance becoming compliance with a Customer Applicable Regulation for the purposes of this Agreement and the definition of Service Provider Applicable Regulation). Once any such Customer Applicable Regulations are identified, the Parties will act reasonably to agree as to how they are to be complied with via Contract Change Control Procedure. For the avoidance of doubt, such notifications may relate to compliance with Customer Applicable Regulations in any jurisdictions worldwide in which the Customer or its Affiliates operate or do business from time to time. The Service Provider shall make any modifications to the Services as reasonably necessary as a result of changes to Service Provider Applicable Regulations at no extra cost to the Customer. Where the relevant modification is required to address a change in Customer Applicable Regulations the effect on cost and delivery shall be assessed and agreed via the Contract Change Control Procedure.
20.2The Service Provider recognises that the Customer and its Affiliates are subject to regulation by (or has regulatory responsibilities in respect of) the regulatory authorities in the jurisdictions in which it operates and that, in particular, the Customer has regulatory responsibilities in respect of:
20.2.1the Financial Conduct Authority and the Prudential Regulation Authority;
20.2.2the Bermuda Monetary Authority;
20.2.3the North Dakota Department of Insurance and the Texas Department of Insurance;
20.2.4the Jersey Financial Services Commission;
20.2.5the Central Bank of Ireland;
20.2.6the successor organisations/regulators of each entity listed in clauses 20.2.1 to 20.2.5 from time to time; and
20.2.7various other relevant governmental agencies or bodies around the world.
20.3Subject to clause 26 and the applicable terms in clauses 20.4 and 20.5, the Service Provider shall provide such cooperation with all applicable regulatory authorities as may reasonably be


requested by the Customer or otherwise required by such authorities and in any event shall cooperate with both the Customer and any regulatory authorities in responding to any enquiries made by such authorities. Such cooperation shall be provided at the Customer’s reasonable cost. The Service Provider’s obligations under this clause 20.3 shall include:
20.3.1providing, on request, such assistance as the Customer may reasonably require to prove its compliance with its regulatory requirements in the context of the Services;
20.3.2providing to the Customer such information and/or documentation as a Regulatory Body may request in its supervision of the performance of the Services and it consents to such information and documentation being passed on to the relevant Regulatory Body (subject to the controls in clause 26.3); and
20.3.3in addition to the Customer’s own audit rights hereunder, permitting a Regulator to carry out audits of the Service Provider where such Regulator requires the right to do so under Relevant Laws.
External Audits
20.4The Customer (or its nominee) shall be entitled to audit the Service Provider’s conformance with its obligations under the Agreement (including to verify the Charges) and the relevant Service Provider’s facilities in each case in respect of the Services provided to each of the UK Customer, the US Customer and the Bermuda Customer during business hours once per year for all audits under clause 20.4 (at no additional charge to Customer, though the Customer is responsible for its own costs in respect of such audit) on reasonable written notice (which shall, other than in the case of an emergency or regulatory audit, be no less than one (1) month), provided that the audit is carried out subject to clauses 20.5, 20.6 and 20.10; the auditor is not a direct competitor of the Service Provider; and the auditor enters into a confidentiality agreement with the Customer on terms no less onerous than those set out in clause 26. For the avoidance of doubt, the audit departments of the “Big 4” accountancy firms are not direct competitors of the Service Provider, provided that they sign a confidentiality agreement with the Service Provider, including the obligation to put in place appropriate ethical walls between their audit departments and those parts of their business which provide business and technology consulting and services, to ensure that all information obtained by their audit department is not disclosed to parts of their business which may compete with the Service Provider.
20.5The Service Provider shall provide all reasonable co-operation with any audits conducted pursuant to clause 20.4 and the Customer shall use its reasonable endeavours to seek to:
20.5.1minimise any disruption to the Services; and
20.5.2consolidate such audits for each key Customer Location, where possible.
20.6In conducting an audit, the Customer (or its nominee) shall comply with the Service Provider’s reasonable security and confidentiality procedures and shall not be permitted to have unsupervised access to the Service Provider’s shared facilities and systems. The Service Provider shall be entitled to reasonable relief if there is any disruption to the Services as a direct result of the Customer carrying out an audit.
20.7Not used
20.8If, as a result of an audit, it is determined that the Service Provider has overcharged the Customer, the Customer shall notify the Service Provider of the amount of such overcharge and the Service Provider shall promptly pay to the Customer the amount of the overcharge, plus interest at a rate of two percent (2%) above the annual base rate of the Bank of England from


time to time calculated from the date of receipt by the Service Provider of the overcharged amount until the date of payment to the Customer.
20.9In the event any such audit by the Customer or its agents reveals an overcharge to the Customer by the Service Provider of five percent (5%) or more of a particular fee category, the Service Provider shall reimburse the Customer for the cost of such audit in addition to the repayment of the sum plus interest at the rate set out above.
20.10The Service Provider agrees that the restrictions on the number of audits and the notice period for such audits set out in clause 20.4 will not apply to audits required for legal or regulatory reasons. Such audits shall be conducted at the Customer’s cost where the number set out in clause 20.4 has been exceeded.
20.11If any audit by an auditor designated by the Customer or a regulatory authority having jurisdiction over the Customer results in the Customer being notified that it is not in compliance with any generally accepted accounting principle or audit requirement relating to the Services, then provided that the non-compliance resulted from the Service Provider’s default, the Service Provider shall, at its own expense and within the period of time specified by such auditor or regulatory authority, bring the Services into compliance. If the Service Provider fails to bring the Services into compliance within a reasonable time the Customer shall be entitled to terminate this Agreement on the grounds of the Service Provider’s irremediable material breach of contract on the provision of written notice.
20.12The Service Provider shall maintain and retain in a manner that complies with Good Industry Practice accurate records (including complete financial records of its operations and activities specifically related to the Services) in relation to the provision of the Services provided to the Customer during the Term for seven (7) years after the termination or expiry of the Agreement and make the same available to the Customer and its auditors.
20.13The Service Provider shall provide all reasonable assistance and information in relation to the conduct of the audit at its own cost. For the avoidance of doubt such information shall not include the provision of any background cost or overhead information or any of the Service Provider internal reports relating to the Services (although the Service Provider shall act reasonably in this regard).
Internal Audit
20.14The Service Provider shall establish and maintain a system of internal audits to provide management with assurance that a quality assurance system is being utilised, is effective, meets customer and business needs and continues to improve (“Internal Audits”).
20.15The Service Provider shall maintain internal controls lists in a manner consistent with Good Industry Practice and provide confirmation of the same at least once per year.
20.16Where specifically requested by the Customer, the Service Provider shall also provide a copy (if any are produced) of its:
(a)internal independent audit reports concerning International Standard on Assurance Engagements No. 3402 (ISAE 3402) Assurance Reports on Controls at a Service Organisation;
(b)Statement on Standards for Attestation Engagements No. 18 (SSAE 18); and/or
(c)SOC 1 Type 2 Report prepared in accordance with AT-C320 issued by the AICPA,


to the Customer within a reasonable time after any such reports are completed (provided the Service Provider is not required to provide copies of which reports which cover or refer to other clients of the Service Provider) and shall make all documents regarding such audits available to any applicable Regulator. The Customer acknowledges that for any of the audit reports specified in (a) to (c) above to be able to demonstrate appropriate control operating effectiveness in accordance to these audits’ requirements, processes have to be in steady stable state for over eight (8) months. Accordingly, the Customer agrees that it shall not make a request pursuant to this clause 20.16 until a at least one (1) year after the relevant commencement date in respect of the relevant Services.
20.17Should any Internal Audit identify an overcharge, the provisions of clauses 20.8 and 20.9 shall apply.
21.CUSTOMER DEPENDENCIES
21.1The Service Provider’s sole and exclusive remedy for the Customer failing to meet any of its Customer Dependencies is set out in this clause 21 and the Service Provider shall not be entitled to sue the Customer for breach of contract or terminate the Agreement due to a failure of the Customer to meet the Customer Dependencies.
21.2The Service Provider shall be excused from failures or delays to perform its obligations under this Agreement or any SOW if the Customer delays or fails to provide the Customer Dependencies or in respect of any consequences arising as a result of Service Provider or Service Provider Personnel following the instructions of Customer Personnel specifically authorised to give instructions to Service Provider under this Agreement where: (i) it is reasonable for the Service Provider or Service Provider Personnel to rely on Customer’s instructions; and (ii) acting in accordance with Good Industry Practice the Service Provider knew or should have known that following such instructions would lead to a delay or failure of the Service Provider (each “Relief Event”) but only:
21.2.1to the extent that a Relief Event causes Service Provider’s failure to perform;
21.2.2provided that such acts or omissions are not undertaken by the Customer at the Service Provider’s direction or with the Service Provider’s written consent;
21.2.3provided that the Service Provider gives the Customer prompt written notice of the Relief Event; and
21.2.4provided the Service Provider uses Commercially Reasonable Efforts to mitigate the adverse consequences of the Customer’s failure and continues to provide the Services.
21.3Provided the Service Provider has complied with the obligations set out in clause 21.2 and has obtained the Customer’s prior written approval, the Service Provider will be entitled to receive a reasonable adjustment in the timeframes to deliver and reimbursement of its reasonable, demonstrable, unavoidable costs incurred directly as a result of the Customer’s failure to perform the relevant Customer Dependency (with such costs being calculated by reference to the time spent and the Rate Card).
21.4The Service Provider shall only be entitled to relief under this clause 21 from the date on which it notifies the Customer in accordance with clause 21.2.3.


