Exhibit 10.22
|General Services Agreement
Terms and Conditions
|Original Agreement Number:
|YOD-33480
|Restated Agreement Number:
|CW529464
|Effective Date:
|June 5, 2007
|Expiration Date:
|December 31, 2014
|Company Name:
|Yodlee, Inc.
|Company Address:
|3600 Bridge Parkway
|Redwood Shores, CA 94065
|Company Telephone:
|+1 (650) 980-3600
This AMENDED AND RESTATED GENERAL SERVICES AGREEMENT (“Agreement”) is entered into as of May 12, 2014 by and between Bank of America, N.A. (“Bank of America”), a national banking association, and the above-named Supplier, a Delaware corporation, and consists of this signature page and the attached Terms and Conditions, Schedules, and all other documents attached hereto, which are incorporated in full by this reference.
|
Yodlee, Inc.
(“Supplier”)
|Bank of America, N.A.
|By:
|
/s/ Brad Beals
|By:
|
/s/ Chandra Torrence
|Name:
|
Brad Beals
|Name:
|
Chandra Torrence
|Title:
|
VP; Finance and Treasurer
|Title:
|
SVP; Sourcing Manager
|Date:
|
5/12/14
|Date:
|
5/12/14
|Address for Notices:
|Address for Notices:
|
|
One Bank of America Center
|
|
150 N College St
|
|
Charlotte, NC 28255
|ATTN:
|
|ATTN:
|Chandra Torrence and Agreement # CW529464
|Telephone:
|
|Telephone:
|
|Email:
|
|Email:
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
1
|General Services Agreement
Terms and Conditions
Table of Contents
|
1.0
|
DEFINITIONS
|3
|
2.0
|
SCOPE OF THE AGREEMENT
|5
|
3.0
|
RELATIONSHIP MANAGER
|6
|
4.0
|
TERM OF AGREEMENT
|6
|
5.0
|
TERMINATION
|6
|
6.0
|
PRICING/FEES
|8
|
7.0
|
INVOICES/TAXES/PAYMENT
|9
|
8.0
|
MUTUAL REPRESENTATIONS AND WARRANTIES
|10
|
9.0
|
REPRESENTATIONS AND WARRANTIES OF SUPPLIER
|10
|
10.0
|
FINANCIAL RESPONSIBILITY
|11
|
11.0
|
BUSINESS CONTINUITY
|11
|
12.0
|
RELATIONSHIP OF THE PARTIES
|11
|
13.0
|
SUPPLIER PERSONNEL
|11
|
14.0
|
INSURANCE
|13
|
15.0
|
CONFIDENTIALITY AND INFORMATION PROTECTION
|13
|
16.0
|
INDEMNITY
|17
|
17.0
|
LIMITATION OF LIABILITY
|19
|
18.0
|
SUPPLIER DIVERSITY
|19
|
19.0
|
ENVIRONMENTAL INITIATIVE
|20
|
20.0
|
AUDIT
|20
|
21.0
|
NON-ASSIGNMENT
|21
|
22.0
|
GOVERNING LAW
|22
|
23.0
|
DISPUTE RESOLUTION
|22
|
24.0
|
MEDIATION/ARBITRATION
|22
|
25.0
|
NON-EXCLUSIVE NATURE OF AGREEMENT
|23
|
26.0
|
OWNERSHIP OF WORK PRODUCT
|23
|
27.0
|
MISCELLANEOUS
|25
|
28.0
|
ENTIRE AGREEMENT
|27
|SCHEDULE A-1
|SERVICE SPECIFICATIONS – AGGREGATION SERVICES
|SCHEDULE A-2
|SERVICE SPECIFICATIONS – MFP SERVICES
|SCHEDULE A-3
|SERVICE SPECIFICATIONS – IAV SERVICES
|SCHEDULE A-4
|SERVICE SPECIFICATIONS – DATA EXTRACT SERVICES
|SCHEDULE B-1
|SERVICE FEES – AGGREGATION SERVICES
|SCHEDULE B-2
|SERVICE FEES – MFP SERVICES
|SCHEDULE B-3
|SERVICE FEES – IAV SERVICES
|SCHEDULE B-4
|SERVICE FEES – DATA EXTRACT SERVICES
|SCHEDULE C-1
|PERFORMANCE MEASUREMENTS – AGGREGATION SERVICES
|SCHEDULE C-2
|PERFORMANCE MEASUREMENTS – MFP SERVICES
|SCHEDULE C-3
|PERFORMANCE MEASUREMENTS – IAV SERVCIES
|SCHEDULE D
|INFORMATION SECURITY
|SCHEDULE E
|BACKGROUND CHECKS
|SCHEDULE F-1
|RECOVERY – AGGREGATION SERVICES
|SCHEDULE F-2
|RECOVERY – MFP SERVICES
|SCHEDULE G
|FORM STATEMENT OF WORK
|SCHEDULE H
|IP INFRINGEMENT LITIGATION
|SCHEDULE I
|SOURCE CODE ESCROW
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
2
|General Services Agreement
Terms and Conditions
WHEREAS, Bank of America and Supplier entered into a certain General Services Agreement, dated June 5, 2007 and thereafter amended (the “Original GSA”), pursuant to which Supplier provides certain services to Bank of America;
WHEREAS, the parties desire to restate and amend the Original GSA as set forth in this Agreement;
NOW THEREFORE, in consideration of the foregoing and the mutual agreements herein set forth, it is hereby agreed to as follows:
|
1.0 DEFINITIONS
All capitalized terms in this Agreement not otherwise defined in this Section shall have the meanings set forth in the Sections or Schedules of this Agreement in which they are defined.
1.1 Affiliate – a business entity now or hereafter controlled by, controlling or under common control with a Party. Control exists when an entity owns or controls directly or indirectly 50% or more of the outstanding equity representing the right to vote for the election of directors or other managing authority of another entity.
1.2 Aggregation Service – the Services described on SCHEDULE A-1 hereto.
1.3 Bank Materials – all materials that Bank of America provides to Supplier for Supplier’s use for the sole purpose of providing Services to Bank of America. Supplier shall only use the Bank Materials as expressly permitted by Bank of America, and only in connection with the specific Service for which Bank of America provides such materials to Supplier.
1.4 Bank of America Content – certain materials provided by Bank of America to Supplier for Supplier’s use hereunder, which include, without limitation, computer software (in object or source code form), script, programming code, data, information, HTML code, trademarks, service marks, images, illustrations, graphics, multimedia files and/or text generated in a form or media. For avoidance of doubt, Bank of America Content, for purposes of the Section entitled “Indemnity” shall not include any Bank of America Customizations.
1.5 Bank Security Requirements – all bank security requirements as described in SCHEDULE D and the Bank of America Supplier Security Controls document provided separately.
1.6 Business Continuity Plan – the policies and procedures that describe contingency plans, recovery plans, and proper risk controls to ensure Supplier’s continued performance under this Agreement.
1.7 Business Day – Monday through Friday, excluding days on which Bank of America is not open for business in the United States of America.
1.8 Consumer Information – any record about an individual, whether in paper, electronic, or other form, that is a consumer report as such term is defined in the Fair Credit Reporting Act (15 USC 1681 et seq.) or is derived from a consumer report and that is maintained or otherwise possessed by or on behalf of Bank of America for a business purpose. Consumer Information also means a compilation of such records. The term does not include any record that does not identify an individual.
1.9 Customer Information – any record containing information about a customer, its usage of Bank of America’s services, or about a customer’s accounts, whether in paper, electronic, or other form that is maintained by or on behalf of Bank of America for a business purpose.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
3
|General Services Agreement
Terms and Conditions
1.10 Documentation – documentation for products and services provided by Supplier under this Agreement.
1.11 Information Security Program – the documents that describe how Supplier will provide Services to Bank of America in a manner that complies with the confidentiality and information security requirements of this Agreement and all pertinent Schedules and Exhibits hereto. Such information security program must be approved by Supplier’s board of directors or equivalent executive management prior to the effective date thereof and annually thereafter. It must describe Supplier’s network infrastructure and security procedures and controls that protect Confidential Information on a basis that meets or exceeds the Bank Security Requirements.
1.12 Intellectual Property Rights – all intellectual property rights throughout the world, including copyrights, patents, mask works, trademarks, service marks, trade secrets, inventions (whether or not patentable), know how, authors’ rights, rights of attribution, and other proprietary rights and all applications and rights to apply for registration or protection of such rights.
1.13 Order – Statement of Work, purchase order, work order or other written instrument executed, or electronic transmissions originated by, an authorized officer of Bank of America Supply Chain Management directing Supplier in the provision of Services substantially conforming to a form provided to Supplier by Bank of America.
1.14 Party – Bank of America or Supplier.
1.15 Records – documentation of facts that include normal and customary documentation of facts or events for an industry, specific deliverables as designated, emails determined to be “records” because of the business or litigation purpose, any records documenting legal, regulatory, fiscal, or administrative requirements.
1.16 Relationship Manager – the employee designated by a Party to act on its behalf with regard to matters arising under this Agreement who shall be the person the other Party shall contact in writing regarding matters concerning this Agreement.
1.17 Representative – an employee, officer, director, or agent of a Party.
1.18 Services – the services as described in SCHEDULE A (and any services as may be set forth on any subsequent or similar product or service SCHEDULE) to this Agreement or any Order, including without limitation all professional, management, labor and general services, together with any materials, supplies, tangible items or other goods Supplier furnishes in connection with such services.
1.19 Statement of Work (“SOW”) – a document setting forth services to be provided by Supplier, and the fees for such services, in substantially the form attached hereto as SCHEDULE G.
1.20 Subcontractor – a third party to whom Supplier has delegated or subcontracted any portion of its obligations set forth herein.
1.21 Supplier Security Controls – those controls implemented by Supplier as part of its Information Security Program that address each of the Bank Security Requirements, as modified from time to time.
1.22 Supplier Technology – means the following and all Intellectual Property rights therein: (a) technology, software, processes and inventions owned by Supplier as of the date hereof; and (b) any Supplier owned product, software or equipment utilized by Supplier to perform the Services to the extent that Bank of America did not otherwise acquire such items from Supplier pursuant to a separate written instrument executed by Supplier; and (c) any enhancements, modifications, derivations, improvements, fixes, upgrades and
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
4
|General Services Agreement
Terms and Conditions
updates to the items set forth in (a) and (b) (to the extent that Bank of America did not otherwise acquire such enhancements, modifications, derivations, improvements, fixes, upgrades and updates from Supplier pursuant to a separate written instrument executed by Supplier).
1.23 Term – the initial term of the Agreement or any renewal or extension.
1.24 Work Product – all information, data, materials, discoveries, inventions, drawings, works of authorship, documents, documentation, models, software, computer programs, software (including source code and object code), firmware, designs, specifications, processes, procedures, techniques, algorithms, diagrams, methods, and all tangible embodiments of each of the foregoing (in whatever form and media) and all Intellectual Property Rights therein originated or prepared by or for Supplier at the request of Bank of America as part of the Services provided under this Agreement, whether or not prepared on Bank of America’s premises. Work Product shall not include any Supplier Technology.
|
2.0 SCOPE OF THE AGREEMENT
2.1 Supplier shall perform the Services described on each serially-numbered SCHEDULE A (e.g. “SCHEDULE A”, “SCHEDULE A-1”, “SCHEDULE A-2”) and any Statement(s) of Work hereunder in accordance with this Agreement and the service levels, specifications and timeframes set forth in serially-numbered SCHEDULE A’s and in accordance with performance measurements in serially-numbered SCHEDULE C’s (e.g. “SCHEDULE C”, SCHEDULE C-1”, “SCHEDULE C-2”) (Performance Measurements) or any Statement of Work. For example, the Aggregation Service will be provided under the terms of SCHEDULE A-1 and SCHEDULE C-1.
2.2 Unless the Parties otherwise agree in writing, all Services provided hereunder shall be processed and/or provided, whether in part or in whole, by Supplier, its employees, Representatives and/or Subcontractors on and from a location or locations in one (1) or more of the fifty (50) states of the United States of America and India only, all subject to applicable laws and regulations. Supplier production environment(s) hosting Bank of America data shall only be physically located within the fifty (50) states of the United States of America and Supplier. In addition, Supplier agrees that neither it nor its Subcontractors shall (a) host any Customer Information or Consumer Information outside of the United States of America, or (b) access any Customer Information or Consumer Information outside of the United States of America that contains any non-publicly available personally identifiable information concerning such customers, consumers or other persons. In no event shall Supplier or its Subcontractors access, view or store outside the United States any information provided by Bank of America, its Affiliates or their Representatives concerning non-U.S. based customers or persons.
2.3 To the extent available, all Documentation will be provided in printed and electronic formats. Bank of America may use and reproduce for internal purposes all Documentation furnished by Supplier, including displaying the documentation on Bank of America’s intranet or other internal electronic distribution system for use only by Representatives and third party contractors of Bank of America and its Affiliates with a need to know for the purposes of this Agreement.
2.4 All instruments, such as Orders, acknowledgments, invoices, schedules and the like used in conjunction with this Agreement (“Instruments”) shall be for the sole purpose of defining quantities, prices and describing Services or products to be provided hereunder, and to this extent only are incorporated as a part of this Agreement. Any preprinted terms and conditions included in Instruments shall not be incorporated and such Instrument shall be construed to modify, amend, or alter the terms of this Agreement solely for the purpose stated in the preceding sentence. Preprinted, standard, or posted terms and conditions in any media (including terms where acquiescence requires only a mouse click) shall not be incorporated into nor construed to amend the terms of this Agreement. Any Instrument submitted to Bank of America by Supplier in connection with this Agreement shall reference, as applicable, Order number and Agreement number.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
5
|General Services Agreement
Terms and Conditions
2.5 Supplier shall deliver to Bank of America and keep current a list of persons and telephone numbers (“Calling List”) for Bank of America to contact in order to obtain answers to questions related to the Services set out in the Statement of Work. The Calling List shall include (1) the first person to contact if a question arises or problem occurs and (2) the persons in successively more responsible or qualified positions to provide the answer or assistance desired. If Supplier does not respond promptly to any request by Bank of America for telephone consultative service, then Bank of America may attempt to contact the next more responsible or qualified person on the Calling List until contact is made and a designated person responds to the call.
2.6 Supplier expressly acknowledges and agrees that the rights of Bank of America set forth in this Agreement shall inure to all Bank of America Affiliates, provided that Bank of America shall be responsible for the obligations of its Affiliates under this Agreement.
|
3.0 RELATIONSHIP MANAGER
3.1 Each Party shall designate an employee Relationship Manager(s) to act on its behalf with regard to matters arising under this Agreement and shall notify the other Party in writing of the name of its Relationship Manager; however, the Relationship Manager shall have no authority to alter or amend any term, condition, or provision of this Agreement. Either Party may change its Relationship Manager(s) by providing the other Party prior written notice. The Relationship Manager must be identified in a writing delivered to the other Party at least one (1) week prior to the commencement of any work under this Agreement.
