TRUST FOR PROFESSIONAL MANAGERS
ADDENDUM TO THE FUND SERVICING AGREEMENT
This Addendum (the “Addendum”), dated as of the last date on the signature block, to the Fund Servicing Agreement dated September 9, 2020, as amended (the “Agreement”), is entered into by and between Trust for Professional Managers (the “Trust”) and U.S. Bancorp Fund Services, LLC, d/b/a U.S. Bank Global Fund Services (“U.S. Bank”) with respect to the funds listed on Exhibit A of the Addendum (the “Funds”), which are advised by Mason Street Advisors, LLC (the “Customer”).
WHEREAS, the Trust and U.S. Bank desire to modify the Agreement to add an additional optional service; and
WHEREAS, all defined terms used but not otherwise defined herein shall have the meanings assigned to them in the Agreement.
NOW, THEREFORE, the parties agree as follows:
1.PURPOSE AND STRUCTURE
1.1.U.S. Bank provides transfer agency services to the Funds and as a part thereof provides Customer use of the Pivot platform, U.S. Bank’s on-line propriety Customer account access system (“Pivot”).
1.2.Customer desires to establish an electronic interconnection between Customer’s and U.S. Bank’s computer systems creating a Single Sign-On (“SSO”) capability allowing Customer to perform identity verification of Pivot users and pass the user into the Pivot platform, in a secure and seamless fashion.
1.3.U.S. Bank is willing to work with Customer to provide the desired SSO, subject in all respects to the terms and conditions of this Addendum.
2.DEFINITIONS. For the purposes of this Addendum, in addition to terms otherwise defined in this Addendum, the following terms have the meanings set forth below:
2.1.Customer Network means the software, equipment, and technology owned, licensed, or provided to Customer for purposes of allowing Customer to transmit and receive data electronically.
2.2.OAuth means an industry standard for exchanging authentication and authorization data between security domains. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
2.3.SAML means an open industry standard that allows identity providers (“IdP”) to pass authorization credentials to service providers.
2.4.Security Incident means any unauthorized access, destruction, modification, use, or disclosure (i) of U.S. Bank’s data relating to Pivot SSO; (ii) into Customer’s (or any of its subcontractor’s) facilities; or (iii) impact to data or system availability (user functionality) and integrity controls.
2.5.U.S. Bank Network means the software, equipment, and technology owned, licensed, or provided to Customer for purposes of allowing Customer to transmit and receive data electronically.
2.6.U.S. Bank Personnel means employees, consultants, agents, or any other individuals acting on behalf U.S. Bank.
2.7.User means each individual to whom Customer issues User Credentials.
2.8.User Credentials means the electronic identity assigned by Customer to each User for access and use of the Customer Network.
3.SSO INTERCONNECTION OPTION
Check box below to indicate which of the following SSO integrations Customer desires to be implemented on the Implementation Date:
☐ OAuth System-to-System SSO: allows Customer’s authentication servers to complete a handshake with Pivot and to provide information about the authenticated user who needs to connect to Pivot. Pivot confirms that the user has an active Pivot user ID and then allows access into the Pivot platform in a secure and seamless fashion.
☒ SAML System-to-System SSO: allows a Customer to perform identity verification of Pivot users and pass the user into the Pivot platform in a secure and seamless fashion.
4.IMPLEMENTATION OF SSO
Prior to making SSO available to Users, Customer shall:
4.1.Respond to U.S. Bank’s questionnaires and assessments regarding, among other things, data security, and receive U.S. Bank’s approval of such responses;
4.2.Comply with all instructions provided by U.S. Bank with respect to implementation of SSO and all updates and modifications thereto, including without limitation, all technical implementation guides;
4.3.Participate in and assist U.S. Bank with a joint security assessment to document data flows, controls, etc.; and
4.4.Designate in writing to U.S. Bank one or more technical leads and provide contact information to facilitate direct contacts between Customer’s and U.S. Bank’s technical leads to support the management and operation of the interconnection.