PART E PAYMENT
22.CHARGES
22.1The Service Provider’s pricing shall not be subject to or contingent upon any due diligence to be performed after the Effective Date except in respect of New Services.
22.2In the event the Parties agree that a particular pass-through expense is to be paid directly by the Customer, such pass-through expense shall not be subject to any mark-up and the Service Provider shall provide the Customer with the original third party invoice together with a statement that the Charges are proper and valid and should be paid by the Customer.
22.3In consideration for the provision of the Services the Customer shall pay to the Service Provider all undisputed Charges within forty-five (45) days of receipt of a correctly rendered invoice.
22.4In the event of late payment, the Service Provider reserves the right to charge interest on amounts overdue at a rate of two percent (2%) above the annual base rate of the Bank of England from time to time.
22.5Except as otherwise agreed by the Parties in writing, no rates or charges other than those set out in clauses 22.3, 22.4 and Schedule 10 (Pricebook, Charges and Invoicing) shall be applicable to the provision of the Services under this Agreement.
22.6The Service Provider shall only be entitled to invoice the Customer for its expenses if such expenses have been approved in writing in advance and are incurred in accordance with the version of the Customer’s expenses policy notified to the Service Provider from time to time.
22.7The Service Provider shall maintain complete and accurate records of, and supporting documentation for, the amounts billable to and payments made by the Customer under this Agreement and the Service Provider shall provide the Customer with documentation and other information with respect to each invoice as may be reasonably requested by the Customer to verify accuracy and compliance with the provisions of the Agreement.
22.8The Customer shall have the right to deduct from amounts owed by the Customer to the Service Provider amounts that the Service Provider is obliged to pay to or credit to the Customer under the Agreement.
22.9The Customer may withhold payment of particular charges that the Customer reasonably and in good faith disputes on notice to the Service Provider.
22.10If the Customer disputes a part of an invoice, the Service Provider shall re-issue an invoice (with the original invoice date) for the undisputed Charges and the Customer shall pay such undisputed Charges in accordance with clause 22.3. The Service Provider shall also re-issue a separate invoice for the disputed Charges (with the original invoice date). The Parties shall diligently pursue an expedited resolution of such dispute in accordance with clause 49 .
22.11The Service Provider shall render invoices in accordance with paragraph 3 of Schedule 10 (Pricebook, Charges and Invoicing).
23.TAX
23.1All charges are exclusive of taxes. Client shall pay amounts equal to any federal, state or local sales, use, excise, privilege, value added, goods and services taxes (the latter being “VAT”), duties, imposts, levies or similar assessment relating to the Services and Deliverables provided


by the Service Provider hereunder, exclusive of taxes based on Service Provider’s net income or net worth.
23.2Unless otherwise agreed between the Parties, the Service Provider will be responsible for all other taxes which are incurred as a result of its provision of the Services under this Agreement.
23.3The Customer shall be entitled to deduct the sums required to pay any withholding taxes, demanded by any taxation authority, from payment to the Service Provider. Upon becoming aware that it must make a tax deduction, the Customer must notify the Service Provider accordingly.
23.4If the Customer does deduct any amounts pursuant to clause 23.3, it shall pay such sums to the relevant taxation authority within the period for payment permitted by law, and furnish the Service Provider with evidence of payment of the relevant amount from the relevant tax authority. The Customer shall upon request reasonably assist the Service Provider with obtaining relevant basic information about such tax obligations and shall use reasonable efforts to assist the Service Provider with reclaiming such withholding tax, where any double-tax treaties or similar rules in the jurisdiction allow for tax reclaims to reduce the Service Provider’s tax burden, or with claiming a foreign tax credit.
23.5If VAT or other taxes are payable on damages payable or paid under this Agreement, then the Party liable for payment of such damages must pay any such VAT or other taxes in addition to the relevant amount of damages upon production of a valid VAT or other appropriate tax invoice by the other Party.
24.VALUE FOR MONEY/BENCHMARKING
24.1The Service Provider agrees that:
24.1.1the Charges applicable to the Services it provides under this Agreement shall be competitive and offer value for money to the Customer; and
24.1.2the Performance Standards applicable to the Services shall accord with Good Industry Practice,
and, in order to demonstrate this to the Customer, the Service Provider agrees to comply with the terms of this clause 24 and Schedule 11 (Benchmarking).
PART F INTELLECTUAL PROPERTY, CONFIDENTIALITY AND DATA PROTECTION
25.INTELLECTUAL PROPERTY RIGHTS
General
25.1Each Party shall retain its rights in its own Pre-existing IPR and the Service Provider shall retain its rights in the Service Provider IPR. Except as provided in this clause 25, neither Party shall gain by virtue of the Agreement any rights of ownership in any IPR owned by the other Party or any third party.
25.2The Service Provider shall procure that all Service Provider Personnel waive all Moral Rights in any Service Provider IPR (excluding any Third Party Materials) provided to, or used by, the Customer in connection with the Agreement.


25.3Developed IPR shall be solely owned by the Customer and shall vest in the Customer on creation provided always that such Developed IPR in any Deliverable which is rejected under clause 6.8.3 shall automatically vest in the Service Provider upon such rejection and, to the extent that any such rights to not automatically vest, the Customer agrees to irrevocably assign, transfer and convey to the Service Provider all rights, title and ownership in the relevant Developed IPR in the rejected Deliverable. The Customer shall and shall procure that its personnel shall give the Service Provider or its designees, all reasonable assistance and execute all documents necessary to assist or enable the Service Provider to perfect, preserve, register or record its rights in the relevant Developed IPR in the rejected Deliverable at the Service Provider’s cost.
25.4The Service Provider may use the Developed IPR solely to provide the Services to the Customer during the Term.
25.5To the extent that title and/or ownership rights may not automatically vest in the Customer as contemplated by clause 25.3, the Service Provider agrees to irrevocably assign, transfer and convey to the Customer all rights, title and ownership in the Developed IPR. The Service Provider shall and shall procure that Service Provider Personnel shall give the Customer or its designees, all reasonable assistance and execute all documents necessary to assist or enable the Customer to perfect, preserve, register or record its rights in the Developed IPR at the Customer’s cost.
25.6The Service Provider shall ensure that where it develops Developed IPR for the Customer, it shall deliver the same in Source Code and object code form, with appropriate Documentation and that both versions shall be able to be used by a reasonably skilled programmer familiar with the relevant software language.
25.7The Service Provider shall ensure that all Documentation related to any software Deliverable (or a component thereof) is up to date at the date of delivery.
25.8Subject to clause 25.10, 25.11 and 25.12, the Service Provider grants to the Customer and the Customer Group a, royalty-free, world-wide, non-exclusive, non-transferable (subject to clause 39) licence (at no additional charge) to use the Service Provider owned Service Provider Pre-existing IPR:
25.8.1that is provided to the Customer and/or the Customer Group as part of the Services during the Term and (which includes any applicable Termination Assistance Period) where necessary for the Customer’s and the Customer Group’s use and receipt of the Services (which right includes the right for the Customer Group’s agents and subcontractors to (i) use for and (ii) and assist the Customer Group in its receipt of the Services, in each case in connection with their own provision of services to the Customer Group) but excluding any (i) Digital Products (to be licensed on separate terms) or (ii) Service Provider Tools (and Customer will use reasonable endeavours to keep Service Provider informed as to the identity of the sub-contractors and agents permitted access under this clause); and
25.8.2in perpetuity and including the right to sub-licence, where such Service Provider’s Pre-existing IPR is embedded into a Deliverable,
in each case subject to: (a) the restriction that it may not be deconstructed (to the maximum extent permitted by Relevant Law) or extracted from the relevant Services or Deliverable or used as a standalone product; and (b) any further limitations set out in a Statement of Work or otherwise agreed in writing by the Parties. The Customer shall also ensure that any sub-licensee under 25.8 complies with the licence conditions set out in this clause.


25.9The Service Provider agrees that for Change Projects under this Agreement it will not develop any standalone modifications, functionality or derivatives of Service Provider IPR without Aspen’s prior written consent. Where a Change Project may involve the delivery of modifications, enhancements or derivatives of Service Provider IPR (but excluding Third Party Materials) which are in existence prior to the Effective Date, the parties may discuss deviations to the allocation of ownership of Developed IPR set out in the definition of Developed IPR in Schedule 1 (Definitions), along with the commercial implications of any such deviation.
25.10Third Party Materials Generally
25.10.1The Service Provider shall obtain the Customer’s prior written consent before embedding in any Deliverables or using or providing to Customer or installing in the Customer’s environment any Third Party Materials or its own Digital Products or Service Provider Tools (each as defined in clause 25.11).
25.10.2Where Service Provider does propose to use Third Party Materials with Customer’s consent (including any non-Service Provider owned Service Provider Tools) then, subject always to clause 25.12, it shall use Commercially Reasonable Efforts and at mutually agreed terms (but at no additional cost as regards the Service Provider’s efforts to procure a licence), to procure the grant to the Customer and the Customer Group and, to the extent necessary, its sub-contractors, agents and representatives of a world-wide, non-exclusive licence to use, modify, enhance and maintain the Third Party Materials to be embedded in the Deliverables or to be made available to the Customer specifically to provide the Services to the Customer.
25.10.3Notwithstanding the foregoing, the Parties agree that it may not be possible to procure such a licence under clause 25.10.2 and that, in addition to addressing the variations required by clause 25.12 the Parties may need to either: (i) agree further variations to the terms of this Agreement and appropriate pass through terms from the third party in respect of such Third Party Materials only; or (ii) arrange for such Third Party Materials to be licensed directly to the Customer Group. In this latter case, the Service Provider shall use Commercially Reasonable Efforts to assist the Customer in the procurement of a licence directly from the licensor of any Third Party Materials.
25.10.4Where the Service Provider has not complied with the terms of clause 25.10.1 and obtained the Customer’s prior consent to use, provision or installation in the Customer’s environment or to embed in any Deliverable Third Party Materials then, without prejudice to the Customer’s other rights and remedies hereunder, the Service Provider shall (at its cost and option) either: (i) procure a licence for the Customer to use such Third Party Materials; or (ii) re-provide the relevant Services and/or Deliverables in such a manner that the relevant Third Party Materials are not required but until such time as its failure to comply with clause 25.10.1 is identified and then, following such identification remedied pursuant to this clause 25.10.4, the Third Party Materials in question will be deemed to have been licensed to the Customer for it to use in connection with its receipt of the Services and use of Deliverables but only to the extent strictly necessary to permit such use.
25.11Service Provider Tools and Digital Products
25.11.1The Parties acknowledge and agree that from time to time the Service Provider may propose the use of its own proprietary products that are typically licenced on stand-alone terms (the “Digital Products”) and that subject always to agreement between the Parties as to such terms, any such Digital Products shall be licenced on separate terms (and subject to escrow requirements, or not, in accordance with such separate terms) and the


