Exhibit 10.9

DATED 20 December 2022

FIDELIS INSURANCE HOLDINGS LIMITED

as Service Recipient

SHELF HOLDCO II LIMITED

as Service Provider

INTER-GROUP SERVICES AGREEMENT

RELATING TO

PROJECT COOPER

Contents

Clause		Page
1.	Definitions and Interpretation		3
2.	Commencement of this Agreement		12
3.	Services		13
4.	Performance		14
5.	Information Flows and Reports		15
6.	Authorisations		15
7.	Marketing		15
8.	Compliance		15
9.	Term		17
10.	Termination		17
11.	Effect of Termination		18
12.	Insolvency Events		19
13.	Force Majeure		20
14.	Fees and Currency		21
15.	Data Protection		21
16.	Records and Audit Access		24
17.	Intellectual Property and Information Technology		24
18.	No Partnership or Agency		25
19.	Notices		26
20.	Assignment and Sub-Contracting		27
21.	Confidentiality		29
22.	Limitation of Liability		30
23.	Amendments and Change Management Process		30
24.	Contract Governance, Accountabilities, Escalation, and Service Dispute Resolution		31
25.	Disaster Recovery and Business Continuity		31
26.	Annual Review Group Process		31
27.	Further Assurance		32
28.	Contracts (Rights of Third Parties) Act 1999		32
29.	Entire Agreement		32
30.	Remedies Not Exclusive		33
31.	No Waiver		33
32.	Severance		33
33.	Counterparts		33
34.	Law and Jurisdiction		33
Appendix 1 Fees			35
Appendix 2 Services			38

- i -

Appendix 3 [intentionally blank]	67
Appendix 4 Change Management Process	68
Appendix 5 Contract Governance, Accountabilities, Escalation, and Dispute Resolution	70
Appendix 6 Standard Contract Disaster Recovery and Business Continuity	77
Appendix 7 Exit Provisions and Exit Plan	81
Appendix 8 Permitted Sub-Contracts	95
Appendix 9 Remediation and Consequences from KPIS and SLA Shortfalls	102
Appendix 10 Data Privacy and Information Security Addendum	104

- ii -

THIS AGREEMENT is dated 20 December 2022

BETWEEN

(1) FIDELIS INSURANCE HOLDINGS LIMITED, a Bermuda exempted company with limited liability, whose registered address is Waterloo House, 100 Pitts Bay Road, Pembroke, Bermuda HM 08 (“FIHL” or the “Service Recipient”); and

(2) SHELF HOLDCO II LIMITED, a Bermuda exempted company with registration number 202201143, whose registered address is at Clarendon House, 2 Church Street, Hamilton, HM 11, Bermuda (the “Service Provider”),

(individually a “Party” and together the “Parties”).

BACKGROUND

(A) The board of directors of FIHL has determined that it is in the best interests of FIHL’s members as a whole to effect a reorganisation of FIHL’s business pursuant to which its business will be reorganised and bifurcated, forming two separate and independent groups of companies (the “Reorganisation”).

(B) Once the Reorganisation has been effected, the Parties intend that each entity within the Insurance Group shall delegate underwriting authority to a MGU Group entity that is established and regulated in the same or a relevant jurisdiction in respect of various activities relating to its business, and that such MGU Group entity shall perform relevant services for and on behalf of the applicable Insurance Group entity, pursuant to the terms of the Framework Agreement and a series of delegated underwriting authority agreement (each such delegated underwriting authority agreement being a “Binder Agreement” and collectively “Binder Agreements”).

(C) The Parties also intend that the MGU Group shall perform and provide the Services for and on behalf of the Insurance Group on the terms and conditions set out in this Agreement.

(D) In order to provide the Services to the Service Recipient, the Service Provider has entered an intra-group agreement, whereby: (i) MGU Group entities will provide services to the Service Provider for onwards provision to FIHL or other entities in the Insurance Group under this Agreement; and (ii) FML and the Service Provider will provide various internal services to the MGU Group, including the provision of staffing resources.

(E) The Service Recipient has also entered into an intra-group agreement with other entities in the Insurance Group, whereby: (i) either FIHL or UK ServeCo will provide the Services on an onwards basis to the Insurance Group; and (ii) UK ServeCo, FIBL and Service Recipient will provide further internal services to the Insurance Group, including the provision of staff in the UK and Ireland (the “Insurance Group Intra-Group Services Agreement”). Consequently, the Parties acknowledge that the end-users of the Services include the insurers within the Insurance Group.

IT IS AGREED

1. Definitions and Interpretation

Definitions

3

1.1 In this Agreement, unless the context requires otherwise, the capitalised terms set out below have the following meanings:

“Affected Party”	has the meaning given to it in Clause 13.1;
“Agreement”	means this inter-group services outsourcing agreement, including any introduction, Appendices, Annexures, or Schedules thereto, as amended or restated from time to time;
“Annual Review Group”	means the members of the annual review meeting, as set out in in paragraph 3 of Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution);
“Applicable Law”	means all laws, regulations (including the Regulatory Requirements), directives, statutes, subordinate legislation, common law and civil codes of any jurisdiction, orders, notices, instructions, decisions and awards of any court or competent authority or tribunal exercising statutory or delegated powers and codes of practice having force of law, statutory guidance and policy notes, in each case to the extent applicable to the Parties and/or their subsidiaries (as applicable);
“authorisations”	has the meaning given to it in Clause 6 (Authorisations);
“Belgian FSMA”	means the Belgian Financial Services and Markets Authority (Autoriteit voor Financiele Diensten en Markten/Autorite des Services et Marches Financiers) and any body superseding it as the regulator of the insurance sector in Belgium;
“Binder Agreement”	has the meaning given to it in Recital (B);
“BMA”	means the Bermuda Monetary Authority and any body superseding it as the regulator of the insurance sector in Bermuda;
“Business Day”	means any day that is not a Saturday or Sunday or a public holiday in England, Ireland, Belgium, New York or Bermuda;
“CBI”	the Central Bank of Ireland and any body superseding it as the regulator of the insurance sector in Ireland;
“CFWG”	means the Cross Functional Working Group, as described in paragraph 3 of Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution);
“Confidential Information”	has the meaning given to it in Clause 21.1;
“Cure Period”	has the meaning given to it in Clause 10.1.4;
“Commencement Date”	means 1 January 2023;

4

“Contract Year”	means a twelve (12) month period starting from the Commencement Date or any subsequent anniversary thereafter;
“Deadlock”	has the meaning given to it in Clause 23.2;
“Defaulting Party”	has the meaning given to it in Clause 10.1;
“Discloser”	has the meaning given to it in Clause 21.3;
“Exit Plan”	has the meaning given to it in Clause 8.9;
“Exit Services”	has the meaning given to it in Clause 11.1.2;
“FCA”	means the UK Financial Conduct Authority and any body superseding it as conduct regulator of the insurance sector in the UK;
“Fees”	means the fees set out in Appendix 1 (Fees);
“Fee Profits”	has the meaning set out in Appendix 1 (Fees)
“FIBL”	means Fidelis Insurance Bermuda Limited, a limited liability company incorporated in Bermuda (registered number 50047), whose registered office is at Clarendon House, 2 Church Street, Hamilton HM 11, Bermuda;
“FML”	means Fidelis Marketing Limited, a limited liability company incorporated in England and Wales (Companies House number 09522701), whose registered office is at 42nd Floor, 22 Bishopsgate, London, United Kingdom, EC2N 4BQ;
“Force Majeure Event”	has the meaning given to it in Clause 13.1 and “Force Majeure” shall be interpreted accordingly;
“Framework Agreement”	means the framework agreement between FIHL and the Service Provider in relation to the Insurance Group’s delegation of authority to the MGU Group to underwrite insurance business, entered into between the Parties on or around the date of this Agreement;
“Good Industry Practice”	means using standards, practices, methods and procedures and exercising that degree of skill and care, diligence, prudence and foresight which would reasonably and ordinarily be expected from a skilled and experienced person engaged in a similar type of undertaking under the same or similar circumstances;
“Innocent Party”	has the meaning given to it in Clause 22.2;
“Insolvency Event”	means an event that occurs if an entity: (i) is, or is deemed for the purposes of any Applicable Law to be unable to pay its debts as they fall due or insolvent; (ii) admits its inability to pay its debts as they fall due; (iii) is in a situation where the

5

	value of its assets is less than its liabilities (taking into account contingent and prospective liabilities); (iv) suspends making payments on any of its debts or announces an intention to do so; (v) by reason of actual or anticipated financial difficulties, commences negotiations with one or more of its creditors with a view to rescheduling any of its indebtedness; or (vi) a moratorium is declared in respect of any of its indebtedness;
“Insurance Group”	means the Service Recipient and all of its subsidiaries taken as a whole, being the group of companies forming the insurance business, which will comprise Service Recipient and its direct or indirect subsidiaries including regulated (re)insurance carriers and any service company, holding company, shell company or other vehicle of which FIHL has control from time to time;
“Insurance Group Intra- Group Services Agreement”	has the meaning given to it in Recital (E);
“IPR”	has the meaning given to it in Clause 17.3;
“KPI”	means key performance indicator;
“liability”	has the meaning given to it in Clause 22.1;
“Liable Party”	has the meaning given to it in Clause 22.2;
“Marketing Material”	means any materials in any form whatsoever (electronic or otherwise) prepared or used for advertising or promotion of any products sold under the Binder Agreements;
“MGU”	means a managing general underwriter;
“MGU Group”	means the Service Provider and all of its subsidiaries taken as a whole;
“Non-Calculations Dispute Resolution Procedure”	means the dispute resolution procedure set out in paragraph 16 of Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution);
“Normal Business Hours”	has the meaning given to it in Clause 19.3;
“Outsourcing Executive Committee”	means the Outsourcing Executive Committee, as described in paragraph 3 of Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution);
“PRA”	means the Prudential Regulation Authority and any body superseding it as the prudential regulator of insurers in the UK;

6

“Pre-contractual Statement”	has the meaning given to it in Clause 29.2.1;
“Recipient”	has the meaning given to it in Clause 21.3;
“Referred Non-material Breach”	means a non-material breach of this Agreement that is subject to a CFWG Notification that complies with the provisions of paragraph 8.1(a) of Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution);
“Regulated Activity”	means any activity or inaction of a particular kind that is subject to the supervision of a Regulatory Authority that regulates one or more financial services sectors;
“Regulatory Authority”	means any national or regional authority which is empowered by law or regulation to supervise, license or regulate the activities of a Party to this Agreement, whether on an individual basis or as a member of a corporate grouping, including the PRA, the FCA, the BMA, the CBI, the Belgian FSMA, any Taxation Authority, and such other governmental or regulatory authorities that have responsibility for regulating the Insurance Group and the MGU Group;
“Regulatory Requirements”	means all applicable statutory and other rules, regulations, instruments in force from time to time in force from time to time in any relevant jurisdiction to which each Party is subject from time to time that relate to Regulated Activity, including for the avoidance of doubt applicable regulatory requirements to remain within risk appetite parameters, PRA papers (including: the PRA Statement of Policy on Operational Resilience from March 2021, Policy Statement 6/21 on Operational Resilience: Impact tolerances for important business services and Supervisory Statement on Outsourcing and third party risk management (SS2/21)) and CBI papers (including: Cross Industry Guidance on Operational Resilience and Cross Industry Guidance on Outsourcing); any requirements relating to SOX (Sarbanes Oxley) compliance;
“Regulatory Restriction Event”	means where an entity: (i) ceases to be authorised to carry on business; (ii) has its authorisation suspended in one or more of the jurisdictions in which it is authorised; (iii) is ordered by any applicable Regulatory Authority, or by any government or legal entity to cease carrying on business; or (iv) has requirements imposed upon it which materially restrict its business, in each case, such that it cannot perform as contemplated under the Agreement;
“Reorganisation”	has the meaning given to it in Recital (A);
“Resolution Failure”	means, where a matter has been referred to the Outsourcing Executive Committee pursuant to paragraph 11 of Appendix 5 (Contract Governance, Accountabilities, Escalation, and

7

	Dispute Resolution), and the Outsourcing Executive Committee has not, within ten (10) Business Days of such referral, unanimously determined that it is reasonably practicable to continue this Agreement;
“ROFR”	has the meaning given to it in Clause 3.5;
“Seized Party”	has the meaning given to it in Clause 12.1;
“Service Deliverable”	means one or more of the service deliverables as set out in Appendix 2 (Services) or as agreed between the Parties in writing from time to time;
“Services”	means the services to be provided by the Service Recipient or the Service Provider as set out in Appendix 2 (Services) or such additional services as agreed to be provided between the Parties in writing from time to time;
“SLA”	means service level agreement;
“sub-contract”	has the meaning given to it in Clause 20.1;
“Tax” or “Taxation”	means any form of tax (including VAT or any substitute or equivalent imposed in jurisdictions outside the United Kingdom), levy, import, duty, charge, employer social security contribution, or other governmental charge (national or local) of whatever nature, whenever and wherever imposed, which is collected or assessed by, or payable to, a Taxation Authority or any other person as a result of any enactment relating to tax, together with all related fines, penalties, interest, costs, charges and surcharges, and in each case, whether payable directly or imposed by way of a withholding or deduction and in respect of any person whether their liability for the same is a primary or secondary liability;
“Taxation Authority”	means any means any taxing or other authority competent to impose any liability in respect of Taxation or responsible for the administration and/or collection of Taxation or enforcement of any law in relation to Taxation;
“Technical Content”	any aspect of the Marketing Material that is subject to Regulatory Requirements;
“Terminating Party”	has the meaning given to it in Clause 10.1;
“Third Party Business	has the meaning given to it in Clause 3.6.4;
“UK ServeCo”	means FIHL (UK) Services Limited, a limited liability company established in England and Wales (Companies House number 14112953), whose registered office is at 42nd Floor 22 Bishopsgate, London, United Kingdom, EC2N 4BQ; and

8

“VAT” means, in relation to the UK, value added tax imposed by the Value Added Tax Act 1994 or any legislation superseding it, within the European Union, such taxation as may be levied in accordance with (but subject to derogation from) Council Directive 2006/112/EC of 28 November 2006 on the common system of value added tax, and outside the UK and European Union, any Taxation levied by reference to added value or sales.

Interpretation

1.2 Unless the contrary intention appears, references in this Agreement to:

(a) numbered clauses and Appendices are references to the relevant clause in, or Appendices to, this Agreement;

(b) a numbered paragraph in any Appendices is a reference to the relevant paragraph in that Appendices;

(c) words denoting the singular include the plural and vice versa;

(d) the Parties shall be deemed to include references to their successors and permitted assigns;

(e) general words shall not be given a restrictive meaning by reason of the fact that they are preceded or followed by words indicating a particular class of acts, matters or things;

(f) a reference to a statute, statutory provision or subordinate legislation (“legislation”) refers to such legislation as amended and in force from time to time and to any legislation that (either with or without modification) re-enacts, consolidates or enacts in rewritten form any such legislation;

(g) any reference to any document other than this Agreement is a reference to that other document as amended, varied, supplemented, or novated (in each case, other than in breach of the provisions of this Agreement) at any time;

(h) the masculine includes the feminine and the neuter genders and vice versa;

(i) a person shall mean a natural person, legal entity, body corporate, partnership or an unincorporated body; writing includes email and other similar means of communication;

(j) references to the time of day are to London time save where expressly stated otherwise;

(k) a reference to something being “in writing” or “written” includes any mode of representing or reproducing words in visible form that is capable of reproduction in hard copy form, including words transmitted by email but excluding any other form of electronic or digital communication;

(l) any reference to a “person” includes any individual, body corporate, trust, partnership, joint venture, unincorporated association or governmental, quasi-governmental, judicial or regulatory entity (or any department, agency or political sub-division of any such entity), in each case whether or not having a separate legal personality, and any reference

9

to a “company” includes any company, corporation or other body corporate, and any limited partnership or limited liability partnership wherever and however incorporated or established;

(m) references to “$” or “USD” means US dollars, the lawful currency of the United States of America from time to time; references to “£” or “GBP” means Pound Sterling, the official currency of United Kingdom from time to time; and references to “€”or “EUR” means Euro, the official currency of those European Union member states of the Eurozone from time to time;

(n) any reference to a “holding company” or a “subsidiary” means a “holding company” or “subsidiary” as defined in section 1159 of the Companies Act 2006, save that a company shall be treated for the purposes of the membership requirement contained in sections 1159(1)(b) and (c) as a member of another company even if its shares in that other company are registered in the name of (i) its nominee or (ii) another person (or its nominee) by way of security or in connection with the taking of security. Any reference to an “undertaking” shall be construed in accordance with section 1161 of the Companies Act 2006 and any reference to a “parent undertaking” or a “subsidiary undertaking” means respectively a “parent undertaking” or “subsidiary undertaking” as defined in sections 1162 and 1173(1) of the Companies Act 2006, save that an undertaking shall be treated for the purposes of the membership requirement in sections 1162(2)(b) and (d) and section 1162(3)(a) as a member of another undertaking even if its shares in that other undertaking are registered in the name of (i) its nominee or (ii) another person (or its nominee) by way of security or in connection with the taking of security. Such references to an “undertaking”, a “subsidiary undertaking” or a “parent undertaking” shall be amended, where appropriate, by the Limited Liability Partnerships (Accounts and Audit) (Application of Companies Act 2006) Regulations 2008;

(o) any reference to “to the extent that” shall mean “to the extent that” and not solely “if”, and similar expressions shall be construed in the same way;

(p) any obligation to “procure” a certain outcome when used in relation to any Party shall mean an obligation for that Party to exercise, lawfully and in a manner that does not otherwise put such Party in breach of any fiduciary duty, any voting rights and use any and all powers vested in it from time to time as a holder of securities, shareholder, director, officer and/or employee and attorney, or through any contractual arrangements, to ensure compliance with that obligation so far as it is reasonably able to do so, whether acting alone or (to the extent that he or it is lawfully able to contribute to ensuring such compliance collectively) acting with others; and

(q) any reference to any English legal term for any action, remedy, method of judicial proceeding, legal document, legal status, court, official or any legal concept or thing shall, in respect of any jurisdiction other than England, be deemed to include what most nearly approximates in that jurisdiction to the English legal term.

1.3 In this Agreement, the words include, including, includes, in particular and such as are to be construed as if they were immediately followed by the words “without limitation”.

1.4 All amounts payable under this Agreement shall be exclusive of VAT unless expressly agreed otherwise.

10

1.5 If the Service Provider is deemed to make a taxable supply for the purposes of VAT and is required to account to a Taxation Authority for any VAT chargeable thereon, the applicable Service Recipient shall pay the Service Provider an amount equal to such VAT in addition to, and at the same time as, the relevant sum to which it relates, subject to receipt of a valid VAT invoice addressed to the applicable Service Recipient.

1.6 The table of contents and headings to Clauses and Schedules are included for ease of reference only, and are not to affect the interpretation of this Agreement.

1.7 In relation to the timeliness of delivery of actions, obligations and Services set out in this Agreement the following standard definitions shall apply unless specifically varied in writing or in the Service Schedule in Appendix 2 (Services):

Time	Definition
Ongoing:	A Service or deliverable will be available twenty four (24) hours a day, every day of the year, subject to permitted downtime or non-availability parameters. Updates will be made as necessary within one (1) Business Day of a trigger event.
As required/on request:	A Service or deliverable will be available if requested. Requests will be acknowledged within one (1) Business Day, with an estimated delivery date determined at the Service Provider’s discretion is, being proportionate to the priority and nature of the Service or deliverable, but no later than five (5) Business Days from the date of the initial request, unless the Service Recipient agrees a later date in writing.
Regular:	A Service or deliverable will be carried out on a regular basis; the timing and frequency shall be at the Service Provider’s discretion, being proportionate to the nature of the Service or deliverable, but in any event no less than quarterly.
Daily:	A Service or deliverable will be carried out once every Business Day. Updates will be made as necessary within one (1) Business Day of the trigger event.
Weekly:	A Service or deliverable will be carried out once every week, usually on the first (1) Business Day of that week. Outputs from such Service or deliverable will be available on the second (2) Business Day of that week, unless the Service Recipient agrees a later date in writing. Updates will be made as necessary within five (5) Business Days of the trigger event.
Monthly:	A Service or deliverable will be carried out once every month, usually on the first (1) Business Day of that month. Outputs from such Service or deliverable will be available on the fifth (5) Business Day of that month, unless the Service Recipient agrees a later date in writing. Updates will be made as necessary within five (5) Business Days of the trigger event.