5.CUSTOMER OBLIGATIONS AND AGREEMENTS
5.1.Customer Support Requirements.
(a) Customer shall support the Pivot SSO per the Technical Implementation Guide;
(b) Customer shall ensure Customer Network resides behind a secure firewall and require that Users sign in behind a secure firewall using such User’s Credentials to identify and authenticate such User; and
(c) Interconnections will be implemented as selected in Section 3. New interconnections are prohibited unless expressly agreed upon in a modification to this Addendum or a separate Addendum.
5.2.Customer Control Obligations. If interconnectivity for SSO is successfully established, Customer agrees to the following access conditions to the SSO link:
(a) Customer agrees to comply with U.S. Bank information security standards for SSO integration, authentication in an online environment, as well as any other security standards, provided by U.S. Bank to Customer from time to time;
(b) Customer shall require Users to authenticate via Customer’s authentication and verification system prior to allowing any User to access the Pivot platform through the SSO;
(c) Customer is solely responsible to (i) authenticate User Credentials prior to passing Users to the U.S. Bank Network by use of SSO and (ii) decline any invalid User Credentials and deny access to such Users to Pivot using SSO;
(d) U.S. Bank may require that Customer conduct threat penetration testing and testing of a similar nature or kind, provide to U.S. Bank copies of such audits and testing results, and promptly remedy any deficiencies noted in such audits and testing results;
(e) Customer shall deploy and monitor real-time intrusion detection on the Customer Network. Customer will adopt and follow (i) operational procedures to disable the source of any perceived attack and (ii) escalation procedures to notify U.S. Bank for follow-up action.
5.3.Customer Documentation Requirements. Customer shall provide, to U.S. Bank’s satisfaction, the following information or evidence:
(a) Maintain up-to-date security control documentation for the Customer Network; and make accessible to U.S. Bank necessary Customer information security program documents if requested; and
(b) Make available to U.S. Bank upon request the results of audits and security testing that impact the Pivot SSO.
5.4.Customer Notice Obligations. Customer shall provide U.S. Bank the following:
(a) Sixty (60) days’ advance written notice if there is any material modification to Customer log-in or authentication procedures for Users of SSO;
(b) Prompt prior written notice of any relevant, significant change in security policies, software, protocols, third party management, the technical specifications of the Customer Network, or the Customer Network architecture that could reasonably impact the security of the SSO or U.S. Bank Network;
(c) Prompt written notice of any Security Incident that impacts the system of connectivity (Pivot) including notice of any unauthorized access or traffic across the SSO interconnection; and
(d) Prompt written notice of Customer’s desire to terminate or cease active use of the SSO.
6.U.S. BANK OBLIGATIONS
6.1.Develop the SSO interconnectivity. Subject to Customer’s compliance with the terms contained in this Addendum and U.S. Bank’s satisfaction with the security information provided by Customer, U.S. Bank shall use reasonable efforts to establish the desired SSO interconnectivity.
6.2.Technical Specifications. U.S. Bank shall provide the details for securely implementing, maintaining, and operating the interconnection according to the Technical Implementation Guide.
6.3.Firewall Management. U.S. Bank shall block all network traffic incoming from the Internet to Pivot unless it is explicitly permitted. A firewall will be installed between the perimeter (demarcation point) of the Customer Network and the Pivot network if deemed necessary by U.S. Bank.
6.4.U.S. Bank Control Obligations. U.S. Bank shall conduct appropriate security reviews on all U.S. Bank Personnel having access to information regarding the Customer Network; establish and enforce policies limiting U.S. Bank Personnel access to information regarding the Customer Network only to the U.S. Bank Personnel having a valid reason to access such information; and require U.S. Bank Personnel having access to information regarding the Customer Network to complete annual information security awareness training.
6.5.U.S. Bank Notice Obligations. U.S. Bank shall provide prompt prior written notice of any change in its software, protocols, the technical specifications of the U.S. Bank Network, or the U.S. Bank Network architecture that could reasonably impact the ability of Customer to continue to have SSO for Pivot.