other terms of this clause 25 shall not apply to their use. The Service Provider undertakes to ensure that the impact of the use of Digital Products on the Customer’s receipt of the Services and the wider terms of this Agreement is minimised.
25.11.2As part of delivering the Services, the Customer acknowledges that Service Provider Personnel may also utilise proprietary software, methodologies, tools, specifications, drawings, sketches, models, samples, records, documentation, works of authorship, creative works, ideas, know-how, data or other materials which have been or are originated, developed, licensed, purchased, or acquired by Service Provider or its Affiliates or Sub-contractors (collectively, “Service Provider Tools”). Where necessary to deliver the Services, Customer consents to installation in its environment of the Service Provider Tools listed in Schedule 5 (Sub-contractors and Service Provider Tools) or the applicable SOW but agrees and acknowledges that it (and its agents and sub-contractors) will not directly or independently use (and will not have any right to so use) any such Service Provider Tools unless otherwise specifically agreed by the Parties in writing via the Contract Change Control Procedure or in a SOW.
25.12COTS, Cloud and Similar Materials and Services
25.12.1In the event that an element of the Services to be provided by the Service Provider is to be procured from and passed through to the Customer from a commercially available off the shelf package software provider, cloud services provider or similar provider of software, hardware or solutions on standard terms (a “COTS Vendor”), then the Parties will negotiate the terms of such pass through supply and that such negotiations shall include agreeing, subject to confirming the same via the Contract Change Control Procedure, that: (i) the Service Provider’s liability arising in relation to or in connection with breaches of clause 27 caused by the COTS Vendor shall be capped at the level at which the COTS Vendor caps its liability to the Service Provider and which the Service Provider is entitled to recover from such COTS Vendor under its terms; and (ii) the approach to the management of data export requirements (including the requirement that such COTS Vendor enter into any Data Protection Model Clauses) imposed by this Agreement, it being agreed that the Parties shall agree such other lawful data export mechanism as is appropriate where the COTS Vendor refuses to enter into the Data Protection Model Clauses.
25.12.2The Parties agree that as at the Effective Date, save for those COTS Vendors listed in Schedule 19 (COTS Vendors) to whom the terms listed in Schedule 19 (COTS Vendor Usage Restrictions and Related Obligations) apply, there are no COTS Vendors in scope and thus clause 25.12.1 does not apply to the scope of the Services set out in the Agreement as at the Effective Date.
25.12.3The Service Provider shall not change the Services after the Effective Date such that a new COTS Vendor in respect of which the Service Provider would wish to apply this clause is introduced into delivery of the Services without the prior written consent of the Customer. For the avoidance of doubt, if the Service Provider wishes to change the Services (including end-to-end solutions) and an element of such Services will be provided on a pass through basis using a new COTS Vendor not listed in Schedule 19 then the Service Provider and the Customer shall agree through the Contract Change Control Procedure what COTS Vendors will be used and the terms that will apply, updating Schedule 19 (COTS Vendors) accordingly.
25.13The Customer grants to the Service Provider and its Affiliates a non-exclusive, non- transferable, revocable licence (including the right to sub-licence, but only to sub-contractors approved by the Customer in accordance with this Agreement) to use, copy, modify, and prepare derivative works


of the IPR arising in any materials (including Developed IPR and all hardware, software or other items) provided by or on behalf of the Customer or any of its Affiliates to the Service Provider in connection with its delivery of the Services for the sole purpose of providing the Services to the Customer for the Term (which includes any applicable Termination Assistance period).
Escrow
25.14As at Effective Date there is no anticipation of a requirement for escrow but if, pursuant to a SOW or the Contract Change Control Procedure a need for escrow is identified then the following terms shall apply save to the extent varied in the SOW or Contract Change Control Note:
25.14.1The Service Provider shall ensure that the Source Code in the Service Provider Software embedded in Deliverables (excluding any Third Party Materials which are instead subject always to the provisions of clause 25.10 and which may or may not be subject to escrow depending on the terms agreed with the third party vendor in question) together with any related Documentation, is deposited in escrow pursuant to the terms of the Escrow Agreement.
25.14.2The Service Provider and the Customer mutually undertake to sign the Escrow Agreement promptly following delivery of any Deliverable to which clause 25.14 applies. The Service Provider additionally undertakes to procure that the relevant escrow agent promptly signs the Escrow Agreement.
25.15Not used
Residual Knowledge
25.16Nothing contained in the Agreement shall restrict either Party from the use of any general ideas, concepts, know-how, methodologies, processes, technologies, algorithms or techniques retained in the unaided mental impressions of such Party’s personnel relating to the Services which either Party, individually or jointly, develops or discloses under the Agreement (“Residual Knowledge”) provided that in doing so such Party does not:
25.16.1infringe the Intellectual Property Rights of the other Party or third parties who have licensed or provided materials to the other Party; or
25.16.2breach its confidentiality obligations under the Agreement or under agreements with third parties.
26.CONFIDENTIAL INFORMATION
26.1Subject to clause 26.2, each Receiving Party will treat and keep all confidential information of the Disclosing Party as secret and confidential and will not, without the Disclosing Party's written consent, directly or indirectly communicate or disclose (whether in writing or orally or in any other manner) Confidential Information to any other person other than in accordance with the terms of this Agreement.
26.2Clause 26.1 shall not apply to the extent that:
26.2.1the Receiving Party needs to disclose the Confidential Information of the Disclosing Party to any of its employees, Affiliates (and their employees) or Sub-contractors and/or in the case of the Service Provider, COTS Vendors in order to fulfil its obligations, exercise its rights under this Agreement or to receive the benefit of the Services, provided always that the Receiving Party shall ensure that every person to whom disclosure is made pursuant


to this clause 26.2.1 uses such Confidential Information solely for such purposes, and complies with this clause 26 to the same extent as if it were a Party to this Agreement;
26.2.2any Service Provider Confidential Information is embodied in or otherwise incorporated into any Developed IPR;
26.2.3such Confidential Information is in the public domain at the Effective Date or at a later date comes into the public domain, other than as a result of breach of this Agreement;
26.2.4the Receiving Party obtains or has available such Confidential Information from a source other than the Disclosing Party without breaching any obligation of confidence;
26.2.5subject to clause 26.3, such Confidential Information is required to be disclosed pursuant to any Relevant Law or the rules of any Regulator or stock exchange; or
26.2.6the Receiving Party can show such Confidential Information was independently developed by it otherwise than in connection with this Agreement.
26.3Notwithstanding clause 26.1, the Customer may disclose Confidential Information to its solicitors, auditors, insurers, accountants or other operational or service-related advisers for the purposes of reporting to or seeking advice from the relevant Party provided that neither Party may pass commercially sensitive information of the other to its competitors, notwithstanding any other provision of this Agreement or a SOW. In such circumstances as this clause 26.3 permits disclosure of Service Provider Confidential Information, the Customer shall ensure that every person to whom disclosure is made pursuant to this clause 26.3 uses such Confidential Information solely for such purposes and complies with this clause 26 to the same extent as if it were a Party to this Agreement. Prior to making any disclosure under 26.2.5 the Receiving Party shall, unless prohibited from doing so by Relevant Law, provide the Disclosing Party with prompt notice of such request(s) so that the Disclosing Party may seek an appropriate protective order or other appropriate remedy and/or waive compliance with the confidentiality provisions of this Agreement. In the event that such protective order or other remedy is not obtained, or Disclosing Party grants a waiver hereunder, Receiving Party may furnish that portion (and only that portion) of the Confidential Information which the Receiving Party is legally compelled to disclose and will exercise its reasonable efforts to obtain reliable assurance that confidential treatment will be accorded any Confidential Information so furnished.
27.DATA PROTECTION
27.1The categories of personal data to be processed by the Service Provider, categories of data subjects whose personal data will be processed, and the nature and purpose of processing activities to be performed under this agreement is set out in Schedule 21 (Data Transfer and Processing) of this Agreement as enhanced or clarified in relation to an SOW in the applicable SOW.
27.2Each Party shall comply with its respective obligations under applicable Data Protection Legislation and, without prejudice to the foregoing, the Service Provider shall not process Customer Personal Data in a manner that will or is likely to result in the Customer breaching its obligations under Data Protection Legislation provided that the Customer gives reasonable written notice to the Service Provider of such obligations.
27.3Upon termination or expiry of this agreement, the Service Provider shall, at the Customer’s request, promptly delete or return all Customer Personal Data and delete the copies thereof (unless otherwise required by Data Protection Legislation) and shall certify to the Customer that it has done so.


27.4The Parties acknowledge that, in respect of all Customer Personal Data processed by the Service Provider for the purpose of the provision of Services under this Agreement:
27.4.1the Customer alone shall determine the purposes for which and the manner in which such Customer Personal Data will be processed by the Service Provider;
27.4.2the Customer shall be the data controller; and
27.4.3the Service Provider shall be the data processor.
27.5Where in connection with this Agreement the Service Provider processes Customer Personal Data as the data processor of the Customer, the Service Provider shall:
27.5.1process Customer Personal Data only on behalf of the Customer, only for the purposes of performing this Agreement and only in accordance with instructions contained in this Agreement or as otherwise received from time to time; the Service Provider shall notify the Customer prior to taking any further action if it considers an instruction to be likely to result in processing that is in breach of Data Protection Legislation. However, for the avoidance of doubt, the Service Provider is not obliged to analyse the lawfulness of the Customer’s instructions;
27.5.2not otherwise modify, amend, disclose or permit the disclosure of any of the Customer Personal Data to any third party (including a data subject) unless specifically authorised or directed to do so in writing by the Customer;
27.5.3implement and maintain appropriate technical and organisational measures to protect Customer Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Upon the Customer’s request, the Service Provider shall provide the Customer with a written description of the technical and organisational measures implemented by itself and its Sub-contractors as well as copies of all documentation relevant to such compliance including, protocols, procedures, guidance, training and manuals;
27.5.4ensure the reliability of any of the Service Provider Personnel with access to Customer Personal Data, that such access is granted on a ‘need to know’ basis, and that they are subject to binding obligations of confidentiality with respect to Customer Personal Data;
27.5.5comply with:
27.5.5.1all binding guidance and recommendations from the relevant supervisory authorities in countries where the Customer is established;
27.5.5.2clause 18.4; and
27.5.5.3the Customer’s Standards and Policies;
27.5.6at no additional cost, provide full cooperation and assistance to the Customer as the Customer may require to allow the Customer to comply with its obligations as a data controller, including in relation to data security, data breach notification, data protection impact assessment, prior consultation with data protection authorities, any enquiry, notice or investigation received from a data protection authority, and the fulfilment of data subject’s rights;
27.5.7promptly and without delay (but in any event within 48 hours of becoming aware of it), notify the Customer in writing of any actual or alleged unauthorised disclosure, loss,


destruction, compromise, damage, alteration, or theft of Customer Personal Data (including unauthorised access to or use of the Customer Systems or data, improper handling or disposal of data, theft of information or technology assets, and/or the inadvertent or intentional disclosure of Customer Personal Data) or any incident which may give rise to a personal data breach (as such term is defined under the GDPR); and
27.5.8subject to clause 20.4, permit physical inspections of the Service Provider’s relevant premises dedicated to the Customer and/or the Services, by the Customer or its representatives to ensure compliance with this clause 27.
27.6The Service Provider shall nominate a representative within its organisation who shall have responsibility to respond to Customer queries regarding the processing of Customer Personal Data and the Service Provider shall ensure that it responds to such queries promptly.
27.7Save to the extent an alternative approach is agreed in relation to a COTS Vendor pursuant to clause 25.12.1, the Service Provider shall not authorise any third party or Sub-contractor to process Customer Personal Data other than with the prior written consent of the Customer (for the avoidance of doubt, written consent shall be deemed given for authorised Sub-contractors listed in this Agreement and Service Provider Affiliates).
27.8Save to the extent an alternative approach is agreed in relation to a COTS Vendor pursuant to clause 25.12.1, where the Service Provider is a processor with respect to the Customer Personal Data, it shall impose obligations on its Sub-contractors and Affiliates that are the same as or equivalent to those set out in this clause 27 by way of written agreement, and shall remain fully liable to the Customer for any failure by a Sub-contractor to fulfil its obligations in relation to the Customer Personal Data.
27.9Pursuant to clause 17, where the Service Provider is subject to an obligation in relation to Customer Personal Data or the Customer is granted a right in respect of the Service Provider, the Service Provider should procure that its Sub-contractors are subject to equivalent obligations and that the Customer is granted the same right against the Sub-contractors.
27.10The Service Provider shall not process and/or transfer any Customer Personal Data in or to any country outside the UK, European Economic Area or Switzerland without the prior written consent of the Customer.
27.11If, for the purposes of the performance of this Agreement, the Service Provider or any of its Sub-contractors wishes to process and/or transfer any Customer Personal Data in or to a country outside the UK, European Economic Area or Switzerland without prejudice to clause 27.10, the Service Provider shall comply with such other instructions and shall carry out such other actions as the Customer may notify in writing, including:
27.11.1providing details of how the Service Provider will ensure an adequate level of protection for any such Customer Personal Data so as to ensure the Customer’s compliance with Data Protection Legislation; and
27.11.2implementing any data transfer mechanism provided by the applicable Data Protection Legislation, such as the Data Protection Model clauses as set out in Schedule 21 (Data Transfer and Processing), to allow for the lawful processing of Personal Data in a country outside the UK, European Economic Area or Switzerland pursuant to the applicable Data Protection Legislation.