11

Time	Definition
Quarterly:	A Service or deliverable will be carried out once every quarter, usually on the first (1) Business Day of that quarter. Outputs from such service or deliverable will be available on the fifth (5) Business Day of that quarter, unless the Service Recipient agrees a later date in writing. Quarters start on the following dates annually: 1 January, 1 April, 1 July, 1 October. Updates will be made as necessary within five (5) Business Days of the trigger event.
Quarter end:	A Service or deliverable will be carried out once every quarter, usually on the first (1) Business Day after the final day of the previous quarter. Outputs from such Service or deliverable will be available on the fifth Business Day after the final day of the previous quarter, unless the Service Recipient agrees a later date in writing. Quarters end on the following dates: 31 March, 30 June, 30 September, 31 December.
Annually:	A Service or deliverable will be carried out once every twelve (12) months, on the first (1) Business Day following 1 July. Outputs from such Service or deliverable will be available on the fifth Business Day following 1 July, unless the Service Recipient agrees a later date in writing. A year will start on the following date annually: 1 January. Updates will be made as necessary within five (5) Business Days of the trigger event.
Year end:	A Service or deliverable will be carried out once every year, usually on the first (1) Business Day after 31 December. Outputs from such service or deliverable will be available on the first (1) Business Day of February, unless the Service Recipient agrees a later date in writing.
Standard interpretation provisions shall be adopted for other time units; consequently, the words hours, day, month, and year shall be interpreted as commonly understood in plain English.

2. Commencement of this Agreement

2.1 The Commencement of this Agreement is conditional on the Reorganisation causing the coming into being of the Insurance Group and the MGU Group.

2.2 The Commencement of this Agreement is conditional on the Parties or any entity in the Insurance Group and the MGU Group entering into the Framework Agreement and any Binder Agreement.

2.3 In the event of the Commencement of this Agreement, the Parties shall ensure that any previous agreement relating to the provision of services (including an agreement considered an intra-group agreement) between the Parties and their respective groups or relating to the subject matter hereof, shall cease to have effect from, or as soon as reasonably practicable after, the Commencement Date, save as intended to survive termination or expiration thereof or intended to survive the Reorganisation or otherwise required for the continued efficacy of either Party’s business.

2.4 This Agreement commences on the Commencement Date and shall (except as expressly provided otherwise in this Agreement) continue until its expiry or it is otherwise terminated in accordance with the terms of this Agreement.

12

3. Services

3.1 From the Commencement Date, the Service Provider is appointed by the Service Recipient to provide the Services (including the Service Deliverables) set out in the Service Schedules included in Appendix 2 (Services) to this Agreement and in consideration of the Fees payable under this Agreement in accordance with Clause 14 (Fees and Currency), the Service Provider agrees to supply the Service Recipient with the Services.

3.2 The Service Recipient shall provide to the Service Provider such reasonable information, co-operation and assistance as the Service Provider requests from time to time, to assist it in performing the Services. In the event that the Service Recipient considers that such requests are not reasonably within the scope of the Services, the Service Recipient may charge fees and pass on expenses commensurate with the nature of the request.

3.3 The Service Provider provides the Services from the UK, Ireland, Bermuda, and Belgium.

3.4 Services provided under this Agreement shall not include any service to be provided pursuant to the Framework Agreement or a Binder Agreement.

3.5 The Parties agree that the Service Recipient shall only procure Services from the Service Provider and the Service Provider shall provide the Services except: (i) where the change control process determines otherwise; (ii) following the termination of all or some of the Services or the Agreement; (iii) where the Service Provider has exercised its refusal under the right of first refusal (“ROFR”) process set out in Clause 3.6; (iv) if it is prohibited from doing so under Applicable Law; or (v) existing or known exemptions apply (e.g. minor services (such as catering) or where direct supply or IT licenses are required).

3.6 The Parties agree the following ROFR process shall apply in respect of any additional services that the Service Provider may provide to the Service Recipient under this Agreement:

3.6.1 if the Service Recipient wants to seek additional services that are not currently provided as Services under the Agreement, the Service Provider shall be offered the ROFR to provide the additional services, subject to the Parties reaching agreement on fees and scope;

3.6.2 if within ten (10) Business Days of such request the Service Provider does not (a) wish to provide additional services pursuant to a ROFR process request or (b) give a written expression of interest, or if within five (5) further Business Days no agreement can reasonably be reached in relation thereto, the Service Recipient may tender and procure additional services in the market or take steps to recruit personnel to carry out such additional services;

3.6.3 the Parties agree that, as part of considering ROFR requests, the management of each Party shall be provided with the opportunity to consider systemic issues and plan accordingly for its business as a whole, recognising the closely aligned operating models of each group’s component parts and the need to ensure appropriate governance is facilitated;

3.6.4 if, pursuant to clause 13 of the Framework Agreement, an Insurance Group entity declines any proposal from the corresponding MGU Group entity to underwrite either additional business or an additional line of business, and instead accepts an offer from a third party MGU unconnected to the Insurance Group to perform such insurance business (“Third

13

Party Business”), the Service Provider shall assess whether at its discretion whether it wishes to provide the Services in respect of the Third Party Business and:

(a) if it does, the Parties shall reach an agreement on fees and scope as soon as reasonably practicable; or

(b) if it does not (or agreement on fees cannot be reached), the Service Recipient shall make arrangements for it or a third party to provide these services.

3.7 The Parties acknowledge and agree that the ultimate beneficiaries of the Services are the entities in the Insurance Group, and that all of the Services that the Service Provider provides to the Service Recipient will ultimately be passed through to these entities pursuant to the Insurance Group Intra-Group Services Agreement. Accordingly, the Service Provider agrees that the Service Recipient may elect that either:

3.7.1 the Service Provider, or such subsidiaries of the Service Provider as the Service Provider and Service Recipient shall mutually agree, shall provide all or part of the Services to the Service Recipient or to UK ServeCo, in order for the Service Recipient or UK ServeCo to pass on the Services to the other entities in the Insurance Group; or

3.7.2 the Service Provider, or such subsidiaries of the Service Provider as the Service Provider and Service Recipient shall mutually agree, shall provide all or part of the Services directly to another entity in the Insurance Group, as the Service Provider and Service Recipient shall mutually agree from time to time.

4. Performance

4.1 The Service Provider shall pursuant to this Agreement:

4.1.1 carry out its obligations in relation to the Services in accordance with the standards included in Appendix 2 (Services);

4.1.2 carry out its obligations under this Agreement in accordance with Good Industry Practice and all reasonable skill and care;

4.1.3 be responsible for providing at its own cost and expense all personnel and resources necessary to perform its obligations in accordance with this Agreement; and

4.1.4 subject always to the provision that the Service Provider is responsible for managing how the Services are provided, comply with any reasonable instructions given to it from time to time by an individual authorised by the Service Recipient in accordance with Clause 4.3, concerning the carrying out of its obligations under this Agreement within a reasonable period of the instructions being given by an authorised individual (taking into account the nature and extent of the instructions). Notwithstanding this Clause 4.1.4, the Service Provider will notify the Service Recipient if it reasonably considers that any instruction amounts to an amendment that should be addressed through Clause 23 (Amendments and Change Management Process) and the Service Provider shall not act on such instruction.

4.2 Each Party shall carry out its obligations and exercise its rights under this Agreement in accordance with all Applicable Law.

14

4.3 The Parties will each provide and update on a regular basis a formal list of persons (by job title) with authority to give instructions under this Agreement.

4.4 In accordance with Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution), the Service Recipient shall maintain oversight of the Services that it receives. The Service Recipient shall monitor such Services on a regular basis according to the service priority set out in Appendix 2 (Services) (and in any event at least annually) for quality assurance. The business and affairs of the Service Recipient shall be managed by its respective board of directors and appropriately designated officers. The board of directors of the Service Provider shall not have any management authority with respect to the business affairs and operations of the Service Recipient as a result of this Agreement.

5. Information Flows and Reports

From the Commencement Date, the Service Provider agrees to supply the Service Recipient with the information, data, and reports as set out in Appendix 2 (Services) to this Agreement.

6. Authorisations

Each of the Parties shall secure and maintain sufficient authorisations, licences, permits, registrations or otherwise (collectively “authorisations”) as may be necessary during the term of this Agreement in order for such Party to properly carry on its activities as contemplated by this Agreement. Each Party shall inform the other Party of any such authorisation as it may require from time to time in order to properly carry on its activities as contemplated by this Agreement.

7. Marketing

7.1 Subject to any regulatory, listing, or market disclosure obligations to which the Service Provider is subject, any publicity, marketing, or public communications referring to both Parties or the other Party shall be jointly agreed with opportunity for pre-approval provided in a timely way.

7.2 The Service Provider shall obtain the written agreement of the Service Recipient prior to:

7.2.1 making any reference to or using any copyright, trademark, logo, brand devises, or name of the Service Recipient in any Marketing Material; and

7.2.2 the Technical Content (if any).

7.3 The Service Provider shall be responsible for ensuring the compliance of the Technical Content with Applicable Law.

7.4 The Service Provider shall supply to the Service Recipient in draft all Marketing Material with sufficient time in order to allow the Service Recipient to review and approve the draft in advance of their intended date of use. Such Marketing Material shall not be used until its form and content have been approved in writing by the Service Recipient.

8. Compliance

8.1 Each of the Parties shall notify the other immediately as permitted if it becomes aware or suspects that any act, matter or thing has arisen or occurred or may arise or occur that may reasonably constitute or give rise to a material contravention of Applicable Law.

15

8.2 Each Party shall bear its own costs in relation to any dealings with any Regulatory Authority.

8.3 In the event that either Party is subject to a change of control, as defined in Section 1124 of the Corporation Tax Act 2010, it must notify the other Party in writing at the earlier of such change of control taking place or being notified to the Regulatory Authorities.

8.4 The Parties agree, as far as possible, to notify the other in a timely fashion, of any claims or disputes or actions (of any type) of which they have received notice or reasonably expect to receive notice. This shall not cover underwriting claims or disputes arising from business placed under the Framework Agreement (or any Binder Agreement).

8.5 The Parties shall make any notifications under Clauses 8.3 and 8.4 above in a timely way such as to enable the Service Recipient to comply with its obligations under Applicable Law and in any event within ten (10) Business Days of receipt or becoming aware. The Parties shall send such notices to each other in the manner set out in Clause 19 (Notices).

8.6 The Service Provider will comply with all necessary Insurance Group policies and procedures as agreed between the Parties acting reasonably.

8.7 The Parties will review any relevant policies and procedures at least annually in line with their governance requirements.

8.8 Each Party will comply with all relevant Regulatory Requirements relating to “fit and proper” and other conduct matters and the Service Provider will evidence on an annual basis its assessment process and provide an appropriate affirmation together with management information on any matters arising therefrom.

8.9 The Service Provider represents, undertakes and warrants to put in place, and to regularly maintain, update and test, plans for Operational Resilience, Business Continuity, Cyber Security, and Disaster Recovery as well as plans for exit to ensure it can maintain continuity of service in accordance with Applicable Law, including in the event of a disruption to its normal business operations and after expiration or termination with or without cause. In particular, the Service Provider shall be obliged to maintain an exit plan (an “Exit Plan”) (the initial draft of which shall be appended to this Agreement in Appendix 7 (Exit Provisions and Exit Plan)), which shall incorporate the features set out in Appendix 7 (Exit Provisions and Exit Plan) that shall apply in an exit scenario.

8.10 The Service Provider shall notify the Service Recipient of: (i) any material deficiency identified in; and (ii) any significant changes that the Service Provider makes to, any plan set out in Clause 8.9, in each case that may have a serious impact on the Service Provider’s ability to perform its duties under this Agreement.

8.11 The Service Provider will maintain and provide, in line with the KPIs set out in Appendix 2 (Services), such information about such testing, testing outcomes and reports as the Service Recipient shall reasonably require.

8.12 The Service Recipient will have the right to conduct its own testing, verification, and audit on the Service Provider’s plans for Operational Resilience, Business Continuity, Disaster Recovery, Cyber Security, and Exit Plan (including any such plans for any entity in the MGU Group). Further, the Service Recipient has a right to utilise third parties for such testing, verification, audit or similar and this Clause 8.12 shall apply notwithstanding such testing, verification, and audit being part of the Services provided by the Service Provider.

16

8.13 On an annual basis, the Service Recipient will set out its planned testing programme, detailing the systems and processes that are to be tested individually, in combination or collectively and the frequency required for each of these tests. The testing programme will be reasonable and in line with Applicable Law. The testing schedule or cycle will be linked to Service priorities as set out in Appendix 2 (Services) and testing will be carried out as appropriate for the priority of the Service and the Service Recipient may carry out ad hoc targeted audits. Any such activity will be carried out in line with the Service Recipient’s policies and procedures, governance framework and process for testing.

9. Term

9.1 This Agreement shall, unless otherwise terminated in accordance with the terms of the Agreement, be subject to a minimum term of ten (10) years from the Commencement Date. The minimum term of the Agreement is rolled on the basis set out in Clause 9.2 unless the Parties elect otherwise in writing.

9.2 The minimum term of the Agreement is subject to the following rolling mechanism:

9.2.1 in the first three (3) years following the Commencement Date, notice to roll the minimum term shall be deemed to be given automatically, unless the Service Recipient makes written notice to the Service Provider at least ninety (90) days prior to the anniversary of the Commencement Date; and

9.2.2 from the fourth (4) year onwards, the Agreement shall not roll automatically, and shall only roll at the election of the Service Recipient by providing written notice to the Service Provider at least ninety (90) days prior to the anniversary of the Commencement Date in respect of each Contract Year for the remainder of the term.

9.3 If the Agreement does not roll pursuant to Clause 9.2, the Agreement shall remain in force for a period of nine (9) years from the end of the year and the Agreement shall remain in force and the Service Provider is obliged to provide the Services during this period.

9.4 This Agreement will automatically expire at end of the minimum term unless renewed by written agreement between the Parties.

9.5 Termination of this Agreement or any Service or part thereof does not cause termination of the Framework Agreement or any Binder Agreement (as defined in the Framework Agreement), which must be terminated specifically under the terms of those agreements.

10. Termination

10.1 Either Party to this Agreement (the “Terminating Party”) may terminate this Agreement upon the provision in notice in writing to the other Party (the “Defaulting Party”), in accordance with the following provisions:

10.1.1 with immediate effect following a Resolution Failure, if the Defaulting Party (or any of its subsidiaries) has committed a material act of fraud in relation to this Agreement;

10.1.2 with immediate effect following a Resolution Failure, if the Defaulting Party (or any of its subsidiaries that performs any obligations under this Agreement) is subject to an Insolvency Event;

17

10.1.3 with ten (10) Business Days’ notice following a Resolution Failure, if the Defaulting Party (or any of its subsidiaries) has committed a material breach of this Agreement, provided that the Terminating Party may only terminate this Agreement if the Defaulting Party (or any of its subsidiaries) is subject to the corresponding CFWG Notification;

10.1.4 with immediate effect, if the Defaulting Party commits a material breach of this Agreement or applicable policies, procedures or guidelines that is capable of remedy, and a course of action to remedy such breach has been agreed by the CFWG in accordance with paragraph 10(c) of Appendix 5 (Contract Governance, Accountabilities, Escalation and Dispute Resolution), and the relevant Party fails to remedy that breach within ten (10) Business Days of the agreement by the CFWG, provided that if the nature of the breach is such that more than ten (10) Business Days are reasonably required for its remedy, then this Agreement may not be so terminated if the Defaulting Party commences to remedy such breach within that ten (10) Business Day period and then diligently pursues such remedy and completes such remedy within ninety (90) days of the agreement by the CFWG (or such other period as is agreed in writing by them) (the “Cure Period”). During the Cure Period, the Defaulting Party shall provide relevant updates and management information to the Terminating Party about the progress and status of the remedy. The Cure Period shall be no longer than three (3) Service Deliverable cycles up to a maximum of six (6) months;

10.1.5 without prejudice to Clause 10.1.4, with thirty (30) Business Days’ notice, if the Defaulting Party does not commence any course of action agreed by the CWFG under paragraph 10 of Appendix 5 (Contract Governance, Accountabilities, Escalation and Dispute Resolution), within twenty (20) Business Days of such course of action being agreed by the CWFG, provided that such termination right shall be automatically revoked if the Defaulting Party provides the Terminating Party with evidence to the Terminating Party’s reasonable satisfaction that it has commenced, and has continued to use reasonable efforts to perform, the agreed course of action during the thirty (30) Business Day termination notice period; or

10.1.6 if the other Party is an Affected Party in respect of a Force Majeure Event in accordance with Clause 13.3.

10.2 If the Terminating Party takes action pursuant to Clause 10.1, it can stipulate whether it exercises its termination right in respect of all Services or one (or more) Service or part of a Service.

10.3 For non-material breaches, the non-breaching Party has a right to remedies in accordance with Appendix 9 (Remediation and Consequences from KPIS and SLA Shortfalls).

10.4 If a Party does not exercise its right to terminate under Clause 10.1, it may elect for financial recompense in accordance with Appendix 9 (Remediation and Consequences from KPIS and SLA Shortfalls)

10.5 The Service Provider does not have a right to terminate this Agreement in the event that key personnel and resources are not available to provide the Services, unless it otherwise has a right to terminate this Agreement pursuant to Clause 10 (Termination) or Clause 13 (Force Majeure).

11. Effect of Termination

11.1 In the event of the expiry or termination of this Agreement:

18

11.1.1 the Parties agree to comply with the provisions of Appendix 2 (Services) and Appendix 7 (Exit Provisions and Exit Plan); and

11.1.2 the Service Recipient will pay a commensurate exit fee for any Services performed under the Exit Plan (“Exit Services”) where the Service Recipient elects not to roll the Agreement pursuant to Clause 9.4 or if the Service Recipient is the Defaulting Party under Clause 10.1; the Service Recipient will not pay an exit fee for the Exit Services if the Service Provider is the Defaulting Party under Clause 10.1. In all other cases, the Parties will bear their own costs. The exit fee for the Exit Services is detailed in Clause 14 (Fees and Currency) and Appendix 1 (Fees).

11.2 The Parties agree that termination and the change control process (set out in Appendix 4 (Change Management Process)) will allow for exit or partial exit or terminating one or more Services at the Service Recipient’s discretion on shorter notice periods to allow a controlled exit from the Services. The Parties agree that, as part of this exit, the management of each Party shall be provided with the opportunity to consider systemic issues and plan accordingly for its business as a whole, recognising the closely aligned operating models of each group’s component parts and the need to ensure appropriate governance is facilitated.

11.3 Termination or expiration of this Agreement for any reason shall not affect:

11.3.1 any rights and/or obligations accrued before the date of termination or expiration, including any rights and remedies which a Party may have against the other for breach of contract and/or breach of duty; or

11.3.2 any rights and/or obligations expressed or intended to continue in force after and despite termination or expiration.

11.4 Where a right of termination is exercised, during any termination notice period the Service Provider shall continue to provide the Services in accordance with the terms of this Agreement and shall give the Service Recipient all reasonable assistance in the transition of the Services either to the Service Recipient or an Insurance Group entity or to any third party service provider nominated by the Service Recipient.

11.5 The following clauses and related appendices of this Agreement shall continue in force after and despite expiration or termination (for whatever reason): clauses 1 (Interpretation); 11.1 (Effect of Termination); 11.3 (Effect of Termination on rights and obligations already accrued); 15 (Data Protection); 16 (Records and Audit Access); 17 (Intellectual Property and Information Technology); 20 (Assignment and Sub-Contracting); 21 (Confidentiality); 22 (Limitation of Liability); 28 (Contracts (Rights of Third Parties) Act 1999); 34 (Law and Jurisdiction); 30 (Remedies Not Exclusive); 31 (No Waiver); paragraphs 15 and 16 of Appendix 5 (Contract Governance, Accountabilities, Escalation and Dispute Resolution); and Appendix 7 (Exit Provisions and Exit Plan).

12. Insolvency Events

12.1 Where a Party is subject to an Insolvency Event and that Party is placed in receivership or conservatorship or is otherwise seized by a Regulatory Authority (which in this Clause 12 (Insolvency Events) shall include such person appointed by the Regulatory Authority for such purpose) (a “Seized Party”) then the following provisions shall apply:

19

12.1.1 all rights of the Seized Party existing under this Agreement shall vest in or be extended to the Regulatory Authority who shall be entitled to enforce such rights on behalf of the Seized Party;

12.1.2 all books, records and other relevant materials of the Seized Party shall be made available to the Regulatory Authority;

12.1.3 provided that the Fees for any Services received by the Seized Party continued to be paid either by the Seized Party or otherwise:

(a) a termination notice issued by a Party under Clause 10.1 in respect of a Seized Party shall be of no effect and the Seized Party shall continue to be entitled to receive Services under this Agreement; and

(b) the Parties shall maintain and conserve any systems, programs or other infrastructure used to provide Services to the Seized Party.