6.6.DISCLAIMERS. U.S. BANK PROVIDES THE SSO “AS IS” WITHOUT ANY REPRESENTATION OR WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INTERFERENCE, AND NON-INFRINGEMENT. FURTHER, U.S. BANK EXPRESSLY DISCLAIMS ANY TYPE OF REPRESENTATION OR WARRANTY REGARDING THE AVAILABILITY OR RESPONSE TIME OF THE SSO INTERCONNECTIVITY OR THAT THE SSO WILL BE UNINTERRUPTED OR ERROR-FREE.
7.JOINT OBLIGATIONS.
7.1.Implementation Plan. Within thirty (30) days after the Effective Date (or such other time period agreed to by U.S. Bank and Customer), U.S. Bank and Customer shall develop an implementation plan describing the tasks, methods, procedures, and timing of the steps the parties will each take to configure, test, and implement the SSO. Specifically, U.S. Bank and Customer shall identify an “Implementation Date” to designate the date by which the SSO shall be available to Customer as a method of accessing Pivot.
7.2.Performance. Customer will provide cooperation and assistance as requested by U.S. Bank in connection with U.S. Bank’s evaluation or testing of the interconnection for SSO. U.S. Bank and Customer will identify and resolve any problems that may impede or delay the timely completion of each task in each implementation plan that is its responsibility and will use reasonable efforts to assist with the resolution of any problems that may impede or delay the timely completion of implementation.
8.SECURITY INCIDENT MANAGEMENT
8.1.Both U.S. Bank and Customer shall immediately notify their designated technical counterparts by telephone or email when a Security Incident is detected that impacts the SSO connection, so that the other party may take steps to determine whether its network has been compromised and to take appropriate security precautions.
8.2.In the event of a confirmed Security Incident, Customer shall cooperate in good faith with U.S. Bank and share with U.S. Bank a list of any compromised Users.
9.FEES AND EXPENSES
9.1.Fees. U.S. Bank does not impose a fee for accessing the SSO. U.S. Bank reserves the right to assess a fee if Customer makes substantial changes to the Customer Network that requires U.S. Bank to extend time or resources to maintain or re-establish the SSO. Any fees assessed will be based on the level of complexity of the customization request. As determined by U.S. Bank, minor configuration updates will not be in scope for these fees.
9.2.Expenses. U.S. Bank and Customer will each bear its own expenses incurred in performing its obligations under this Addendum.
10.TERM, TERMINATION AND SUSPENSION
10.1 Termination. This Addendum and access to the SSO shall terminate immediately upon termination of the Agreement without notice to Customer. U.S. Bank has the right to terminate the Addendum and Customer’s access to the SSO by providing Customer at least thirty (30) days’ notice, unless U.S. Bank determines that a shorter period is appropriate to prevent harm or damage to U.S. Bank, address a risk of a security breach or of a requirement of law, or due to another business reason). U.S. Bank may also immediately terminate this Addendum for any termination reason that the Agreement in its entirety could be terminated or for any of the following reasons (all bases for termination, collectively, “Trigger Events”):
(a) Customer breaches in any material respect any of its obligations under this Addendum (i) which breach is not cured within thirty (30) days after notice of breach from U.S. Bank to Customer or (ii) which breach is not capable of being cured within thirty (30) days;
(b) Customer fails to comply with Customer’s legal requirements, confidentiality requirements, or data protection or use requirements under this Addendum.
10.2 Suspension Rights. In addition to U.S. Bank’s termination rights in this Addendum, and subject to the remainder of this Section 10, U.S. Bank will have the right to suspend Customer’s access, in whole or in part, to the SSO, for the following reason(s): (i) the occurrence of a Trigger Event; or (ii) U.S. Bank’s good-faith belief that there is a material risk of a security breach of the U.S. Bank Network with respect through the SSO or that suspending access is reasonably necessary to prevent harm to the business or reputation of U.S. Bank. U.S. Bank will provide Customer notice of suspension and will endeavor to provide advance notice of such suspension. When possible, U.S. Bank will include a description of the scope of the suspension and the reasons for the suspension. U.S. Bank and Customer will work together to remediate the reason for any suspension, with U.S. Bank having the final authority as to the duration and extent of any suspension.