28.PUBLICITY
28.1The Service Provider shall not make any public announcement (whether written or oral) about the existence of the Agreement or that it is providing Services to the Customer without the Customer’s prior written consent (which may be withheld in its complete discretion). For the purposes of clause 12.1, the Customer’s consent to disclosure by the Service Provider is deemed to be given only to the extent that such disclosure is required for the Service Provider to comply with its obligations under clause 12.1.
28.2In no circumstance shall either Party be authorised to use any of the other Party’s logos, trademarks or any other representations related to the other Party’s brand (including noting the other Party or its personnel as a referee) without the other Party’s prior written consent (which may be withheld in its complete discretion).
PART G REPRESENTATIONS, WARRANTIES AND INDEMNITIES
29.REPRESENTATIONS AND WARRANTIES
29.1Each Party represents, warrants and undertakes to the other, as at the date of this Agreement:
29.1.1that it has the power and authority to enter into and perform its obligations under this Agreement;
29.1.2that it has all necessary rights, licences, permissions and consents to provide (in the case of the Service Provider) or receive (in the case of the Customer) the Services; and
29.1.3that the signing of this Agreement does not violate any law or constitute a default under any other agreement that that Party has entered into.
29.2The Service Provider represents, warrants and undertakes to the Customer on a continuing basis throughout the term that:
29.2.1it shall not conduct itself in a way so as to adversely affect the Customer’s public image (except that this clause 29.2.1 shall not preclude the Service Provider from enforcing its right under this Agreement);
29.2.2it is not insolvent or unable to pay its debts within the meaning of the insolvency legislation applicable to it;
29.2.3it shall allocate sufficient resources to provide the Services in accordance with the contractual requirements and use Commercially Reasonable Efforts to use the resources efficiently and services necessary to provide the Services;
29.2.4it shall not knowingly and/or negligently insert or include, or permit or cause any Service Provider personnel to insert or include, any known Virus into any items provided to the Customer or the Customer Systems;
29.2.5it shall use the latest available versions of anti-virus software available from an industry accepted anti-virus software vendor to check for and delete malicious software and Viruses from the Service Provider’s IT systems;
29.2.6it shall co-operate with the Customer to reduce the effect of any virus found and assist the Customer to mitigate any losses (including without limitation, loss of operational efficiency and loss or corruption of the Customer’s data) and to restore the system,


products, Deliverables and Services to their desired operating efficiency, such assistance to be at Service Provider’s reasonable and demonstrable cost;
29.2.7it has undertaken all diligence it requires in order to plan and perform the Services and that accordingly its prices and estimates are robust and may be relied upon by the Customer;
29.2.8it is skilled and experienced in the provision of services akin to the Services and in using the tools, methodologies and procedures it is proposed that it will use in the delivery of Services hereunder;
29.2.9all information it provides to the Customer during the Term shall, at the time it is supplied, be true and accurate in all material respects;
29.2.10that the Services will be performed in accordance with all
29.2.10.1Service Provider Applicable Regulations and
29.2.10.2any provisions agreed between the Parties under clause 20.1 in relation to Customer Applicable Regulations;
29.2.11Not used
29.2.12it shall comply with any reasonable Customer request or instruction that enables the Customer to comply with its regulatory requirements (if any) in respect of the Services at mutually agreed terms. Any Customer requests or instructions which fall outside of the scope of the Services shall be agreed through the Contract Change Control Procedure.
29.3The Customer warrants that, to the extent that Customer Personal Data is provided to the Service Provider for processing (as that term is defined in the Data Protection Legislation), the Customer or relevant Customer Affiliate providing such Customer Personal Data shall have a legal basis on which to do so in respect of such Customer Personal Data.
29.4Except as expressly set out in this Agreement, all other warranties, express or implied, shall be excluded to the fullest extent permitted by law.
30.INDEMNITIES
30.1IPR Indemnities
30.1.1Subject to clauses 30.1.2 and 30.1.3, each Party will indemnify, defend and hold harmless the other Party and its Affiliates and their respective officials, employees, agents and assigns (“Representatives”) against any claims, losses, damages, costs (including reasonable legal fees), expenses and liabilities agreed in a settlement or awarded against the other Party and/or its Representatives as a result of any infringement (or claim of infringement) of any third party IPR caused by or alleged to have occurred because of:
30.1.1.1in the case of indemnification by the Service Provider to the Customer, Customer or its Affiliates possession of the Developed IPR in any Deliverables provided by the Service Provider to the Customer or its Affiliates; or otherwise in respect of the Service Provider’s performance or provision of the Services; and


30.1.1.2in the case of the Customer’s indemnification of the Service Provider, the Customer’s receipt or use of such Deliverables or Services other than in accordance with or as envisaged by this Agreement or such Deliverables’ or Services’ specifications, or the Service Provider’s receipt or use of any Customer Indemnified Items made available to the Service Provider or a Service Provider Affiliate by or on behalf of the Customer or a Customer Affiliate for its use under this Agreement (provided always such receipt or use was in accordance with the terms of or as envisaged by this Agreement).
30.1.2The Parties agree that the indemnifying party shall be relieved of its obligation to indemnify the indemnified party pursuant to clause 30.1.1 if and to the extent that the infringement claim arises due to (i) use of the material that is subject to the relevant indemnity claim other than in accordance with or as envisaged by this Agreement; or using infringing material after a fix or remedy has been provided (whether pursuant to clause 30.3 or otherwise); (ii) use of an allegedly infringing item or any part thereof in combination with any equipment, software or data not approved for use by the indemnifying party, or use in any manner by the indemnified party (or its Affiliates) for which the allegedly infringing item was not designed; or (iii) where the Service Provider is the indemnifying party, any modification or alteration of the allegedly infringing item by a person or entity other than Service Provider or its Affiliates or Sub-contractors unless such modification or alteration was made on the instructions of or in accordance with designs, specifications, information or materials provided by or on behalf of the Service Provider or its Affiliates or Sub-contractors.
30.1.3The Parties recognise that each of them may make available certain Third Party Materials to the other and that such Third Party Materials may not benefit from IPR indemnification protection equivalent to that set out in clause 30.1.1 above. Where Third Party Materials are identified by a Party as requiring discussion between the Parties in respect of indemnification, the Parties will discuss the same and then may either agree in writing: (i) to continue to allow the other to benefit from the indemnity set out in clause 30.1.1 above; or (ii) agree that separate pass through indemnity protections from the third party should apply in the event of an IPR infringement claim arising in relation to a Party’s use of Third Party Materials provided to it by the other Party. For the avoidance of doubt, if the Parties do not specifically agree to either (i) or (ii) in respect of any Third Party Materials then Third Party Materials shall nevertheless be excluded from the indemnity protection under clause 30.1.1 above except where the indemnifying party has provided or made available to the indemnified party any Third Party Material specifically for use under this Agreement in breach of the relevant third party licence terms and the relevant third party makes a claim against the indemnified party in respect of the same, in which case the indemnity at clause 30.1.1 shall cover such claims and clause 30.3 shall also apply.
30.2In addition to the indemnities provided in clause 30.1.1 and Schedule 17 (Human Resources Provisions), the Service Provider will indemnify, defend and hold harmless the Customer and its Affiliates and their respective officials, employees, agents and assigns (“Customer Indemnities”) against any claims, losses, damages, costs (including reasonable legal fees), expenses and liabilities agreed in a settlement or awarded against the Customer and/or the Customer Personnel as a result of any of the following:
30.2.1breach by the Service Provider of any of the representations and warranties set out in clauses 29.1.1 and 29.1.3; and
30.2.2any Employment Liabilities arising in relation to or employment claims of Service Provider Personnel made against the Customer Group not covered by the indemnities provided in


Schedule 17 (Human Resources Provisions) except to the extent such Employment Liabilities arise as a result of an act or omission of Customer or Customer’s Group; and
30.2.3breach by the Service Provider of clause 27.
30.3Without prejudice to its obligations pursuant to clause 30.1.1, if any Deliverable or service other item or material provided by the Service Provider or the provision of the Services by the Service Provider is, or in the Service Provider’s reasonable judgement is likely to become, the subject of a claim (an “Infringing Item”), the Service Provider, at its expense and discretion and in addition to the indemnity and defending the claim, will procure for the Customer the right to use and continue using the Infringing Item or replace it with a non-infringing equivalent or modify it to make its use non-infringing, provided that such replacement or modification does not result in a degradation of the performance or quality of the Infringing Item (other than minor or cosmetic defects).
30.4The following procedures will apply with respect to any indemnification arising in connection with the Agreement:
30.4.1as soon as reasonably practicable after receipt by an indemnified party of written notice of the assertion or the commencement of any claim, demand, action, cause of action or other proceeding by a third party, whether by legal process or otherwise (a “Claim”), but no later than fourteen (14) days following receipt of written notice from the indemnified party relating to any Claim, the indemnifying party will notify the indemnified party in writing that it will assume control of the defence and settlement of such Claim (the “Notice”);
30.4.2if the indemnifying party delivers the Notice relating to any claim within the required notice period, the indemnifying party will be entitled to have sole control over the defence and settlement of such Claim;
30.4.3if the indemnifying party fails to assume the defence of any such Claim within the prescribed period of time, then the indemnified party may assume the defence of any such Claim at the cost and expense of the indemnifying party; and
30.4.4subject to the payment of its reasonable costs, the indemnified party shall provide reasonable assistance to the indemnifying party, including reasonable assistance to the indemnifying party’s employees, agents, independent contractors and Affiliates, as applicable. Notwithstanding any provision of this clause 30 to the contrary, the indemnifying party will not consent to the entry of any judgment or enter into any settlement that provides for injunctive or other non-monetary relief affecting the indemnified party without the prior written consent of the indemnified party, such consent not to be unreasonably withheld or delayed.
PART H IMPACT OF A FAILURE TO PERFORM
31.FORCE MAJEURE
31.1Neither Party shall be liable for default or delay in the performance of its obligations under the Agreement:
31.1.1if the default or delay is caused by a cause beyond the reasonable control of such Party (it being agreed that causes beyond the reasonable control of a Party shall not include strikes or lock outs of its own personnel); and