13. Force Majeure

13.1 “Force Majeure Event” means any of the following events that is beyond the reasonable control of the affected Party (the “Affected Party”): war (whether declared or not); civil war; riots; civil disorder and protest; revolution; acts of terrorism; sabotage; outbreak of infectious disease, illness or public health events (whether or not epidemic or pandemic); natural disasters (such as violent storms, earthquakes, tidal waves, floods or lightning); explosions, fires, and/or destruction of plant, machinery; strikes and labour disputes of all kinds (save where solely in respect of the employees of the relevant Party claiming Force Majeure); and acts of authority (whether lawful or unlawful), except for any lack of authorisation, licence or approval necessary for the performance of this Agreement that is to be issued by any Regulatory Authority.

13.2 Without prejudice to any rights arising under Clause 8 (Compliance) if an Affected Party is prevented or delayed from performing any of its obligations under this Agreement by a Force Majeure Event (as defined above):

13.2.1 in respect of the affected Services only, the Affected Party’s obligations under this Agreement shall be suspended while the Force Majeure Event continues to the extent that the Force Majeure Event prevents or delays the performance by the Affected Party of those obligations in relation to the affected Services;

13.2.2 as soon as reasonably possible after the start of the Force Majeure Event (and in any event within ten (10) Business Days starting as soon as possible but no later than the first Business Day after the Force Majeure Event) the Affected Party shall notify the other Party of the Force Majeure Event, the date on which the Force Majeure Event started, the effects of the Force Majeure Event on its ability to perform its obligations under this Agreement (to the extent then known to it, or with a reasonable estimate if not known) and the efforts being made or proposed by the Affected Party to remove or avoid such Force Majeure Event;

13.2.3 the Affected Party shall use its reasonable endeavours to mitigate the effects of the Force Majeure Event on the performance of all of its obligations under this Agreement; and

20

13.2.4 as soon as reasonably possible after the end of the Force Majeure Event, the Affected Party shall notify the other Party in writing that the Force Majeure Event has ended and resume performance of its obligations under this Agreement.

13.3 If the Force Majeure Event continues for more than forty (40) Business Days after the Business Day on which the Force Majeure Event starts and there is no reasonable prospect that the Force Majeure Event shall cease imminently, the other Party may terminate this Agreement in respect of the affected Services by giving not less than five (5) Business Days’ written notice to the Affected Party to that effect, provided that the Force Majeure Event is still continuing at the date of such notice. In the event that the Agreement is terminated for force majeure the Parties agree to comply with the provisions of Appendix 7 (Exit Provisions and Exit Plan).

13.4 If an Affected Party’s obligations are suspended or reduced under Clause 13.2, then the Fees payable in respect of any Services provided by that Affected Party shall reduce in respect of the period of suspension by a fair and reasonable amount to reflect the extent of the suspension of its obligations or impact on the Services.

14. Fees and Currency

14.1 In consideration of the Service Provider providing the Services, the Service Recipient shall pay the Fees. Fees shall be calculated, invoiced and paid in the manner and in accordance with provisions set out in Appendix 1 (Fees).

14.2 The Service Provider agrees to apply Service Credits as set out in Appendix 9 (Remediation and Consequences from KPIS and SLA Shortfalls).

14.3 Save as otherwise stated in this Agreement, each Party shall bear its own costs in relation to the negotiation, preparation, execution and carrying into effect of this Agreement and its own costs incurred by virtue of the termination or expiration of this Agreement. The exit fee is set out in Appendix 1 (Fees).

14.4 All amounts due under either this Agreement from one Party to another Party shall be paid in full without any set-off, counterclaim, deduction or withholding (other than any deduction or withholding of Taxation as required by Applicable Law).

15. Data Protection

15.1 The Service Provider and the Service Recipient acknowledge and agree that where the Service Provider or the Service Recipient processes personal data under or in connection with this Agreement it alone determines the purposes and means of processing as a controller.

15.2 In respect of the personal data that the Service Provider or the Service Recipient processes under or in connection with this Agreement, it:

15.2.1 shall comply at all times with its obligations under the data protection law;

15.2.2 shall notify the other Party without undue delay after, and in any event within twenty four (24) hours of, becoming aware of a personal data breach; and

15.2.3 shall assist and co-operate fully with the other Party to enable it to comply with its obligations under the data protection law, including but not limited to in respect of

21

keeping personal data secure, dealing with personal data breaches, complying with the rights of data subjects and carrying out data protection impact assessments.

15.3 In respect of the personal data that the Service Provider processes under or in connection with this Agreement, the Service Provider shall only process such personal data for the purposes of performing its obligations under this Agreement.

15.4 The Service Provider and the Service Recipient shall work together to ensure that each of them is able to process the personal data that it processes under or in connection with this Agreement for the purposes contemplated by this Agreement lawfully, fairly and in a transparent manner and in compliance with the data protection law. This shall include but not be limited to entering into such other written agreements as may be required from time to time to enable the Service Provider and/or the Service Recipient to comply with the data protection law.

15.5 The activities of the Service Provider under or in connection with this Agreement in respect of which the Service Provider processes personal data as a processor on behalf of the Service Recipient, together with the data protection particulars for such processing, are stated in Appendix 10 (Data Privacy and Information Security Addendum). In addition to Clauses 15.2, 15.3 and 15.4, where, under or in connection with this Agreement, the Service Provider processes personal data as a processor on behalf of the Service Recipient, the Service Provider shall:

15.5.1 subject to Clause 15.5.2, only carry out such processing on the Service Recipient’s instructions from time to time. The Service Provider shall immediately inform the Service Recipient if, in its opinion, an instruction infringes any relevant data protection law;

15.5.2 where it is required by Applicable Law to carry out processing otherwise than in accordance with Clause 15.5.1, inform the Service Recipient of the legal requirement before carrying out such processing (unless prohibited from doing so by Applicable Law);

15.5.3 not disclose the personal data to any person except as required or permitted by this Agreement or with the Service Recipient’s prior written consent;

15.5.4 without prejudice to Clause 21 (Confidentiality), ensure that all persons authorised to process the personal data are under an appropriate contractual or other legal obligation to keep the personal data confidential;

15.5.5 taking account of the nature of the processing, implement appropriate technical and organisational measures: (a) in a manner that ensures the processing meets the requirements of the data protection law and the protection of the rights of data subjects; (b) to keep the personal data secure and to protect against the risk of personal data breaches; and (c) to assist the Service Recipient to comply with its obligations under the data protection law to respond to requests for exercising the rights of data subjects;

15.5.6 not process the personal data, or disclose the personal data to any party who carries on business, outside of the United Kingdom and the European Economic Area except with the Service Recipient’s prior written consent and, where such consent is given, the Service Provider shall take such actions and enter into such agreements as the Service Recipient may require to ensure that such processing or disclosure complies with all relevant data protection law;

22

15.5.7 not enter into an arrangement with any sub-contractor to process the personal data directly or indirectly on behalf of the Service Recipient without the prior written consent of the Service Recipient and, where such consent is given, the Service Provider shall enter into a written agreement with the sub-contractor that includes, as a minimum, provisions in favour of the Service Recipient which are equivalent to those in this Clause 15 (Data Protection). The Service Provider shall remain fully liable to the Service Recipient for any sub-contractors’ processing personal data; and

15.5.8 at the Service Recipient’s option, delete or return to the Service Recipient all the personal data on termination of this Agreement and delete any existing copies of the personal data except to the extent that the Service Provider is required to retain such personal data by Applicable Law.

15.6 The Service Provider shall make available to the Service Recipient all information necessary to demonstrate its compliance with its obligations under this Clause 15 (Data Protection) and the Service Recipient reserves the right to audit the Service Provider’s compliance with its obligations under this Clause 15 (Data Protection) in accordance with Clause 16 (Records and Audit Access).

15.7 The Service Provider’s obligations under this Clause 15 (Data Protection) shall continue throughout this Agreement and for a period of seven (7) years thereafter or such other period as the Service Recipient may require or as may be required pursuant to Applicable Law.

15.8 For the purposes of this Clause 15 (Data Protection) and Appendix 10 (Data Privacy and Information Security Addendum):

“controller” means the person which, alone or jointly with others, determines the purposes and means of the processing of personal data;

“data protection law” means all applicable statutes and regulations in any jurisdiction pertaining to the processing of personal data, including but not limited to the privacy and security of personal data;

“data protection particulars” means, in relation to any processing of personal data by the Service Provider under or in connection with this Agreement as a processor on behalf of the Service Recipient: (a) the subject matter and duration of the processing; (b) the nature and purpose of the processing; (c) the type of personal data being processed; and (d) the categories of data subjects;

“data subject” means the identified or identifiable natural living person to whom the personal data relates;

“personal data” means any information relating to the data subject;

“personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed; and

“processor” means the person which processes personal data on behalf of the controller.

23

16. Records and Audit Access

16.1 The Service Provider shall keep full and accurate records in relation to the provision of the Services.

16.2 The Service Recipient, external auditors or other representatives appointed by the Service Recipient shall have the right at any time during Normal Business Hours, without any restriction or limitation, to inspect and audit any records, statistical information, systems and processes (including electronic systems and processes) of the Service Provider relating to the Services and shall have the right to make copies or extracts of any such records.

16.3 The Service Provider undertakes to deal openly and co-operatively with any Regulatory Authority in relation to the operation of this Agreement. The Service Provider shall permit any Regulatory Authority to have access to any of its business premises where the Service Provider carries on business that is the subject of this Agreement to inspect and audit the records, statistical information, accounts and business processes relating to the operation of this Agreement. The Service Provider shall, unless prohibited by Applicable Law, inform the Service Recipient promptly in the event that any Regulatory Authority exercises or seeks to exercise any right to inspect or audit the records held by the Service Provider in relation to this Agreement.

16.4 Subject to Clause 15.5, the Service Provider shall retain all records, including electronic, relating to the Services for a minimum period of seven (7) years or for such longer period as may be required by Applicable Law.

16.5 The Service Provider shall provide to the Service Recipient any information as the Service Recipient may reasonably require from time to time relating to the Services.

17. Intellectual Property and Information Technology

17.1 The Service Provider’s confidential information and personal data storage locations are: Belgium, Bermuda, Ireland, and UK. In the event that these locations change, the Service Provider will give the Service Recipient not less than three months’ prior written notice.

17.2 The relevant provisions of this Clause 17 (Intellectual Property and Information Technology) are intended to survive termination of this Agreement.

17.3 In this Agreement, “IPR” means all present and future rights (whether registered or unregistered, and including all applications for, and renewals or extensions of, such rights for their full term) in any jurisdiction or geographic area in or to intellectual property including copyrights, design rights, database rights, patents, rights to sue for passing off or for unfair competition, moral rights and related rights, domain names, rights in information (including know-how and trade secrets), confidential information (which includes actuarial data sets), inventions, discoveries, secret processes, concepts, ideas, formulas, work product, written works, symbols, trade marks, service marks, logos, brands, trade and business names, slogans (and all associated goodwill in any of the foregoing), models, methodologies, proprietary models (and similar) (including methodologies to calculate the internal models and formulas as well as pricing methodologies), source code for proprietary software and systems, and images used for business, and all other similar or equivalent rights.

17.4 Except as expressly set out in this Agreement, nothing in this Agreement will function to transfer any of either Party’s IPR to the other Party.

24

17.5 The Service Provider warrants, represents and undertakes, on its own behalf and on behalf of the MGU Group, that it owns or possesses sufficient rights or licences to use all IPR to conduct their businesses and supply the Services as intended by this Agreement and it does not have any knowledge of any infringement of IPR by the Service Provider and the MGU Group and to the Service Provider and the MGU Group’s knowledge there is no claim, action or proceeding being made or brought or threatened against the Service Provider and the MGU Group entities regarding IPR infringement and the Service Provider and the MGU Group are unaware of any facts or circumstances that may give rise to any of the foregoing.

17.6 Each Party will retain ownership of all IPR developed outside the scope of this Agreement and the Framework Agreement.

17.7 The Service Provider will place all relevant IPR including the source code for critical proprietary systems (including Prequel, Jarvis, and FireAnt) in an escrow arrangement to the satisfaction of the Service Recipient. Terms will be mutually agreed and in accordance with market practice. Software code in escrow shall be updated on a regular basis to an agreed frequency to prevent the escrowed code being out of date. Such escrow arrangements will be updated as required on a reasonable agreed schedule.

17.8 Where the Service Provider or an MGU Group entity agrees to provide dedicated resources on a secondment basis to the Service Recipient or any Insurance Group entity (including IT software developers that work on FireAnt, Prequel or Jarvis) the Service Provider agrees that such resources shall be dedicated to provision of Services to the Service Recipient, and Insurance Group. The Service Provider cannot reallocate such dedicated resources to MGU Group tasks. Such resources are secondees, taking instructions from and using service reporting lines into the Service Recipient and its group entities for their day to day work activities, while remaining employed by the Service Provider or other MGU Group entity; the Parties acknowledge that this is structured to ensure the IPR in proprietary systems remains confidential to the MGU Group, unless escrow conditions are met.

18. No Partnership or Agency

18.1 Nothing contained in or implied by this Agreement shall constitute a partnership or joint venture among the Parties to this Agreement.

18.2 Nothing contained in or implied by this Agreement shall be taken as an appointment by one Party of the other Party as its agent.

18.3 Neither Party shall hold itself out as an agent of the other in undertaking any of the Services under this Agreement.

18.4 Save as otherwise provided for in this Agreement, nothing in this Agreement gives any MGU Group entity any authority or agency to make representations or warranties or to give any undertakings on behalf of any Insurance Group entity.

18.5 The Service Recipient authorises the Service Provider and each of its subsidiaries to act on its behalf in the manner and to the extent specified in this Agreement but not otherwise. The Service Provider acknowledges that pursuant to this Agreement neither it nor any of its subsidiaries has any authority to bind, act on behalf of or incur liabilities on behalf of the Insurance Group, save for the proper performance of the Services in accordance with the terms of this Agreement.

25

18.6 The Service Recipient confirms that it has authority from each of its subsidiaries to act on that subsidiary’s behalf in the manner and to the extent specified in or relevant to this Agreement and that pursuant to this Agreement it has authority to bind, act on behalf of or incur liabilities on behalf of the Insurance Group entity to procure the proper performance of the Services in accordance with the terms of this Agreement.

18.7 The Service Provider confirms that it has authority from each of its subsidiaries to act on each subsidiary’s behalf in the manner and to the extent specified in this Agreement and that pursuant to this Agreement it has authority to bind, act on behalf of or incur liabilities on behalf of the MGU Group to provide and procure the proper performance of the Services in accordance with the terms of this Agreement.

18.8 The Parties acknowledge and agree that any references in this Agreement to the obligations of either Party’s group of companies or any associate or subsidiary shall constitute an obligation on the applicable Party to take reasonable endeavours to procure that their respective subsidiaries shall perform such obligations in accordance with the provisions of the relevant Clause or paragraph to an Appendix (including the Service schedules set out in Appendix 2 (Services)) and otherwise in accordance with the terms of the Agreement.

19. Notices

Service of notices

19.1 Any notice to be given under this Agreement must be in English and in writing, and may be served by hand, by first class post or airmail (pre-paid and signed for in each case) or by email to the address or email address (as applicable) given below, or to such other address or email address as may have been notified by either Party to the other Party for this purpose (which shall supersede the previous address or email address (as applicable) from the date on which notice of the new address is deemed to be served under this Clause 19 (Notices)).

Service Recipient:
For the attention of:	Daniel Burrows, Chief Executive Officer
Address:	Clarendon House, 2 Church Street, Hamilton, HM 11, Bermuda
Email addresses:	Daniel.burrows@fidelisinsurance.com
Service Provider:
For the attention of:	Michael Cottell

26

Address:	Waterloo House 100 Pitts Bay Road Pembroke, Bermuda HM 08
Email address:	michael.cottell@fidelisinsurance.com

19.2 Any notice served in accordance with Clause 19.1 shall be deemed to have been received:

19.2.1 if delivered by hand, at the time of delivery;

19.2.2 if sent by first class post, at 9.30 a.m. on the second calendar day after (and excluding) the date of posting;

19.2.3 if sent by airmail, at 9.30 a.m. on the fifth calendar day after (and excluding) the date of posting; or

19.2.4 if sent by email, at the time of transmission by the sender,

19.2.5 provided that if a notice would otherwise be deemed to have been received outside Normal Business Hours, it shall instead be deemed to have been received at the recommencement of such Normal Business Hours.

19.3 For the purposes of Clause 19.2, “Normal Business Hours” means 9.00 a.m. to 5.30 p.m. local time in the place of receipt on any day which is not a Saturday, Sunday or public holiday in that location. In the case of service on either Party by email, the place of receipt shall be deemed to be the address specified for service on that Party by post.

19.4 In proving receipt of any notice served in accordance with Clause 19.1, it shall be sufficient to show that the envelope containing the notice was properly addressed and either delivered to the relevant address by hand or posted as a pre-paid, signed-for first class or airmail letter, or that the email was sent to the correct email address.

19.5 This Clause 19 (Notices) shall not apply to the service of any proceedings or other documents in any legal action.

20. Assignment and Sub-Contracting

20.1 In this Agreement “sub-contract” shall mean assign, delegate, novate, sub-contract, or otherwise dispose of or create any trust in relation to any or all of its rights or the performance of any of its obligations or any authority granted to it under this Agreement.

20.2 No Party shall sub-contract under this Agreement without the prior written consent of the Party to whom the obligations are owed (including where appropriate subsidiaries of the Service Recipient).

20.3 A list of sub-contracts permitted pursuant to this Agreement is set out in Appendix 8 (Permitted Sub-Contracts). Provided that the Party wishing to sub-contract reasonably considers that the sub-contract is not a material outsourcing or the sub-contract is substantially the same as is

27

currently pre-approved each Party may sub-contract to a permitted sub-contractors without requiring the prior permission of the other Party.

20.4 Each Party shall provide such assistance to the other as may be reasonably necessary to enable the Party to renew any agreement with any sub-contractor in respect of whom consent has been provided, or in respect of any permitted sub-contract, in each case provided that the proposed terms of such renewed agreement are materially similar to the then current terms.

20.5 A Party shall remain responsible for all acts and omissions of its sub-contractors and the acts and omissions of those employed or engaged by its sub-contractors as if they were its own. An obligation on a Party providing Services to do, or to refrain from doing, any act or thing shall include an obligation upon the Party to procure that its employees, staff, agents and its sub-contractors’ employees, staff and agents also do, or refrain from doing, such act or thing.

20.6 Where the Services to be provided by a Party pursuant to this Agreement involve procuring services from third parties then the relevant Party shall use its reasonable endeavours to procure that any applicable regulatory protections in respect of the provision of the services by the third party are obtained.

20.7 The Party seeking to sub-contract to a permitted sub-contractor shall procure that:

20.7.1 any such permitted sub-contractor is suitable to provide the relevant Services and is sufficiently authorised, resourced and experienced to perform the relevant Services to the prescribed standard;

20.7.2 any such permitted sub-contractor shall provide the Services in accordance with this Agreement and the sub-contractor must enter, or have entered, into a written agreement with the third party on terms that are no less onerous than those contained within the Agreement and which enable the Party seeking to sub-contract to procure that the Service Recipient or any Regulatory Authority is able to exercise the same rights in respect of the third party as those contained in the applicable Agreement;

20.7.3 any such permitted sub-contractor agrees to abide by and does abide by all relevant and applicable internal policies that are applicable to the Party assigning the Services; and

20.7.4 that the rights of audit and record keeping set out in Clause 16 (Records and Audit Access) of this Agreement and any other rights of access to information by a Party or a Regulatory Authority remain effective notwithstanding the permitted sub-contract.

20.8 Costs for sub-contracts shall only be treated as a look or pass through in accordance with paragraph 1 of Appendix 1 (Fees) where expressly agreed in writing between the Parties and noted as such in Appendix 8 (Permitted Sub-Contracts).

20.9 In the event that the Service Provider changes its outsourced service provider, the Service Provider will use its reasonable endeavours to secure SLAs and KPIs in line with its current SLA and KPI obligations relating to the Service (as set out in Appendix 2 (Services) and Appendix 7 (Exit Provisions and Exit Plan)).

20.10 Any non-adherence by the outsourced service provider to SLAs will be communicated to the Service Recipient on a monthly basis for general administrative issues, and no later than ten (10) Business Days from the commencement of the breach for any issues that have the potential to have a material impact. Further, the Service Provider will manage the outsourced service

28

provider with the aim of ensuring the outsourced service provider delivers to agreed SLAs and KPIs in accordance with their agreements with the Service Provider.