3.2 The Relationship Manager(s) shall meet via conference call with such frequency as Bank of America’s Relationship Manager(s) shall reasonably request Bank of America may require meetings in person at a site designated by Bank of America.
|
4.0 TERM OF AGREEMENT
This Agreement shall be in effect from the Effective Date through the Expiration Date indicated on the signature page (“Initial Term”) unless terminated earlier or extended under the terms of this Agreement. Bank of America shall have the right to extend this Agreement for an additional twelve (12) month(s) (“Renewal Term”) by giving Supplier written notice of its intent at least thirty (30) calendar days prior to the end of the Initial Term or any Renewal Term. If Bank of America does not notify Supplier of its intent to renew or terminate this Agreement, the Agreement shall continue in effect on a month-to-month basis, at the prices in effect in the applicable serially-numbered SCHEDULE B, for the Term just expired, until terminated by either Party upon at least one hundred and twenty (120) calendar days prior written notice to the other.
|
5.0 TERMINATION
5.1 Bank of America may terminate this Agreement (or any Schedule or Order hereunder), at any time for its convenience, without cause, upon at least forty-five (45) calendar days prior written notice to Supplier; provided, however, that in the case of such a termination of this Agreement (or any Schedule or Order hereunder) Bank of America shall thereupon pay on the effective date of such termination any accrued but unpaid amounts then due and owing under this Agreement and/or with respect to the applicable terminated Schedule or Order, including in the case of termination of this Agreement in its entirety, or SCHEDULE A-1 hereof, any remaining unpaid Minimum Commitment Payments set forth, and defined, in Section 6.5 hereof.
5.2 In addition to any other remedies available to either Party, upon the occurrence of a Termination Event (as defined below) with respect to either Party, the other Party may immediately terminate this Agreement (and/or the applicable Schedule or Order under this Agreement) by providing written notice of termination. A Termination Event shall have occurred if: (a) a Party materially breaches its obligations under this Agreement (and/ or a Schedule or Order under this Agreement), and the breach is not cured within thirty (30) calendar days after written notice of the breach and intent to terminate is provided by the other Party; (b) a Party
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
6
|General Services Agreement
Terms and Conditions
becomes insolvent (generally unable to pay its debts as they become due) or the subject of a bankruptcy, conservatorship, receivership or similar proceeding, or makes a general assignment for the benefit of its creditors; (c) subject to Section 5.3 hereof, Supplier either: (i) merges, combines or consolidates with another entity (other than an Affiliate) to which Bank of America reasonably objects such that following such merger, combination or consolidation the holders of the equity securities of the Supplier immediately prior to such merger do not hold equity securities of the surviving entity which would constitute control of the surviving entity (as control is determined in accordance with the definition of Affiliate herein), (ii) suffers a transfer involving fifty percent (50%) or more of any class of its voting securities to another entity (other than to an Affiliate) to which Bank of America reasonably objects or (iii) transfers all, or substantially all, of its assets to another entity (other than to an Affiliate) to which Bank of America reasonably objects (provided, that, in connection with any such asset transfers to an Affiliate, such transfers must not render Supplier unable to fulfill its obligations, or to satisfy its liabilities, set forth herein or otherwise violate any legal prohibitions on fraudulent conveyances); (d) in providing Services hereunder, Supplier violates any applicable law or regulation governing the financial services industry, or Supplier causes Bank of America to be in violation of any law or regulation governing the financial services industry; (e) a Party attempts to assign this Agreement in breach of the Section entitled “Non-Assignment”; or (f) a regulatory body having oversight authority over Bank of America or its Affiliates requires Bank of America to terminate the Agreement or make changes to the Agreement to which Supplier refuses to consent.
5.3 Notwithstanding Section 5.2(c):
(a) Supplier may request a waiver to the operation of the provisions of Section 5.2(c)(i)-(ii) in the event the Supplier is to merge, combine, consolidate or transfer its securities in a manner that violates Section 5.2(c) by providing written notice to Bank of America within a reasonable time in advance of the proposed consummation date of such merger, combination, consolidation or transfer and Bank of America shall act reasonably and in good faith in determining whether to consent to such waiver request. Bank of America may reasonably request financial information concerning the parties to such transaction and other information it reasonably deems necessary to determine whether to grant such waiver. For avoidance of doubt, the Supplier acknowledges and agrees that a refusal to grant a waiver shall not be deemed to be unreasonable or in bad faith with respect to a merger, consolidation or combination with, or transfer to, (i) another bank, financial institution or any other entity whom Bank of America views in good faith as a competitor or (ii) any entity whom Bank of America in good faith believes to be unable (A) to provide the Services in a manner that meets the quality expectations of Bank of America or (B) to otherwise fulfill the Supplier’s obligations set forth herein. The foregoing sentence is not intended to limit Bank of America’s right to reasonably withhold consent to any other merger, combination, consolidation or transfer.
(b) An initial public offering of Supplier’s equity securities pursuant to a registration statement filed under the Securities Act of 1933, as amended, shall not be deemed a “transfer” of securities.
5.4 In the event of expiration or termination of this Agreement (or a Schedule or Order under this Agreement), Supplier agrees that upon the request of Bank of America, Supplier will, at no additional cost to Bank of America (other than the fees set forth on in the applicable Schedule or Order), continue, subject to the terms and conditions of this Agreement (and the applicable Schedule or Order), uninterrupted operations, conclude and cooperate with Bank of America in the transition of the business at Bank of America’s direction and in a manner that causes no material disruption to Bank of America business and operations. The fees associated with such transition shall be in accordance with the fees in effect at the expiration or termination of this Agreement or applicable Schedule or Order. In no event shall the transition services extend more than two years from the date of termination unless the Parties otherwise agree in writing. Reimbursement of all extraordinary costs and expenses incurred outside of the Agreement terms and conditions will be agreed upon by Supplier and Bank of America in writing prior to their incurrence.
5.5 The rights and obligations of the Parties which by their nature must survive termination or expiration of this Agreement in order to achieve its fundamental purposes including, without limitation, the provisions of the following Sections entitled “TERMINATION”, “INVOICES/TAXES/PAYMENT”, “AUDIT,” “CONFIDENTIALITY AND INFORMATION PROTECTION,” “INDEMNITY,” “LIMITATION OF LIABILITY,” “GOVERNING LAW”, “MEDIATION/ARBITRATION,” “OWNERSHIP OF WORK PRODUCT” and “MISCELLANEOUS” shall survive in perpetuity any termination of this Agreement.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
7
|General Services Agreement
Terms and Conditions
|
6.0 PRICING/FEES
6.1 Subject to Section 6.2 hereof, Bank of America shall pay Supplier for Services provided under this Agreement as set forth in serially-numbered SCHEDULE B’s (Service Fees) (e.g. “SCHEDULE B”, “SCHEDULE B-1”, “SCHEDULE B-2”). For example, SCHEDULE B-1 specifies the Services Fees for the Aggregation Services.
6.2 Bank of America shall not be required to pay for Services that are not requested by Bank of America and documented in an Order. Fees for additional Services not listed in a serially-numbered SCHEDULE B shall be as mutually agreed in writing between Bank of America and Supplier prior to performance. No fees for additional Services shall be due unless such Services and fees are agreed to in writing by Bank of America prior to Supplier’s performance thereof.
6.3 INTENTIONALLY OMITTED.
6.4 [****].
6.5 Commencing January 1, 2012, for each of the following calendar quarters, Bank of America shall pay to Yodlee the following minimum amounts for Subscription, License, Maintenance, Data Resource, Data Support and Monthly Active User fees collectively performed under SCHEDULES A-1 and A-2 during that quarter (the “Minimum Quarterly Payments”):
|
Calendar Quarter
|Minimum Quarterly Payment
|
For 2012
|[****
|]
|
For 2013
|[****
|]
|
For 2014
|[****
|]
6.6 In its invoices for Services for the last month of each calendar quarter (i.e., Services for each applicable March, June, September, and December), Yodlee will invoice Bank of America for, and Bank of America shall pay Yodlee, (i) the Subscription, License, Maintenance, Data Resource, Data Support and Monthly Active User fees actually accrued under SCHEDULES B-1 and B-2 for that month and (ii) if such fees actually accrued under those schedules for that quarter are less than the applicable Minimum Quarterly Payment for the quarter, the difference between that Minimum Quarterly Payment and the actual accrued fees for that quarter. Minimum Quarterly Payments are not refundable or creditable against any other payment (including without limitation against Services fees for any other quarter or against fees for any Services other than those financial aggregation Services set forth under SCHEDULES A-1 and A-2). Services fees exceeding the above minimum for any quarter shall not be creditable against the minimum for the next or any other quarter.
6.7 Bank of America shall have no obligation to pay any Minimum Quarterly Payments following a termination of this Agreement and/or SCHEDULE A-1 if such termination is made by Bank of America pursuant to Section 5.2 of the Agreement. Notwithstanding the foregoing, if, pursuant to Section 5.1 of the Agreement, Bank of America’s terminates either the Agreement in whole and/or SCHEDULE A-1 Bank of America shall be obligated to pay Yodlee, within thirty (30) days following such termination, [****] less any Minimum Quarterly Payments already paid to Yodlee (the “Termination Payment”), which payment shall not be refundable or creditable against any other payment. For avoidance of doubt, following such Termination Payment, Bank of America shall have no further obligation with respect to Minimum Quarterly Payments.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
8
|General Services Agreement
Terms and Conditions
6.8 The Minimum Quarterly Payments shall be subject to reduction by any service credit amounts specified on the relevant SCHEDULE C for service level failures.
6.9 Overuse of SDK and SDK Service. In the event that Company’s use of the SDK and SDK Service exceeds the licensed uses detailed on the applicable serially-numbered SCHEDULE A (e.g. to create and operate unlicensed applications) (“Overuse”), Bank of America shall (a) immediately pay Supplier its current list price for all such Overuse; and (b) promptly enter into a written agreement with Supplier granting such additional usage rights.
|
7.0 INVOICES/TAXES/PAYMENT
7.1 Supplier shall submit monthly invoices to the address set forth on the signature page. Bank of America requires Supplier to bill for Services and tangible personal property separately. Bank of America also requires Supplier to include, on the face of the invoice, the “ship to” address for any purchase of tangible personal property and the location where the Services are performed. Bank of America requires Suppliers to accept payment through electronic media and reserves the right to require invoicing through electronic transmission designated by Bank of America at any time upon reasonable prior written notice. Invoices shall contain such detail as Bank of America may reasonably require from time to time. Amounts shall be invoiced promptly after the Services performed or Work Product delivered. Amounts not invoiced by Supplier to Bank of America within three (3) months after such amounts could first be invoiced under this Agreement may not thereafter be invoiced, and Bank of America shall not be required to pay such amounts.
7.2 The items listed on Supplier’s invoice must appear in the same sequence as listed on the Order.
7.3 Invoices omitting this Agreement reference number and Order number if applicable, or that are incorrect, incomplete or list Services that were not requested in writing by Bank of America will not be paid but will be returned to Supplier for correction.
7.4 Bank of America shall pay Supplier for all Services and applicable taxes invoiced in arrears in accordance with the terms of this Agreement, within thirty (30) calendar days of the date of receipt of a valid invoice by Bank of America.
7.5 Invoices shall include and list all applicable sales, use, or excise taxes that are a statutory obligation of Bank of America as separate line items. Bank of America will reimburse Supplier for all sales, use or excise taxes levied in accordance with the general statutes or other authoritative directives of the taxing authority on amounts payable by Bank of America to Supplier pursuant to this Agreement; however, Bank of America shall not be responsible for remittance of such taxes to applicable tax authorities.
7.6 Bank of America shall not be responsible for any ad valorem, income, gross receipts, franchise, privilege, value added or occupational taxes of Supplier. Bank of America and Supplier shall each bear sole responsibility for all taxes, assessments and other real or personal property-related levies on its owned or leased real or personal property. The Supplier must ensure that the business personal property tax exemption granted to financial institutions by California, Missouri, Virginia, Maryland, South Carolina, or other states is properly applied.
7.7 Supplier shall be responsible for the payment of all interest and penalties related to any taxes assessed or levied as contemplated by Section 7.5 to the extent that Supplier fails to accurately and timely invoice Bank of America for such taxes and remit such taxes directly to the applicable taxing authority; provided, however, in no event shall Supplier be responsible for the payment of the underlying tax liability, which tax liability shall always be a liability of Bank of America.
7.8 Supplier shall fully cooperate with Bank of America’s efforts to identify taxable and nontaxable portions of amounts payable pursuant to this Agreement (including segregation of such portions on
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
9
|General Services Agreement
Terms and Conditions
invoices) and to obtain refunds of taxes paid, where appropriate. Bank of America may furnish Supplier with certificates or other evidence supporting applicable exemptions from sales, use or excise taxation. If Bank of America pays or reimburses Supplier under this Section, Supplier hereby assigns and transfers to Bank of America all of its right, title and interest in and to any refund for taxes paid. Any claim for refund of taxes against the assessing authority may be made in the name of Bank of America or Supplier, or both, at Bank of America’s option. Bank of America may initiate and manage litigation brought in the name of Bank of America or Supplier, or both, to obtain refunds of amounts paid under this Section. Supplier shall cooperate fully with Bank of America in pursuing any refund claims, including any related litigation or administrative procedures.
7.9 Supplier shall keep and maintain complete and accurate accounting Records in accordance with generally accepted accounting principles consistently applied to support and document all amounts becoming payable to Supplier hereunder. Upon request from Bank of America and within a reasonably prompt time after such request, Supplier shall provide to Bank of America (or a representative designated by Bank of America) access to such Records for the purpose of auditing such Records during normal business hours. Supplier shall retain all Records required under this Section in accordance with the Section entitled “Audit” of this Agreement, after the amounts documented in such Records become due.
|
8.0 MUTUAL REPRESENTATIONS AND WARRANTIES
Each Party represents and warrants the following: (a) the Party’s execution, delivery and performance of this Agreement: (i) have been authorized by all necessary corporate action, (ii) do not violate the terms of any law, regulation, or court order to which such Party is subject or the terms of any material agreement to which the Party or any of its assets may be subject and (iii) are not subject to the consent or approval of any third party; (b) this Agreement is the valid and binding obligation of the representing Party, enforceable against such Party in accordance with its terms; and (c) such Party is not subject to any pending or threatened litigation or governmental action which could interfere with such Party’s performance of its obligations hereunder.
|
9.0 REPRESENTATIONS AND WARRANTIES OF SUPPLIER
9.1 In rendering its obligations under this Agreement, without limiting other applicable performance warranties, Supplier represents and warrants to Bank of America as follows: (a) Supplier is in good standing in the state of its incorporation and is qualified to do business as a foreign corporation in each of the other states in which it is providing Services hereunder; and (b) Supplier shall secure or has secured all permits, licenses, regulatory approvals and registrations required to render Services set forth herein, including without limitation, registration with the appropriate taxing authorities for remittance of taxes.