31.1.2provided the non-performing Party is without fault in causing the default or delay and the default or delay could not have been prevented by reasonable precautions (which for these purposes shall include complying with that Party’s Disaster Recovery Plan and/or Business Continuity Plan or, if of a higher standard, disaster recovery plans consistent with Good Industry Practice) or circumvented by workarounds.
31.2The non-performing Party shall be excused from further performance or observance of the obligation(s) so affected for as long as:
31.2.1the circumstances prevail; and
31.2.2the Party continues to use its best efforts to recommence performance or observance whenever and to whatever extent possible without delay.
31.3A Force Majeure Event shall not relieve the Service Provider of its obligations to supply the Services in conjunction with implementing its Disaster Recovery Plans or Business Continuity Plans, including requiring that essential personnel report to work during an emergency, and any or all personnel work at a contingency location.
31.4In the event that a Force Majeure Event interrupts the provision of the Services for in excess of thirty (30) days the Customer may terminate the affected Services on the provision of written notice.
31.5In the event that Services are disrupted by a Force Majeure Event with respect to which working from Remote Locations is deemed by the Parties to be the optimal business continuity measure then, if the assets on hand and capabilities exist for Cognizant personnel to perform the Services from Remote Locations, Cognizant shall have the right to perform the Services from the Remote Locations using networking, connectivity, security and data handler protocols established by Cognizant and provided to Customer (the “Remote Protocols”) and the Remote Protocols shall supersede any and all applicable terms of this Agreement, each applicable SOW and all schedules, exhibits or attachments hereto and thereto that require any different measures.
32.STEP IN
32.1If:
32.1.1any material default or non-performance by the Service Provider occurs and as a result, the performance of any business critical service is prevented, hindered, degraded or delayed for more than two (2) consecutive days;
32.1.2the Service Provider is excused from the performance of the Services pursuant to a Force Majeure Event;
32.1.3a Regulator requires the Customer to do so; or
32.1.4the circumstances in paragraph 13.1 of Schedule 15 (Exit Plan and Service Transfer Arrangements) occur,
then, without limiting any other rights it may have, the Customer may take control of the part of the Services affected by the Service Provider material default or non-performance, or the Force Majeure Event and in the case of clause 32.1.3, the Customer shall take control of the part of the Services affected by the regulatory direction (in each case, “Step In”) for a maximum period of two (2) months after which the Customer shall either terminate this Agreement pursuant to any rights to do so hereunder it may have or allow the Service Provider to resume performance of the relevant Service. Notwithstanding the maximum period of two (2) months, a Step In caused by a


Force Majeure Event will end when the Service Provider demonstrates to Customer’s reasonable satisfaction that the Service Provider is capable of providing the affected Service in accordance with the requirements of this Agreement and the affected SOW.
32.2In exercising its rights of Step In the Customer may perform any act that the Customer deems reasonably necessary in order to restore the Services (including by engaging a third party service provider) or may direct the Service Provider to procure those Services from a Third Party Service Provider provided that the Customer: (i) complies with the Service Provider’s reasonable security and confidentiality policies as notified to the Customer; (ii) procures that any third party that it engages signs an Agreed Form NDA, with an obligation to erect “ethical walls” within its own organisation to protect the Service Provider’s confidentiality, if the third party stepping in is a competitor of the Service Provider; (iii) does not have unsupervised access to the Service Provider’s facilities and shared computing environment; and (iv) does not require the Service Provider to disclose its commercially sensitive information to any third party.
32.3Where a Third Party Service Provider is engaged in connection with a Step In, the Service Provider shall be liable for the payment of the difference between the sums that would have been paid to the Service Provider for the provision of those Services and the sums payable to the Third Party Service Provider for performing the same for as long as the failure to perform continues (save for where the Step In is a result of a Force Majeure Event), and the Customer shall not be charged for Services that are not provided to the Customer as a result of a Force Majeure Event or the Service Provider’s default or non-performance. The Service Provider shall either pay directly or reimburse the Customer for any such third party costs incurred. Such payments made by the Service Provider may be credited against the Charges or paid by way of cheque or direct debit to the Customer, at the Customer’s option.
32.4In the event of the Customer exercising its right of Step In, the Service Provider shall co-operate with the Customer (and its agents or representatives, including any applicable Third Party Service Provider) and provide reasonable assistance at no charge to the Customer to restore such Customer function or the Services or any part of them as soon as reasonably possible, including giving the Customer (and its agents or representatives, including any applicable third party services provider) reasonable access to the Service Provider’s premises, Equipment, Material and Software, to the extent reasonably necessary for the purpose of restoring such Customer function or the Services or any part of them to the level required under this Agreement.
32.5As soon as reasonably practicable following the restoration of the affected Customer function or the affected part of the Services (meaning that its performance is no longer substantially prevented, hindered, degraded or delayed) to the Customer’s reasonable satisfaction or a Regulator lifting its Step In requirement, the Service Provider shall resume the performance of the relevant Services.
32.6Without prejudice to the caps set out in clause 34, nothing in this clause 32 limits the Service Provider’s liability to the Customer with respect to any default or non-performance by the Service Provider under this Agreement provided always that the Service Provider shall be relieved of its obligations to deliver the Services affected by any Step In during the period the Customer or any Third Party Service Provider has taken over delivery of such Services.
33.ENHANCED CO-OPERATION
33.1Where the Customer requires the right to do so in order to obtain an improved understanding of the Services or to assist the Service Provider to improve its performance (including in particular in the circumstances set out in clause below), the Parties agree that the Customer may nominate a certain number of its employees, agents or contractors (subject to clause 33.4), to be seconded to the Service Provider (“Consultants”) provided that the Parties agree the role and


responsibilities of such Consultants and the desired outcomes of involvement. The number of Consultants shall be the minimum reasonably necessary (as determined by the Customer acting reasonably) for the limited purposes described in this clause 33.1 and the Customer agrees to appoint Consultants with a level of seniority appropriate to the tasks they shall be engaged in and to provide the Service Provider with at least five (5) Business Days’ notice of its intention to exercise its rights under this clause 33.
33.2The circumstances that the Parties agree shall entitle the Customer to invoke its rights under clause 33.1 include where:
33.2.1the Customer is entitled to terminate the Agreement in whole or in part for cause;
33.2.2the Service Provider is not performing any of the services in accordance with the Credit Baseline Service Levels (if any);
33.2.3the Service Provider is in material breach of its obligations under the Agreement;
33.2.4the Customer has reasonable grounds to suspect acts of fraud are being committed by the Service Provider, any Sub-contractor or any Service Provider Personnel;
33.2.5the Service Provider causes the Customer to breach its legal or regulatory obligations; or
33.2.6the Service Provider fails to provide the Services materially in accordance with the Agreement and that failure causes, or is in the Customer’s opinion likely to cause:
33.2.6.1delay in delivery of the Services that means that the Service Provider will not be able to meet any Key Milestone date;
33.2.6.2the degradation or unavailability of the Services which, in the Customer’s opinion, is unlikely to be resolved within a reasonable period of time; or
33.2.6.3the Customer to incur a material loss, liability or cost whether direct or indirect.
33.3No Consultant shall become an employee of the Service Provider, or have a legal entitlement to any benefits conferred by the Service Provider on its employees, as a result of his or her secondment under this clause 33.
33.4A Consultant may not be an employee of any entity who competes with the Service Provider in the field of system integration services unless they are an employee of the Customer.
33.5The Consultants shall be given full access to all information (other than commercially sensitive information or information related to the Charges) that is available to all relevant Service Provider Personnel and that is related to the performance of the Services that are relevant to the purposes described in clauses 33.1 and 33.2 and shall be able to make suggestions related to any element of the performance of the Services provided that the Consultant: (i) complies with the Service Provider’s reasonable security and confidentiality policies as notified to the Consultant; (ii) signs an Agreed Form NDA; and (iii) does not have unsupervised access to the Service Provider’s facilities and shared computing environment.
33.6The Service Provider shall not be obliged to follow any suggestions given by the Consultants.
33.7By exercising its right under this clause, the Customer shall not, and shall not be deemed to, assume any obligation to resolve any issue or problem with the Services or relieve the Service Provider of any obligation or liability in relation to that event. Without limiting the foregoing,


nothing in this clause 33.7 shall be construed to limit the Service Provider’s obligation to continue to perform the Services in accordance with all applicable Service Levels or Milestone dates.
33.8If the Customer exercises its rights under this clause 33, the Parties shall carry out a monthly review to agree on whether the secondment shall continue. In any case, a secondment under this clause may be terminated by the Customer at any time by giving written notice to the Service Provider, but shall in any event cease when the secondment has been effective for a continuous period of ninety (90) days (or such longer period as may be agreed between the Parties, such agreement may not be withheld by the Service Provider where clause 33.9 applies), when both of the following conditions are satisfied:
33.8.1the event giving rise to the appointment of the Consultants under this clause has ceased and/or has been resolved or remedied; and
33.8.2the Service Provider has demonstrated to the Customer’s reasonable satisfaction that the Service Provider has taken all reasonable measures to ensure that the event giving rise to the appointment of the Consultants shall not reoccur.
33.9Subject to clause 33.10, the Customer shall be responsible for paying the Consultants’ reasonable and demonstrable fees for the duration of the secondment, plus any reasonable, actual and demonstrable travel and subsistence costs incurred by the Consultants in relation to their secondment under this clause provided that the salaries of the Consultants are reasonable given their level of seniority and experience and Good Industry Practice (“Consultant Costs”).
33.10Notwithstanding clause 33.9, the Parties agree that to the extent that the Customer exercises its rights due to an alleged Service Provider default and it transpires that the Service Provider was in default then the Service Provider shall be responsible for fifty percent (50%) of the Consultant Costs.
33.11The exercise by the Customer of its rights in this clause 33 shall be without prejudice to any other rights or remedies of the Customer.
34.LIABILITY
34.1Nothing in this Agreement shall limit a Party’s liability in respect of:
34.1.1death or personal injury caused by negligence;
34.1.2fraud or fraudulent misrepresentation;
34.1.3any employment related indemnities;
34.1.4the breach by a Party, its Affiliates or sub-contractors (including, in the case of the Service Provider, its Sub-contractors) or personnel of the duties of confidentiality contained in the Agreement save:
34.1.4.1where the breach is of the data protection obligations under this Agreement or any Local Agreement, SOW or Data Protection Model Clauses, in which case the liability caps in clause 34.2.1 (in the case of the Service Provider) or clause 34.3 (in the case of Customer) shall apply; or
34.1.4.2where the breach is in relation to breach of any data security obligations under clause 18, in which case the liability caps in clause 34.6 (in the case of the Service Provider) or 34.7 (in the case of the Customer) shall apply (except to