21. Confidentiality

21.1 In this Agreement, “Confidential Information” includes (but is not limited to):

21.1.1 all information relating to the transactions, affairs and/or business of a Party and its policies, policyholders, significant commercial relationships (including MGUs and delegated underwriting authorities with the other Party and third parties) and any other customers;

21.1.2 all information relating to or arising from the performance or receipt of the Services;

21.1.3 all information of a confidential nature received or obtained directly or indirectly as a result of entering into or performing the Agreement;

21.1.4 the terms of this Agreement; and the negotiations relating to this Agreement; and

21.1.5 data sets including actuarial data sets.

21.2 The Parties shall both during this Agreement and thereafter:

21.2.1 keep all Confidential Information strictly confidential, save as permitted below; and

21.2.2 not disclose any Confidential Information to a third party, other than as reasonably necessary or desirable for the performance of the Services to be provided by it pursuant to this Agreement or as expressly permitted herein.

21.3 A Party (the “Recipient”) shall not, without the prior written consent of the Party to which the Confidential Information relates or which disclosed the Confidential Information (the “Discloser”), disclose any Confidential Information.

21.4 Subject to Applicable Law, the Recipient may disclose Confidential Information:

21.4.1 to its employees, officers, external auditors, professional advisers, consultants, or third party service providers (and, where applicable, its professional indemnity insurers) who need to know such information for the purposes of enabling the Recipient to carry out its obligations under the Agreement. The Recipient shall use all reasonable endeavours to ensure that its employees, officers, external auditors, professional advisers or consultants to whom it discloses Confidential Information comply with this Clause 21 (Confidential Information);

21.4.2 where required by Applicable Law, court order or any governmental or Regulatory Authority provided that, subject to any legal or regulatory obligations that apply to the Recipient, the Recipient shall give notice to the other Party that it proposes to disclose the Confidential Information;

21.4.3 where the Confidential Information is now in or comes into the public domain otherwise than as a result of a breach of this Clause 21 (Confidential Information); and

21.4.4 where the Confidential Information is already known by the Recipient in circumstances when it was not bound by any form of confidentiality obligation.

29

21.5 In the event of a breach or suspected breach of this Clause 21 (Confidential Information), the Recipient must notify the Discloser promptly and use all reasonable endeavours at its own cost, to remedy or mitigate the effects of such breach.

21.6 All Confidential Information shall remain the property of the Discloser and shall be returned to the Discloser or destroyed at its request, provided that the Discloser may not exercise such right of return or destruction if to do so would prevent or restrict the Recipient from complying with its obligations under this Agreement or the Recipient would be prevented from complying with such request due to Applicable Law, the requirements of a regulatory or governmental authority, order of a court or rules of an applicable stock exchange.

21.7 This Clause 21 (Confidential Information) shall continue in force after and despite the termination of this Agreement, whatever the reason for termination.

22. Limitation of Liability

22.1 References to “liability” in this Clause 22 (Limitation of Liability) include every kind of liability under, arising from or in relation to this Agreement including but not limited to liability in contract, tort (including negligence), misrepresentation, restitution or otherwise.

22.2 Save in respect of any sums payable under Clause 14 (Fees and Currency), so far as permitted by Applicable Law, neither Party (each a “Liable Party”) shall have any liability to the other Party (“Innocent Party”) in respect of any losses that the Innocent Party may incur in connection with any matter to which the Agreement relates, except those losses resulting from: (i) the Liable Party’s gross negligence or intentional misconduct; or (ii) where the Service Provider is the Liable Party, where a MGU Group entity intentionally breaches any policy, guidelines or procedures of an Insurance Group entity, which breach is not cured within twenty (20) Business Days of the earlier of: (1) the date on which the Liable Party becomes aware of such breach; and (2) the date on which the Liable Party receives a notice of such breach from the Innocent Party.

22.3 This Clause 22 (Limitation of Liability) shall not limit or exclude any liability that cannot be limited or excluded by law including for losses arising from: (i) death or personal injury caused by negligence; or (ii) fraud or fraudulent misrepresentation.

23. Amendments and Change Management Process

23.1 In the event that a change is required to the Agreement or any of the Services provided hereunder or any Service Schedule set out in Appendix 2 (Services), the Parties agree to comply with the provisions of Appendix 4 (Change Management Process).

23.2 If either Party requests the same (or materially the same) change on more than three (3) separate occasions and the other Party rejects such change requests (the third of such rejections being a “Deadlock”), the Parties shall refer the Deadlock to the Non-Calculations Dispute Resolution Procedure in order to determine whether such change shall be reflected in this Agreement.

23.3 Notwithstanding Clause 23.1, no variation of this Agreement shall be effective unless it is in writing signed by or on behalf of each of the Parties.

23.4 Each Party to this Agreement as at the Commencement Date and any Party who becomes a Party to this Agreement after the Commencement Date acknowledges and agrees that additional Parties who are or become members of the same group of companies may, subject to all necessary governance and regulatory approvals, enter into this Agreement at any time after the

30

Commencement Date by executing an Appendix to this Agreement (the form of which is appended in Attachment A) to be signed by the duly authorised representative of such Party only.

24. Contract Governance, Accountabilities, Escalation, and Service Dispute Resolution

The Parties agree to comply with the provisions of Appendix 5 (Contract Governance, Accountabilities, Escalation, and Service Dispute Resolution).

25. Disaster Recovery and Business Continuity

Without prejudice to the provisions of Clause 8.9, and in addition to any Service specific requirements in relation to business continuity and disaster recovery as set out in Appendix 2 (Services), the Parties agree to comply with the provisions of Appendix 6 (Standard Contract Disaster Recovery and Business Continuity).

26. Annual Review Group Process

26.1 The Parties recognise that their businesses have undergone significant adjustment pursuant to the Reorganisation. Within six (6) months of the Commencement Date and on each annual anniversary of the Commencement Date, the Parties agree in good faith that the Services set out in Appendix 2 (Services) should be considered and reviewed for accuracy against the requirements and capabilities of their business models. This review process will be undertaken in accordance with the Annual Review Group and related governance processes set out in Appendix 5 (Contract Governance, Accountabilities, Escalation, and Service Dispute Resolution). The Parties agree in good faith to allocate at least one (1) Business Day for such review and allocate appropriately skilled, authorised and senior personnel to attend and engage in such review.

26.2 In the event that a change is required to this Agreement or any of the Services and related SLAs and KPIs following the review process referred to above at Clause 26.1 (including the information set out in Appendix 2 (Services)) provided hereunder, the Parties agree to use reasonable endeavours to agree to and facilitate such change, complying with the provisions of Appendix 4 (Change Management Process) and to record the change in writing, considering any regulatory approvals or notifications required before doing so. The Parties agree in good faith that this annual review process shall be used to refine the Services set out in Appendix 2 (Services) and shall not be used to request materially different service receipt or provision (which should be requested using change control in Clause 23 (Amendment and Change Management Process), exit of specific Services, or termination provisions in Clause 10 (Termination)). Either Party shall have the right to request the review of the terms of this Agreement (including any service schedule in Appendix 2 (Services) and suggest amendments as part of the annual review). In the event of such request the Parties agree in good faith to consider and agree such request and any proposed amendments.

26.3 Each Party will conduct an annual business review and planning process, which will also include review and planning for the Services, and such plans will be finalised and agreed in line with relevant governance requirements and as set out in Appendix 2 (Services). For the Services this process shall ensure that all Applicable Law has been considered. Should either Party be aware that its relevant framework (regulatory or otherwise) is required to change, this should be raised through the change control process in Appendix 4 (Change Management Process) rather than the business planning process.

31

26.4 If either Party requests the same (or materially the same) change on more than three (3) separate occasions and the other Party rejects such change requests, the Parties shall refer the Deadlock to the Non-Calculations Dispute Resolution Procedure in order to determine whether such change shall be reflected in this Agreement.

27. Further Assurance

27.1 The Parties shall each promptly execute (or procure the execution of) such further documents as may be required by Applicable Law or be necessary to implement and give effect to this Agreement.

27.2 Where as a result of any changes in Applicable Law relating to a Party or to the Services it is to provide pursuant to this Agreement, it, acting reasonably and in good faith, considers that the terms of this Agreement need to be adapted and requests that they are adapted then the other Parties shall each consider such request in accordance with Clause 23 (Amendments and Change Management Process) and the change control process in Appendix 4 (Change Management Process).

28. Contracts (Rights of Third Parties) Act 1999

Save where expressly provided in this Agreement, no third party is intended to have the right to enforce any provision in this Agreement pursuant to the Contracts (Rights of Third Parties) Act 1999.

29. Entire Agreement

29.1 This Agreement represents the entire terms agreed among the Parties in relation to its subject matter and supersedes and extinguishes any prior drafts or heads of terms and all previous contracts, arrangements, representations and/or warranties of any nature (whether or not in writing) among the Parties relating to its subject matter.

29.2 Each Party acknowledges and agrees that in entering into this Agreement on the terms set out in this Agreement it is not relying upon (and shall have no remedy in respect of):

29.2.1 any pre-contractual or other statement, representation, warranty, promise, assurance, prediction, projection or forecast made or given by any other Party or any other person (whether negligently or innocently made), whether or not in writing, at any time before the execution of this Agreement that is not expressly set out in this Agreement (a “Pre-contractual Statement”);

29.2.2 any unlawful communication as defined in section 30(1) of the Financial Services and Markets Act 2000 made by any other Party or any Party’s professional advisers; and

29.2.3 solely in reliance on its own commercial assessment and investigation and advice from its own professional advisers.

29.3 No Party shall have any liability for any Pre-contractual Statement and the only liability each Party shall have in respect of those statements, representations, warranties, assurances and undertakings made or given by it and set out or incorporated in this Agreement shall be for breach of contract.

32

29.4 Nothing in this Clause 29 (Entire Agreement) shall operate to limit or exclude any liability for fraud.

30. Remedies Not Exclusive

Except as expressly provided under this Agreement, the rights and remedies contained in this Agreement are cumulative and are not exclusive of any other rights or remedies provided by law or otherwise.

31. No Waiver

31.1 A failure or delay by a Party to exercise any right or remedy under this Agreement shall not be construed or operate as a waiver of that right or remedy nor shall any single or partial exercise of any right or remedy preclude the further exercise of that right or remedy.

31.2 A waiver by a Party of any breach of or default under this Agreement shall not be considered a waiver of a preceding or subsequent breach or default.

31.3 A purported waiver or release under this Agreement is not effective unless it is a specific authorised written waiver or release.

32. Severance

32.1 Each of the provisions contained in this Agreement shall be construed as independent of every other such provision, so that if any provision of this Agreement shall be determined by any court or competent authority to be illegal, invalid and/or unenforceable then such determination shall not affect any other provision of this Agreement, all of which other provisions shall remain in full force and effect (subject to Clause 32.2).

32.2 If any provision of this Agreement shall be determined to be illegal, invalid and/or unenforceable, but would be legal, valid and enforceable if amended, the Parties shall consult together in good faith and agree the scope and extent of any modification or amendment necessary to render the provision legal, valid and enforceable and so as to give effect as far as possible to the intention of the Parties as recorded in this Agreement.

33. Counterparts

This Agreement may be executed in any number of counterparts, but shall not be effective until each Party has executed at least one counterpart. Each counterpart when executed shall be an original, but all the counterparts together shall constitute one document.

34. Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of England and Wales. The Parties submit to the exclusive jurisdiction of the courts of England and Wales.

[The rest of this page is left intentionally blank]

33

IN WITNESS WHEREOF, each Party has caused this Agreement to be signed by their duly authorised representative as of the date set out on the first page of this Agreement.

For the Service Recipient
SIGNED by	)
FIDELIS INSURANCE HOLDINGS LIMITED	)

Signed:	/s/ Dan Burrows
Name:	Dan Burrows
Title:	Group MD

For the Service Provider
SIGNED by	)
SHELF HOLDCO II LIMITED	)

Signed:	/s/ Charles Mathias
Name:	Charles Mathias
Title:	Director

Signature page to the Inter-Group Services Agreement

Appendix 1

Fees

1. When the Service Provider has purchased part or all of the Services from an external third-party supplier or third-party outsourcing provider, the applicable costs shall be directed to the Service Recipient with no additional charge attaching.

2. Where such costs are to be shared by the Service Provider and the Service Recipient, the Service Recipient’s apportioned contribution shall be established from the ratio of Service Recipient’s headcount against the Service Provider’s headcount – for example: if the Service Recipient has 50 headcount and the Service Provider has 200 headcount the ratio is 1:4 and the Service Recipient shall pay one fifth of such costs. Headcount shall be established from the last available HR management information prepared for the Service Recipient.

3. Save where paragraph 1 applies, when the Service Provider supplies Services, the Fees for Services shall be:

(a) calculated on an agreed estimated basis;

(b) the estimate shall be based on an estimated apportioned cost plus 5% (the 5% “Fee Profit”);

(c) the apportioned cost shall be based on an estimate of costs incurred in providing Services under the Agreement to entities in the Service Recipient group;

(d) for the first year of the term, subject to paragraph 3(f) below the apportioned cost shall be estimated based on the Service Provider’s actual costs derived from financial records for the financial year ending 2022. The Service Provider shall provide the initial Fees estimate in respect of the first financial year to the Service Recipient by the start of the first financial year and, on a quarterly basis, the Service Provider shall provide a revised estimate on a 3+9, 6+6, 9+3 basis, along with calculations set out in sufficient detail for the Service Recipient to understand the methodology and assumptions used by the Service Provider in determining the estimated apportioned costs;

(e) in subsequent years of the term, the estimated apportioned cost shall be based on Service Provider actual costs derived from financial records for the financial year immediately preceding the billing year;

(f) for the avoidance of doubt, the Parties agree that financial records can be used for the first three quarters of 2022 financial year (appropriately adjusted for Project Cooper related costs and expenses) but the Parties should not establish the estimated apportioned costs from financial records for the fourth quarter of 2022 financial year except by mutual agreement following discussion about the impact of the Reorganisation on such financial records;

(g) the Service Provider shall inform the Service Recipient of the quarterly estimated Fees within fifteen (15) Business Days of the quarter end, along with calculations set out in sufficient detail for the Service Recipient; and

(h) the Service Recipient may request background information including calculations carried out by the Service Provider in relation to establishing Fees.

35

4. Where Service Provider premises are occupied or utilised by the Service Recipient on the basis of an under-lease, sub-lease or formal licence basis on terms required by the Service Provider’s landlord, the rent and service charges payable by the Service Recipient shall be as set out in the under-lease, sub-lease or formal licence document. If there is no such document or the document is silent, costs shall be charged and allocated when levied by the Landlord on the basis of an estimated proportion of the Service Providers premises costs, such fair proportion being derived from the Service Recipient’s average headcount in the jurisdiction in which the premises is located for the immediately preceding period (if charged on an annual basis, this shall be the average headcount of an annual period, if charged quarterly, this shall be over the last quarter).

5. The Parties shall not be required to prepare timesheets. The Service Provider shall provide management information estimating how the Service Recipient could recharge Fees to each entity within the Service Recipient’s group. This will be a percentage per jurisdiction and entity.

6. The Parties agree that Fees, invoices, and the payments process shall not allow netting or set off of any nature including within or between currencies, jurisdictions, entities, service types, costs, Fees or commission, or amounts arising from other agreements between the parties related or unrelated to the subject matter hereof.

7. Invoices shall be raised and Fees shall be payable in US Dollars, GB Pounds or Euros as agreed between the CFO for each group on a quarterly basis (and, if no agreement, invoices shall be raised and Fees shall be paid in US Dollars). If the Service Provider incurs costs in currencies other than US Dollars, GB Pounds or Euros, expenses will be recharged to the Service Recipient in US Dollars using the ledger monthly exchange rate in force on the invoice date.

8. Invoices shall be raised and levied in arrears at the end of each financial quarter for the amount of Fees due and owing for Services provided during that financial quarter. Invoices are payable within 30 days of the date of receipt of the invoice by a Party. Invoices shall be delivered in accordance with the notice provisions set out in Clause 19 (Notices) of this Agreement.

9. All records, invoices and accounts that the Service Provider prepares under the Agreement shall be in accordance with US GAAP.

10. If the Service Recipient does not dispute a quarterly estimated Fees invoice the Service Recipient shall pay the undisputed amount of the Fees in accordance with the payment terms. If the Service Recipient disputes all or any part of the quarterly estimated Fees, the Service Recipient shall notify the Group CFO of the Service Provider within ten (10) Business Days of being informed of the quarterly estimated Fee, following which date, if it has not disputed such sums, it shall be taken to have accepted the quarterly estimated Fee. If the Service Recipient wishes to question an invoice or Fee calculation mechanism, it is intended that the Party’s CFO will discuss concerns with the other Party’s CFO in the first instance. In the event an issue remains unresolved, the Party’s CFO will table an agenda item for discussion at the appropriate contractual governance forum, which initially is the Quarterly Outsourcing Management Committee (see Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution)). Contractual governance escalation shall be used; after which the Party may invoke the contractual Dispute Resolution procedure (see Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution)). At any point after discussing with the other Party’s CFO and prior to invoking the contractual Dispute Resolution procedure, each Party has the right to invoke an audit or engage specialist forensic accounting (or any other applicable) expertise to establish the correct invoicing or Fee calculation mechanism, the costs of which shall be shared equally between the Parties on a 50:50 basis.

36

11. If an exit fee is payable under the terms of the Agreement, the Service Recipient will pay costs relating to Exit Plan and Non-Underwriting Run-Off Services. Such costs will be established as a reasonable estimated apportioned cost plus 5%, save that when the Service Provider has purchased part or all of the Exit services from an external third party provider, an estimated apportionment of the applicable costs shall be directed to the Service Recipient with no additional charge attaching. Costs will be estimated on the same basis as Services or substantially similar Services as set out above in paragraph 1 of the Fee Appendix and apportionment shall be based on headcount ratios at the point of the costs being incurred.

12. Service Credits will be applied as per Appendix 9 (Remediation and consequences from KPIS and SLA Shortfalls).

37

Appendix 2

Services

1. Finance Service Level Agreements and Key Performance Indicators

    The following are the SLAs and KPIs governing the services described below.