9.2 Supplier represents and warrants that it shall perform the Services in a timely and professional manner using competent personnel having expertise suitable to their assignments. Supplier represents and warrants that the Services shall conform to or exceed, in all material respects, the specifications described herein, as well as the standards generally observed in the industry for similar services. Supplier represents and warrants that neither performance nor functionality of the Services, products or systems is or will be affected by dates prior to, during and after the year 2000. Supplier represents and warrants that Services supplied hereunder shall be free of defects in workmanship, design and material. Supplier represents and warrants that the products, Work Product and Services furnished under this Agreement do not and shall not infringe, misappropriate or otherwise violate any Intellectual Property Rights or any other rights of any third party, except to the extent such infringement, misappropriation or violation results from Bank of America’s unauthorized modification of the Work Product or Services, from use of the Work Product or Services in a manner for which the Work Product or Services are not designed, from incorporation of the Work Product or Services with products not approved by Supplier, or from Bank of America Content.
9.3 As of this Amended and Restated Agreement, there are no actions, suits or proceedings pending, or to the knowledge of Supplier threatened, against Supplier alleging infringement, misappropriation or other violation of any Intellectual Property Rights related to any product, Work Product or Service contemplated by this Agreement that have not already been disclosed to Bank of America on
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
10
|General Services Agreement
Terms and Conditions
SCHEDULE H hereto. For avoidance of doubt, such disclosures shall in no way limit the indemnity obligations of Supplier under the Section entitled “INDEMNITY”, nor shall they constitute any admission by Supplier of the validity of any such allegations. This representation shall be deemed made with respect to any new Work Product or new Service at the date such new Work Product or Service is first delivered to Bank of America.
9.4 Supplier shall, and shall be responsible for ensuring that Supplier’s Representatives and Subcontractors shall, perform all obligations of Supplier under this Agreement in compliance with all laws, rules, regulations and other legal requirements.
9.5 THE WARRANTIES CONTAINED IN THIS AGREEMENT ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THOSE OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
10.0 FINANCIAL RESPONSIBILITY
Upon Bank of America’s request, Supplier shall promptly furnish its financial statements as prepared by or for Supplier in the ordinary course of its business for the purpose of determining Supplier’s ability to perform its duties hereunder. To the extent such financial statements are not otherwise publicly available, they shall be deemed Supplier Confidential Information and shall be used by Bank of America solely for the purpose of determining Supplier’s ability to perform its duties hereunder. If Bank of America’s review of financial statements causes Bank of America to question Supplier’s ability to perform its duties hereunder, Bank of America may request, and Supplier shall provide to Bank of America, reasonable assurances of Supplier’s ability to perform its duties hereunder. Failure by Supplier to provide such reasonable assurances to Bank of America shall be deemed a material breach of this Agreement. Furthermore, Supplier shall notify Bank of America immediately in the event there is a change of control or material adverse change in Supplier’s business or financial condition since the Effective Date.
|
11.0 BUSINESS CONTINUITY
Supplier agrees to establish, maintain and implement per the terms thereof a Business Continuity Plan. The Business Continuity Plan must be in place and delivered to Bank of America within forty-five (45) calendar days after the Effective Date of this Agreement and on each anniversary date of the Effective Date thereafter and shall include, but not be limited to, the items called for in the relevant SCHEDULE F entitled “Recovery,” as applicable. If Bank of America objects in writing to any provision of such plans and controls, Supplier shall respond in writing within thirty (30) calendar days, explaining, among other matters Supplier wishes to include in its response, the actions Supplier intends to take to cure Bank of America’s objection.
|
12.0 RELATIONSHIP OF THE PARTIES
The Parties are independent contractors. Nothing in this Agreement or in the activities contemplated by the Parties hereunder shall be deemed to create an agency, partnership, employment or joint venture relationship between the Parties or any of their Subcontractors or Representatives.
|
13.0 SUPPLIER PERSONNEL
13.1 Bank of America shall provide Supplier, if necessary and at a mutually agreed upon time, reasonable access to Bank of America to provide its Services, subject to the existing security regulations at Bank of America.
13.2 Supplier’s personnel are not eligible to participate in any of the employee benefit or similar programs of Bank of America. Supplier shall inform all of its personnel providing Services pursuant to this Agreement that they will not be considered employees of Bank of America for any purpose, and that Bank of America shall not be liable to any of them as an employer for any claims or causes of action arising out of or relating to their assignment.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
11
|General Services Agreement
Terms and Conditions
13.3 Upon the request of Bank of America, Supplier shall immediately remove any of Supplier’s Representatives or Subcontractors performing Services under this Agreement and replace such Representative or Subcontractor as soon as practicable. Upon the request of Bank of America, Supplier shall promptly, and after consultation with Bank of America, address any concerns or issues raised by Bank of America regarding any of Supplier’s Representatives or Subcontractors performing Services under this Agreement at premises other than Bank of America premises, which may include, as appropriate, replacing such Representative or Subcontractor from the Bank of America account.
13.4 The engagement of a Subcontractor by Supplier shall be subject to Bank of America’s prior written consent if the Subcontractor will have access to Bank of America facilities or systems, Representatives or customers of Bank of America or Confidential Information of Bank of America or will otherwise be performing any material portion of any Services to be rendered to Bank of America hereunder. Such consent shall not be unreasonably withheld, but such consent shall not relieve Supplier of any of its obligations under this Agreement. Supplier shall be responsible for the performance or nonperformance of its Subcontractors as if such performance or nonperformance were that of Supplier. Supplier shall require all Subcontractors, as a condition to their engagement, to agree to be bound by provisions substantially the same as those included in this Agreement particularly the Sections entitled “Supplier Personnel,” “Confidentiality and Information Protection,” and “Audit” and “Business Continuity.”
13.5 Supplier shall comply and shall cause its Representatives and Subcontractors to comply with all personnel, facility, safety and security policies, rules and regulations and other instructions of Bank of America, when performing work at a Bank of America facility or accessing any Bank of America systems or data, and shall conduct its work at Bank of America facilities or on Bank of America systems in such a manner as to avoid endangering the safety, or interfering with the convenience of, Bank of America Representatives or customers. Supplier understands that Bank of America operates under various laws and regulations that are unique to the security-sensitive banking industry. As such, persons engaged by Supplier to provide Services under this Agreement are held to a higher standard of conduct and scrutiny than in other industries or business enterprises. Supplier agrees that its Representatives and Subcontractors providing Services hereunder shall possess appropriate character, disposition and honesty. Supplier shall, to the extent permitted by law, exercise reasonable and prudent efforts to comply with the security provisions of this Agreement.
13.6 Supplier shall not knowingly permit a Representative or Subcontractor to have access to the Confidential Information, premises, records or data of Bank of America when such Representative or Subcontractor: (a) has been convicted of a crime or has agreed to or entered into a pretrial diversion or similar program in connection with: (i) a dishonest act or a breach of trust, as set forth in Section 19 of the Federal Deposit Insurance Act, 12 U.S.C. 1829(a); or (ii) a felony; or (b) uses illegal drugs. Notwithstanding anything in this Agreement to the contrary, Supplier shall conduct at its expense background checks on its employees and those of its Subcontractors who will have access (whether physical, remote, or otherwise and whether on or off Bank of America premises) to Bank of America facilities, equipment, systems or data and such background checks shall comply with Bank of America procedures and requirements as set forth in SCHEDULE E to this Agreement and updated in writing delivered to Supplier from time to time, subject to applicable laws. Supplier shall report to Bank of America on background checks done, in accordance with the requirements of SCHEDULE E and prior to such employee being granted such access.
13.7 Supplier represents that it maintains comprehensive hiring policies and procedures which include, among other things, a background check for criminal convictions, and if requested by Bank of America, drug testing, to the extent permitted by law. Supplier further represents that through its hiring policies and procedures including background checks, it endeavors to hire the best candidates with appropriate character, disposition, and honesty. In the event that Supplier employs non-U.S. citizens to provide Services hereunder, Supplier shall ensure that all such persons have and maintain appropriate visas to enable them to provide the Services.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
12
|General Services Agreement
Terms and Conditions
13.8 Bank of America shall notify Supplier of any act of dishonesty or breach of trust committed against Bank of America, which may involve a Supplier Representative, or Subcontractor of which Bank of America becomes aware, and Supplier shall notify Bank of America if it becomes aware of any such offense. Following such notice, at the request of Bank of America and to the extent permitted by law, Supplier shall cooperate with investigations conducted by or on behalf of Bank of America.
|
14.0 INSURANCE
14.1 Supplier shall at its own expense secure and maintain, and shall require its Subcontractors to secure and maintain, throughout the Term, the following insurance with companies qualified to do business in the jurisdiction in which the Services will be performed and rating A-VII or better in the current Best’s Insurance Reports published by A. M. Best Company and shall, within thirty (30) calendar days of the Effective Date and prior to commencing work, furnish to Bank of America certificates and required endorsements evidencing such insurance. Bank of America shall be named as an “Additional Insured” to the coverages described in Sections 14.1.2 and 14.1.4 below. The certificates shall state the amount of all deductibles and shall contain evidence that the policy or policies shall not be canceled or materially altered without at least thirty (30) calendar days prior written notice to Bank of America. The insurance coverages and limits required to be maintained by Supplier and its Subcontractors shall be primary to insurance coverage, if any, maintained by Bank of America.
|14.1.1
|Worker’s Compensation Insurance which shall fully comply with the statutory requirements of all applicable state and federal laws. Employers’ Liability Insurance which limit shall be [****] per accident for Bodily Injury and [****] per employee/aggregate for disease. Supplier and its Subcontractors and their underwriters shall waive subrogation against Bank of America and shall cause their insurer(s) to waive subrogation against Bank of America.
|14.1.2
|Commercial General Liability Insurance with a minimum combined single limit of liability of [****] per occurrence and [****] aggregate for bodily injury, death, property damage and personal injury. This policy shall include products/completed operations coverage and shall also include contractual liability coverage.
|14.1.3
|Business Automobile Liability Insurance covering all hired and non-owned vehicles and equipment used by Supplier with a minimum combined single limit of liability of [****] for injury and/or death and/or property damage.
|14.1.4
|Excess coverage with respect to Sections 14.1.1 (Employers’ Liability Insurance), 14.1.2 and 14.1.3 above with a per occurrence limit of [****].
|14.1.5
|Errors and Omissions coverage with a minimum limit of [****].
|14.1.6
|Supplier shall be responsible for loss to bank property and customer property, directly or indirectly, and shall maintain Fidelity Bond or Crime coverage for the dishonest acts of its employees in a minimum amount of [****]. Supplier shall endorse such policy to include a “Client Coverage” or “Joint Payee Coverage” endorsement. Bank of America shall be named as “Loss Payee, As Their Interest May Appear” in such Fidelity Bond.
|
15.0 CONFIDENTIALITY AND INFORMATION PROTECTION
15.1 The term “Confidential Information” shall mean this Agreement and all data, trade secrets, business information and other information of any kind whatsoever that a Party (“Discloser”) discloses, in writing, orally, visually or in any other medium, to the other Party (“Recipient”) or to which Recipient obtains access and that relates to Discloser or, in the case of Supplier, to Bank of America or its customers, employees, third-party vendors or licensors. Confidential Information includes Customer Information and Consumer Information, as defined in the Section entitled “Definitions.” A “writing” shall include an electronic transfer of information by e-mail, over the Internet or otherwise.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
13
|General Services Agreement
Terms and Conditions
15.2 Supplier acknowledges that Bank of America has a responsibility to its customers and other consumers using its services to keep Customer Information strictly confidential. Each of the Parties, as Recipient, hereby agrees that it will not, and will cause its Representatives, consultants, Affiliates and independent contractors not to disclose Confidential Information of the other Party, including Customer Information and Consumer Information, during or after the Term of this Agreement, other than on a “need to know” basis and then only to: (a) Affiliates of Bank of America; (b) Recipient’s employees or officers; (c) Affiliates of Recipient, its independent contractors at any level, agents and consultants, provided that all such persons are subject to a written confidentiality agreement that shall be no less restrictive than the provisions of this Section; (d) pursuant to the exceptions set forth in 15 U.S.C 6802(e) and accompanying regulations, which disclosures are made in the ordinary course of business and (e) as required by law or as otherwise expressly permitted by this Agreement. For the avoidance of doubt, and without limiting the generality of the foregoing, Supplier shall maintain Bank of America Confidential Information in strictest confidence and shall not disclose Bank of America Confidential Information to any party other than as expressly permitted by Sections 15.2(a) through (e) above. Recipient shall not use or disclose Confidential Information of the other Party for any purpose other than to carry out this Agreement. For the avoidance of doubt, and without limiting the generality of the foregoing, Supplier shall only use Bank of America Confidential Information for the benefit of Bank of America and the use of customers of Bank of America and its Affiliates. Recipient shall treat Confidential Information of the other Party with no less care than it employs for its own Confidential Information of a similar nature that it does not wish to disclose, publish or disseminate, but not less than a reasonable level of care. Upon expiration or termination of this Agreement for any reason or at the written request of Bank of America during the Term of this Agreement, Supplier shall promptly return to Bank of America, at Bank of America’s direction, all Bank of America Confidential Information in the possession of Supplier or Supplier’s Subcontractors, subject to and in accordance with the terms and provisions of this Agreement; provided that Bank of America will not request the return of Bank of America Confidential Information solely in order to effect a termination of the Services under this Agreement. This provision will not restrict Bank of America’s rights under Section 5.1 hereof. Notwithstanding anything to the contrary set forth elsewhere in this Agreement, Bank of America shall be permitted to (i) identify Supplier by name, as a Bank of America supplier of bill pay and/or electronic payment processing, routing or hosting services, to any third-party vendor or licensor of Bank of America that has provided Bank of America with technology, other software, intellectual property (and licenses thereto) and/or materials that may from time to time by provided by Bank of America to Supplier hereunder and (ii) disclose the existence of this Agreement and the terms and conditions hereof to any independent third party audit firm (engaged by such vendor or third-party licensor) that agrees to hold in confidence this Agreement and its terms (subject to customary and reasonable exceptions and except as otherwise expressly set forth herein). Such third party audit firm shall not be an Affiliate of such third-party vendor or licensor of Bank of America. The permissions set forth in subsections 15.2(i) and (ii) above are subject to Bank of America and such third-party vendor or licensor first entering into agreements providing that the third party audit firm may view this Agreement solely to the extent necessary to allow the third party audit firm to:
(A) determine if this Agreement (1) limits Supplier’s use of proprietary materials and Confidential Information provided to Supplier hereunder for the benefit of Bank of America, its Affiliates and customers and (2) requires Supplier to hold in confidence any proprietary materials and Confidential Information provided to Supplier hereunder in confidence (subject to the limited exceptions on such duty expressly set forth in this Agreement); and
(B) report on its findings to such third-party vendor or licensor with respect to subsection (A) above, and Bank of America’s applicable agreements with such third party vendors or licenses shall provide that such reporting may only include the auditor’s determinations narrowly tailored to affirmatively or negatively respond to the questions presented in subsection (A) (subject to any customary and reasonable qualifications on its report that the third party audit firm may be required to make).