the extent the data security breach is also a breach of clause 26 leading to a loss of Confidential Information).
34.1.5any claim made under the IPR indemnities set out in clause 30.1.1;
34.1.6Wilful Abandonment or Wilful Default by the Service Provider; and
34.1.7any liability that cannot be excluded pursuant to applicable law.
34.2Subject to clause 34.1, the maximum aggregate liability of the Service Provider (including all Service Provider Affiliates) to Customer (which includes, for the avoidance of doubt, the UK Customer, US Customer and Bermuda Customer and all other Customer Affiliates) arising under or in connection with this Agreement (including all SOWs and Local Agreements) for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise) for all losses whatsoever and howsoever caused:
34.2.1for all liability related to personal data, including under the indemnity in clause 30.2.3 and/or arising any Data Protection Model Clauses, shall be limited to the greater of: (i) $10,000,000 (ten million USD); or (ii) 250% (two hundred and fifty per cent) of the total Charges paid or payable under the Agreement in the Contract Year immediately prior to the first claim giving rise to such liability, but subject to any variation or exception agreed pursuant to clause 25.12.1; and
34.2.2for all claims for damage to tangible property caused by the Service Provider’s (including its Affiliates or its Sub-contractors) negligence or Wilful Default shall be limited to $7,500,000 (seven million five hundred thousand USD).
34.3Subject to clause 34.1, the maximum aggregate liability of the Customer (including Customer Affiliates) arising under or in connection with this Agreement (including all SOWs and Local Agreements) and/or any Data Protection Model Clauses for all liability related to personal data shall be limited to $10 million (ten million USD).
34.4Provided that nothing in this clause 34.4 shall limit or exclude a Party’s liability under clauses 34.1.1, 34.1.2 and 34.1.7, a Party nor its Affiliates shall have any liability under this Agreement or any SOW or Local Agreement or Data Protection Model Clauses for: (i) any indirect or consequential losses suffered by the other Party; or (ii) for any special or incidental damages, loss of profits, loss of business, loss of revenue, loss of goodwill, loss of anticipated savings or any loss of data (in each case howsoever arising and whether direct or indirect) other than as detailed in clause 34.5 below.
34.5Subject to clauses 34.6 and 34.2, the exclusions in clause 34.4 shall not exclude liability for the following heads of losses which the Service Provider will accept to be deemed direct losses or damages suffered by the Customer:
34.5.1subject always to the Customer’s duty to mitigate, the costs of procuring and implementing an alternative to the Services provided (or not provided) by the Service Provider;
34.5.2the cost of restoring lost or damaged data caused or materially contributed to by the Service Provider to the last machine readable backup taken by the Customer in accordance with Good Industry Practice unless otherwise agreed in writing in a Statement of Work;


34.5.3the cost of restoring damage to physical property caused by the Service Provider, excluding any loss or damage resulting from fair wear and tear;
34.5.4additional wages, overtime and expenses incurred by the Customer or its subcontractors or agents in performing or rectifying defective services and/or managing a third party’s performance of the same;
34.5.5the public relations costs of repairing any brand or reputational damage caused solely by the Service Provider’s breach of this Agreement where the Customer can demonstrate that such breach causes these losses;
34.5.6cost savings as agreed by the Parties (but which have not already been compensated either pursuant to clause 5.3 or 10.1 of this Agreement). Such cost savings shall be calculated as the difference between the baseline costs in the Pricebook (the “Baseline Costs”) and the charges for equivalent volumes (calculated by reference to the original baseline volumes in the Pricebook). The following will be excluded from the charges for the purposes of this calculation: (i) any spend on Flex Services, (ii) any incremental charges arising as a result of a change to the Agreement, and (iii) any additional costs reimbursed pursuant to clause 21.3. For the avoidance of doubt, and subject always to clause 21, to the extent that a cost saving is enabled by the Service Provider but the Customer does not take the necessary action to realise those savings (having agreed such actions as a Customer Dependency with the Service Provider), then the Service Provider shall have no liability with respect to the failure of the Customer to achieve such cost saving; and
34.5.7in the event that a breach of the Service Provider prevents the Customer from running its business in the normal way, the costs of the remedial action necessary so as to re-enable such normal running together with the costs of implementing any temporary work-around.
34.6Subject to clause 34.1 and 34.2, the Service Provider’s (including its Affiliates) total aggregate liability to the Customer (which includes, for the avoidance of doubt, the UK Customer, US Customer and Bermuda Customer and all other Customer Affiliates) arising under or in connection with the Agreement (including all SOWs and Local Agreements) for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise, for any losses whatsoever and howsoever caused shall not exceed, for all claims in each Contract Year:
34.6.1not used
34.6.2the greater of:
(i) a de minimis amount equal to 200% of the Charges paid by the Customer under the Agreement (including all SOWs and Local Agreements) in the previous Contract Year; and
(ii) two hundred percent (200%) of the total Charges paid or payable under the Agreement (including all SOWs and Local Agreements) in the relevant Contract Year prior to the date which the first claim in that Contract Year arises.
For the avoidance of doubt, the annual cap that applies to any one claim shall be that of the Contract Year in which the event (or first in a series of events) that gave rise to the claim in question occurs.
34.7Subject to clause 34.1 and 34.3, the Customer’s total aggregate liability in each Contract Year under or in connection with this Agreement (including all SOWs and Local Agreements) shall not


exceed the total amounts paid or payable under the Agreement (including all SOWs and Local Agreements) in the Contract Year in which the claim arises. For the avoidance of doubt, the annual cap that applies to any one claim shall be that of the Contract Year in which the event (or first in a series of events) that gave rise to the claim in question occurs.
34.8For the avoidance of doubt, the Parties acknowledge that in accordance with Relevant Law, any claim for damages shall be reduced by the amount of Service Credits or Liquidated Damages already paid by the Service Provider to the Customer in respect of the relevant liability so as to avoid double recovery by the Customer.
34.9The phrase “paid or payable” will mean the aggregate of:
34.9.1all relevant amounts already paid by the Customer to the Service Provider; and
34.9.2all relevant amounts invoiced but not yet paid by the Customer to the Service Provider.
34.10In the event that any breach by the Service Provider or any Service Provider Group company of this Agreement, a Local Agreement, SOW and/or any Data Protection Model Clauses results in any losses being suffered by (i) any Customer that is a party to this Agreement (each of the UK Customer, US Customer and/or Bermuda Customer); and/or (ii) any Customer Group Company that is not a party to this Agreement, such losses will be treated as if they had been suffered by the UK Customer and the UK Customer (acting as agent for the US and Bermuda Customers and to the exclusion of any right of the US or Bermuda Customer to also bring any claim in respect of the same loss) may recover any such losses from the Service Provider in accordance with this clause 34. The US Customer and the Bermuda Customer and any
Customer Group Company that is not a party to this Agreement (including any Local Agreement, SOW or any Data Protection Model Clauses) may only recover its losses directly from the Service Provider if the UK Customer is prohibited by law from doing so. For the purposes of this clause 34.10, any losses suffered by any Customer Group Company that is not a party to this Agreement (including any Local Agreement, SOW or any Data Protection Model Clauses) will not be treated as being indirect or consequential in terms of this clause 34 simply because it has been suffered by that Customer Group company and not by a Customer directly.
34.11Nothing in this clause 34 shall relieve the Customer of its obligation to pay all Charges which have been properly incurred under this Agreement.
35.INSURANCE
35.1The Service Provider shall maintain at its own cost (and on request provide evidence to the Customer in the form of a certificate of insurance) the following insurance policies with an insurer of good standing for the term of this Agreement and six (6) years thereafter:
35.1.1professional liability insurance for a minimum amount of £10,000,000 (ten million GBP) per claim and annual aggregate;
35.1.2public and product liability insurance for a minimum amount of £10,000,000 (ten million GBP) per claim and annual aggregate; and
35.1.3employer’s liability insurance for a minimum amount of £10,000,000 (ten million GBP).
35.2The Service Provider shall not during the term of this Agreement and for a period of six (6) years thereafter act or refrain from acting in such a way as would entitle the underwriter(s) of the policies required by clause 35.1 above to avoid or negate their liability to deal with any claim(s) which would otherwise be covered.


35.3The Service Provider shall, whenever reasonably requested by the Customer, provide evidence of such insurance and of its currency.
35.4The inclusion of minimum limits of insurance herein shall not entitle Customer to insurance limits maintained by Service Provider which may exceed any limitation of liability or liability caps that may be in place in this Agreement. The minimum amount of insurance may be maintained through primary and umbrella or excess coverage. Except for any statutory required insurance, coverage and limits required herein may be met through the combination of primary, local admitted and global insurance policies maintained by Service Provider.
PART I TERMINATION
36.TERMINATION
Customer Termination Rights
36.1The Customer may terminate for convenience this Agreement (in whole or in part) on ninety (90) days’ notice.
36.2Early Termination Payments
36.2.1If the Customer terminates this Agreement pursuant to clause 36.1 or the Service Provider terminates this Agreement pursuant to clause 36.7, the Customer shall pay the Service Provider a sum equal to the Remaining Contract Committed Revenue.
36.2.2If the Customer terminates this Agreement pursuant to clause 36.4.3 or clause 36.4.4, it shall pay the Service Provider a sum equal to 70% of the Remaining Contract Committed Revenue.
36.2.3In addition to any sums that are due under clauses 36.2.1 or 36.2.2, the Customer shall also pay: (i) any additional applicable Early Termination Payments the parties may agree after the Effective Date in accordance with paragraph 20.1.2 of Schedule 10 (Pricebook, Charges and Invoicing); and (ii) any due and payable invoices for Services performed up to the date of such termination.
36.2.4The Service Provider agrees that such payments shall be the Service Provider’s sole and exclusive remedies in connection with any early termination itself and that beyond such payments mentioned above, no damages or compensation for early termination shall be payable; provided always that this shall be without prejudice to the rights and remedies of the Service Provider at law in respect of the recovery of any damages which arise due to breach of this Agreement by the Customer (whether connected with the event giving rise to the early termination or not).
36.3The Customer may terminate the Agreement for material breach by the Service Provider, immediately if it is not capable of remedy, or after thirty (30) days from the Customer providing the Service Provider with written notice of the material breach if it is capable of remedy but remains unremedied.
36.4The Customer may also terminate the Agreement:
36.4.1immediately if an Insolvency Event occurs with respect to the Service Provider;
36.4.2upon thirty (30) days’ written notice where the Service Provider persistently breaches the Agreement;