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
1	SLA	Regulatory deliverables submissions timelines	Submit regulatory deliverables in line with agreed timetable and ensure that no submissions dates are missed	100%	As agreed between Service Recipient and Service Provider	Monthly
2	SLA	Reconciliations and account breakdowns	Submit sub-ledger and Balance Sheet reconciliations scope as agreed between Service Recipient and Service Provider	95%	As agreed between Service Recipient and Service Provider	Monthly
3	SLA	Resolution of unreconciled items	Resolve any unreconciled items on Balance Sheet reconciliations, exceeding materiality threshold as agreed between the Service Recipient and the Service Provider	95%	5 Business Days after submission of Balance Sheet reconciliations	Monthly
4	SLA	Journal entry	Enter journal entries as agreed between the Service Provider and the Service Recipient	95%	Within 5 Business Days of the end of the month	Monthly
5	SLA	Payroll payment reconciliation	Reconcile total payroll payments made to the underlying payroll records, ensuring that all reconciling differences exceeding materiality as	95%	Within 5 Business Days of the end of the month	Monthly

38

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
			agreed between the Service Recipient and the Service Provider are explained with commentary
6	SLA	Provision of data	Submit data deliverables, as agreed between the Service Provider and the Service Recipient	95%	As agreed between Service Recipient and Service Provider	Monthly

1.1 Finance Detailed Service Schedules

(a) Business Planning

No.	Section	Section Detail
1.	Scope of service	Business planning to support regulatory requirements The Service Provider agrees to cooperate with the Service Recipient and support the Service Recipient with respect to regulatory filings., which may include: 1.  Routine or planned regulatory filings 2.  Ad-hoc responses to regulatory requests The Service Recipient agrees to notify the Service Provider of routine/planned filings as early as practical, and at least three months in advance, and ad-hoc reporting requirement as soon as it becomes foreseeable. Requirements and timelines are to be agreed between the Service Recipient and Service Provider prior to commencement of work.
		The Service Recipient and Service Provider will agree a detailed reporting timetable. Business planning to support ad hoc regulatory requests The Service Provider agrees to cooperate with the Service Recipient for reasonable ad hoc regulatory requests, such as to satisfy ORSA and CISSA requirements. The Service Provider agrees to a best endeavours obligation to provide

39

No.	Section	Section Detail
		requests of this nature.
2.	Service deliverables	i.   As required, documentation to support a regulatory filing, report, or submission, in a format to be determined by the Service Recipient ii.  As required, documentation to support ad hoc regulatory requests in a format to be determined by the Service Recipient iii.   As required, control attestations confirming that all activities have been performed and reported in accordance with the Service Provider’s control framework
3.	Service dependencies (on inter-group and intra-group services)	Inter-Group service schedules ●   1.3.2 - Short-term cashflow forecasting ●   2.5.1 - Risk aggregation and catastrophe management ●   3.1.2 - Management reporting Intra-Group service schedules Dependency on Risk function to support business planning and annual plan preparation activities, through the setting of risk appetite as well as associated risk limits and the provision of input relating to core and emerging risks
4.	Key supporting systems	●   Anaplan - business planning ●   Prequel - underwriting system ●   Oracle HFM and Fusion Cloud - historical financial information ●   FireAnt - modelling
5.	Key supporting third-party suppliers	●   Anaplan – business planning system provider ●   Oracle – finance system provider

40

No.	Section	Section Detail
6.	Service Provider owner	UK ●   Responsible individual: UK CFO ●   Business contact: MGU FP&A Controller Ireland ●   Responsible individual: Group Head of Financial Planning & Analysis ●   Business contact: MGU FP&A Controller (UK) Bermuda ●   Responsible individual: UK CFO ●   Business contact: Bermuda Controller
7.	Service Recipient owner	UK ●   Responsible individual: FUL CFO ●   Business contact: Regulatory Reporting Manager Ireland ●   Responsible individual: FIID CFO ●   Business contact: Regulatory Reporting Manager Bermuda ●   Responsible individual: FIBL CFO ●   Business contact: Regulatory Reporting Manager
8.	Service Recipient obligations (e.g. data required by Service Provider)	For the Service Provider to prepare accurate regulatory filings, the Service Recipient will provide: ●   Templates detailing the format of all required regulatory filings and any supporting analysis required ●   Reporting timetable For the Service Provider to prepare accurate additional information required for business planning, the Service

41

No.	Section	Section Detail
		Recipient will provide: ●   Templates detailing the format of all required regulatory filings and any supporting analysis required ●   Reporting timetable The Service Recipient will be responsible for scrutinising regulatory filings and ad hoc regulatory requests and submitting to those charged with governance for approval.
9.	Service Recipient oversight activities	Without limitation to the unrestricted right of audit in the Heads of Terms, oversight activities may include: ●   Review of inputs and outputs from the planning process (e.g. data inputs from Service Recipient systems) ●   Testing of controls in the planning process as scoped by the Service Recipient’s Internal Audit function ●   Assurance over planning systems and data ●   Delivery of relevant service organisation controls reports (e.g. SOC 1) of service or system providers used to provide the service
10.	Service reporting requirements	The Service Provider will retain a copy of the agreed reporting timetable and documentary evidence of its compliance with the deadlines set out therein, to be presented to the Service Recipient upon request.
11.	Definition	The following definition shall apply in respect of this Service Schedule: “FP&A” - Financial planning and analysis

(b) Management Reporting

No.	Section	Section Detail
1.	Service description	Management reporting

42

No.	Section	Section Detail
		A management reporting pack will be prepared by the Service Provider (in consultation with the Service Recipient) on a timely basis, as agreed between the Service Provider and the Service Recipient and shared with the Service Recipient for review and sign-off. The activity relies on information extracted from the Service Provider’s General Ledger system, and commentary provided by a number of stakeholders from the Service Provider and the Service Recipient. The Service Provider will: ●   Produce a management reporting pack, which includes analysis and commentary as agreed between the Service Provider and the Service Recipient ●   Respond to any comments from the Service Recipient’s Head of Reporting regarding the management reporting pack ●   Once the comments have been addressed, provide the management reporting pack to the Service Recipient’s Financial Controller, whose review is evidenced through his/her commentary and sign-off The Service Recipient will: ●   Provide inputs and commentary, as agreed between the Service Provider and the Service Recipient, to be included within the management reporting pack ●   Review and challenge the draft management reporting pack received from the Service Provider and submit to those charged with governance for approval and sign off Inputs and commentary, as agreed between the Service Provider and the Service Recipient, must be approved and signed off by the Chief Actuary and Chief Investment Officer respectively prior to inclusion in the management reporting pack. Timing of activities The timetable for activities to support management reporting process is agreed to be as follows: ●   Monthly and quarterly reports within 15 Business Days of period end.
2.	Service deliverables	The following deliverables are to be provided by the Service Provider to the Service Recipient (in a format

43

No.	Section	Section Detail
		determined by the Service Recipient) on a timely basis as agreed between the Service Provider and the Service Recipient:   I.   Management reporting pack, including supporting schedules and analysis II. Reconciliations, auditable account breakdowns As required: ●   Control attestations confirming that all activities have been performed and reported in accordance with the Service Provider’s control framework
3.	Service dependencies (on inter-group and intra-group services)	●   2.4.1 - Actuarial data collection and review: dependency on Net Loss table preparation ●   3.1.3 - Technical accounting
4.	Key supporting systems	●   Oracle HFM and Fusion Cloud
5.	Key supporting third-party suppliers	n/a
6.	Service Provider owner	UK ●   Responsible individual: UK CFO ●   Business contact: MGU FP&A Controller Ireland ●   Responsible individual: Group Head of Financial Planning & Analysis ●   Business contact: MGU FP&A Controller (UK) Bermuda

44

No.	Section	Section Detail
		●   Responsible individual: UK CFO ●   Business contact: Bermuda Controller
7.	Service Recipient owner	UK ●   Responsible individual: FUL CFO ●   Business contact: Regulatory Reporting Manager Ireland ●   Responsible individual: FIID CFO ●   Business contact: Regulatory Reporting Manager Bermuda ●   Responsible individual: FIBL CFO ●   Business contact: Regulatory Reporting Manager
8.	Service Recipient obligations (e.g. data required by Service Provider)	The Service Recipient will provide: ●   Schedules detailing the format of the management reporting pack and any supporting analysis required ●   Inputs into the monthly management reporting pack (e.g. P&L commentary) ●   Sign-off of monthly management reporting pack ●   Reporting timetable for deliverables from the Service Provider
9.	Service Recipient oversight activities	Without limitation to the unrestricted right of audit in the Heads of Terms, oversight activities will include: ●   Scrutiny of inputs and outputs from the management reporting process (e.g. commentary on management reporting pack) ●   Audit of controls in the management reporting process to meet internal and external audit requirements ●   Verification of completeness and accuracy of management reporting information and calculations

45

No.	Section	Section Detail
		●   Audit and testing of data security and associated controls
10.	Service reporting requirements	The reporting is to be provided on a timely basis and will include outputs as agreed between the Service Provider and the Service Recipient
11.	Definitions	The following definition shall apply in respect of this Service Schedule: “Oracle HFM” - ERP reporting tool

(c) Technical Accounting

No.	Section	Section Detail
1.	Service description	Chart of Accounts The Service Provider will: ●   Prepare journal entries for key technical accounts, as agreed between the Service Provider and the Service Recipient, and make the required postings to the Service Recipient’s General Ledger system, having obtained the necessary approvals from the Service Recipient. This will include posting of Jarvis and non- Jarvis manual entries such as pipeline premium, PC’s, RIPs, IBNR and IGR. ●   Provide data for regulatory and financial reporting purposes, in agreed format ●   Respond to any queries from the Service Recipient regarding the proposed journal postings The Service Provider will operate the following activity on a monthly basis: ●   Confirm that all accounting entries have been posted in the required timeframe as agreed between the

46

No.	Section	Section Detail
		Service Recipient and the Service Provider The Service Recipient will: ●   Be responsible for the set-up and maintenance of the Chart of Accounts as well as additional General Ledger accounts on an ongoing basis ●   Review the journal postings prepared by the Service Provider GL Reconciliations The Service Provider is responsible for performing a sub-ledger and Balance Sheet reconciliation for key technical accounts on a monthly basis and ensuring that any unreconciled items exceeding materiality as agreed with the Service Recipient are adequately explained The Service Recipient will review and challenge the reconciliations and provide final sign off before submission to those charged with governance for approval Chart of Accounts changes The Service Recipient will be responsible for making any changes to the Chart of Accounts in systems as and when required Timing of activities The timetable for activities to support technical accounting process is agreed to be as follows: ●   A timetable will be prepared for each month and quarter end setting out key milestone and due dates.
2.	Service deliverables	The following deliverables are to be provided by the Service Provider to the Service Recipient (in a format determined by the Service Recipient) on a monthly basis: I.   GL account and Balance Sheet reconciliations II. GL analysis, lead sheets and audit schedules As required: ●   Control attestations confirming that all activities have been performed and reported in accordance with the

47

No.	Section	Section Detail
		Service Provider’s control framework
3.	Service dependencies (on inter-group and intra-group services)	●   1.2.1 - Credit control ●   3.1.1 - Business planning and annual plan preparation ●   3.1.2 - Management reporting ●   3.3.2 - IT infrastructure and system maintenance ●   3.3.5 - System & applications development
4.	Key supporting systems	●   Oracle Fusion ●   Prequel ●   Jarvis
5.	Key supporting third-party suppliers	n/a
6.	Service Provider owner	UK ●   Responsible individual: UK Financial Controller ●   Business contact: Technical Controller Ireland ●   Responsible individual: IRE ●   Business contact: UK FP&A Controller Bermuda ●   Responsible individual: Bermuda Financial Controller ●   Business contact: Bermuda Controller

48

No.	Section	Section Detail
7.	Service Recipient owner	UK ●   Responsible individual: FUL CFO ●   Business contact: Regulatory Reporting Manager Ireland ●   Responsible individual: FIID CFO ●   Business contact: Regulatory Reporting Manager Bermuda ●   Responsible individual: FIBL CFO ●   Business contact: Regulatory Reporting Manager
8.	Service Recipient obligations (e.g. data required by Service Provider)	The Service Recipient will provide: ●   Sign-off of proposed journal postings ●   Sign-off of changes to the Chart of Accounts ●   Sign-off of monthly reconciliations ●   Reporting timetable for deliverables from the Service Provider
9.	Service Recipient oversight activities	Without limitation to the unrestricted right of audit in the Heads of Terms, oversight activities will include: ●   Audit of controls in the technical accounting process to meet internal and external audit requirements ●   Verification of completeness and accuracy of GL accounts balances ●   Audit and testing of data security and associated controls
10.	Service reporting requirements	●   Monthly reconciliation reports for all GL accounts populated by the Service Provider. ●   Monthly reports listing any changes to the chart of accounts. ●   Quarterly reports of data for regulatory and financial reporting purposes, in format required

49

No.	Section	Section Detail
11.	Definitions	The following definitions shall apply in respect of this Service Schedule: “Jarvis” – a data warehouse system “Oracle Fusion” – General ledger application “GL” – General ledger “Prequel” – an underwriting system

50

(d) Payroll Processing

No.	Section	Section Detail
1.	Service description	Process Payroll journals
		The Service Provider is responsible for processing all payroll information, as agreed between the Service Provider and the Service Recipient, in systems on a monthly basis, relying on information provided by the third-party payroll Service Provider and ensuring that these journals are posted accurately into the General Ledger.
		The Service Provider will provide the Service Recipient with an extract from the General Ledger summarising the payroll amounts to be paid by the Service Recipient
		The Service Recipient will review and challenge the payroll data received from the Service Recipient and submit to those charged with governance for approval.
		Payroll accounts reconciliation
		The Service Provider is responsible for performing a payroll accounts reconciliation on a monthly basis ensuring that any unreconciled items exceeding materiality as agreed with the Service Recipient are adequately explained
		The Service Recipient will review and challenge the payroll reconciliations received from the Service Recipient and submit to those charged with governance for approval
		Timing of activities
		The timetable for activities to support payroll process is agreed to be as follows:
		●    Monthly and quarterly reports within 15 Business Days
2.	Service deliverables	The following deliverables are to be provided by the Service Provider to the Service Recipient (in a format determined by the Service Recipient) on a monthly basis:
		I.     Payroll journal report listing all balances to be approved and paid

51

No.	Section	Section Detail
		II.   Payroll accounts reconciliation
		III.  High level analysis including KPIs listed above and commentary on material changes
		IV.  Provision of data for corporation tax and VAT submissions
		As required:
		●  Control attestations confirming that all activities have been performed and reported in accordance with the Service Provider’s control framework
3.	Service dependencies (on inter-group and intra-group services)	●  3.2.3 - HRIS System and Core Maintenance: dependency on input required for payroll processing ●  3.2.4 - Employment administration ●  3.2.5 - Payroll Systems and Administration: dependency on input from third-party supplier required for payroll processing
4.	Key supporting systems	●  Origo - HRIS
		●  Oracle Fusion - general ledger
5.	Key supporting third-party suppliers	Immedis has been engaged as third-party provider to support payroll run activities.
		The Service Provider must notify the Service Recipient in writing at least 30 days in advance of any changes to the named third-party provider.
6.	Service Provider owner	UK
		●  Responsible individual: Group Financial Controller
		●  Business contact: Technical Controller
		Ireland
		●  Responsible individual: IRE

52

No.	Section	Section Detail
		●  Business contact: MGU FP&A Controller (UK)
		Bermuda
		●  Responsible individual: Group Financial Controller
		●  Business contact: Bermuda Controller
7.	Service Recipient owner	UK
		●  Responsible individual: FUL CFO
		●  Business contact: Regulatory Reporting Manager
		Ireland
		●  Responsible individual: FIID CFO
		●  Business contact: Regulatory Reporting Manager
		Bermuda
		●  Responsible individual: FIBL CFO
		●  Business contact: Regulatory Reporting Manager
8.	Service Recipient obligations (e.g. data required by Service Provider)	The Service Recipient will provide: ●  Review and challenge the payroll data and submit to those charged with governance for approval ●  Review and challenge the reconciliation and submit to those charged with governance for approval ●  Sign-off of monthly reconciliations ●  Sign-off of monthly payroll amounts prior to payment ●  Reporting timetable for deliverables from the Service Provider
9.	Service Recipient oversight activities	Without limitation to the unrestricted right of audit in the Heads of Terms, oversight activities will include: ●  Audit of controls in the payroll accounts process to meet internal and external audit requirements

53

No.	Section	Section Detail
		●  Verification of completeness and accuracy of payroll information and calculations
		●  Audit and testing of data security and associated controls
10.	Service reporting requirements	●  Monthly system download listing all payroll amounts to be paid
11.	12. Definitions	The following definition shall apply in respect of this Service Schedule:
		“Oracle Fusion” - a digital ERP platform

54

2. IT Service Levels and Key Performance Indicators

2.1 Service Request Management

Process Description	Process Objective
A formal request from a user for something to be provided – for example, a request for information or advice; to reset a password; or to install a workstation for a new user. The details of a request for service are recorded by service request in a service request record.	To fulfil service requests, which in most cases are minor (standard) changes (e.g., requests to change a password) or requests for information.

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
1	SLA	Normal Request	All requests within the standard catalogue of services. All standard service requests will be responded and resolved within agreed tiered service offering	95%	4 hr response time and 5 Business Days resolution time for service request	Monthly
2	SLA	Outside of Catalogue	All requests for service outside of the standard service catalogue. All non-standard service requests will be responded and resolved within agreed tiered service offering	95%	2 Business Days response time and 20 Business Days resolution time for non- standard service request	Monthly
3	KPI	Average Time to Resolve Service Requests	The average time from ticket acknowledgement to ticket resolution (e.g., Standard Service Request or Non-Standard Service Request)	95%	Monthly	Monthly

55

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
4	KPI	Average time to Respond to Service Requests	The average time from ticket creation to ticket acknowledgement	95%	Monthly	Monthly

56

2.2 Incident Management

Process Description	Process Objective
The distinction between Incident Management (service interruptions) and Service Request Management (customer or user requests that do not represent a service disruption, such as a password reset). Service interruptions are handled through Incident Management, and Service Requests through Service Request Management. All Incidents should be logged as Incident Records on the ITSM tool.	To manage the lifecycle of all Incidents. The primary objective of Incident Management is to return the IT service to users as quickly as possible.

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
1	SLA	Priority 1 (P1)- Critical incidents	P1 Incidents will be responded to and resolved	95%	15 min response time and 4 hrs elapsed time for resolution	Monthly
2	SLA	Priority 2 (P2)- High incidents	P2 Incidents will be responded to and resolved	95%	30 min response time and 4 hrs elapsed time for resolution	Monthly
3	SLA	Priority 3 (P3)- Medium incidents	P3 Incidents will be responded to and resolved	95%	2 hrs response time and 1-day (Business Day) for resolution	Monthly
4	SLA	Priority 4(P4)- Low incidents	P4 Incidents will be responded to and resolved	95%	2 hrs response time and 2-days (Business Days) time for resolution	Monthly
5	KPI	Number of incidents logged	Report the number of incidents logged, grouped into categories	None	Monthly	Monthly
6	KPI	Number of P1- (Critical) incidents	Number of P1- (Critical) incidents that have been critical to business operations	None	Monthly	Monthly

57

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
7	KPI	Average time to Respond to Incidents	The average time from ticket creation to ticket acknowledgement by type	None	Monthly	Monthly
8	KPI	Average time to Resolve Incidents	The average time from ticket acknowledgement to ticket resolution by type	None	Monthly	Monthly
9	KPI	Mean time between incidents	The average time between P1 ticket creation.	None	Monthly	Monthly

58

2.3 Security Incident Management

Process Description

Process Objective

To manage any and all security incidents affecting the organization. A security incident is an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

The primary objective of Security Incident Management is to ensure that the organization is protected and that incidents affecting security are properly managed.

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
1	SLA	Low	The security team will respond to a problem or issue (suspicious activity that could possibly indicate possible attack without clear attack pattern being established). An example of such an issue might be a suspicious change of password.	95%	Review during next Business Day for triage	Monthly
2	SLA	Medium	The security team will respond to a minor or isolated incident - Evidence of speculative attack that has subsided or has low level/rate of activity. An example of such an attack might be a low rate/limited password spray against a single server.	95%	Response at start of next Business Day	Monthly

59

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
3	SLA	High	The security team will respond to an uncontained incident - Clear evidence of Determined Attack that requires immediate response. An example of such an incident would be a brute force/dictionary attack against servers.	95%	Response within 15 minutes, resolution within 4 hours	Monthly
4	SLA	Severe	The security team will respond to a crisis – clear evidence of an ongoing breach with data exfiltration / system denial activities being alerted.	99%	Response within 15 minutes, resolution within 4 hours	Monthly
5	SLA	Monthly Patching Schedule	Servers and Workstations are to be Patched on a Monthly Basis during the Patch Windows.	95%	Two patch runs per Month	Monthly
6	SLA	Annual Penetration Test	An accredited 3rd party will perform an annual penetration test	100%	Annual	Annual
7	SLA	User Cyber Training	An accredited 3rd party will provide cyber training to the users.	95% of users	Annual	Annual
8	SLA	User Phishing Simulations	An accredited 3rd party security provider will conduct periodic phishing tests on the users	95% of users	Semi-Annual	Semi-Annual
9	KPI	Average Time to Respond to Security Incidents	The average time from ticket creation to ticket acknowledgement by type	None	Monthly	Monthly

60

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
10	KPI	Average Time to Resolve Security Incidents	The average time from ticket acknowledgement to ticket resolution by type	None	Monthly	Monthly
11	KPI	Average number of vulnerabilities per asset	As measured by our vulnerability scanning tools, this is the total number of vulnerabilities / the total number of assets scanned	None	Monthly	Monthly
12	KPI	Monthly Patching Adherence	As measured by the patching tickets recorded the in the helpdesk system, this is the number of patch runs conducted in the month	2	Monthly	Monthly
13	KPI	Annual Penetration Test Critical and High Items	Annual penetration tests are conducted using accredited external 3rd parties. This is the number of critical and high items from the annual report.	None	Annual	Annual
14	KPI	Unmitigated Penetration Test Critical and High Items	From the latest annual penetration test, this is the number of critical and/or high items that remain unmitigated	None	Monthly	Monthly
15	KPI	Cyber Training - Percent Completed	The number of users to complete the latest cyber training session versus the number of users issued the training	95%	Monthly	Monthly
16	KPI	Cyber Training – Percent Passed	The number of users to pass the latest cyber training test versus the	95%	Monthly	Monthly

61

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
			number of users issued the training
17	KPI	User Phishing Simulations – Percent Failed	The number of users to fail the latest phishing simulation versus the number of users issued the simulation	Less than the Industry Average	Semi-Annually	Semin-Annually

62

2.4 Strategic Support Services

Process Description	Process Objective
Included in the services are non-technical services required to ensure that the IT services in general stay relevant to the business needs of the company. Included in this are such things as IT strategy, cyber security design, providing board or regulatory feedback, new technology evaluations, vendor evaluations, etc.	Ensure that the delivery of services stays relevant to the business needs

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
1	SLA	Respond to Request	Upon receipt of a strategic request, the appropriate IT experts will respond and meet to discuss	95%	Within 15 days of receipt of request	Monthly
2	SLA	Quarterly Risk Report	A quarterly report will be produced highlighting any material Cyber, Availability/Continuity, Change, or Outsourcing risk manifest during the previous quarter.	99%	Quarterly	Quarterly
3	SLA	IT Strategy Review	At least once a year, the two parties will meet to review and agree the IT Strategy. Aside from core strategy, the IT Strategy Review will include reviews of Cyber planning, Availability and Continuity planning, Change Management, and 3rd Party Outsourcing.	100%	Annual	Annual

63

2.5 Availability Management

Process Description	Process Objective
The ability of a configuration item or IT service to perform its agreed function when required	Availability Management aims to define, analyse, plan, measure and improve all aspects of the availability of IT services. It is responsible for ensuring that all IT infrastructure, processes, tools, roles etc are appropriate for the agreed availability targets.