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
14
|General Services Agreement
Terms and Conditions
15.3 To the extent legally permitted, Recipient shall notify Discloser of any actual or threatened requirement of law to disclose Confidential Information promptly upon receiving actual knowledge thereof and shall cooperate with Discloser’s reasonable, lawful efforts to resist, limit or delay disclosure. Nothing in this Section shall require any notice or other action by Bank of America in connection with requests or demands for Confidential Information by bank examiners.
15.4 Supplier shall not remove from Bank of America’s premises, the original or any reproduction of any notes, memoranda, files, records, or other documents, whether on tangible or electronic media, containing Bank of America’s Confidential Information or any document prepared by or on behalf of Supplier that contains or is based on Bank of America’s Confidential Information, without the prior written consent of an authorized representative of Bank of America. Any document or media provided by an authorized Bank of America Representative or notes taken to document discussions with Bank of America Representatives concerning contract performance will be deemed to fall outside this consent requirement unless otherwise stated by the Bank of America Representative.
15.5 With the exception of Customer Information and Consumer Information, the obligations of confidentiality in this Section shall not apply to any information that (i) Recipient rightfully has in its possession when disclosed to it, free of obligation to Discloser to maintain its confidentiality; (ii) Recipient independently develops without access to Discloser’s Confidential Information; (iii) is or becomes known to the public other than by breach of this Section or (iv) is rightfully received by Recipient from a third party without the obligation of confidentiality. Any combination of Confidential Information disclosed with information not so classified shall not be deemed to be within one of the foregoing exclusions merely because individual portions of such combination are free of any confidentiality obligation or are separately known in the public domain.
15.6 Neither Party shall issue any media releases, public announcements and public disclosures, relating to this Agreement or use the name or logo of the other Party, including, without limitation, in promotional or marketing material or on a list of customers, provided that nothing in this paragraph shall restrict any disclosure required by legal, accounting or regulatory requirements beyond the reasonable control of the releasing Party. Supplier may, acting reasonably and in good faith, request that Bank of America use commercially reasonable efforts to work with Supplier to create promotional activities designed to maximize industry awareness and consumer use of the Services. Notwithstanding the foregoing, Bank of America shall have the sole discretion as to whether to accept or reject such request. In no instance shall such activities or materials contain Bank of America’s names, trademarks, service marks, logos or other proprietary symbols or rights, unless Bank of America has consented in advance in writing.
15.7 Bank of America may disclose products and Services to contractors for the purpose of further handling, processing, modifying and adapting them for the exclusive use of Bank of America, provided that such contractors have agreed to observe in substance the obligations of Bank of America set forth in this Section.
15.8 All Confidential Information and any results of processing Confidential Information or derived in any way therefrom shall at all times remain the property of Bank of America. Supplier shall have responsibility for and bear all risk of loss or damage to Confidential Information and damages resulting from improper or inaccurate processing of such data arising from the negligence or willful misconduct of Supplier, its Representatives or Subcontractors, subject to applicable terms of the relevant SCHEDULE C.
15.9 Supplier acknowledges that Bank of America is required to comply with the information security standards required by the Gramm-Leach-Bliley Act (15 U.S.C. 6801, 6805(b)(1)) and the regulations issued thereunder (12 C.F.R. Part 40), the Fair and Accurate Credit Transactions Act (15 U.S.C. 1681, 1681w) and the regulations issued thereunder (12 C.F.R. Parts 30 and 41) and with other statutory, legal and regulatory requirements (collectively, “Privacy Laws”). If applicable, Supplier shall make commercial best efforts to assist Bank of America to so comply and shall comply and conform with applicable Privacy Laws, as amended from time to time, and with the Bank of America policies for information protection as modified by Bank of America from time to time.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
15
|General Services Agreement
Terms and Conditions
|15.9.1
|Supplier hereby acknowledges and agrees that Supplier has no legal right to access, receive, accept, transmit, store or otherwise impact Confidential Information under any circumstance whatsoever unless and until Bank of America has granted such rights to Supplier after the opportunity to determine the level of Supplier’s compliance with the Bank Security Requirements and such other terms or conditions as Bank of America may require. After granting such rights to Supplier, Bank of America may suspend, revoke or terminate such rights in its sole discretion upon written notice to Supplier. Upon receipt of that notice, Supplier shall (i) immediately stop accessing and/or accepting Confidential Information and (ii) as promptly as practicable [but no later than thirty (30) calendar days after receipt of such notice] return to Bank of America all Confidential Information in its possession on a medium acceptable to Bank of America.
|15.9.2
|As a condition of access to the Confidential Information of Bank of America, Supplier shall make available to Bank of America a copy of its written Information Security Program for evaluation. The program shall be designed to:
|(a)
|Ensure the security, Integrity and confidentiality of Confidential Information;
|(b)
|Protect against any anticipated threats or hazards to the security or integrity of such Confidential Information;
|(c)
|Protect against unauthorized access to or use of such Confidential Information that could result in substantial harm or inconvenience to the person or entity that is the subject of such Confidential Information; and
|(d)
|Ensure the proper disposal of such Confidential Information.
|15.9.3
|At the request of Bank of America, Supplier shall make commercially reasonable modifications to its Information Security Program or to the procedures and practices thereunder to conform at least to the Bank Security Requirements. Supplier shall require any Subcontractors and other persons or entities who provide services to Supplier for delivery to Bank of America directly or indirectly or who hold Confidential Information to implement and administer an information protection program and plan that complies with Bank Security Requirements. Supplier shall include or shall cause to be included in written agreements with such Subcontractors or other persons or entities substantially the terms of this Section and the provisions of SCHEDULE D.
|15.9.4
|One aspect of the determination of Supplier compliance with Bank Security Requirements is a review of Supplier Security Controls. As a condition precedent to performance under this Agreement, Supplier agrees to satisfy the following validation requirements:
|(a)
|Participation in Bank of America’s Supplier assessment process including completion of an online assessment questionnaire;
|(b)
|Periodic discussions between Bank of America personnel and Supplier Information Technology security personnel to review Supplier Security Controls; and
|(c)
|Delivery to Bank of America of network diagrams depicting Supplier perimeter controls and security policies and processes relevant to the protection of Confidential Information. Examples of these policies include, but are not limited to, access control, physical security, patch management, password standards, encryption standards, and change control.
|15.10
|During the course of performance under this Agreement, Supplier shall ensure the following:
|15.10.1
|Adequate governance and risk assessment processes are in place to maintain controls over Confidential Information. A security awareness program must be in place or implemented that communicates security policies to all Supplier (and Supplier Subcontractor(s)) personnel having access to Confidential Information.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
16
|General Services Agreement
Terms and Conditions
|15.10.2
|Notification to Bank of America of changes that may impact the security of Confidential Information. Such changes requiring notification include, by way of example and not limitation, outsourcing of computer networking, data storage, management and processing or other information technology functions or facilities and the implementation of external web-enabled (Internet) access to Confidential Information.
|15.10.3
|Use of strong, industry-standard encryption of Confidential Information transmitted over public networks (e.g. Internet, non-dedicated leased lines) and backup tapes residing at off-site storage facilities.
15.11 Bank of America reserves the right to monitor Supplier-maintained platforms that reside on the Bank of America network. The Supplier may be required, at the expense of Bank of America, to assist with installation, support and problem resolution of Bank of America owned equipment or processes, or to provide an information feed from the Supplier platform to the Bank of America monitoring processes.
15.12 Supplier shall deliver an updated Information Security Program or confirm that no changes have been made to the Information Security Program, each year on the anniversary of the Effective Date.
|
16.0 INDEMNITY
16.1 Supplier shall indemnify, defend, and hold harmless Bank of America and its Representatives, successors and permitted assigns from and against any and all claims made or threatened by any third party and all related losses, expenses, damages, costs and liabilities, including reasonable attorneys’ fees and expenses incurred in investigation or defense (“Damages”), to the extent such Damages arise out of or relate to the following: (a) any negligent act or omission or willful misconduct by Supplier, its Representatives or any Subcontractor engaged by Supplier in the performance of Supplier’s obligations under this Agreement; or (b) any breach in a representation, covenant or obligation of Supplier contained in this Agreement.
16.2 Supplier shall defend or settle at its expense any threat, claim, suit or proceeding arising from or alleging infringement, misappropriation or other violation of any Intellectual Property Rights or any other rights of any third party by products, Work Product or Services furnished under this Agreement. Supplier shall indemnify and hold Bank of America, its Affiliates and each of their Representatives and customers harmless from and against and pay any and all losses, expenses, damages, costs and liabilities, including royalties and license fees and reasonable counsel fees and expenses attributable to such threat, claim, suit or proceeding.
|16.2.1
|If any product, Work Product or Services furnished under this Agreement, including, without limitation, software, system design, equipment or documentation, becomes, or in Bank of America’s or Supplier’s reasonable opinion is likely to become, the subject of any claim, suit, or proceeding arising from or alleging facts that if true would constitute infringement, misappropriation or other violation of, or in the event of any adjudication that such product infringes, misappropriates or otherwise violates, any Intellectual Property Rights or any other rights of a third party, Supplier, at its own expense, shall take the following actions in the listed order of preference: (a) secure for Bank of America the right to continue using the product; or if commercially reasonable efforts are unavailing, (b) replace or modify the product to make it non-infringing; provided, however, that such modification or replacement shall not degrade the operation or performance of the product.
|16.2.2
|The indemnity in the preceding provision shall not extend to any claim of infringement resulting solely from Bank of America’s unauthorized modification of the product or from use of the product in a manner for which the product is not designed or from incorporation of the product with products not approved by Supplier, or from Bank of America Content.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
17
|General Services Agreement
Terms and Conditions
16.3 Subject to Section 16.3.1 below, Bank of America shall defend or settle at its expense any threat, claim, suit or proceeding asserted against Supplier or its Affiliates, Representatives, successors or permitted assigns (the “Supplier Indemnified Parties”) arising from or alleging infringement, misappropriation or other violation of any Intellectual Property Rights or any other rights of any third party by any Bank of America Content provided to Supplier by Bank of America or its Representatives or Affiliates for use by Supplier under this Agreement. Bank of America shall indemnify and hold the Supplier Indemnified Parties harmless from and against and pay any and all losses, expenses, damages, costs and liabilities, including royalties and license fees and reasonable counsel fees and expenses attributable to such threat, claim, suit or proceeding. The indemnity in this provision shall not extend to any claim of infringement resulting solely from (a) unauthorized modification of Bank of America Content by Supplier or Supplier’s Affiliates or Subcontractors, (b) from use of the Bank of America Content in a manner for which the Bank of America Content is not designed, (c) from use of the Bank of America Content in a manner not authorized by Bank of America or otherwise used or handled in violation of this Agreement, or (d) incorporation of the Bank of Content with products or services in a manner not expressly approved by Bank of America.
|16.3.1
|Notwithstanding the foregoing, (x) solely with respect to any portion of Bank of America Content which consists of third party products or materials obtained by Bank of America or its Affiliates from third parties and which Bank of America in turn provides to Supplier (the “Third Party Content”), Bank of America’s obligation set forth in Section 16.3 with respect to such Third Party Content shall only apply with respect to threats, claims, suits or proceedings asserted against the Supplier Indemnified Parties by the Third Party Content Providers (“Third Party Claims”) and the qualifications set forth in Section 16.3(a) – (d) shall equally apply with respect to Third Party Provider Claims; provided, however, (y) if Bank of America provides Third Party Content to Supplier with actual knowledge that Supplier’s use of the Third Party Content in accordance with Bank of America’s directions would constitute infringement, misappropriation of violation of a third party’s Intellectual Property Rights, the limitation on Bank of America’s indemnification obligations set forth in Section 16.3.1(x) shall not apply and Bank of America shall be liable to fully indemnify the Supplier Indemnified Parties as set forth in Section 16.3 with respect to any third party claims subject to indemnification thereunder. As used herein, “Third Party Providers” means third parties from whom Bank of America directly obtained Third Party Content.
16.4 The indemnified Party shall give the indemnifying Party notice of, and the Parties shall cooperate in, the defense of any indemnifiable claim, suit or proceeding, including appeals, negotiations and any settlement or compromise thereof, provided that the indemnified Party must approve the terms of any settlement or compromise that may impose any unindemnified or nonmonetary liability on the indemnified Party.
16.5 Solely in connection with the Aggregation Services to be provided under Schedule A-1, the MFP Services to be provided under Schedule A-2, and the IAV Services to be provided under Schedule A-3:
(a) Bank of America shall defend or settle at its expense any threat, claim, suit or proceeding arising from or alleging (a) infringement, misappropriation or other violation of any Intellectual Property Rights caused by Supplier’s use of Bank Materials in accordance with Bank of America’s instructions or Bank of America’s combination of Supplier’s services, solutions, information or technology with services, solutions, information or technology not provided or approved by Supplier; (b) any improper or unauthorized use, sale, license, distribution or disclosure of Customer Information by Bank of America or its agents; (c) any disclosure by Bank of America or its agents of Customer Information, Program Information or PIN Vault data resulting from third party unauthorized access; or (d) any statement or representation by Bank of America regarding the Aggregation Services, the MFP Services or the IAV Services in excess of Yodlee’s express warranties and the Minimum End User Terms and Conditions herein. Bank of America shall indemnify and hold Supplier, its Affiliates and each of their Representatives and customers harmless from and against and pay any and all losses, expenses, damages, costs and liabilities, including royalties and license fees and reasonable counsel fees and expenses attributable to such threat, claim, suit or proceeding.
(b) Supplier shall give Bank of America notice of, and the Parties shall cooperate in, the defense of any such claim, suit or proceeding set forth in Section 16.5(a) above, including appeals, negotiations and any settlement or compromise thereof, [****].
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
18
|General Services Agreement
Terms and Conditions
|
17.0 LIMITATION OF LIABILITY
17.1 Except as otherwise set forth herein, neither Party shall be liable to the other for any special, indirect, incidental, consequential, punitive or exemplary damages, including, but not limited to, lost profits, even if such Party alleged to be liable has knowledge of the possibility of such damages.
17.2 Except as otherwise set forth herein, each Party’s total liability under this Agreement shall be [****].
17.3 Notwithstanding the foregoing, [****].
17.4 [****].
|
18.0 SUPPLIER DIVERSITY
18.1 Supplier recognizes the Bank of America Supplier Diversity efforts supporting minority, woman and disabled-owned business enterprises and its commitment to the participation of minority, woman and disabled-owned business enterprises in its construction, procurement and professional services programs. This section does not require Supplier to change its services and failure to adhere to such provisions shall in no event constitute a breach of this Agreement.