36.4.3immediately where a Material Adverse Change occurs in relation to the Service Provider and the process outlined in that definition has been exhausted;
36.4.4on a no-fault basis, in the event there is a Change of Control of the Service Provider (other than an internal re-organisation within the Service Provider Group) which raises a legitimate concern for the Customer and: (a) immediately where termination is required or requested by a Regulator; or (b) on thirty (30) days’ notice where the new controlling entity: (i) has significantly worse financial standing than the Service Provider; (ii) is a direct competitor of the Customer; or (iii) is involved in an industry for which association would be reasonably likely to bring the Customer into disrepute, provided that the Customer gives notice to terminate on this basis within ninety (90) days following the Customer becoming aware of the Change of Control, such notice to specify the date upon which termination shall become effective;
36.4.5immediately for any breach of this Agreement by the Service Provider: (i) which causes a Regulator to require or request that the Agreement is terminated as a result of the breach; (ii) to the extent that the breach is the direct cause of a Regulator imposing a fine on the Customer or any member of the Customer Group; or (iii) to the extent the breach causes the Customer to breach a specific legal requirement which in turn is likely to cause regulatory problems for the Customer or any member of the Customer Group, and the nature of and impact on the Services of such a legal requirement have been set out in the applicable SOW or in this Agreement;
36.4.6upon thirty (30) days’ written notice in the event of a Material Service Failure;
36.4.7upon thirty (30) days’ written notice where there is repeated failure by the Service Provider to engage with the governance procedures set out in this Agreement, including but not limited to, Schedule 12 (Governance and Service Management) where, following formal notice from the Customer, the Service Provider either:
36.4.7.1fails to address and propose a plan to solve the concerns identified by the Customer within thirty (30) days of a notice requiring it do so; or
36.4.7.2fails to then deliver on the plan proposed by it pursuant to this clause by the dates specified in the plan;
36.4.8upon thirty (30) days’ written notice in the event any material breach of this Agreement by the Service Provider has a material adverse impact on the Customer’s reputation (or that of the Customer Group) or leads to material adverse publicity; or
36.4.9as set out in clause 31.4.
36.5If the Customer terminates this Agreement in whole or in part and the Customer has paid any Charges in advance for Services it has not yet received, an amount equal to such Charges shall be repayable, subject to a pro-rated reduction.
36.6If the Service Provider believes that any termination by the Customer constitutes a wrongful repudiation of the Agreement, then the Service Provider agrees that it will not affirm the Agreement provided that the termination by the Customer occurs at a time when the Customer is entitled to terminate the Agreement or relevant Statement of Work for convenience. Any wrongful repudiation made in those circumstances shall, if proven, be deemed to be termination for convenience by the Customer and the Customer shall be liable to pay to the Service Provider all amounts (including termination charges) payable on or in connection with termination for convenience (and within the timescales for payment of the same) as provided in this Agreement and/or the relevant Statement of Work.


Service Provider Termination Right
36.7The Service Provider may only terminate this Agreement on written notice to the Customer due to:
36.7.1the Customer’s failure to pay undisputed Charges, for which properly submitted invoices have been delivered, by the due date for payment, provided that:
36.7.1.1the Customer fails to remedy the failure to pay within fifteen (15) days of its receipt of the Service Provider’s written notice of the failure to pay; and
36.7.1.2the Service Provider provides the Customer a further notice of the failure to pay and the Customer fails to remedy the failure to pay within ninety (90) days of its receipt of such further notice in which case the Service Provider may terminate forthwith;
36.7.2a material breach by the Customer of the licence conditions set out in clause 25.8 which the Customer fails to cure (if capable of cure) within thirty (30) days of a notice requiring it to do so;
36.7.3a breach by the Customer (or any of its Affiliates) of its obligations under clause 26, provided the Customer fails to remedy the relevant breach (if capable of remedy) within sixty (60) days of its receipt of the Service Provider’s written notice of the relevant breach in which case the Service Provider may terminate forthwith; or
36.7.4the Customer’s breach of its obligations under clause 27 where to continue to provide the Services would put the Service Provider in breach of Relevant Laws in which case the Service Provider may terminate forthwith unless such Relevant Laws allow a cure period and/or a notice period in which case the Customer shall have thirty (30) days to cure and/or be provided notice as applicable.
36.8For the avoidance of doubt, and subject to clause 39.1, a change in Control of the Customer will not grant the Service Provider a right to terminate this Agreement.
37.TERMINATION ASSISTANCE/EXIT
37.1Subject to clause 37.4, for up to a maximum period of nine (9) months following the effective date of termination or expiration of the Agreement or following the date of any notice of termination, at the Customer’s election and request the Service Provider shall provide Termination Assistance to the Customer at the agreed day rates and in accordance with Schedule 15 (Exit Plan and Service Transfer Arrangement).
37.2Actions by the Service Provider under this clause 37 shall be subject to the provisions of the Agreement.
37.3Charges for Termination Assistance activities by the Service Provider shall be at the services rates set out in the Rate Card or such lower rates (if any) as specified in an Exit Plan.
37.4The Service Provider represents and warrants that the Termination Assistance services shall be provided to facilitate the Customer to readily continue the provision of the services in-house or by a replacement supplier (working in accordance with Good Industry Practice) and eliminate or minimise any disruption or deterioration of the Service, including, but not limited to, the following:
37.4.1efficient and comprehensive transition;


37.4.2assistance in providing information required to prepare and execute any request for proposal process;
37.4.3knowledge transfer;
37.4.4enabling data migration; and
37.4.5executing any document required for assignment of rights.
37.5The Customer shall procure that any Successor Service Provider shall enter into a confidentiality agreement with the Service Provider on the terms of the Agreed Form NDA.
PART J MISCELLANEOUS PROVISIONS
38.COMPLIANCE WITH LAWS
Generally
38.1The Service Provider shall perform its obligations in a manner that complies with all Service Provider Applicable Regulations. The Service Provider’s obligations pursuant to this clause shall include identifying and procuring any required permits, certificates, approvals and inspections applicable to the Service Provider or otherwise required by Service Provider Applicable Regulations. If a charge of non-compliance with such Service Provider Applicable Regulation occurs, the Service Provider shall promptly notify the Customer in writing (unless prohibited from doing so under Relevant Law). Any actual failure to so comply with Service Provider Applicable Regulations applicable to the Services shall give the Customer the right to terminate this Agreement for irremediable material breach pursuant to clause 36.3.
38.2The Customer shall notify the Service Provider of any material changes in any Relevant Laws affecting its business and of which it becomes aware in the ordinary course of its business (provided always that this shall not release the Service Provider from its own obligations to keep abreast of all Service Provider Applicable Regulations affecting its business and the ongoing provision of the Services).
38.3Not used.
38.4The Service Provider shall be responsible for any fines and penalties imposed on the Service Provider or the Customer arising from any non-compliance by the Service Provider, its personnel or agents with any Service Provider Applicable Regulations.
39.TRANSFER OF THIS AGREEMENT
39.1The Customer may transfer or assign the Agreement: (i) within the Customer Group including in the event of a merger, acquisition, business combination or other change of control including an initial public offering of shares in Customer or a Customer Affiliate; (ii) to any entity that acquires it (provided the entity passes the Service Provider’s reasonable ethics and compliance checks, including Service Provider reasonable international trade compliance checks); or (iii) with the Service Provider’s consent (not to be unreasonably withheld) to any third party, provided in each case that if the Service Provider has bona fide concerns (in its sole discretion) in relation to the assignee’s financial standing, the Parties shall meet to discuss those concerns and the Customer shall provide or obtain such financial assurances as the Service Provider may reasonably require. To be clear each of the UK Customer, US Customer and Bermuda Customer must jointly agree any such assignment of this Agreement in full. For the avoidance of doubt any change of Control


in respect of the Customer or a Customer Affiliate will not trigger the re-negotiation of this Agreement.
39.2Apart from the specific rights to transfer, novate or assign specified in clause 39.1, neither Party may assign, novate or otherwise transfer any of its rights or obligations under this Agreement without the other Party’s prior written consent (such consent not to be unreasonably withheld or delayed). For the avoidance of doubt, it is reasonable for the Customer to withhold its consent to any proposed assignment, novation or other transfer by the Service Provider to any person (the “Transferee”), if the Transferee is of lesser financial standing to the Service Provider or has a lesser ability to provide services of the quality required by this Agreement.
39.3The Service Provider shall use its reasonable endeavours to notify the Customer in advance of any Change of Control and in any event shall notify the Customer within ten (10) days of any Change of Control occurring.
40.NO PARTNERSHIP, AGENCY ETC
40.1Nothing in this Agreement is intended to create a partnership or the relationship of principal and agent or employer and employee between the Parties. Neither Party has the authority or power to bind, to contract in the name of or to create a liability for the other in any way or for any purpose.
41.NOTICES
41.1All formal notices and communications between the Parties and/or to any Affiliate made in the course of this Agreement are to be in writing and shall be deemed to have been received by the addressee at the times stated below, provided that the notice of communication is addressed to the recipient at the address specified below, is marked for the urgent notification of the specified point of contact as notified in writing to the other Party from time to time in accordance with this clause 41 and is properly franked or otherwise sent postage prepaid:
41.1.1by first class post, forty-eight (48) hours after dispatch;
41.1.2by email with return receipt acknowledgement, on the next Business Day after the day of dispatch;
41.1.3by hand delivery, immediately upon receipt by the recipient; or
41.1.4if sent by a reputable overnight express mail service with a reliable tracking system, twenty four (24) hours after dispatch.
This clause 41.1, however, shall not apply to the service of any proceedings or documents in any legal action.


41.2The addressees of the Parties for the purpose of this clause 41 and for the purpose of service of proceedings are set out below. Notices must be addressed to:
The Service Provider
For the attention of:
Head of UKI Insurance Practice
280 Bishopsgate
London
EC2M 4AG		The Customer
For the attention of:
General Counsel
30 Fenchurch Street
London
EC3M 3BD
With a copy to: Corporate Counsel –
UKI Insurance Practice
280 Bishopsgate
London
EC2M 4AG		With a copy to: Chief Technology Officer &
Group Head of Procurement
30 Fenchurch Street
London
EC3M 3BD
42.THIRD PARTY RIGHTS
42.1A person who is not a Party to this Agreement may not enforce any of its terms under the Contracts (Rights of Third Parties) Act 1999, save that Affiliates of the Customer from time to time and Divested Affiliates as referred to below may enforce the benefits granted to them under this Agreement. For the avoidance of doubt however this Agreement may be amended or rescinded by agreement between the Parties (and the UK Customer acting on behalf of the US Customer and Bermuda Customer) without the consent of any third party.
42.2At the Customer’s discretion and upon notice to the Service Provider of the divestment, any Divested Affiliate shall be entitled (at no additional charge to it or the Customer other than in respect of any separation costs identified and agreed pursuant to the Contract Change Control Procedure) to continue to receive the Services, which it has been receiving pursuant to this Agreement (including the governance regime in Schedule 12 (Governance and Service Management) and the invoicing regime in Schedule 10 (Pricebook, Charges and Invoicing)), for a period of up to two (2) years from the date of completion of such divestment or the date of notice whichever is later, such period to co-terminate with the Term and provided that: (i) the overall liability of Service Provider under this Agreement, any Local Agreement or SOW to the Customer, the Divested Affiliate and any of the beneficiaries does not increase; and (ii) the Divested Affiliate passes the Service Provider’s reasonable ethics and compliance checks. The Divested Affiliate shall enjoy the same unit charges for the Services save for the Core Services Charges. Changes to the Core Service Charges and any separation costs will be agreed pursuant to Contract Change Control Procedure. The Customer shall be responsible for compliance by such Divested Affiliate to the relevant terms and conditions of this Agreement, including the payment obligations in clause 22 for the Services received by the Divested Affiliate and shall be responsible for payment in the event the Divested Affiliate fails to pay the Service Provider. Any changes to the relevant Services or additional requirements (for example, separate invoices for the Customer and Divested Affiliate) or other commercial impact (including to Charges) resulting from the activities contemplated in this clause shall be agreed in accordance with the Contract Change Control Procedure.
43.SURVIVAL
43.1Those clauses that by their nature are intended to survive the termination or expiry of this Agreement, shall so survive.