#	Type	Metric Name	Commitment	Threshold	Timing	Frequency of Reporting
1	SLA	High IT service	Important business services that enable the business and interactions with customers	95%	Monthly	Monthly
2	SLA	Low IT service	Services that have a minimal impact on business and customers	75%	Monthly	Monthly
3	SLA	Passed through services	Where a service is passed through to the Service Recipient by the service provider from a third-party provider	As per the SLA set out in the contract between the service provider and the third-party provider	Monthly	Monthly
4	SLA	Designated Server Backups	Designated Servers are to be Backed Up Nightly	95%	Daily	Monthly
5	SLA	Disaster Recovery Protection	Designated Servers are to be Included in the Disaster Recovery Protection Server	95%	Daily	Monthly

64

6	SLA	Disaster Recovery Testing	The Disaster Recovery Service is to be Tested Annually	95%	Annually	Annually
7	KPI	Backup Availability	Backup report issued daily listing the Succeeded, cancelled and failed backups	None	Daily	Daily
8	KPI	Disaster Recovery Availability	Number of Azure Site Replication Failures	None	Monthly	Monthly
9	KPI	Disaster Recovery Testing	Number of Un Remediated High Items from the Last Round of Disaster Recovery tests	None	Annually	Monthly

(a) IT Scope of Services

(i) Cybersecurity

(ii) Cyber Security Programme Design

(iii) Videoconference Support

(iv) Desktop Hardware Provisioning

(v) Office 365 Provisioning

(vi) Small Licence Provisioning

(vii) Mobile Device Provisioning

(viii) Network

(ix) Active Directory Security

65

(x) Server Provisioning

(xi) Backup Service

(xii) Disaster Recovery Service

(xiii) IT Strategy Support

(xiv) Bespoke Application Helpdesk

(xv) Infrastructure Support Helpdesk

(xvi) Third-Party Vendor Support Helpdesk

(xvii) Seconded Developers

66

Appendix 3

[intentionally blank]

67

Appendix 4

Change Management Process

1. Principles

The Parties agree that change request management capabilities are needed to effectively deliver change in a cost and time efficient manner, and to protect the Parties to ensure risks are considered and understood and to support the analysis of cost and other impacts.

2. Cross-Functional Change Group (“CFCG”)

2.1 The Parties will convene a CFCG with broad representation from key functions and control functions from both Parties. The CFCG will review and either approve or reject material change requests.

2.2 The CFCG is intended to: oversee change impact assessments; seek clarification relating to change requests; assess costs relating to change requests; facilitate co-ordination of impactful change; track progress of delivery of approved changed requests; monitor relevant MI; and otherwise support the development of the relationship between the MGU Group and the Insurance Group over the lifespan of the Agreement. To support this, the CFCG will provide MI to the Outsourcing Management Committee. The Parties agree the CFCG will develop terms of reference.

2.3 The CFCG will meet monthly during the first twelve (12) months of the Agreement, and thereafter quarterly, or at another frequency agreed between the Parties.

2.4 The Parties agree that change requests will be considered and applied on a Group level save that change may be applied on an entity or jurisdiction level if legal or regulatory changes are required.

3. Change request process

3.1 The Parties will make change requests in writing. The relevant Function Head of the Party requesting the change must submit a change request to other Party’s relevant Function Head. The Service Provider’s Function Head will log the request and inform the CFCG or put it on the agenda for review at the next CFCG meeting.

3.2 The Party making the change requests will grade the change request as (i) material; (ii) medium; (iii) non-material; or (iv) IT change. Change requests will be considered in the following way:

(a) Non-material change requests – this is a non-objection process; the Chief Operating Officer (COO) for each Group may object to the request by stating the objection in writing within two weeks of receipt of a non-material change request;

(b) Medium change requests - the Chief Operating Officer (COO) for each Group may approve or reject the request in writing, provided that they have taken advice from key functions and control functions within their Group; they must approve or reject in writing within two weeks of receipt of a medium change request;

(c) Material change requests – the CFCG will consider material change requests. In such cases, the COO of each Group will be entitled to approve or reject the request in writing or request additional information (e.g. detailed impact assessment) and must do so within two Business Days of the CFCG in which such change request is discussed; and

68

(d) IT change – for material IT change requests, the CFCG will escalate approval recommendations to the Outsourcing Management Committee for final approval.

3.3 A change request must include: an indication of the materiality of the change request, a summary impact assessment, an estimated cost of change, and a proposed delivery timeline. The scope of the supporting information will vary according to the materiality of the change request. CFCG may develop and communicate pro forma templates (e.g. change request, impact assessment, etc.)

3.4 For change control purposes, key functions and control functions include: legal, compliance, finance, operations, risk, internal audit, claims, and underwriting and any other relevant subject matter experts (e.g. HR for people discussions).

3.5 Any appeals against rejected change control requests may be escalated as follows:

(a) Non-material change requests – to CFCG;

(b) Medium change requests – to CFCG;

(c) Material change requests – to the Outsourcing Management Committee; and

(d) Material IT change – to Outsourcing Executive Committee, convened on an ad hoc basis.

69

Appendix 5

Contract Governance, Accountabilities, Escalation, and Dispute Resolution

Service Oversight and Relationship Management

1. In relation to the Agreement, the Parties shall create and maintain at all times an outsourcing governance framework that is commensurate with the relationship between them and the Services being provided pursuant to the Agreement.

2. The governance framework for this Agreement shall apply during its term and during the performance of any Exit Plan and any related services.

3. The governance framework for this Agreement is as follows:

Forum	Responsibility	Members
Accountable Executives	Ultimate accountability for the Services in totality and ensuring delivery to requirements (including regulatory and policyholder requirements), the effective oversight of the overall arrangement including ensuring that appropriate and effective governance and internal controls to identify, measure, manage, monitor and report the risks associated with the overall arrangement, including the Services	For the Service Recipient : the Group Chief Operating Officer For the Service Provider : the Group Chief Operating Officer
Annual review meeting	As set out in Clause 26.1	Identified Accountable Executives
Outsourcing Executive Committee	Ultimate authority regarding the overall arrangement Any material issues will be referred to the dispute resolution procedures set out in this Appendix 5 (Contract Governance, Accountabilities, Escalation and Dispute Resolution) Members shall have the power to act on behalf of and bind their respective appointee Party The Service Recipient Accountable Executive shall act as chair Quorum is minimum of 2 persons, including the Accountable Executive from each Party Meets as required, and at least annually	Identified Accountable Executives
Outsourcing Management Committee	Ultimate authority regarding the overall arrangement in this Agreement Escalation point for Calculations Dispute Notice (see below) Any material issues will be escalated to the Outsourcing Executive Committee	TBC e.g. those with prescribed responsibilities

70

Forum	Responsibility	Members
	The Service Recipient shall elect the chair Quorum is minimum of 5 persons, including a minimum of two (2) representatives from each Party Members shall have the power to act on behalf of and bind their respective appointee Party Meets quarterly
Cross Functional Working Group (CFWG)	Facilitates and oversees the execution of all activities required to manage the overall Agreement and Services in a consistent and standardised manner Oversees and facilitates the performance of any Exit Plan (and any related Exit Services) in accordance with the terms and conditions of this Agreement Escalation point for the Function Heads to ensure adherence to Service schedules, KPIs, SLAs, change control process, and Fees as set out in the Appendices to this Agreement Any material issues will be escalated to the Outsourcing Management Committee The Service Recipient shall elect the chair Quorum is minimum of 5 persons, including a minimum of two (2) representatives from each Party Members shall have the power to act on behalf of and bind their respective appointee Party Does not have authority to determine whether a Service should be terminated, such decision must be escalated by the CFWG to the Outsourcing Management Committee Meets monthly	All Function Heads
Functions Heads	Accountable for their respective Services as the primary recipient or provider. For each Service, the Function Head will monitor and manage the day-to-day activities using management information and progress reporting to monitor and manage perform and quality, risks and issues, dependencies and assumptions tracking) Service Recipient and Service Provider counterparts meet regularly as required, at least monthly Do not have authority to determine whether a Service should be terminated, such decision must be escalated by the CFWG	Determined by respective group operating model

71

4. The Parties shall ensure that the appropriate forum is kept fully informed of all relevant information, and is at all times involved appropriately in relation to the performance of each Party’s obligations under this Agreement (including any subsidiaries).

5. All discussions in governance meetings shall be treated as without prejudice unless specifically stated to be otherwise.

6. Governance meetings shall (i) be scheduled (ii) have an agenda and (iii) have papers and items for consideration circulated with a minimum of five (5) Business Days’ notice, save where both Parties agree otherwise; all meetings shall have teleconferencing/audio-visual facilities for remote attendance where reasonably practicable and necessary; meetings shall not be cancelled or rearranged on short notice save by mutual agreement of the Accountable Executives; the meeting shall be deemed to have taken place in the location of the chair of the meeting, which shall be recorded in the minutes taken.

7. Each Party shall ensure that its respective representatives in the CFWG notify the other Party’s representatives in the CFWG (a “CFWG Notification”) in writing as soon as reasonably practicable if it becomes aware of the occurrence of any of the following events:

(a) it, or any of its subsidiaries who perform any of the Party’s obligations under this Agreement, has experienced an Insolvency Event;

(b) it has committed a material breach of any of its obligations under this Agreement (either directly or via a subsidiary or sub-contractor);

(c) it, or any of its subsidiaries has, committed an act of fraud in relation to this Agreement; or

(d) any Regulatory Restriction Event or any other issue, incident, activity, communication, complaint, happening or omission has occurred, or is likely to occur, which could materially impact upon its ability, or the ability of any of its subsidiaries, to perform the Party’s obligations under this Agreement.

8. Either Party may procure that its representatives in the CFWG provide the other Party’s representatives in the CFWG with a CFWG Notification if it becomes aware that:

8.1 the other Party (either directly or via a subsidiary or sub-contractor) has committed a non-material breach of this Agreement, provided that:

(a) such notification may only be given within thirty (30) days from the date upon which the reporting Party, acting reasonably, could first have become aware of such non-material breach; and

(b) a single notification may only be provided in respect of each Referred Non-material Breach, and each notification must be provided at least ten (10) days after the date on which the previous Referred Non-material Breach was provided to the other Party; or

8.2 any event listed in paragraph 7 (a-d) (inc.) either has occurred, or is likely to occur, in relation to the other Party.

9. If a Party to this Agreement commits the same (or materially the same) non-material breach four (4) times determined by reference to KPIs and board escalation triggers as set out in Appendix 2 (Services) during the term of the Agreement, the final breach shall be considered to be a material breach for the purposes of paragraph 7(b), provided that a Party may only provide a CFWG

72

Notification to the other Party under paragraph 8.1(b) in respect of such non-material breaches if each non-material breach subject to such CFWG Notification is already a Referred Non-material Breach prior to the date on which the CFWG Notification is provided to the other Party.

10. If a CFWG Notification is issued by the representatives of either Party, for a period of thirty (30) days from the date when such CFWG Notification was issued (the “CFWG Deadline”), the Parties shall procure that the CFWG shall discuss, and shall use reasonable endeavours to agree:

(a) where paragraph 7(a) applies, whether it is reasonably practicable to continue the Agreement;

(b) where paragraph 7(b) applies, upon a course of action to: (i) remedy such breach, if such breach is reasonably capable of remedy; and (ii) irrespective of whether such breach is reasonably capable of remedy, take action to mitigate the likelihood of the occurrence of similar material breaches in the future;

(c) where paragraph 7(c) applies, upon a course of action to mitigate the likelihood of the occurrence of similar acts of fraud in the future, save that the CFWG shall not be required to agree upon any course of action in respect of any material act of fraud, and the matter shall be referred to the Outsourcing Management Committee pursuant to paragraph 11; or

(d) where paragraph 7(d) applies:

(i) if the ability of the applicable Party (or its applicable subsidiary) to perform the Party’s obligations under this Agreement has not yet been materially been impacted, upon a course of action designed to ensure that, to the extent that it is reasonably practicable to do so, the Party (or its subsidiary) can continue to perform the Party’s obligations under this Agreement as originally contemplated; or

(ii) if the ability of the applicable Party (or its applicable subsidiary) to perform the Party’s obligations under the Agreement has already been materially impacted, corresponding amendments or modifications to such Party’s obligations under this Agreement to mitigate the extent of such impact.

11. If by the CFWG Deadline the CFWG, using reasonable endeavours, either: (i) determines that it is not reasonably practicable to continue this Agreement; or (ii) fails to agree upon a course of action (as applicable) the matter shall be escalated to the Outsourcing Executive Committee with notification to the Outsourcing Management Committee, which has ten (10) Business Days to unanimously determine whether it is reasonably practicable to continue the Agreement, or if a Resolution Failure shall occur.

Dispute Resolution

12. The Parties, and their respective subsidiaries, shall resolve all disputes relating to, or arising out, of either this Agreement in accordance with the Dispute Resolution Procedures.

13. The Parties may agree in writing that they shall determine the dispute, in whole or in part, for and on behalf of all of their respective subsidiaries pursuant to the applicable Dispute Resolution Procedure (a “Centralised Dispute”).

14. The Parties shall keep all of their subsidiaries who may be affected by a Centralised Dispute fully informed of the progress of such Centralised Dispute and shall take reasonable steps to procure

73

that their respective subsidiaries are bound by, and act consistently with, the outcome of the Centralised Dispute.

Dispute Resolution Procedures

15. Calculations Dispute Resolution Procedure

15.1 Initial Discussions

(a) The Parties shall resolve all Calculations Disputes in accordance with the process set out in this paragraph.

(b) If either Party (the “Disputing Party”) reasonably disputes any calculation (a “Calculations Dispute”) made by the other Party (the “Calculating Party”) pursuant to this Agreement, the Disputing Party shall provide the Function Head of the Calculating Party with a Calculations Dispute notice (a “Calculations Dispute Notice”) as soon as reasonably practicable. The Calculations Dispute Notice shall set out in reasonable detail an explanation as to why the Disputing Party disagrees with the calculations performed by the Calculating Party, including, where applicable, the Disputing Party’s good faith calculation of the sums that are subject to the Calculations Dispute. The Disputing Party shall provide its Chief Financial Officer with a copy of the Calculations Dispute Notice at the point of the providing the Calculations Dispute Notice to the Calculating Party.

(c) The Calculating Party shall refer the Calculations Dispute in writing to its Chief Financial Officer (the “Escalation Referral”) within ten (10) Business Days from the date of the Calculating Party receiving the Calculations Dispute Notice, along with a copy of the Calculations Dispute Notice.

(d) Following the Escalation Referral, the Chief Financial Officers will use reasonable endeavours to settle such Calculations Dispute in good faith. If not settled within twenty (20) Business Days of the Escalation Referral, each Party must notify its Accountable Executive and the Outsourcing Management Committee on the twentieth (20th) Business Day from the Escalation Referral.

15.2 Expert Determination

(a) If the Calculations Dispute has not been agreed or settled within twenty (20) Business Days of the Escalation Referral, on the twentieth (20th) Business Day from the Escalation Referral either Party may notify the other that it intends to refer the matter to an Expert (an “Expert Referral Notification”). In this Appendix, “Expert” means a person who: (i) is independent of either Party; (ii) is generally recognised as an expert on the matters relating to the Calculations Dispute; (iii) is a member of, or is employed by, one of the recognized leading actuarial or accountancy consultancy firms (as applicable, depending upon the nature of the Calculations Dispute); and (iv) has at least 10 years of experience in the general insurance industry, or is otherwise selected pursuant to these Dispute Resolution Procedure.

(b) The Parties shall use reasonable endeavours to agree upon an Expert within ten (10) Business Days of the Expert Referral Notification. If the Parties are unable to agree upon an Expert within such period, then the Expert shall be appointed: (i) by either (as applicable, depending upon the nature of the Calculations Dispute) the then-President (or a person in an equivalent position) of the Institute of Chartered Accountants in England and Wales or the Institute and Faculty of Actuaries; or (ii) if such President fails to do so,

74

in accordance with the London Court of International Arbitration (“LCIA”) Arbitration Rules.

(c) The process for resolution of the Calculations Dispute shall be determined by the Expert, who shall act as an expert and not as an arbitrator. The Expert may, in turn, appoint or hire other experts at their discretion.

(d) The Parties shall have the right to make representations to the Expert within the process for resolution of the Calculations Dispute determined by such Expert.

(e) The decision of the Expert shall, in the absence of manifest error, be binding and final on the Parties.

(f) All costs incurred by the relevant Expert (and, if any, all other experts appointed or hired by the Expert) shall be borne by the Parties in equal shares unless the Expert determines otherwise.

(g) Each Party shall, upon any request by the Expert, provide the Expert with such information that is within its possession or control and which has been reasonably required by the Expert, to the extent that such provision is within such Party’s power (without contravention of any law or rule, regulation or direction of any governmental or regulatory authority or any binding agreement).

(h) The Parties shall use all reasonable endeavours to ensure that the Expert will give their decision within thirty (30) Business Days from the date when the Expert is first appointed.

16. Non-Calculations Dispute Resolution Procedure

16.1 Initial Discussions

(a) The Parties shall resolve all Non-Calculations Disputes in accordance with the process set out in this paragraph.

(b) The Disputing Party may send written notice to the Function Head of the other Party (the “Notified Party”) of any Non-Calculations Dispute (a “Non-Calculations Dispute Notice”). The Non-Calculations Dispute Notice shall set out in reasonable detail the nature of the dispute raised by the Disputing Party, and the rationale for such dispute. The Disputing Party shall provide its Chief Operating Officer with a copy of the Non-Calculations Dispute Notice at the point of the providing the Non-Calculations Dispute Notice to the Notified Party.

(c) Within ten (10) Business Days of the Disputing Party issuing the Non-Calculations Dispute Notice, the Disputing Party shall refer the Non-Calculations Dispute in writing to the CFWG (“CFWG Referral”) along with a copy of the Non-Calculations Dispute Notice. The CFWG shall attempt in good faith to resolve such Non-Calculations Dispute by negotiation and consultation between themselves.

(d) If the CFWG is not able to resolve the Non-Calculations Dispute within ten (10) Business Days of receiving the CFWG Referral, it shall be escalated to Outsourcing Management Committee, which shall use reasonable endeavours to resolve the Non-Calculations Dispute within twenty (20) Business Days of the initial CFWG Referral. If the Non-Calculations Dispute is not settled within twenty (20) Business Days of the initial CFWG Referral, either Party may communicate to the other Party that it intends to initiate mediation (the date of such communication being the “Escalation to Mediation Date”).

75

(e) The Parties may, by mutual written agreement, elect to escalate to an Outsourcing Executive Committee Vote rather than involve mediation.

16.2 Mediation

(a) At any time after the Escalation to Mediation Date, either Party may submit the Non-Calculations Dispute to mediation in accordance with the LCIA Mediation Rules, which Rules are deemed to be incorporated by reference into this paragraph.

(b) If the Parties do not resolve the Non-Calculations Dispute within twenty (20) Business Days from the commencement of the mediation process, either Party may communicate to the other Party that it intends to initiate arbitration proceedings (the date of such communication being the “Escalation to Arbitration Date”).

16.3 Arbitration

(a) At any time after the Escalation to Arbitration Date, either Party may refer the Non-Calculations Dispute to be finally settled by arbitration under the LCIA Arbitration Rules, which Rules are deemed to be incorporated by reference into this paragraph.

(b) The tribunal shall consist of three (3) arbitrators, all of which shall be persons (including those who have retired) with not less than ten (10) years’ of experience of insurance or reinsurance in the general insurance industry or as lawyers or other professional advisors serving the general insurance industry or with experience relevant to the subject matter of the Non-Calculations Dispute. Each Party shall nominate one arbitrator, and the two arbitrators nominated by the Parties shall within fifteen (15) Business Days of the appointment of the second arbitrator agree upon a third arbitrator, who shall act as Chairman of the tribunal. If no agreement is reached within fifteen (15) Business Days, the LCIA shall nominate and appoint a third arbitrator to act as Chairman of the tribunal. Each Party expressly agrees and consents to this procedure for nominating and appointing the tribunal.