18.2 Definitions: For purposes of this Agreement, the following are the definitions of “Minority-Owned Business Enterprise,” “Minority Group,” “Woman-Owned Business Enterprise,” “Disabled Veteran-Owned Business Enterprise” and “Disabled-Owned Business Enterprise:”
|18.2.1
|“Minority-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, physically located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated and controlled, by one or more member(s) of a Minority Group who maintain United States citizenship.
|18.2.2
|“Minority Group” means African Americans, Hispanic Americans, Native Americans (American Indians, Eskimos, Aleuts, and native Hawaiians), Asian-Pacific Americans, and other minority group as recognized by the United States Small Business Administration Office of Minority Small Business and Capital Ownership Development.
|18.2.3
|“Woman-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated and controlled by a female of United States citizenship.
|18.2.4
|“Disabled Veteran-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated, and controlled by a disabled veteran. The disabled veteran’s ownership and control shall be real and continuing and not created solely to take advantage of special or set aside programs aimed at supplier diversity. The Association of Service Disabled Veterans, www.asdv.org provides certification for this category of business owners throughout the United States.
|18.2.5
|
“Disabled-Owned Business Enterprise” is recognized as a “for profit” enterprise, regardless of size, located in the United States or its trust territories, which is at least fifty-one (51%) percent owned, operated and controlled, by an individual of United States citizenship with a permanent mental or
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
19
|General Services Agreement
Terms and Conditions
|physical impairment that substantially limits one or more of the major life activities and which has a significant negative impact upon the company’s ability to successfully compete. The ownership and control shall be real and continuing and not created solely to take advantage of special or set aside programs aimed at supplier diversity. Due to the absence of a certifying agency for this category of business owners, the Disabled-Owned Business Enterprise must complete an affidavit and provide supporting documentation to be eligible for consideration towards diverse supplier participation.
18.3 In addition to the above criteria to qualify as a Minority, Woman or Disabled-Owned Business Enterprise under this Agreement, the diverse supplier must be certified by an agency acceptable to Bank of America.
|
19.0 ENVIRONMENTAL INITIATIVE
Supplier acknowledges that Bank of America encourages each supplier with which it enters into an agreement for the provision of goods or services to use, consistent with the efficient performance of such agreements, recycled paper goods, and to implement and adhere to other environmentally beneficial policies and practices. Supplier warrants that Supplier uses environmentally beneficial practices specific to its industry that meet at least the minimum standard recommended for its industry. Upon Bank of America’s request, Supplier will provide written information on its environmental policies and procedures. This section does not require Supplier to change its services and failure to adhere to such provisions shall in no event constitute a breach of this Agreement.
|
20.0 AUDIT
20.1 Supplier shall maintain at no additional cost to Bank of America other than as specified in the applicable Schedule B, in a reasonably accessible location, all Records pertaining to its products and Services provided to Bank of America under this Agreement for a period of seven (7) years or as required by law, if longer, unless otherwise specified in any serially-numbered Schedule A. Such Supplier Records referenced above may be inspected, audited and copied by Bank of America, its Representatives or by federal or state agencies having jurisdiction over Bank of America, during normal business hours and at such reasonable times as Bank of America and Supplier may determine. Records available for review shall exclude any records pertaining to Supplier’s other customers deemed proprietary and confidential and Supplier confidential and proprietary records not associated with the products and Services provided under the Agreement. Supplier will give prior notice to Bank of America of requests by federal or state authorities to examine Supplier’s Bank of America Records. At Bank of America’s written request, Supplier shall reasonably cooperate with Bank of America in seeking a protective order with respect to such Records. At Supplier’s written request, Bank of America shall reasonably cooperate with Supplier in seeking a protective order with respect to such Records.
20.2 Supplier shall provide at its expense on an annual basis, a copy of the latest (a) SAS70 (Statement on Auditing Standards No. 70, Service Organizations) Type II or (b) BITS Financial Services Shared Assessment Program (FISAP) independent audit firm report for facilities not managed by Bank of America that are used to provide Services under this Agreement. If not available, Supplier, at its sole cost and expense, will engage a nationally recognized certified public accounting firm to conduct the audit and prepare applicable reports. Each report will cover a minimum six (6) calendar month period each calendar year during the Term. Supplier shall provide Bank of America with the scope of the audit and a complete copy of each report prepared in connection with each such audit within thirty (30) calendar days after it receives such report.
20.3 Supplier shall provide a copy of the latest operational audit for facilities not managed by Bank of America that are used to provide Services under this Agreement. If necessary, Supplier, at its sole cost and expense, will engage a nationally recognized certified public accounting firm to conduct the audit and prepare applicable reports. For SAS 70 Type II reports, each report will cover a calendar six (6) month period each calendar year during the Term. Such audits may be on a rotating site basis where operations and procedures of Supplier Services provided to Bank of America are in multiple locations in order to confirm that
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
20
|General Services Agreement
Terms and Conditions
Supplier is in compliance in all aspects of the Agreement. Supplier shall provide Bank of America with a copy of each report prepared in connection with each such audit within thirty (30) calendar days after it receives such report.
20.4 During regular business hours but no more frequently than once a year, Bank of America may, at its sole expense, perform a confidential audit of Supplier’s operations as they pertain to the products or Services provided under this Agreement, including Supplier’s facilities in both the United States and India. Such audits shall be conducted on a mutually agreed upon date [which shall be no more than ten (10) Business Days after Bank of America’s written notice of time, location and duration], subject to reasonable postponement by Supplier upon Supplier’s reasonable request, provided, however, that no such postponement shall exceed twenty (20) Business Days. Bank of America will provide Supplier a summary of the findings from each report prepared in connection with any such audit and discuss results, including any remediation plans. If audit results find Supplier is not in substantial compliance with the requirements of this Agreement, then Bank of America shall be entitled, at Supplier’s expense, to perform up to two (2) additional such audits in that year in accordance with the procedure set forth in this Section. Supplier agrees to promptly take action at its expense to correct those matters or items identified in any such audit that require correction. Failure to correct such matters shall be considered a material breach of this Agreement.
20.5 Supplier will provide reasonable access to Bank of America’s federal and state governmental regulators (at a minimum, to the extent required by law), at Bank of America’s expense, to Bank of America’s Records held by Supplier and to the procedures and facilities of Supplier relating to the products and Services provided under this Agreement. Pursuant to 12 U.S.C. 1867(c), the performance of such Services will be subject to regulation and examination by the appropriate federal banking agency to the same extent as if the Services were being performed by Bank of America itself. Supplier acknowledges and agrees that regulatory agencies may audit Supplier’s performance at any time during normal business hours and that such audits may include both methods and results under this Agreement.
20.6 Upon prior written notice and at a mutually acceptable time, Bank of America personnel or its Representatives (e.g., external audit consultants) may audit, test or inspect Supplier’s Information Security Program and its facilities to assure Bank of America’s data and Confidential Information are adequately protected. This right to audit is in addition to the other audit rights or assessments granted herein. Bank of America will determine the scope of such audits, tests or inspections, which may extend to Supplier’s Subcontractors and other Supplier resources (other systems, environmental support, recovery processes, etc.) used to support the systems and handling of Confidential Information. Supplier will inform Bank of America of any internal auditing capability it possesses and permit Bank of America’s personnel to consult on a confidential basis with such auditors at all reasonable times. Bank of America may provide Supplier a summary of the findings from each report prepared in connection with any such audit and discuss results, including any remediation plans. Without limiting any other rights of Bank of America herein, if Supplier is in breach or otherwise not compliant with any of the provisions set forth in the Section of this Agreement entitled “Confidentiality and Information Protection” and/or SCHEDULE D, then Bank of America may conduct additional audits.
20.7 In addition to the requirements under this Section 20.0 and upon Bank of America’s request, Supplier shall deliver to Bank of America, within thirty (30) calendar days after its receipt by its board of directors or senior management, a copy of any preliminary or final report of audit of Supplier by any third-party auditors retained by Supplier, including any management letter such auditors submit, and on any other audit or inspection upon which Bank of America and Supplier may mutually agree.
|
21.0 NON-ASSIGNMENT
Neither Party may assign this Agreement or any of the rights hereunder or delegate any of its obligations hereunder, without the prior written consent of the other Party (which consent shall not be unreasonably withheld), and any such attempted assignment shall be void, except that Bank of America or any permitted Bank of America assignee may assign any of its rights and obligations under this Agreement to any Bank of
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
21
|General Services Agreement
Terms and Conditions
America Affiliate, the surviving corporation with or into which Bank of America or such assignee may merge or consolidate or an entity to which Bank of America or such assignee transfers all, or substantially all, of its business and assets. For avoidance of doubt, Supplier acknowledges and agrees that a refusal by Bank of America to grant consent to an assignment shall not be deemed unreasonable with respect to an assignment by the Supplier of this Agreement or its rights and obligations to (a) another bank, financial institution or any other entity whom Bank of America views in good faith as a competitor or (b) any entity whom Bank of America in good faith believes to be unable (i) to provide the Services in a manner that meets the quality expectations of Bank of America or (ii) to otherwise fulfill the Supplier’s obligations set forth herein. The foregoing sentence is not intended to limit Bank of America’s right to reasonably withhold consent to any other assignment of this Agreement or the Supplier’s rights and obligations hereunder by the Supplier.
|
22.0 GOVERNING LAW
This Agreement shall be governed by the internal laws, and not by the laws regarding conflicts of laws, of the State of New York. Each Party hereby submits to the exclusive jurisdiction of the courts of such state, and waives any objection to venue with respect to actions brought in such courts. This provision shall not be construed to conflict with the provisions of the Section entitled “Mediation/Arbitration.”
|
23.0 DISPUTE RESOLUTION
The following procedure will be adhered to in all disputes arising under this Agreement which the Parties cannot resolve informally through their Relationship Managers. The aggrieved Party shall notify the other Party in writing of the nature of the dispute with as much detail as possible about the deficient performance of the other Party. The Relationship Managers shall meet (in person or by telephone) within seven (7) calendar days after the date of the written notification to reach an agreement about the nature of the deficiency and the corrective action to be taken by the respective Parties. If the Relationship Managers do not meet or are unable to agree on corrective action, senior managers of the Parties having authority to resolve the dispute without the further consent of any other person (“Management”) shall meet or otherwise act to facilitate an agreement within fourteen (14) calendar days of the date of the written notification. If Management do not meet or cannot resolve the dispute or agree upon a written plan of corrective action to do so within seven (7) calendar days after their initial meeting or other action, or if the agreed-upon completion dates in the written plan of corrective action are exceeded, either Party may request mediation and/or arbitration as provided for in this Agreement. Except as otherwise specifically provided, neither Party shall initiate arbitration, mediation or litigation unless and until this dispute resolution procedure has been substantially complied with or waived. Failure of a Party to fulfill its obligations in this Section, including failure to meet timely upon the other Party’s notice, shall be deemed such a waiver.
|
24.0 MEDIATION/ARBITRATION
24.1 If the Parties are unable to resolve a dispute arising out of or relating to this Agreement in accordance with the Section entitled “Dispute Resolution,” the Parties will in good faith attempt to resolve such dispute through non-binding mediation before a mediator acceptable to both sides, provided, however, a dispute relating to infringement of Intellectual Property Rights or the Section entitled “Confidentiality and Information Protection” shall not be subject to this Section entitled “Mediation/Arbitration”.
24.2 Any controversy or claim, other than those specifically excluded, between or among the Parties not resolved through mediation under the preceding provision, shall at the request of a Party be determined by arbitration. The arbitration shall be conducted by one independent arbitrator who shall be a retired judge or attorney practicing in the areas of banking and information technology law. The arbitration shall be held in New York, NY in accordance with the United States Arbitration Act (9 U.S.C. 1 et seq.), notwithstanding any choice of law provision in this Agreement, and under the auspices and the Commercial Arbitration Rules of the American Arbitration Association.
24.3 Consistent with the expedited nature of arbitration, each Party will, upon the written request of the other Party, promptly provide the other with copies of documents relevant to the issues raised by any claim or counterclaim on which the producing Party may rely in support of or in opposition to any claim or
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
22
|General Services Agreement
Terms and Conditions
defense. At the request of a Party, the arbitrator shall have the discretion to order examination by deposition of witnesses to the extent the arbitrator deems such additional discovery relevant and appropriate. Depositions shall be limited to a maximum of three (3) per Party and shall be held within thirty (30) calendar days of the making of a request. Additional depositions may be scheduled only with the permission of the arbitrator, and for good cause shown. Each deposition shall be limited to a maximum of three (3) hours duration. All objections are reserved for the arbitration hearing except for objections based on privilege and proprietary or confidential information. Any dispute regarding discovery, or the relevance or scope thereof, shall be determined by the arbitrator, which determination shall be conclusive. All discovery shall be completed within sixty (60) calendar days following the appointment of the arbitrator.
24.4 The arbitrator shall give effect to statutes of limitation in determining any claim, and any controversy concerning whether an issue is arbitrable shall be determined by the arbitrator. The arbitrator shall follow the law in reaching a reasoned decision and shall deliver a written opinion setting forth findings of fact, conclusions of law and the rationale for the decision. The arbitrator shall reconsider the decision once upon the motion and at the expense of a Party. The Section of this Agreement entitled “Confidentiality and Information Protection” shall apply to the arbitration proceeding, all evidence taken, and the arbitrator’s opinion, which shall be Confidential Information of both Parties. Judgment upon the decision rendered by the arbitrator may be entered in any court having jurisdiction.
24.5 No provision of this Section shall limit the right of a Party to obtain provisional or ancillary remedies from a court of competent jurisdiction before, after, or during the pendency of any arbitration. The exercise of a remedy does not waive the right of either Party to resort to arbitration. The institution and maintenance of an action for judicial relief or pursuit of a provisional or ancillary remedy shall not constitute a waiver of the right of either Party to submit the controversy or claim to arbitration if the other Party contests such action for judicial relief.
24.6 In any arbitration or other action to collect amounts due under SCHEDULE B-1 or B-2, the arbitrator or other adjudicator shall be entitled, in his/her discretion, to award interest from the date any payment was due, and/or attorneys’ fees and/or costs, to a Party.
|
25.0 NON-EXCLUSIVE NATURE OF AGREEMENT
Supplier agrees that it shall not be considered Bank of America’s exclusive provider of any goods or Services provided hereunder. Bank of America retains the unconditional right to utilize other suppliers in the provision of similar services.
|
26.0 OWNERSHIP OF WORK PRODUCT
26.1 Bank of America will own exclusively all Work Product. Work Product, to the extent permitted by law, shall be deemed “works made for hire” (as that term is defined in the United States Copyright Act). To the extent the Work Product is not “works made for hire,” Supplier hereby assigns to Bank of America all right, title and interest (including all Intellectual Property Rights in the Work Product). Supplier shall provide Bank of America upon request with all assistance reasonably required to register or perfect such right, title and interest, including providing pertinent information and, executing all applications, specifications, oaths, assignments and all other instruments that Bank of America shall deem necessary in order to apply for and obtain such right, title and interest. Supplier shall enter into agreements with all of its Representatives and Subcontractors necessary to establish Bank of America’s sole ownership in the Work Product. Bank of America acknowledges Supplier’s and its licensors’ claims of proprietary rights in preexisting works of authorship and other intellectual property Supplier uses in its work pursuant to this Agreement. Bank of America does not claim any right not expressly granted by this Agreement in such works or intellectual property, which shall not be Work Product, even if incorporated with Work Product in the product Supplier delivers to Bank of America. Unless otherwise agreed in a SOW, Supplier grants Bank of America a perpetual, worldwide, irrevocable (subject to payment of the applicable mutually agreed upon amounts with respect to such Work Product), nonexclusive, royalty free license to any Intellectual Property Rights embedded in the Work Product, which shall permit Bank of
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
23
|General Services Agreement
Terms and Conditions
America and any transferee or sublicensee of Bank of America, subject to the restrictions in this Agreement, to use and modify such embedded materials as necessary or desirable for, but solely in connection with, the full use of the Work Product. Supplier and its personnel shall retain the right to use their general knowledge, experience, and know-how developed by Supplier in creating Work Product hereunder, including but not limited to use in connection with other client engagements entered into by Supplier, and as part of products or in the course of performing services for such other clients, but only to the extent that such items do not constitute, contain or embody Confidential Information of Bank of America and Supplier may not under any circumstance use for its benefit or the benefit of any third parties, or distribute, license or sale, Work Product to any other third party.