44.SEVERABILITY
44.1If any provision of this Agreement or any part of any provision is determined to be partially void or unenforceable by any court or body of competent jurisdiction or by virtue of any legislation to which it is subject or by virtue of any other reason whatsoever, it shall be void or unenforceable to that extent only and the validity and enforceability of any of the other provisions or the remainder of any such provision shall not to be affected. If any clause is rendered void or unenforceable, whether wholly or in part, the Service Provider and the Customer shall endeavour, without delay and in good faith discussions, to attain the economic and/or other intended result in another legally permissible manner.
45.ENTIRE AGREEMENT
45.1Subject to clause 45.4 , this Agreement constitutes the entire understanding between the Parties relating to the subject matter of this Agreement and, save as may be expressly referred to in this Agreement, supersedes all prior representations, writings, negotiations or understandings relating to the subject matter of this Agreement.
45.2Except in respect of any fraudulent misrepresentation made by a Party, the Parties acknowledge that they have not relied on any representations, writings, negotiations or understandings, whether express or implied, (other than as set out in this Agreement) in entering into this Agreement.
45.3Nothing in this clause 45 is intended to exclude a party’s liability for fraud, fraudulent misrepresentation or any other liability which cannot, by law, be excluded.
45.4The Parties agree that any Work Request or SOW issued under the Original Agreement shall continue to be governed by the terms and conditions of such Original Agreement.
46.WAIVER
46.1No delay, neglect, or forbearance on the part of either Party in enforcing against the other Party any term or condition of this Agreement shall be or shall be deemed to be a waiver or in any way prejudice any right of that Party under this Agreement. Any waiver by either Party of any of its rights under this Agreement must be in writing and only applies to the transaction or series of transactions expressly referred to in such waiver.
47.CORPORATE SOCIAL RESPONSIBILITY, COMPLIANCE WITH LAWS AND LLOYDS
CENTRE OF EXCELLENCE
Anti-Bribery
47.1Each Party shall comply with all Relevant Laws relating to anti-bribery and anti-corruption including (but not limited to) the UK Bribery Act 2010 and all relevant US requirements.
Modern Slavery
47.2Without prejudice to any other provisions in this Agreement, the Service Provider shall, and shall procure that all persons who will or may be used in performing or to support the performance of this Agreement in any part of the world (“Supply Chain”) shall, at all relevant times:
47.2.1comply with the provisions of the Modern Slavery Act 2015 and all Relevant Laws made under it or relating to it (“MSA”), and ensure that all relevant Service Provider Personnel have received appropriate training on the same;


47.2.2comply with any Customer policy relating to modern slavery and/or human trafficking as is notified to the Service Provider by the Customer from time to time; and
47.2.3immediately notify the Customer’s Head of Procurement in writing if it has reason to believe that it or any member of its Supply Chain is in breach or is likely to breach any of the MSA or any provisions of these clauses 47.2 to 47.4 (or would do so if it were a party to this Agreement), or if it receives a communication from any person alleging breach of any of the MSA.
47.3The Service Provider shall maintain detailed, accurate and up-to-date records setting out:
47.3.1its staff hiring procedures;
47.3.2its supplier selection processes; and
47.3.3the steps it takes to ensure that it and each member of its Supply Chain is not engaged in the activities prohibited by the MSA, and shall promptly provide copies of such records to the Customer on the Customer’s request.
47.4On the Customer’s reasonable request, the Service Provider shall make, and shall require any relevant member of its Supply Chain to make, such adjustments to its processes that relate to staff hiring and supplier selection as the Customer reasonably considers to be desirable to address any risk of non-compliance with the MSA.
Environment
47.5The Service Provider shall ensure that its performance of the Services shall comply with all applicable environmental laws, statutes, regulations and relevant government issued guidance.
Health & Safety
47.6The Service Provider shall at times throughout the Term comply with all Relevant Laws relating to health and safety including (but not limited to) the Health and Safety at Work etc. Act 1974 and shall maintain a written health & safety policy.
Equal Opportunities
47.7The Service Provider shall at all times throughout the Term comply with all Relevant Law relating to equal opportunities, including, (but not limited to) the Equality Act 2010.
Compliance with Competition Laws
47.8The Service Provider confirms that it has not colluded with any third parties in relation to the Charges and that it shall comply with all Relevant Laws relating to competition and anti-trust including (but not limited to) the UK Competition Act 1998 and all relevant US requirements.
Compliance with Import/Export Laws
47.9The Customer agrees to notify Service Provider of (1) any requirements for Deliverables or (2) any other technology, technical data or information to which the Service Provider will have access as a result of the Services that, in either case, will subject the Deliverables or the other technology, technical data or information to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Service Provider the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Service Provider may communicate to the Customer


that reasonably are required to avoid violations. Subject to and except for the foregoing, the Service Provider agrees to notify the Customer of any technology, technical data or information that it will provide to the Customer pursuant to this Agreement that is subject to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Customer the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Customer may communicate to the Service Provider that reasonably are required to avoid violations. Subject to the foregoing the Service Provider shall comply with all Relevant Laws with respect to the Service Provider’s export and/or import of systems, dual-use items, materials, data, information and technologies necessary for the provision of the Services to each Customer Site (including those comprising the Deliverables) and with applicable embargoes, sanctions, and similar restrictions in force from time to time (including by determining and obtaining all relevant import and/or export authorisations). Notwithstanding the foregoing, the Customer agrees that it will not provide the Service Provider with any technology, technical data or information that is subject to control under the International Traffic in Arms Regulations (ITAR). In the event that the Customer wishes to provide the Service Provider with ITAR-controlled technology, technical data or information, the Customer will notify the Service Provider in writing of such intent, and the Parties agree to cooperate to determine the appropriate agreements and controls, if any, required before the Customer makes such disclosure.
Lloyd’s Centre of Excellence
47.10The Customer expects the Service Provider to demonstrate a commitment to developing its knowledge of the London insurance market during the Term. Accordingly, the Service Provider shall commit to:
47.10.1engaging with external consultants to develop training materials and to obtain a deeper understanding of Lloyd’s of London performance standards and requirements;
47.10.2developing and delivering training and certification programmes for Service Provider Personnel delivering the Services;
47.10.3increasing the general pool of Service Provider staff who are familiar with Lloyd’s of London operations;
47.10.4promoting the sharing of experience across the Service Provider’s and its Affiliate’s clients in the Lloyd’s of London market including by promoting opportunities for such clients to network and share experiences;
47.10.5inviting Lloyd’s of London staff to participate as a guest teachers / lecturers; and
47.10.6identifying best practices across all the clients of the Service Provider and its Affiliates in the insurance sector and applying such best practice to services in areas regulated by Lloyd’s of London including by recommending enhancements to processes.
48.CUMULATIVE REMEDIES
48.1Except as otherwise expressly provided in this Agreement, remedies provided under this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either Party at law, in equity or otherwise.


49.DISPUTE RESOLUTION
49.1Any dispute between the Parties arising out of or relating to the Agreement, including with respect to the interpretation of any provision of the Agreement, shall be dealt with as follows:
49.1.1by the respective Contract Managers appointed under the Agreement; and if the dispute is not resolved by the Contract Managers;
49.1.2then by the Customer’s Chief Technology Officer (or his or her designated nominee) and a person of equivalent standing in the Service Provider’s organisation; and
49.1.3then by the Customer’s Chief Operating Officer (or his/her designated nominee) and a person of equivalent standing in the Service Provider’s organisation.
49.2Any dispute, controversy or claim arising under, out of, in connection with, or in relation to the Agreement which cannot be settled as provided for above may then be referred by the Parties to:
49.2.1mediation by a neutral mediator accredited by the Centre for Dispute Resolution (CEDR); and
49.2.2then, if the Parties fail to reach agreement during the mediation process within sixty (60) days of the mediator being appointed, Arbitration in London under the LCIA Rules,
in order for the Parties to attempt to resolve such dispute.
49.3Notwithstanding clauses 49.1 and 49.2, the Parties shall be free at any time to commence legal proceedings in order to seek emergency or injunctive relief.
50.COUNTERPARTS
50.1This Agreement may be executed in two or more counterparts, each of which will be deemed to be an original, but all of which together will constitute one Agreement binding on the Parties, notwithstanding that both Parties are not signatories to the original or the same counterpart.
51.GOVERNING LAW AND JURISDICTION
51.1The Agreement and all matters arising out of or in connection with it (including any dispute or claim) shall be governed and construed in accordance with the Laws of England and Wales and made subject to the exclusive jurisdiction of the Courts of England.


AGREED by the Parties through their duly authorised representatives, it being acknowledged that Aspen Insurance U.S. Services Inc. and Aspen Bermuda Limited have appointed Aspen Insurance UK Services Limited to sign this Agreement on their behalf, on the date of signature set out below:
For and on behalf of)
ASPEN INSURANCE UK SERVICES LIMITED
)
/s/ Chris Jones
Name: Chris Jones
Title: Director of Aspen Insurance UK LTD
Date: 05-Nov-2024  |  09:15 GMT


For and on behalf of)
COGNIZANT WORLDWIDE LIMITED
)
/s/ Cristina Hadjez
Name: Cristina Hadjez
Title: Senior Director
Date: 31-Oct-2024  |  12:28 GMT
For the purposes of acknowledging that Cognizant Technology Solutions US Corporation will be providing services on behalf of Cognizant Worldwide Limited in the United States only:
COGNIZANT TECHNOLOGY SOLUTIONS US CORPORATION
SIGNED:/s/ Christopher H. Privette
Name: Christopher H. Privette
Title: Associate General Counsel
Date: 31-Oct-2024  |  12:36 GMT