(c) The language of the arbitration shall be English. All documents submitted in connection with the proceedings shall be in the English language or, if in another language, accompanied by a certified English translation.

(d) The seat and place of arbitration shall be London, England and English law shall be applicable to this arbitration agreement.

(e) The Parties agree to exclude section 69 of the Arbitration Act 1996 from applying to this arbitration agreement.

76

Appendix 6

Standard Contract Disaster Recovery and Business Continuity

1. Finance

1.1 Business Planning

(a) Tolerance Levels

As this service relates to periodic and ongoing regulatory reporting, there is low tolerance to disruptions or delays (up to 24 hours). Non-performance of the service would result in a failure to meet regulatory reporting deadlines and possible financial penalties being incurred.

(b) System Outages

In the event of unavailability of systems, e.g. Oracle, Anaplan, the Service Provider will temporarily cease activities insofar as data from these systems required. The Service Provider will continue to operate other aspects of the regulatory reporting process on a best-efforts basis. If system outages persist and outputs from the service are required, the Service Recipient may instruct the Service Provider to prepare regulatory filings on the basis of the most recently available back-up data, adjusted for known events.

(c) Staffing Shortages

If the service is disrupted due to a shortage of staff, the Service Provider will make commercially reasonable efforts to return the service to normal service levels within one month. If the disruption persists beyond a month, the Service Provider will:

- redeploy staff from elsewhere within the Service Provider organisation, primarily Finance services, to work on planning activities;

- begin recruitment for FTCs; or

- approach a third-party accounting outsource firm.

1.2 Management reporting

(a) Tolerance Levels

As this service relates to a reporting process that operates on a monthly and quarterly basis, there is moderate tolerance to disruptions or delays (up to one week). Non-performance of the service would result in the Service Recipient management having insufficient information to manage the business.

(b) System Outages

In the event of unavailability of systems, e.g. Oracle, Anaplan, the Service Provider will temporarily cease activities insofar as data from these systems is required. The Service Provider will continue to operate other aspects of the management reporting process on a best-efforts basis, using EUC solutions. If system outages persist and outputs from the service are required (e.g. past quarter close), the Service Provider will make commercially reasonable efforts to produce management information using a working paper process and alternative data sources to produce summary management information for short-term management until full service can be restored.

77

(c) Staffing Shortages

If the service is disrupted due to a shortage of staff, the Service Recipient will make commercially reasonable efforts to return the service to normal service levels within one week. If the disruption persists beyond one week, the Service Provider will:

- redeploy staff from elsewhere within the Service Provider organisation, primarily Finance services, to work on reporting activities;

- begin recruitment for FTCs; or

- approach a third-party accounting outsource firm.

34.1 Technical accounting

(d) Tolerance Levels

As this service relates to ongoing accounting processes, there is moderate tolerance to disruptions or delays (up to one week). Non-performance of the service would result in a backlog of processing activity accumulating, which would require clearing prior to financial reporting occurring.

(e) System Outages

In the event of unavailability of systems, e.g. Oracle, the Service Provider will temporarily cease activities insofar as data from these systems is required. The Service Provider will continue to operate other aspects of technical accounting on a best-efforts basis, using end-user computing (“EUC”) solutions. If system outages persist beyond one week, the Service Provider will make commercially reasonable efforts to produce required technical accounting information using a working paper process. The Service Provider will enter the data maintained off-system during the outage into the relevant system within one month of the system outage event occurring.

(f) Staffing Shortages

If the service is disrupted due to a shortage of staff, the Service Recipient will make commercially reasonable efforts to return the service to normal service levels within one week. If the disruption persists beyond one week, the Service Provider will:

- redeploy staff from elsewhere within the Service Provider organisation, primarily Finance services, to work on reporting activities;

- begin recruitment for FTCs; or

- approach a third-party accounting outsource firm.

The Service Provider will eliminate any backlog developing as a result of staffing shortages within one month of the staffing shortage event occurring.

1.3 Payroll processing

(a) Tolerance Levels

As this service relates to payroll payments to employees, there is minimal tolerance to disruptions or delays (up to 24 hours). Non-performance of the service would result in the Service Recipient

78

breaching its contractual obligations to employees, loss of employee morale, and potential resignations.

(b) System Outages

In the event of unavailability of systems, e.g. Oracle, the Service Recipient will omit journalisation of payroll balances until the system becomes available, and make payroll payments to employees manually, making commercially reasonable efforts to ensure employees receive payroll on-time. The Service Provider will maintain payroll records off-system until service is restored, at which point the Service Provider will enter data maintained off-system during the outage back into the relevant system.

(c) Staffing Shortages

If the service is disrupted due to a shortage of staff, the Service Recipient will make commercially reasonable efforts to ensure employees receive payroll on-time. The Service Provider will redeploy staff from elsewhere within the Finance function to manage payroll processing or hire an FTC available at immediate notice to perform the activity.

2. Information Technology

2.1 Core Infrastructure

The core shared infrastructure provided to the Service Recipient includes several layers of resilience to ensure continuity of their systems, data and processes.

(a) Data Centres

The core environment is based on a hybrid cloud model. The physical data centres are geographically diverse and feature physical security controls, redundant power and environmental controls, and real time environmental monitoring. The cloud-based data centre uses a Microsoft Azure tenancy.

(b) Servers

The servers to be used by the Service Recipient will use a virtualization model. Virtual servers will be created on virtualization hosts in the physical data centres or in the Azure tenancy. These servers can be transferred between hosts easily. Designated production servers are replicated in near real time to a disaster recovery data centre in the using Microsoft’s Azure Site Replication. Designated servers will also be backed up nightly to a local backup appliance and ultimately to a cloud-based backup service.

(c) Data

Data on the file servers of the Service Recipient will also enjoy additional protection. Shadow copies will be available to recover recent versions of user files. Data on the file servers will be replicated in real time between the geographically diverse physical data centres to provide additional redundancy.

In the event of a failure to the data centres, servers or data, there are several options to continue operations.Should a user lose some data, it can be recovered from a shadow copy, a local backup, a cloud-based backup, or the disaster recovery data centre. Should a server fail, it can be spun up on another host in the same data centre, a host in a different data centre, recovered from a local or nightly backup, or brought up in the disaster recovery data centre. Should an

79

entire data centre fail, the affected servers can be brought online in another physical data centre or the disaster recovery environment.

(d) Network

The various data centres and physical offices provided to the Service Recipient as part of the shared infrastructure are connected by a wide area network relying on secure encrypted VPNs over the internet. Each office and data centre will feature primary and secondary internet connections provided by different providers as well as redundant hardware to protect against failures.

The Active Directory service that controls the user security of the network will feature redundant Active Directory servers in each of the physical data centres and the Azure cloud to allow for resilience.

2.2 End User Computing and Collaboration

(a) End User Computing and Collaboration

The standard package of end user hardware and software provided to the users will be based on a ‘work from anywhere model’. Users will be provided with a laptop built to a standard image that includes the capability to make a secure encrypted connection to the core infrastructure network over any standard internet connection. Users will also have access to industry standard collaboration tools (e.g., Cisco Webex, Microsoft Teams, etc.) and teleconference facilities. In the face of any disruption to the offices, users will be able to continue to collaborate with their peers and access the corporate network and systems as normal from anywhere there is a suitable internet connection.

2.3 Staff Availability

(a) Support

The Service Provider is providing various operational support services to the Service Recipient to augment its own first and second line support capabilities. The staffing levels for the services will be determined as part of an annual strategy review between the two parties. Should the support services be disrupted due to a shortage of staff, the Service Provider will use commercially reasonable efforts to source additional support personnel.

(b) Application Development

The Service Provider is providing bespoke application development services to the Service Recipient. The staffing levels for this service will be determined as part of an annual strategy review between the two Parties. Should the development services be disrupted due to a shortage of staff, the Service Provider will use commercially reasonable efforts to source additional development personnel.

(c) Strategic Support

The Service Provider is providing access to its strategic IT and cyber security expertise to the Service Recipient to augment the Service Recipient’s own internal capabilities. The Service Provider will maintain commercially reasonable depth of expertise in its IT team to mitigate any potential key man risk that might impact the Service Provider.

80

Appendix 7

Exit Provisions and Exit Plan

(A) Exit Provisions

1. The Service Provider shall maintain an exit plan (an “Exit Plan”) (the initial draft of which is appended to the Agreement in this Appendix 7), which shall incorporate the following features that shall apply in an exit and which shall be capable of delivering the success criteria set out below:

(a) a process for orderly transfer of the business to an alternative third-party service provider(s) or to one or more Insurance Group entities (wholly or in part) at the Insurance Group’s absolute option and in line with Applicable Law;

(b) obligations to co-operate with the other Party and any designated transferee including any third party service provider;

(c) the facility for a partial exit, in which certain Services cease whilst certain Services continue on an exit basis;

(d) where the Service Recipient considers there is the reasonable prospect of the MGU Group entities losing key personnel as a result of termination or being unwilling to provide Exit Services in breach of contract, at the Service Recipient’s absolute discretion, Insurance Group entities may hire all or selected staff (including employees or temporary staff or contractors) from the MGU Group entities (subject to applicable employment laws, save that non-compete or non-poaching provisions shall not apply);

(e) where the Service Recipient considers there is the reasonable prospect of the MGU Group entities being unable to provide Exit Services due to insolvency, at the Service Recipient’s absolute discretion, Insurance Group entities may take steps to procure or provide funding to the corresponding MGU group entity to ensure continuity of Services during the exit period (e.g., to allow continuity of software licences for material systems or orderly wind down);

(f) where the Service Recipient considers there is the reasonable prospect of the MGU Group entities losing staff as a result of termination or being unwilling to provide Exit Services in breach of contract, at the Service Recipient’s absolute discretion, the right of the Insurance Group to exercise step-in rights;

(g) an obligation to facilitate retrieval of material source codes that have been placed in escrow;

(h) the Service Provider and the MGU Group entities and the Service Recipient and the Insurance Group entities shall each be obliged to take such steps as are necessary to perfect or give effect to such Exit Plans (including activities in relation to escrow, software licenses, and transfer of IPR or other assets (include employees), providing training to new or transferring staff during exit period);

(i) the Service Provider and the MGU Group entities shall make appropriate resources available to the Service Recipient and the Insurance Group entities as necessary to execute and deliver Exit Services and Exit Plans. Such resources shall have necessary seniority, skills, and capacity to deliver Exit Services including IT SME skills, information and data extraction skills, and relevant actuarial skills;

81

(j) where the Service Recipient considers there is the reasonable prospect of the Service Provider and the MGU Group entities being unwilling or unable to provide Exit Services, the Service Recipient shall have the option to enter into an immediate emergency de facto license of software and IPR (including source code) for proprietary systems at a reasonable fee commensurate with market rate. This de facto license shall be limited by time to a reasonable period of twenty four (24) months to allow for exit and transfer to an alternative provider and shall end at the point of a properly documented written licensing agreements being executed. The Parties will use their reasonable endeavours to secure such written licenses within sixty (60) Business Days of an exit event necessitating such license (noting that this is intended to apply where there is a stressed exit and a reasonable prospect of the Service Provider being unable or unwilling to continue its business or provide Services);

(k) where the Service Recipient considers there is the reasonable prospect of the Service Provider and the MGU Group entities being unwilling or unable to provide Exit Services, any Insurance Group entity will have a preferential right of first refusal to license or acquire IPR in any licensed proprietary systems (following due process) at a reasonable fee commensurate with market rate; in the event of IPR for proprietary systems required for Exit Services being transferred to a third party, such transfer will be subject to the Service Recipient and any of its group entities having rights to a license for so long as necessary to complete the run-off and the exit period under the Binder Agreements and this Agreement;

(l) the Parties agree to take all reasonably necessary and prudent steps to ensure systems can be accessed and information and data can be provided to be able to run the business of the Service Recipient and the Insurance Group entities during the exit period and run-off;

(m) all necessary confidential information and personal data shall be extracted and provided in a format that is acceptable to the Service Recipient and the Insurance Group entities on an agreed date – such extracts are presumed to be the close of business position backed up on the date immediately before the termination event causing exit plans to be involved. Such confidential information and personal data shall be provided in order in accordance with the high, medium, low prioritisation of Services as set out in Appendix 2 (Services); and

(n) the Parties agree that the Exit Plan requires an holistic approach across organisations and therefore the Exit Plan will be prepared and implemented with Group level consideration to ensure management has a chance to consider systemic issues in the round and plan and prioritise accordingly for the Insurance Group as a whole, recognising the closely aligned operating models of each of the Insurance Group’s component entities and the need to provide policyholder protections in an optimal way; neither Party will unduly prioritise one jurisdiction or entity over another during this process.

2. The Parties agree that they will adopt a spirit of cooperation in running off the Services. In particular, the Service Recipient shall:

(a) where the Service Recipient decides to bring all or part of any functions in-house, as soon as reasonably practicable after making such determination and where reasonably practicable, initiate discussions with the Service Provider regarding: (i) the existing Service Provider staff that it intends to hire; and (ii) how the TUPE (or equivalent) procedure will apply to the transfer of Service Provider staff in such circumstances. The Parties will use reasonable endeavours to reach an agreement regarding the transfer of staff as part of these discussions; and

82

(b) where reasonably practicable, initiate prior discussions with the Service Provider prior to exercising any step-in rights, or transferring functions to a third party service provider,

and the provisions of this Exit Plan shall be read consistently with this paragraph 2.

3. Upon the termination of the Agreement, the Service Provider shall continue to perform its obligations in accordance with the terms of the Agreement and otherwise cooperate for the exit period.

4. The exit period shall be a period of twelve (12) months from the date of termination notice or such lesser period if otherwise instructed in writing by the Service Recipient; if the Agreement does not roll pursuant to Clause 9.2, the exit period shall be the final Contract Year of the Agreement. The Service Recipient shall give at least six (6) months written notice to the Service Provider of its intention to end Exit Services earlier than the standard exit period.

5. During the exit period the Service Provider shall co-operate with any instructions from a person authorised by the Service Recipient pursuant to Clause 4.34.1.34.3, including any instruction to transfer provision of the Services or the Agreement to an entity in the Insurance Group or to such third party service provider as the Service Recipient may require.

6. The Service Recipient and Service Provider will jointly develop and maintain a crisis communications plan in order to inform all internal and external stakeholders in the event of exit.

7. Services provided during the exit period shall be known as Exit Services.

Success Criteria

This section of this Appendix sets out the mutually agreed success criteria, principles, and approach to exit in the following scenarios:

8. Stressed Exit (of all Services) – on immediate termination or termination for Resolution Failure or non-remedied breach after cure period as set out in Clause 10 (Termination);

9. Non-Stressed Exit (of all Services) – on termination where notice is given; and

10. Non-Stressed Exit of a Service – where notice is given to terminate one or more Service but not all Services.

Detail of Service-specific exit approaches (including Exit Plan principles, resources responsible for implementing the Exit Plan, critical data required, systems required to support the exit, alternative third-party service providers) are set out in the relevant Service Schedule in Appendix 2 (Services).

11. Stressed Exit (of all Services)

The Service Recipient remains fully responsible for discharging all of its obligations under Applicable Law. In the context of Stressed Exit, this means that the Service Recipient will step in to ensure to ensure continuity of services to policyholders and other stakeholders (such as Regulatory Authorities). This may mean that the Service Recipient, at its absolute discretion, brings or builds Service delivery functionality internally or initiates transition to a different third-party service provider at the first opportunity, subject to all necessary checks, governance and approvals and Applicable Law.

Triggers for Stressed Exit

83

Triggers are linked to the termination provisions in Clause 10 (Termination) and is most likely to occur in the event of immediate termination rights or termination linked to uncured breach – including by way of example only:

(a) breakdown of relationship between the Service Provider and Service Recipient such that the Service Provider is no longer willing to supply Services;

(b) material or persistent breach of the Agreement;

(c) change of control of the Service Provider to a competitor; or

(d) insolvency of the Service Provider

Successful Exit criteria

(e) Business critical services (indicated as High Priority Services in the Service Schedules in Appendix 2 (Services)) are transitioned promptly with minimal disruption – minimal/non-material financial loss, reputational damage, or regulatory intervention.

(f) Standard services (indicated as Medium Priority Services in the Service Schedules in Appendix 2 (Services)) are transitioned with small delay, such that any resulting backlog is resolved within 1 month.

(g) Non-critical services (indicated as Low Priority Services in the Service Schedules in Appendix 2 (Services)) are transitioned with small delay, such that any resulting backlog is resolved within 3 months.

General principles

Business Criticality

(h) Claims, Reserving and financial and regulatory reporting are critical Services that require primary focus for implementing exit plans.

(i) Due to the nature of the Service Recipient’s business, primarily serving corporates and more sophisticated policyholders, claims adjusting activity is a generally lengthy process, and able to tolerate brief delay or periods of non-availability, allowing for invocation of contingency plans.

(j) Reserving and financial and regulatory activities are performed on a quarterly basis for external reporting activity and are able to tolerate brief delays and periods of non-availability, even close to deadlines, allowing for invocation of exit plans.

(k) Other functions are able to tolerate delays and periods of non-availability without significant issues arising, enabling invocation of all other exit plans.

People

(l) If transferring the Services into the Insurance Group, the Service Recipient will as soon as possible acquire staff to deliver Service, in any combination at the Service Recipient’s option in order of preference for immediate availability:

(i) acquiring the Service Provider’s staff assets;

84

(ii) exercising ‘right to employ’ certain of the Service Provider’s employees (including contracting with temporary resources);

(iii) approaching a third-party administrator or outsourcing provider to provide people to operate the Services quickly, dependent on skill level required; and

(iv) Service Recipient to begin recruitment immediately for appropriately skilled temporary resources, FTCs, or FTEs to fill any resource requirements.

(m) Subsequent to meeting immediate staffing requirements, the Service Recipient may make an assessment of the target operating model (“TOM”) for the Service, and subsequently adjust staffing mix to match TOM requirements.

(n) If moving to a third-party service provider, the Service Recipient will immediately tender a service contract. If unable to immediately engage a new service provider, the Service Recipient will use the ‘right to employ’ to engage Service Provider’s staff as required to facilitate the transition.

Systems & Data

(o) Service Recipient to take IT delivery services in-house at first opportunity.

(p) Service Recipient to exercise ‘step-in’ rights including acquiring the right to use Service Provider’s IPR, shared infrastructure, and novation into any back-to-back service agreements.

(q) Service Recipient to begin service delivery as soon as reasonably practicable, within five (5) Business Days, either:

(i) acquiring existing Service Provider infrastructure and continuing delivery as-is; or

(ii) acquiring Service Provider backups of servers, acquiring own hosting etc.

(r) Service Recipient to acquire data extracts from Service Provider’s data warehouse in user-readable format; use data extracts to perform business critical activities as a working paper process until systems are available to process transactions.

(s) Service Provider to destroy Service Recipient’s data only upon written request by a person authorised by Service Recipient pursuant to Clause 4.3; if Service Provider is unable to destroy data, Service Recipient will exercise step-in rights to do so where necessary.

12. Non-Stressed Exit (of all services)

Possible triggers for exit

Agreement is not renewed at annual renewal, with 9 years remaining until full exit from the Agreement in line with Clause 9.2.2.

Successful exit criteria

(a) Services are transitioned with negligible disruption - limited to scheduled down-time to facilitate transition of Services.

85

(b) Services are operational in-line with transitional timeline, with any transitory service disruption resolved within one month of the cut-over date.

General principles

(c) Service Recipient and Service Provider will jointly develop and agree a Transition Plan within three months of the minimum term not rolling under Clause 9.2. The timeline may consist of such activities as:

(i) identification of capabilities required to allow the Service Recipient’s business to continue (c. two (2) years prior to the Agreement end date); and

(ii) development of strategy to meet capability requirements (c. eighteen (18) months prior to the Agreement end date):

(B) Sourcing of staff - Service Provider transfers, FTEs/FTCs, third parties.

(C) Systems - replacement Policy Administration System, licensing of Service Provider IPR where applicable, etc.

(D) Premises - locations, leases, fit-out, etc.

(a) Operationalisation of strategy/operational readiness planning (c. twelve (12) months prior to the Agreement end date):

(i) Process design;

(ii) Identification of workstreams/major work areas;

(iii) Identification of long-lead items; and

(iv) PMO establishment.

(b) Implementation occurring for twelve (12) months in advance of Agreement end date.

(c) Parallel running of new operations for three months in advance of Agreement end date.

2. Non-Stressed Exit of Individual Service(s)

Possible triggers for exit

(a) Mutual agreement to terminate parts of the Agreement or a Service.