10.3 Compromised Security. Notwithstanding anything in this Section 10, in the event there is a security breach or other significant incident compromising the confidentiality or integrity of the SSO or the U.S. Bank Network, U.S. Bank may suspend Customer’s access to the SSO immediately without prior notice; provided, however, that U.S. Bank will notify Customer as soon as reasonably practicable of any such suspension. Upon receipt of such notice, Customer will immediately: (a) cease attempting to use Pivot through the SSO; and (b) comply with U.S. Bank’s reasonable requests to assist U.S. Bank in remediating and preventing further harm.
10.4 Planned and Emergency Maintenance. U.S. Bank may suspend access to the SSO as necessary to perform planned or emergency maintenance. U.S. Bank will use good faith
efforts to provide Customer with advance notice of maintenance events that might impact Customer’s access to the SSO.
11. DATA SECURITY AND CONFIDENTIALITY
11.1 Incorporation of Agreement. For the avoidance of doubt, the Security and Confidentiality provisions contained in the Agreement are incorporated herein by reference. In the event of any conflict between the Security and Confidentiality provisions of the Agreement and the provisions of this Addendum, the provisions contained in this Addendum shall control with respect to the subject matter hereof. All information provided by either U.S. Bank or Customer to the other under this Addendum shall be considered “Confidential Information” and shall be entitled to the protections afforded such information under the Agreement.
12. MISCELLANEOUS PROVISIONS
12.1 Remedies. The remedies available to U.S. Bank under this Addendum are cumulative and not exclusive. Election of one remedy will not preclude pursuit of other remedies available under this Addendum or at law or in equity. The failure of U.S. Bank to adhere to any term contained in this Addendum shall not constitute a default under the Agreement or give rise to a right to terminate the Agreement.
12.2 Change in Terms. U.S. Bank may change the terms of this Addendum at any time by giving the Customer notice and by giving the Trust notice in accordance with the Agreement.
12.3 Entire Agreement. This Addendum, together with any referenced Exhibits, is the entire agreement between the Parties with respect to the subject matter hereof. In the event of a conflict between the terms of the Agreement and this Addendum, the terms of the Addendum will prevail with respect to the subject matter thereof. This Addendum supersedes any other oral or written communications or understandings with respect to the subject matter of this Addendum.
12.4 Incorporation. This Addendum shall be deemed a part of, and incorporated into, the Agreement. All terms contained in the Agreement shall apply to this Addendum, including without limitation, all confidentiality, data security, indemnification, limitation of liability, and other terms set forth in the Agreement.
SIGNATURE PAGE FOLLOWS
IN WITNESS WHEREOF, and in consideration of the promises contained in this Addendum and other good and valuable consideration, the receipt and adequacy of which are hereby acknowledged, each party agrees to the terms and conditions of this Addendum and has caused this Addendum to be executed by its duly authorized representatives as set forth below.
The signer represents and warrants that he or she is authorized by an applicable bylaw, article, or other corporate authority to enter into all transactions contemplated by this Addendum.
TRUST FOR PROFESSIONAL MANAGERS
U.S. BANCORP FUND SERVICES, LLC
|By:
|By:
|Name:
|Name:
|Title:
|Title:
|Date:
|Date:
Acknowledged and Agreed to by the
Investment Adviser to the Funds:
MASON STREET ADVISORS, LLC
|By:
|Name:
|Title:
|Date:
EXHIBIT A
Fund Name
Column Mid Cap Select Fund
Column Mid Cap Fund
Column Small Cap Fund
Column Small Cap Select Fund