26.2 Supplier shall promptly notify Bank of America in writing, of any threat, or the filing of any action, suit or proceeding, against Supplier, its Affiliates, Subcontractors or Representatives, (i) alleging infringement, misappropriation or other violation of any Intellectual Property Right related to any product, Work Product or Service furnished under this Agreement, or (ii) in which an adverse decision would reasonably be expected to have a material adverse effect on the Supplier or the use by Bank of America of the products, Work Product or Services furnished under this Agreement.
26.3 Without limiting its obligations under the Section entitled “Confidentiality and Information Protection”, Supplier acknowledges and agrees that it may use Customer Information and Consumer Information, subject to the provisions set forth in the Section entitled “Confidentiality and Information Protection” set forth above, solely to provide, support and enhance the Services; provided, however, it may use, sell, license, distribute and disclose derivative data based originally on Customer Information and Consumer Information that has been compiled and aggregated with other data (“Aggregated Data”), provided that such Aggregated Data does not set forth the names, addresses, phone numbers, email addresses, account numbers or any non-publicly available personally identifiable information concerning such customers, consumers or other persons. In addition to the foregoing, Aggregated Data will not be identifiable as associated with a particular person or Bank of America. Supplier will not use the Customer Information or Consumer Information in any manner (a) prohibited by law and (b) not permitted under this Agreement. Supplier shall not use Aggregated Data to market any of its products or services to Bank of America customers without the express written consent of Bank of America.
26.4 The parties further agree as follows in connection with the Services in A-1, A-2, and A-3:
(a) Supplier understands and agrees that Bank of America is the exclusive owner of and holds and shall retain, all right, title and interest in and to the Bank Materials, including without limitation all Intellectual Property therein.
(b) Bank of America hereby grants to Supplier a nonexclusive, worldwide, revocable and royalty-free right and license to store, reproduce, display, perform, transmit and use the Bank Materials on the applicable Service pages solely for the purpose of operating the Services for the benefit of Bank of America and its customers. Subject to the limitations contained in this Agreement, Supplier grants to Bank of America a nonexclusive, non-transferable, limited license to display or link to the Services on the Bank of America Site. In the event Bank of America is licensing the SDK Service, any license grants/restrictions will be set forth in the appropriate SCHEDULE A.
(c) Trademarks. Each party (the “Using Party”) agrees that, with respect to its use of the other party’s (the “Owning Party”) trademarks, marks and trade names (“Marks”) provided or otherwise identified by the Owning Party for the Using Party’s use: (a) as between the parties, all rights in and to such Marks are owned by the Owning Party, (b) the Using Party will do nothing inconsistent with such ownership, (c) all uses of such Marks shall inure to the sole benefit of and be on behalf of the Owning Party, (d) it will use the Owning Party’s Marks in strict accordance with any guidelines for the use of such Marks as provided by the Owning Party from time to time, (e) it will not alter any such Marks and shall use only exact reproductions thereof as supplied by the Owning Party, (f) at the Owning Party’s reasonable request, all depictions of such Marks which the Using Party intends to use will be submitted to the Owning Party for approval of design, color, or other details. The Parties agree in good faith to discuss the uses of Marks during the Term relating to the Services.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
24
|General Services Agreement
Terms and Conditions
(d) Except as specifically provided herein, Bank of America does not grant to Supplier any right or license, express or implied, in the Bank of America Materials or any other Bank of America Intellectual Property. Except as specifically provided herein or as otherwise agreed by the Parties in writing, Supplier does not grant to Bank of America any right or license, express or implied, in the Supplier Technology provided hereunder or any other Supplier Intellectual Property Rights.
(e) Except as expressly agreed otherwise by the Parties in writing, Bank of America shall not (a) reverse engineer, disassemble, decompile or otherwise attempt to derive source code from the Supplier Technology, (b) make the Supplier Technology available to any third parties other than as expressly permitted in this Agreement, (c) modify, adapt, translate or create derivative works based on the Supplier Technology, (d) reproduce any portion of the Supplier Technology except as expressly permitted herein, or (e) permit or authorize any party to do any of the foregoing.
26.5 Data Feeds. During the term of the Agreement, Bank of America shall make available to Yodlee an API for the purpose of Yodlee having access to Bank of America customer consumer account data related to Bank of America consumer customers who have signed up for Yodlee’s financial aggregation services. Yodlee shall comply with the confidentiality and information security obligations set forth in the Agreement with respect to the handling of such data, and without limitation of the foregoing, Yodlee shall access such API and customer data for the sole purpose of assembling, aggregating and providing such data to the Bank of America customer to whom such data relates. For avoidance of doubt, such data constitutes Confidential Information of Bank of America. During the term of the Agreement, the parties shall use commercially reasonable efforts to find more efficient ways in which such data may be accessed by Yodlee consistent with the terms and provisions of the Agreement, including, but not limited to, the confidentiality and information security obligations of this Agreement. In the event of a conflict between this provision and the provisions of the section of the Agreement entitled “Confidentiality and Information Security”, the “Confidentiality and Information Security” section shall govern. In any event, subject to its compliance with applicable data privacy laws and regulations, Yodlee shall be entitled to use for the benefit of, and disclose to, a consumer customer then actively subscribing to Yodlee’s financial aggregation services, that consumer customer’s account data in connection with Yodlee providing financial aggregation services to that consumer customer. For avoidance of doubt, nothing in this Section prevents Bank of America from offering similar APIs or data feeds to other parties.
|
27.0 MISCELLANEOUS
27.1 Bank of America and Supplier represent that they are equal opportunity employers and do not discriminate in employment of persons or awarding of subcontracts because of a person’s race, sex, age, religion, national origin, veteran or handicap status. Supplier is aware of and fully informed of Supplier’s responsibilities and agrees to the provisions under the following: (a) Executive Order 11246, as amended or superseded in whole or in part, and as contained in Section 202 of the Executive Order as found at 41 C.F.R. § 60-1.4(a)(1-7); (b) Section 503 of the Rehabilitation Act of 1973 as contained in 41 C.F.R. § 60-741.4; and (c) The Vietnam Era Veterans’ Readjustment Assistance Act of 1974 as contained in 41 C.F.R. § 60-250.4.
27.2 Section headings are included for convenience or reference only and are not intended to define or limit the scope of any provision of this Agreement and should not be used to construe or interpret this Agreement.
27.3 No delay, failure or waiver of either Party’s exercise or partial exercise of any right or remedy under this Agreement shall operate to limit, impair, preclude, cancel, waive or otherwise affect such right or remedy. Any waiver by either Party of any provision of this Agreement shall not imply a subsequent waiver of that or any other provision of this Agreement.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
25
|General Services Agreement
Terms and Conditions
27.4 If any provision of this Agreement is held invalid, illegal or unenforceable, the validity, legality or enforceability of the remaining provisions shall in no way be affected or impaired thereby.
27.5 No amendments of any provision of this Agreement shall be valid unless made by an instrument in writing signed by both Parties specifically referencing this Agreement. Notwithstanding anything therein to the contrary, the terms of any Order to this Agreement shall supplement and not replace or amend the terms or provisions of this Agreement and the terms and provisions of this Agreement shall control in the event of any conflict between such terms thereof and the terms and provisions of this Agreement and such conflict shall be resolved in favor of the express terms and provisions of this Agreement. The terms and provisions of this Agreement shall be incorporated by reference into any Order to this Agreement.
27.6 Anything in this Agreement to the contrary notwithstanding, the Parties hereby agree that thirty (30) calendar days after written notice by Bank of America of any amendment to this Agreement for compliance with a change in federal law, rule or regulation affecting financial services companies or the suppliers of financial services companies, this Agreement shall be amended by such notice and the amendment contained therein and without need for further action of the Parties, and the Agreement, as amended thereby, shall be enforceable against the Parties, their successors and assigns. The notice provided hereunder shall set forth such change and provide the relevant amendment to the Agreement. Bank of America shall have the right to terminate immediately the Agreement, without further liability to Supplier, in the event of Supplier’s failure to comply with the terms and conditions of any such amendment to the Agreement.
27.7 This Agreement may be executed by the Parties in one or more counterparts, and each of which when so executed shall be an original but all such counterparts shall constitute one and the same instrument.
27.8 The remedies under this Agreement shall be cumulative and are not exclusive. Election of one remedy shall not preclude pursuit of other remedies available under this Agreement or at law or in equity. In arbitration a Party may seek any remedy generally available under the governing law.
27.9 Notwithstanding the general rules of construction, both Bank of America and Supplier acknowledge that both Parties were given an equal opportunity to negotiate the terms and conditions contained in this Agreement, and agree that the identity of the drafter of this Agreement is not relevant to any interpretation of the terms and conditions of this Agreement.
27.10 All notices or other communications required under this Agreement shall be given to the Parties in writing to the applicable addresses set forth on the signature page, or to such other addresses as the Parties may substitute by written notice given in the manner prescribed in this Section as follows: (a) by first class, registered or certified United States mail, return receipt requested and postage prepaid, (b) over-night express courier or (c) by hand delivery to such addresses. Such notices shall be deemed to have been duly given (i) five (5) Business Days after the date of mailing as described above, (ii) one (1) Business Day after being received by an express courier during business hours, or (iii) the same day if by hand delivery.
27.11 Wherever this Agreement requires either Party’s approval or consent such approval or consent shall not be unreasonably withheld or delayed.
27.12 This Agreement shall be binding upon, and inure to the benefit of, the Parties and their respective permitted successors and assigns. Except as expressly set forth in this Agreement and with the exception of the Affiliates of Bank of America, the Parties do not intend the benefits of this Agreement to inure to any third party, and nothing contained herein shall be construed as creating any right, claim or cause of action in favor of any such other third party, against either of the Parties hereto.
27.13 Any transaction undertaken pursuant to this Agreement in which Supplier furnishes services shall be governed by Article 2 of the Uniform Commercial Code as if the services were goods, unless the applicable law of the state of the governing law expressly otherwise provides.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
26
|General Services Agreement
Terms and Conditions
|
28.0 ENTIRE AGREEMENT
This Agreement, together with the Schedules, and other documents incorporated herein by reference, represent the final, full and exclusive expression of the agreement of the Parties on the subject matter hereof and supersedes all prior agreements, understandings, writings, proposals, representations and communications, oral or written, of either Party with respect to the subject matter hereof and the transactions contemplated hereby. The Parties agree to accept a digital image of this Agreement, as executed, as a true and correct original and admissible as best evidence to, the extent permitted by a court with proper jurisdiction.
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
27
|
SCHEDULE A-1
Service Specifications – Aggregation Services
SCHEDULE A-1
AGGREGATION SERVICES
Yodlee will provide the Services set forth herein.
Both parties agree to use commercially reasonable efforts to fully implement and launch PFM 10 Services by no later than March 31, 2012. Subject to, and not limitation of, all rights and remedies available to Bank of America, and the obligations of Supplier, under the Agreement and the Schedules thereto (including, but not limited to, any termination rights available to Bank of America), Bank of America shall use commercially reasonable efforts to offer the Hosting Services to Registered Users throughout the SCHEDULE TERM (as defined below).
During the term of this Schedule, Supplier shall provide the financial aggregation applications and services described herein to the following divisions of Bank of America (and any successor divisions thereto): the Consumer/Small Business Banking Division (the “Contracting Divisions”).
1. Definitions. All capitalized terms not defined elsewhere in the Agreement or in this Schedule shall have the meanings given them below.
Application – means a software application that receives, uses, displays and manipulates Registered User data supplied via the SDK Service for the exclusive use of Bank of America, its Affiliates and the Registered Users. The applications are created through the use of the SDK service.
Active User – A Registered User is considered “Active” for billing purposes with respect to any calendar month if the Registered User has logged into the Hosted Service, or received an alert or whose Held or Held Away Account was refreshed due to a batch feed update or with respect to whom an SDK request was made, in the previous [****]. For avoidance of doubt, as of the date the parties have entered into this SCHEDULE, Bank of America has not agreed to use the “alert” or “batch feed update” functionality or services, and such functionality or services shall not be implemented until such time as Bank of America has consented in writing to their implementation and use. The term “Active User” is used in SCHEDULE B-1 of the Agreement for purposes of calculating certain Service fees.
Co-Brand Deployment Kit or CBDK – means the generally available version, as of October 1, 2011, of the “Co-Brand Deployment Kit”, which shall be provided to Bank of America in the form of a document for completion by Bank of America. Such completed file shall to be used in connection for establishment of the Hosted Service listed below, as delivered by Supplier to Bank of America.
Cut-Over Date – the date that Supplier ceases to host PFM 9.x for the benefit of the Consumer/Small Business Banking Division and their Registered Users, and the date that Supplier commences to host PFM 10.x for the benefit of the Consumer/Small Business Banking Division and their Registered Users. The parties shall mutually agree as to the Cut-Over Date.
Bank of America Site – means Bank of America site on the World Wide Web located at Uniform Resource Locators (“URL”) www.bankofamerica.com, or such other site as Bank of America may designate from time to time.
Data Source – a single data source from which Supplier can dynamically extract information to be displayed in the Services. A single data source is a collection of data at one location or web site.
Data Source Provider – a company or other entity that provides, maintains, operates or is otherwise responsible for any Data Source.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
1
|
SCHEDULE A-1
Service Specifications – Aggregation Services
Held Account – means a Registered User’s Bank of America personal deposit or credit card account that is linked to the Hosted Service or SDK Service or any account a Registered User has with Bank of America’s Affiliates.
Held Away Account – means a Registered User’s account with a financial institution or other third party other than Bank of America that is linked to the Hosted Service or SDK Service.
Hosted Service – means the hosting, maintenance, support and provision of PFM 9 and/or PFM 10 (or such other mutually agreed upon updated/upgraded version of Supplier’s PFM application), for the use and benefit of Bank of America and the Registered Users in accordance with the terms of this Schedule.