(b) Service Recipient intends to bring a Service back in-house for strategic/regulatory purposes.

(c) Services or systems offered by the Service Provider no longer meet the strategic priorities or functional needs of the Service Recipient.

(d) Service Recipient begins writing business with another insurance distribution partner, requiring in-housing of services handling sensitive information (e.g. reinsurance purchasing).

Successful exit criteria

86

(e) Service(s) being exited is transitioned with negligible disruption - limited to scheduled down-time to facilitate transition of services.

(f) Service(s) being exited is operational in-line with transitional timeline, with any transitory service disruption resolved within one month of the cut-over date.

General principles

(g) Service Recipient and Service Provider agree a transition period for the Service(s) being exited, being sufficient for a smooth transition to in-house delivery or to another third-party provider at the discretion of the Service Recipient.

(h) Service Provider to co-operate and provide Exit Services (e.g. data extracts from systems, off-boarding, hand-offs to new suppliers).

(i) Service Provider to maintain operational Service continuity, with no degradation of Service quality or timeliness, until the Service Recipient has fully exited the Service.

(j) Perform a reassessment of Service scope, SLAs and governance for appropriateness following exit of specific Service, in particular where there are dependencies between terminated Service and persisting Services.

People

(k) Service Recipient to identify new workforce:

(i) Service Recipient to begin recruitment of FTE/FTCs or tender contract during transition period;

(ii) Service Recipient to engage and pay for any specialists/professional services needed to facilitate the transition; and

(iii) Service Recipient may employ (or be required to offer based on TUPE Regulations) where Service Recipient identifies key staff or teams that presently deliver Service to the Service Recipient.

Systems & Data

(l) Service Provider to provide Service Recipient with complete detailed transaction history from systems where required to allow migration or in-housing of Services.

(m) Service Provider to provide reasonable support off-boarding from Service Provider systems.

(n) Where relevant, Service Provider to provide access to third party service provider to Service Provider-hosted systems used by the Service Recipient to conduct activities.

(E) Exit Plans by Service

Finance

1.1 Business Planning

1.1.1 Non-stressed exit principles

87

The Service Recipient will, prior to the service end date, undertake a strategic The Service Recipient will, prior to the service end date, undertake an assessment of the future target operating model of the function. With sufficient time before the service end date, the Service Recipient will exercise its right to hire existing Service Provider staff under the TUPE (or equivalent) procedure. If the resource level from staff transferred under TUPE (or equivalent) is insufficient, the Service Recipient will conduct recruitment activities for FTEs and FTCs, such that the function is fully staffed prior to the end date and no break in activity occurs.

The Service Provider will provide reasonable exit assistance to the Service Recipient, including facilitation of the transfer of employees, and provision of all data and reporting to facilitate the exit.

1.1.2 Stressed exit contingency plan principles

The Service Recipient will exercise its right to hire existing Service Provider financial planning and analysis (“FP&A”) staff under the TUPE (or equivalent) procedure and bring business planning in-house.

1.1.3 Resources responsible for implementing the contingency plan

The Service Recipient CFO is responsible for the contingency plan, with involvement of CUO as required.

1.1.4 Critical data to be handed over to the Service Recipient

All commercially sensitive actuarial data, including:

- Premium and claims experience data (gross and RI)

- Aggregation data

- Standard Formula data

- BSCR data

All planning artefacts in use, such as:

- Templates

- Models

- Forecasting tools

1.1.5 Alternative systems

Anaplan is a readily available vendor package; in the event of an exit, the Service Recipient will be able to implement its own instance of Anaplan in the medium-term. Spreadsheet-based business planning would be a suitable alternative in the short-term if necessary.

1.1.6 Alternative third-party support

FP&A roles are a commodity high-skill role; roles may be replaced with FTCs or FTEs with a readily available skillset.

88

1.2 Management reporting

1.2.1 Non-stressed exit principles

The Service Recipient will, prior to the service end date, undertake an assessment of the future target operating model of the function. With sufficient time before the service end date, the Service Recipient will exercise its right to hire existing Service Provider staff under the TUPE (or equivalent) procedure. If the resource level from staff transferred under TUPE (or equivalent) is insufficient, the Service Recipient will conduct recruitment activities for FTEs and FTCs, such that the function is fully staffed prior to the end date and no break in activity occurs.

The Service Provider will provide reasonable exit assistance to the Service Recipient, including facilitation of the transfer of employees, and provision of all data and reporting to facilitate the exit.

1.2.2 Stressed exit contingency plan principles

The Service Recipient will exercise its right to hire existing Service Provider management reporting staff under the TUPE (or equivalent) procedure and bring credit control in-house.

1.2.3 Resources responsible for implementing the contingency plan

The Service Recipient CFO is responsible for the contingency plan, with involvement of other specialised resource within the finance function as required.

1.2.4 Critical data to be handed over to the Service Recipient

Management accounting records contained within Anaplan

1.2.5 Alternative systems

Anaplan is a readily available vendor package; in the event of an exit, the Service Recipient will be able to implement its own instance of Anaplan in the medium-term. Spreadsheet-based business planning would be a suitable alternative in the short-term if necessary.

1.2.6 Alternative third-party support

Management reporting roles are a commodity high-skill role; roles may be replaced with FTCs or FTEs with a readily available skillset.

1.3 Technical accounting

1.3.1 Non-stressed exit principles

The Service Recipient will, prior to the service end date, undertake an assessment of the future target operating model of the function. With sufficient time before the service end date, the Service Recipient will exercise its right to hire existing Service Provider staff under the TUPE (or equivalent) procedure. If the resource level from staff transferred under TUPE (or equivalent) is insufficient, the Service Recipient will conduct recruitment activities for FTEs and FTCs, such that the function is fully staffed prior to the end date and no break in activity occurs.

89

The Service Provider will provide reasonable exit assistance to the Service Recipient, including facilitation of the transfer of employees, and provision of all data and reporting to facilitate the exit.

1.3.2 Stressed exit contingency plan principles

The Service Recipient will exercise its right to hire existing Service Provider management reporting staff under the TUPE (or equivalent) procedure and bring credit control in-house

1.3.3 Resources responsible for implementing the contingency plan

The Service Recipient CFO is responsible for the contingency plan, with involvement of other specialised resource within the finance function as required.

1.3.4 Critical data to be handed over to the Service Recipient

n/a - The Service Provider delivers the service directly into the Service Recipient’s GL, no further data is required.

1.3.5 Alternative systems

n/a - Service Recipient has dedicated GL system.

1.3.6 Alternative third-party support

Technical accounting roles are moderately skilled; roles may be replaced by an outsourced service provider, FTCs, or FTEs with a readily available skillset.

1.4 Payroll processing

1.4.1 Non-stressed exit principles

The Service Recipient will, prior to the service end date, undertake an assessment of the future target operating model of the function, in conjunction with the Payroll Systems and Administration services provided under paragraph 3.2.5 of Appendix 2 (Services). With sufficient time before the service end date, the Service Recipient will determine whether dedicated resource is required to perform the activity, and if so, will conduct recruitment activities for FTEs and FTCs, such that the function is fully staffed prior to the end date and no break in activity occurs.

The Service Provider will provide reasonable exit assistance to the Service Recipient, including provision of all data and reporting to facilitate the exit.

1.4.2 Stressed exit contingency plan principles

The Service Recipient will assign the payroll processing task to one of the Service Recipient’s Finance staff qualified to perform the role, giving consideration to the interdependency with the Payroll Systems and Administration services provided under paragraph 3.2.5 of Appendix 2 (Services).

1.4.3 Resources responsible for implementing the contingency plan

90

The Service Recipient CFO is responsible for the contingency plan, with involvement of other specialised resource within the finance function as required.

1.4.4 Critical data to be handed over to the Service Recipient

n/a

1.4.5 Alternative systems

n/a - Service Recipient has dedicated GL system.

1.4.6 Alternative third-party support

Technical accounting roles are moderately skilled; roles may be replaced by an outsourced service provider, FTCs, or FTEs with a readily available skillset.

2. IT

2.1 Cyber Security Programme Execution and Monitoring

In the event of a non-stressed exit, the agreed premises and relevant parts of the shared infrastructure will revert to the Service Provider. It is the expectation that the Service Recipient will set up and maintain its own corporate infrastructure including cyber security capabilities. During the interim period, the Service Provider will continue to provide the Cyber Protection services for up to 1 year from the notice of termination.

In the event of a stressed exit, the relevant infrastructure and cyber tools of the Service Provider would need to be transferred to the Service Recipient in order to continue operations.

2.2 Cyber Security Programme Design

The Service Recipient will be responsible for its own cyber security programme design.

2.3 Videoconference Support

In the event of a non-stressed exit, the relevant parts of the shared infrastructure will revert to the Service Provider and the Service Recipient will be expected to establish its own infrastructure and videoconferencing capabilities. The Service Provider will continue to provide the service for up to 3 months in the interim.

In the event of a stressed exit such that the Service Provider ceases to operate the Service Recipient will seek to acquire the relevant parts of the shared infrastructure.

2.4 Desktop Hardware Provisioning

In the event of a non-stressed exit, the Service Recipient will hire its own staff or contractors to take over operation of the Service. The Service Provider will transfer any hardware held on the Service Recipient’s behalf to the Service Recipient and novate contracts in the Service Provider’s name.

In the event of a stressed exit, the above scenario continues to apply. The Service Provider will facilitate the exit with reasonable support dependent on the circumstances.

2.5 Office 365 Provisioning

91

In the event of a non-stressed exit, the Service Recipient is expected to take over operation of the service by establishing its own e-mail service. In the interim period while the Service Recipient is establishing its own e-mail service, the Service Provider will continue to provide the service for up to six months. In addition, by request the Service Provider will provide in an electronic format (e.g. Outlook data files, Outlook message files) up to a year’s worth of archived e-mails.

In the event of a stressed exit such that the Service Provider ceases operations, the Service Recipient will seek to acquire the Outlook 365 tenancy of the Service Provider.

2.6 Small Licence Provisioning

In the event of a non-stressed exit, the Service Recipient will hire its own staff or contractors to take over operation of the service.

In the event of a stressed exit, the above scenario continues to apply. The Service Provider will facilitate the exit with reasonable support dependent on the circumstances.

2.7 Mobile Device Provisioning

In the event of a non-stressed exit, the Service Recipient will hire its own staff or contractors to take over operation of the Service. The Service Provider will transfer any hardware held on the Service Recipient’s behalf to the Service Recipient and novate contracts in the Service Provider’s name.

In the event of a stressed exit where the Service Provider ceases operations, the Service Provider shall have step in rights to the service contracts with Vodafone/Digicel if they do not already have them.

2.8 Core Infrastructure -Network

In the event of a non-stressed exit, the agreed premises and the relevant parts of the shared infrastructure will revert to the Service Provider. It is the expectation that the Service Recipient will set up and maintain its own corporate network in order to conduct its business operations. During the interim period, the Service Provider will continue to provide the network services for up to 1 year from the notice of termination.

In the event of a stressed exit, the Service Recipient will seek to acquire the people and hardware of the Service Provider in order to continue operations.

2.9 Active Directory Security

In the event of a non-stressed exit, the agreed premises and the relevant parts of the shared infrastructure will revert to the Service Provider. It is the expectation that the Service Recipient will set up and maintain its own corporate network in order to conduct its business operations. During the interim period, the Service Provider will continue to provide the Active Directory services for up to 1 year from the notice of termination.

In the event of a stressed exit, the Service Recipient will seek to acquire the people and hardware of the Service Provider in order to continue operations.

2.10 Server Provisioning

92

In the event of a non-stressed exit, the agreed premises and the relevant parts of the shared infrastructure will revert to the Service Provider. It is the expectation that the Service Recipient will set up and maintain its own corporate network in order to conduct its business operations. The Service Provider shall provide access to the file system and configurations of the Service Recipient’s servers such that the Service Recipient can transfer its data to its new servers. During the interim period, the Service Provider will continue to provide the Server services for up to 1 year from the notice of termination.

In the event of a stressed exit, the Service Recipient will seek to acquire the people and hardware of the Service Provider in order to continue operations.

2.11 Backup Service

In the event of a non-stressed exit, the agreed premises and the relevant parts of the shared infrastructure will revert to the Service Provider. It is the expectation that the Service Recipient will set up and maintain its own corporate infrastructure. The Service Provider shall provide access to the backups it facilitated on behalf of the Service Recipient. During the interim period, the Service Provider will continue to provide the Server services for up to 1 year from the notice of termination.

In the event of a stressed exit, the Service Recipient will seek to acquire the hardware and backup contract of the Service Provider in order to continue operations.

2.12 Disaster Recovery Service

In the event of a non-stressed exit, the agreed premises and the relevant parts of the shared infrastructure will revert to the Service Provider. It is the expectation that the Service Recipient will set up and maintain its own corporate infrastructure including disaster recovery capabilities. During the interim period, the Service Provider will continue to provide the Disaster Recovery services for up to 1 year from the notice of termination.

In the event of a stressed exit, the Service Recipient will need the right to acquire the managed service DR contract and content of the Service Provider in order to continue operations.

2.13 IT Strategy Support

The Service Recipient will be responsible for its IT Strategy Support design. The Service Recipient and the Service Provider will meet annually to align their designs and ensure that the exit planning around IT Strategy Support remains sufficiently covered by the exit planning for the other services referred to in this section 2.

2.14 Bespoke Application Helpdesk

In the case of a non-stressed exit, the expectation is that the Service Recipient will stand up their own systems and cease using the licenced bespoke applications. In that case, the bespoke application helpdesk would become redundant. The Service Provider would continue to provide the application helpdesk service for up to 1 year or until the Service Recipient stands up their replacement systems.

In the case of a stressed exit, the Service Recipient shall have step in rights to the developer contracts of the Service Provider.

2.15 Infrastructure Support Helpdesk

93

In the event of a non-stressed exit, it is expected the Service Recipient shall stand up its own infrastructure and helpdesk capabilities. The shared infrastructure shall revert to the Service Provider and the infrastructure helpdesk would become redundant. In the interim period or until the Service Recipient can establish its own Infrastructure, the Service Provider shall continue to provide the Infrastructure Helpdesk until the shared infrastructure reverts to the Service Provider.

In the event of a stressed exit where the Service Provider ceases to operate, the Service Recipient shall seek to acquire the relevant parts of the shared infrastructure and helpdesk service.

2.16 Third-Party Vendor Support Helpdesk

In the case of a non-stressed exist, the Service Recipient would be expected to provision their own 3rd party support contracts. The Service Provider would continue to provide their 3rd Party Support service for up to 1 year in the interim.

In the case of a stressed exit where the Service Provider ceased operations, the Service Provider should have the right to novate and assume the support contracts previously in place with the Service Provider.

2.17 Seconded Developers

In the case on a non-stressed exit, the Service Recipient would stop licencing the bespoke developed systems and this service would become redundant. The Service Provider would continue to provide the 2nd line support service for up to 1 year in the interim as the Service Recipient replaced its systems.

In the case of a stressed exit where the Service Provider ceased to function the Service Recipient would seek the right to acquire the people and systems of the Service Provider.

94

Appendix 9

Remediation and Consequences from KPIS and SLA Shortfalls

1. Shortfalls

(a) this Appendix applies if the Service Provider does not achieve any one or more of the SLAs set out in any of the schedules at Appendix 2 (Services) or otherwise incorporated into this mechanism; and

(b) that breach of the SLA does not amount to a material breach giving rise to termination or if the Service Recipient elects not to exercise termination rights as set out in Clause 10 (Termination);

and these shall be known as “Shortfalls” which shall be notified promptly by the Service Recipient to the Service Provider when they arise.

2. Service Credits for Shortfalls

(a) The Service Provider will remedy Shortfalls once notified of them within a period agreed with the Service Recipient both Parties acting reasonably.

(b) In the event that a Shortfall is not remedied within any agreed remediation period it shall be eligible for a Service Credit.

(c) For Services in this Agreement and any other agreements between the parties incorporating this Service Credit mechanism by reference, which shall include the Framework Agreement and the Binder Agreements, shall result in a reduction in Fee Profit.

(d) Service Credits shall compound however in any particular month the Service Credits cannot exceed the total Fee Profit nor shall they give rise to any further right of deduction or set off.

(e) For the avoidance of doubt KPIs are provided to the Service Recipient for monitoring purposes only, breach of a KPI does not result in a Service Credit.

(f) Service Credits shall not be eligible in respect of Shortfalls during the first six months of this Agreement with this period commencing on Commencement Date, or alternatively 6 months after conclusion of the first year-end close accounting process if this year end occurs within less than six months of the commencement of this Agreement (“Grace Period”).

102

SLA basis	Service credits basis	Service Credit per Shortfall (i.e. deduction of Fees Profit)
SLAs measured on a daily / weekly basis	If there is a daily measurement Shortfall in any particular week then that shall count as one Type A Service Credit for that week. If there is a weekly measurement Shortfall in any particular then that shall count as one Type A Service Credit for that week.	1 to 5 Shortfalls = No Deduction 5 to 10 = Fee Profit reduced by 0.5% (i.e 5% to 4.5%) 10 - 15 = Fee Profit reduced by 1% (i.e. 4.5 to 3.5%) 15+ = Fee Profit reduced by increments of 0.5% for each 5 further Shortfalls
SLAs measured on a monthly basis	If there is a monthly measurement Shortfall in any particular year then it shall count as one Type B Service Credit for that month.	1 to 5 Shortfalls = No Deduction 5 to 10 = Fee Profit reduced by 1% (i.e. 5% to 4%) 10 - 15 = Fee Profit reduced by 1% (i.e. 4% to 3%) 15+ = Fee Profit reduced by increments of 1% for each 5 further Shortfalls

3. Process for claiming and applying Service Credit

(a) On a quarterly basis, if not already identified in the normal course the Service Recipient will identify any Service Credits that it wishes the Service Provider to apply. The Service Recipient Accountable Executive will notify the Service Provider Accountable Executive (COO) with a copy to the Chief Financial Officer in writing at least ten (10) Business Days prior to the following quarter-year end if it wishes to claim Service Credits.

(b) If accepted by its Accountable Executive, the Service Provider will apply the Service Credits to the next invoice for Fees as part of the invoicing process set out in Appendix 1 (Fees).

(c) In the event the Service Provider does not accept the request, the matter will initially be referred for discussion between the Accountable Executives of each Party.

(d) If the matter cannot be resolved within ten (10) Business Days of such referral, it will be treated under the appropriate governance and dispute resolution provisions in Appendix 5 (Contract Governance, Accountabilities, Escalation, and Dispute Resolution) at the Service Recipient’s absolute discretion depending on the nature of the reason why the Service Provider will not accept the request.

103

Appendix 10

Data Privacy and Information Security Addendum

● All data is stored in secure systems, with access limited to Service Provider staff directly delivering the service.

● When circulated outside of a secure system, all data files containing commercially sensitive data are to be password protected.

● Data retention and protection policies implemented are compliant with the most onerous of the UK Data Protection Act 2018, the EU General Data Protection Regulation, or other successor legislation or regulation.

104

Attachment A

Deed of Variation to Inter-Group Services Agreement – Additional Party

This deed of variation (“Variation”) to the Inter-Group Services Agreement (“Agreement”) dated [•] is made by way of Deed on [• insert date]

BY

(1) [name of joining [•] group company] whose registered office is at [[•]] (“the Additional Party”)

WHEREAS

The Parties entered into a contract for the provision of inter-group services on the terms and conditions set out in the Agreement.

The Parties and the additional Party wish to vary the terms and conditions of the Agreement in accordance with Clause 23 (Amendments and Change management Process) of the Agreement and the terms of this Variation.

Now this Deed witnesses and it is declared as follows:

1. Definitions

All capitalized terms used and not otherwise defined in this Variation shall have the meanings set forth in the Agreement.

2. Addition of Party

The Parties and the Additional Party mutually agree that the Additional Party shall become a Party to the Agreement with effect from [•].

3. Survival of Agreement

(a) Except as otherwise expressly varied in this Variation, all terms and conditions contained in the Agreement shall remain in full force and effect and shall not be altered or changed by this Variation.

(b) The Agreement, as varied by this Variation, constitutes the entire agreement of the Parties with respect to the subject matter hereof and supersedes any prior or contemporaneous agreements, understandings and representations, whether oral or written.

105

In witness of which this Deed has been executed as a Deed and has been delivered on the date which appears above.

Executed as a Deed by	)
[name of company]	)	..................................................................................................................
acting by [name of director],	)
a director in the presence of:	)
[name of director]
Witness’s Signature:		..................................................................................................................
Name:		..................................................................................................................
Address:		..................................................................................................................
		..................................................................................................................

106