Integrated Service – means the service provided through the integration of the SDK Service and the Application pursuant to this Schedule.
Integrated Service Pages – means all pages on which the Integrated Service is displayed or made available for use by Registered Users.
Registered User – any customer of the Contracted Divisions who registers, or is registered by Bank of America, to use the Hosted Services and/or Integrated Services.
SDK means the 10.x version of the Supplier platform software development kit for Supplier’s PersonalFinance product.
SDK Service means the service provided by Supplier to supply Registered User data to Applications developed with the SDK.
Service Pages means all pages on which the Hosted Service is displayed or made available for use by Registered Users.
Upgrade – means a new version of a software application which adds or replaces functional capabilities from those capabilities existing in the previous version of such software application.
2. Term. The initial term of this Schedule shall commence on October 1, 2011 and shall continue through December 31, 2014 (“Schedule Initial Term”). So long as the Agreement is then in effect, Bank of America may renew this Schedule for successive one year terms (a “Schedule Renewal Term”), subject to Bank of America providing at least 30 days written notice of such renewal prior to the expiration of the then current term. The Schedule Initial Term and any Renewal Term(s) of this Product Schedule are the “Schedule Term.” This Schedule may be terminated in accordance with the applicable provisions of the Agreement and/or Schedules.
3. Hosted Services Offering.
(a) PFM 9 PFM 9.x is an online personal, financial management application that allows Registered Users of the Consumer/Small Business Banking Division to view, manage and transact upon all their financial accounts (whether or not such accounts are a Held Account or a Held Away Account). As of the date hereof, Supplier continues to host, and the Consumer/Small Business Banking Division and their customers continue to use, PFM 9.x. During the term of this Schedule until the Cut-Over Date (the “PFM 9 Service Period”), Supplier shall continue to host, make available, maintain, operate and support PFM 9 for the benefit of the Consumer/Small Business Banking Division and their customers in accordance with the service levels set forth in Schedule C-1 of the Agreement. Supplier shall ensure that during the PFM 9 Service Period, the PFM 9 Hosted Service shall include, at a minimum, the following key features (“PFM 9 Key Features”):
|•
|Account Details
|•
|Transaction Register for single account and across multiple accounts
|•
|Unlimited transaction history
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
2
|
SCHEDULE A-1
Service Specifications – Aggregation Services
|•
|Running Balance
|•
|Projected Balance
|•
|Transaction Search
|•
|Account and Transaction memo
|•
|Transaction Categorization
|•
|Transaction Classification
|•
|Automatic Display of the Held Accounts for a Registered User
|•
|Budgeting Tools
|•
|Easy to create and maintain online budget
|•
|Weekly and Monthly Status Report
|•
|Category threshold alerts
|•
|Budget vs. Actual report
|•
|PFM Reports
|•
|Expense Analysis
|•
|Spending Analysis
|•
|Transactional Reporting
|•
|Credit Card Utilization Report
|•
|Net Worth Summary Statement
|•
|Account Summary
|•
|Dashboard
|•
|Rewards Manager
|•
|Portfolio Manager
|•
|Rich Data for up and cross sell
|•
|Fully Customizable user interface
(b) PFM 10. PFM 10.x is an Upgrade of Supplier’s PFM 9 online personal, financial management application. PFM 10 shall include the following key features as core Yodlee FinApps (“PFM 10 Key Features”):
|•
|Account Management
|•
|Ability to view, manage, set up alerts, share, view charts for all account data
|•
|Transaction Management
|•
|Ability to view transactions with category, modify, recategorize, manage categories, split etc.
|•
|Budgeting
|•
|Ability to budget for fixed and discretionary expenses, budget for categories, set up budget alerts, view charts
|•
|Spending Reports
|•
|Ability to view category wise spent data over a time period
|•
|Net Worth
|•
|Ability to view net worth and view net worth change charts
|•
|Portfolio Manager
|•
|Ability to track investment accounts and holdings
|•
|Bill Reminder
|•
|Ability to add a bill and set up reminders on bill due, new bill etc.
|•
|Save for a Goal
|•
|Ability for a Registered User to create a goal and track progress
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
3
|
SCHEDULE A-1
Service Specifications – Aggregation Services
From and after the Cut-Over Date and through the end of the Schedule Term, Supplier shall host, make available, maintain, operate and support PFM 10.x for the benefit of the Consumer/Small Business Banking Division and their customers in accordance with the service levels set forth in Schedule C-1 of the Agreement. Except as set forth in the Agreement, this Schedule any other Schedules thereto, Supplier shall make available to the Consumer/Small Business Banking Division and their customers the standard version of PFM 10.x that Supplier generally makes available to its commercial and consumer customers. The parties shall use commercially reasonably efforts to implement the Cut-Over Date by March 31, 2012.
(c) Notwithstanding anything herein to the contrary, (i) Supplier shall not deploy, make available or provide links to any paid FinApps or a FinApp Store, or any similar service offerings, as part of the Hosted Service without the advance written approval of Bank of America; (ii) Supplier shall not materially modify the functionality of the Hosted Services used by Bank of America or its Registered Users, or eliminate a feature of the Hosted Services used by Bank of America or its Registered Users, without the advance written approval of Bank of America; (iii) Bank of America may use the Supplier provided CBDK to modify and configure the Hosted Service; and (iv) the Hosted Service shall have the look and feel of a Bank of America web site and Bank of America shall have the right to approve the look and feel of the Hosted Service and the use of any Bank of America brands, logos and marks used in connection with the Hosted Service.
(d) The Service Pages for the Hosted Service will be served on a single URL as determined by Bank of America in its sole discretion.
(e) Service Pages will be constructed with Supplier core FinApps as described above in PFM 10 Key Features. Supplier FinApps can reside inside the Hosted service pages hosted by Supplier or within the online banking pages hosted by the Bank of America. Unless otherwise agreed to by Bank of America in writing, all FinApps available as part of the Hosted Service shall be owned by Supplier and shall be made available without charge to Registered Users. Such FinApps shall be hosted by Yodlee. The Hosted Service and the FinApps shall not contain any computer instructions, software code, or other technological means whose purpose is to disrupt, damage or interfere with the computers and systems of Bank of America or Registered Users.
(f) The Service Pages will be hosted solely by Supplier and all Supplier Technology shall be exclusively hosted, maintained and operated by Supplier. Bank of America shall maintain, operate, serve and otherwise be responsible for the Bank of America Site.
(g) Bank of America shall not repackage, redistribute, divert, license, rent, or resell Registered User relating to Held Away Accounts to or for the benefit of any third party (other than to Registered Users to whom the data relates).
(h) With respect to PFM 10.x all Service Site pages or components Supplier develops or hosts that will be branded with the Bank of America name or logo, shall have the “look and feel” of Bank of America Web Sites. All Web Site hosting services Supplier provides, shall conform to the “Web Content Accessibility Guidelines,” of the Worldwide Web Consortium available at. http://www.w3.org/TR/WCAG20/. Supplier shall comply with “Conformance Level Double-A,” which provides for satisfaction of Priority 1 and 2 Checkpoints, as defined in such guidelines. Supplier shall, at its expense, promptly revise or modify Service Site pages or components developed, or Service Site hosting services provided, by Supplier to bring them into compliance with such guidelines as reasonably determined by Bank of America.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
4
|
SCHEDULE A-1
Service Specifications – Aggregation Services
4. SDK Service Offering
(a) License Grant. During the Schedule Term, Supplier hereby grants to Bank of America a nonexclusive, nontransferable, limited right and license to use the SDK solely as necessary to develop and integrate (or have developed and integrated for it) the Applications for use on the Bank of America Site by Registered Users which, through use of the SDK, allow Registered Users to add accounts and retrieve information on those accounts. Such Applications shall be distributed by Bank of America directly to such Registered Users. Notwithstanding any other provision, Bank of America shall not distribute, re-distribute, white label, co-brand, and/or sub-brand the Application and/or Integrated Services to any third party that provides financial services, financial advice, or financial products or to any other entity or association. Bank of America shall not use the SDK for any other purpose, including but not limited to (1) payments or money transfers of any type, (2) consumer personal finance applications where the end user is not an individual consumer, (3) electronic funds transfers, (4) bill payment applications, (5) account opening or identity verification/authentication applications, (6) enterprise single sign-on applications, or (7) market research applications.
(b) Applications. Bank of America shall be solely responsible for (i) providing, operating and maintaining the Applications and hosting the Applications for the Bank of America Site, and (ii) serving, operating and maintaining the Integrated Service, the Integrated Service Pages and the Bank of America Site.
(c) Use of Registered User Data. Bank of America shall use the Registered User data related to Held Away Accounts solely on Bank of America Site(s) for the Application in the Integrated Service and shall not display the Registered User data related to Held Away Accounts on any other web site. Furthermore, Bank of America shall not repackage, redistribute, divert, license, rent, or resell Registered User data related to Held Away Accounts to or for the benefit of any third party.
5. Required Documentation
The Hosted Service shall also include the following:
(a) Terms and Conditions between Registered Users and Bank of America. During the term of this Agreement, Bank of America may promulgate terms and conditions for the use of the Hosted Service by its Registered Users. The terms and conditions in effect as of October 1, 2011 are set forth on Attachment 1 hereto. Bank of America may change such terms and conditions from time to time.
(b) DURING THE SCHEDULE TERM, SUPPLIER WILL MAINTAIN, AND WILL PROMPTLY PROVIDE TO BANK OF AMERICA, UPON ITS REQUEST THE FOLLOWING DOCUMENTATION.
Operational Documentation:
|•
|Change Management policy and procedures
|•
|Network Diagrams
|•
|Business Continuity Plan
|•
|Disaster Recovery Plan
Supplier can make the documents below available during any site visit by Bank of America. As per Supplier’s standard security practice, certain documentation is limited to on-site reviews.
|•
|Operations Run Book
|•
|Network/Systems Mapping list (VIPs, etc.)
|•
|Backup and Restore Procedures
|•
|O/S Secure Build documentation
|•
|Capacity models
|•
|Supplier data base inventory and management
|•
|Oracle Backup procedures
|•
|SLA Reporting – Systems Administrator Guide
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
5
|
SCHEDULE A-1
Service Specifications – Aggregation Services
|•
|SLA Reporting – Systems Operator Guide
|•
|Supplier Monitoring Systems Design document
|•
|Root Cause Analysis policy and procedure
|•
|Keynote and Segue Monitoring systems and guides
|•
|Batch processing tracking and reporting
|•
|Centrify Systems Administrators Guide
|•
|Security Documentation
|•
|Security Policy Summary
Product Documentation:
|•
|Supplier PersonalFinance Product Description
|•
|SAML Implementation Guide
|•
|Alerts Implementation Guide
|•
|Cobrand Deployment Kit (CBDK)
In the event of a conflict between any of the above Documentation and the Agreement and/or this Schedule, the Agreement and this Schedule shall govern.
6. Development and Configuration of Integrated Service and Hosted Service
(a) Development Environment. Bank of America shall have access to a development environment beginning on the Delivery Date, to build and test the Applications and the Integrated Services (the “Development Period”). The Development Environment shall consist of a test SDK Service and a database with sufficient storage capacity sufficient to store 3,000 accounts. Bank of America shall be solely responsible for providing its own user accounts for testing purposes.
(b) Production Environment. Upon Bank of America’s request (but no later than the end of the Development Period, unless otherwise mutually agreed), Bank of America’s SDK will be transferred to a production environment in order for Bank of America to commercially launch the Applications and the Integrated Services. Bank of America will have access to the production environment for the remainder of the Term.
7. Data Sources Service
(a) Data Sources. Bank of America shall determine which Data Sources shall be available for users to access via the Hosted Service and Integrated Service. Such selection shall be made from the master Data Source list supplied by Supplier from time to time. At a minimum, at the time of the Cut-Over Data, Data Sources shall be available from each of the Data Source Providers listed in Section 7(d) below.
(b) Bank of America Data Source Recommendations. Bank of America shall have the right to recommend Data Sources to Supplier for inclusion in the Services that are not then made available by Supplier for inclusion in the Services, Upon receiving any such recommendation, Supplier will use reasonable efforts to establish an agreement with the appropriate Data Source Provider for the inclusion of the recommended Data Source, provided that Supplier shall not be required to include such Data Source or pay or agree to pay any royalty or other compensation to the Data Source Provider. Upon Supplier’s request, Bank of America shall provide contact information for a Data Source Provider to Supplier for the purpose of establishing a relationship with such appropriate Data Source Provider for any recommended Data Source.
(c) Data Source Referrals. For any Data Source Provider that expresses to Bank of America an interest in participating in one or more of the Services, Bank of America shall make commercially reasonable efforts to: (i) refer such Data Source Provider to Supplier, and (ii) provide to Supplier the name and any contact information of such Data Source Provider in Bank of America’s possession.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
6
|
|
SCHEDULE A-1
Service Specifications – Aggregation Services
(d) Removal. Notwithstanding any provision in this Agreement to the contrary, Supplier shall be entitled to remove any Data Source from the Service upon notice to Bank of America if: (a) Supplier determines that retrieval of content or data from such Data Source violates any law, rule, regulation or court order, or (b) Supplier receives notice or demand from the Data Source Provider responsible for such Data Source that threatens legal action based on retrieval of content or data from a Data Source. In the case where Supplier removes any Data Source as a result of (a) or (b) above, Supplier shall give Bank of America as much advance notice of such removal as possible. In all other cases, Supplier shall notify Bank of America of Supplier’s intent to remove such Data Source at least 30 days prior to removal of such Data Source from the Service. In addition to, and not in limitation of any other termination right in the Agreement, Bank of America reserves the right to terminate this Schedule (without any further obligation to Supplier under this Schedule or Schedule B-1), should [****] or more of the following financial institutions (or their successors) cease being a Data Source Provider (the “Data Source Termination Event”): [****]. Bank of America may exercise such termination right within 90 days following the date on which such Data Source Termination Event occurs. In the event Bank of America terminates this Schedule as a result of the occurrence of a Data Source Termination Event, [****].
8. Reports
Each month, Supplier will provide to Bank of America access to the following high-level statistics concerning usage of the Hosted and Integrated Services:
|•
|Registered Users – added, cumulative, average
|•
|Active Registered Users – total, active rate, average accounts owned per user
|•
|Integrated Registered Users (added at least one account) – total, integration rate
|•
|FinApps available, FinApps purchased, Total amount
9. Beta
Supplier will set up a Beta instance of the Service Pages for PFM 10.x. The Beta website will be accessible from the Service Pages as a place to showcase new feature / functionality, but will not be used by Registered Users as part of their use of the Hosted Service. The Beta website will be maintained and operated by Supplier in consultation with the Bank of America. However, the Beta website is not subject to standard SLAs defined elsewhere in the contract. Bank of America will control the access of the beta site for their end users. For avoidance of doubt, the Cut-Over Date will not be deemed to have occurred until PFM 10.x is operating in full production for the Registered Users of the Bank of America. Consumer/Small Business Division on a non-Beta site.
10. Registration Process
(a) Collection and Maintenance of Registered User Account Access Information. Supplier shall be solely responsible for collecting and maintaining account access information provided by Registered Users for their Data Source accounts (e.g., login names, passwords, etc.)
(b) Registration. Bank of America shall be solely responsible for operating and maintaining the user registration process for customers of the Contracting Divisions using the Hosted Services. Notwithstanding Bank of America’s operation and maintenance of an independent user registration process for a Bank of America service, Supplier shall maintain all registration information for Registered Users of the Hosted Service during the Schedule Term. The Registration Process will be set up in accordance with the CBDK. All registrations are subject to successful processing by Supplier, which shall be based on, to the extent possible, confirming the accuracy and adequacy of the registration information submitted by the registrant. Supplier specifically reserves the right to reject any registration; provided that
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
7
|
SCHEDULE A-1
Service Specifications – Aggregation Services
such rejection is based on a determination by Supplier, in its reasonable discretion, that (a) acceptance of such a registration would result in a breach of a law, rule or regulation, (b) such registration originated from a user known or reasonably suspected to participate in hacking or to misuse Supplier’s other services, or (c) such rejection is based on any other reason agreed to by Bank of America.
11. Other Terms
(a) Registered User Data. Bank of America shall own, and Bank of America’s privacy policy and information security policy shall govern, the use of all Registered User information, Customer Information, Consumer Information and registration data (collectively, “Protected Information”). For avoidance of doubt, with respect its handling and processing of the Protected Information and its performance of the Hosted Services, Supplier shall at all times comply with the “Confidentiality and Information Protection” section of the Agreement and SCHEDULE D of the Agreement.
|(b)
|Customizations. The following aspects of the Hosted Service and Integrated Service are not customizable:
|•
|The financial account categories used for classifying financial data in the Hosted Service (e.g., bank, investment, credit cards)
|•
|The Data Sources made available by Supplier for inclusion in the Hosted and Integrated Services.
|•
|The names of the categories and Data Sources.
|•
|The information retrieved from each Data Source.
(c) Content Distribution Network. Static content in Yodlee’s hosted application and FinApps are served using CDN (Content Distribution Network). Images, text, Flex files and style sheets are some examples of content which are served through geographically distributed CDN servers. No personally identifiable information is served through CDN. In order to facilitate this, Bank of America hereby authorizes Yodlee and the CDN provider to pull a certificate on behalf of the Company.
12. Branding of Certain Content
In connection with Supplier’s provision of the following data to Bank of America, the parties agree to the following additional terms concerning the following data and functionality:
(a) Zillow Terms. In connection with Supplier’s provision of the Zillow.com data to the Contracted Divisions and their customers, the parties agree:
(i) The Zillow.com data and Zillow service are provided AS IS. Supplier is not responsible for the accuracy or reliability of any data from Zillow.com, or for any interruptions in the availability of the Zillow.com service, whether the result of actions by Zillow or any third party.
(ii) Zillow data will not be used for any purpose other than for the individual use by Registered Users as part of the Hosted or SDK Service.
13. Functional Specifications. The functional specifications associated with PFM 10.x are set forth in the documents below (all of which have been provided to Bank of America on or prior to October 1, 2011). In the event of a conflict between the documents listed below and this Agreement (including this SCHEDULE), the Agreement (and/or this SCHEDULE) shall control.
Yodlee PersonalFinance Product Description v.10.x
SAML Implementation Guide v. 10.x Alerts Implementation Guide v. 10.x
Cobrand Deployment Kit (CBDK) v. 10.x
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
8
|
SCHEDULE A-1
Service Specifications – Aggregation Services
14. Storage Capacity. Supplier shall provide and is responsible for maintaining sufficient storage capacity to the server or servers on which PFM 9 and/or PFM 10 is loaded. Supplier’s application servers and other servers only store application code and system and application logs – Registered User data is not stored on servers. Supplier uses a large storage array that currently has approximately 6 terabytes of usable storage space. This storage array is where Registered User data is stored. Supplier’s capacity management function will monitor and track the utilization of this space (both at a data base table level and physical space level) and increase capacity as needed. Supplier shall ensure that it maintains sufficient capacity in its Registered User data to ensure the operation of the Hosted Services in conformance with this Schedule and the SCHEDULE C-1 to the Agreement, including sufficient free space on the storage array.
15. Batch Operations. Supplier provides a daily batch file containing user specific data on held away accounts for Loans/Investment/Banking containers. This data is used by Bank of America for cross sell marketing purposes.
16. Guaranteed Bandwidth. [Initial guaranteed bandwidth for Supplier is set below (ex: 512kbps) with bursting above see below (ex: 512kbps) allowed. If bandwidth requirements are consistently above see below (ex: 512kbps), Supplier shall provide an upgrade. Supplier hosts its production services from a Tier 1 network provider (Savvis Communications). Supplier’s Internet access is a 100 MB connection. So, user and batch traffic runs over this bandwidth availability and Supplier monitors it on a daily, weekly, and monthly basis. This bandwidth supports all Supplier clients and currently peaks at approximately 65 MB. If the total bandwidth utilization is consistently above 80%, Supplier will provision more bandwidth. For dedicated circuits, Supplier-Bank of America dedicated circuits, Supplier will monitor these and inform Bank of America when additional bandwidth is required (Bank of America is owner of records for dedicated circuits). For dedicated circuits, if Bandwidth utilization is above 60%, Supplier will begin the process of upgrades with Bank of America.
17. Tape Back Up and Recovery. Notwithstanding the provisions of Section 3 of SCHEDULE F-1 to the Agreement, daily full backups and no incremental backups will be performed. Each week, a complete set of backups will be taken from the hosting facility and stored off site. Supplier will respond to requests for restoration of site content from backup tapes within [****] at primary site and [****] at a Disaster Recovery site.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
9
|
SCHEDULE A-1
Service Specifications – Aggregation Services
ATTACHMENT 1:
TERMS OF USE
Description of My Portfolio
My Portfolio is a personal information management service that allows you to better manage your information by consolidating it in one place. My Portfolio uses proprietary technology to allow you to retrieve, view, and maintain information you have available at various web sites you designate, but all within one convenient service. All of the accounts linked to your Access ID through Online Banking from Bank of America are automatically added to My Portfolio.
You may add information about accounts accessible at other web sites that you maintain at other institutions, including Merrill Lynch, Pierce, Fenner & Smith Incorporated. When you use My Portfolio to access a third party web site you designate, you agree to the following: 1) You authorized Bank of America and its providers to access the third party web sites and accounts you designate to retrieve account information on your behalf, and you appoint us as your agent for this limited purpose. In addition, you hereby grant Bank of America and its providers as your true and lawful attorney-in-fact, with full power of substitution and resubstitution, for you and in your name, place and stead, in any and all capacities, to access third party web sites, retrieve account information, and use your
information, for the purpose of accessing your accounts and operating My Portfolio, with full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. 2) You represent that you are a legal owner of the accounts at third party web sites which you include in My Portfolio and that you have the authority to (i) designate us as your agent, (ii) use My Portfolio and (iii) give us your passwords, usernames, and all other information you provide. 3) YOU AGREE AND ACKNOWLEDGE THAT WHEN WE ACCESS AND RETRIEVE INFORMATION FROM THE THIRD PARTY WEB SITE, WE ACT AS YOUR AGENTS, AND NOT THE AGENTS OR ON BEHALF OF THE THIRD PARTY. 4) My Portfolio does not have the capability to initiate transactions affecting your financial accounts or provide notices or instructions affecting such financial accounts. When you access a third party web site through My Portfolio, you open a new browser window to directly connect you to the third party web site and submit information you have designated to allow further access to that site. Transactions and inquiries you initiate at such a site are not made through My Portfolio, and we have no responsibility for such transactions. You are responsible for all fees charged by the third party in connection with such transactions and accounts, and you agree to comply with the terms and conditions of those accounts. If you have a dispute or question about any transaction on such site, you agree to direct these to the account provider. 5) Third party web sites shall be entitle to rely on the above authorizations, agency and power of attorney granted by you. 6) My Portfolio is not sponsored or endorsed by any providers of the third party accounts you access through My Portfolio, except for affiliates of Bank of America. 7) Balances shown on My Portfolio reflect the most recent refresh and may not be accurate if a refresh was not successfully completed or the information obtained during the refresh from the third party is otherwise not accurate or current. Data and information is provided for informational purposes only, and is not intended for trading or transactional purposes. You agree that we are not liable for any errors or delays in the content, or for any actions taken in reliance thereon. The services which you may be able to access through My Portfolio are services of the listed institutions. My Portfolio provides links to selected institutions for your convenience only. We do not endorse or recommend the services of any institution. The third party institution you select is solely responsible for its services to you. We are not liable for any damages or costs of any type arising out of or in any way connected with your use of the services of
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
10
|
SCHEDULE A-1
Service Specifications – Aggregation Services
the institution. 8) You may also add information into My Portfolio for accounts not available at other web sites or which are not linked to My Portfolio. In such case, you are solely responsible for the accuracy of such information.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
11
|
SCHEDULE A-2
Service Specifications – MFP Services
SCHEDULE A-2
MFP SERVICES / DELIVERABLES
Supplier shall continue providing the My Financial Picture Services described herein to Bank of America.
Capitalized terms used herein and not otherwise defined herein or in the Agreement shall have the meanings set forth below:
Application – means a software application that receives, uses, displays and manipulates Registered User data supplied via the SDK Service for the exclusive use of Bank of America, its Affiliates and the Registered Users. The applications are created through the use of the SDK service.
Active User – A Registered User is considered “Active” for billing purposes with respect to any calendar month if the Registered User has logged into the Hosted Service, or received an alert or whose Held or Held Away Account was refreshed due to a batch feed update or with respect to whom an SDK request was made, in the previous [****]. For avoidance of doubt, as of the date the parties have entered into this SCHEDULE, Bank of America has not agreed to use the “alert” or “batch feed update” functionality or services, and such functionality or services shall not be implemented until such time as Bank of America has consented in writing to their implementation and use.
Co-Brand Deployment Kit or CBDK – means the generally available version, as of December 14, 2011, of the “Co-Brand Deployment Kit”, which shall be provided to Bank of America in the form of a document for completion by Bank of America. Such completed file shall be used in connection for establishment of the Services, as delivered by Supplier to Bank of America.
Data Source – a single data source from which Yodlee can dynamically extract information to be displayed in the Services. A single data source is a collection of data at one location or web site.
Data Source Provider – a company or other entity that provides, maintains, operates or is otherwise responsible for any Data Source.
Implementation Date – the date that Supplier commences to host the generally available version of the PFM service (“Upgraded PFM”) for the benefit ML of the and their Registered Users. The parties shall mutually agree as to the Implementation Date.
Held Account – means a Registered User’s Bank of America personal deposit or credit card account that is linked to the Hosted Service or SDK Service or any account a Registered User has with Bank of America’s Affiliates.
Held Away Account – means a Registered User’s account with a financial institution or other third party other than Bank of America that is linked to the Hosted Service or SDK Service.
Hosted Service – means the hosting, maintenance, support and provision of Upgraded PFM (, for the use and benefit of Bank of America and the Registered Users in accordance with the terms of this Schedule.
Integrated Service – means the service provided through the integration of the SDK Service and the Application pursuant to this Schedule.
Integrated Service Pages – means all pages on which the Integrated Service is displayed or made available for use by Registered Users.
Merrill Lynch Site – means Merrill Lynch site on the World Wide Web located at Uniform Resource Locators (“URL”) or such other site as Bank of America may determine from time to time.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
12
|
SCHEDULE A-2
Service Specifications – MFP Services
Registered User – any customer who registers, or is registered by Bank of America, to use the Hosted Services and/or Integrated Services.
SDK means the version of the Supplier platform software development kit for Supplier’s PersonalFinance product that is generally available as of the Implementation Date.
SDK Service means the service provided by Supplier to supply Registered User data to Applications developed with the SDK.
Service Pages means all pages on which the Hosted Service is displayed or made available for use by Registered Users.
Upgrade – means a new version of a software application which adds or replaces functional capabilities from those capabilities existing in the previous version of such software application.
Upgraded PFM – means the version that is Upgraded from Supplier’s PFM 9 online personal, financial management application.
|1
|List of Applications (Owned by Supplier): The following is a list of the applications that will be hosted by Supplier and a brief description of each application.
|A.
|Hosted Services Offering.
(a) PFM 9. As of the date hereof, Supplier continues to host PFM 9.x. During the term of this Schedule until termination of the PFM 9.x services (the “PFM 9 Service Period”), Supplier shall continue to host, make available, maintain, operate and support PFM 9 for the benefit of ML and their customers in accordance with the service levels set forth in Schedule C-2 of the Agreement. Supplier shall ensure that during the PFM 9 Service Period, the PFM 9 Hosted Service shall include, at a minimum, the following key features (“PFM 9 Key Features”):
|•
|Account Details
|•
|Transaction Register for single account and across multiple accounts
|•
|Unlimited transaction history
|•
|Running Balance
|•
|Projected Balance
|•
|Transaction Search
|•
|Account and Transaction memo
|•
|Transaction Categorization
|•
|Transaction Classification
|•
|Budgeting Tools
|•
|Easy to create and maintain online budget
|•
|Weekly and Monthly Status Report
|•
|Category threshold alerts
|•
|Budget vs. Actual report
|•
|PFM Reports
|•
|Expense Analysis
|•
|Spending Analysis
|•
|Transactional Reporting
|•
|Credit Card Utilization Report
|•
|Net Worth Summary Statement
|•
|Account Summary
|•
|Dashboard
|•
|Rewards Manager
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
13
|
SCHEDULE A-2
Service Specifications – MFP Services
|•
|Portfolio Manager
|•
|Rich Data for up and cross sell
|•
|Fully Customizable user interface
|•
|Bill Reminder
(b) Upgraded PFM. The Upgraded PFM shall include the following key features as core Yodlee FinApps (“Upgraded PFM Key Features”):
|•
|Account Management
|•
|Ability to view, manage, set up alerts, share, view charts for all account data
|•
|Transaction Management
|•
|Ability to view transactions with category, modify, recategorize, manage categories, split etc.
|•
|Budgeting
|•
|Ability to budget for fixed and discretionary expenses, budget for categories, set up budget alerts, view charts
|•
|Spending Reports
|•
|Ability to view category wise spent data over a time period
|•
|Net Worth
|•
|Ability to view net worth and view net worth change charts
|•
|Portfolio Manager
|•
|Ability to track investment accounts and holdings
|•
|Bill Reminder
|•
|Ability to add a bill and set up reminders on bill due, new bill etc.
|•
|Save for a Goal
|•
|Ability for a Registered User to create a goal and track progress
From and after the Implementation Date and through the end of the Schedule Term, Supplier shall host, make available, maintain, operate and support the Upgraded PFM for the benefit of ML and its customers in accordance with the service levels set forth in Schedule C-2 of the Agreement. Except as set forth in the Agreement, this Schedule any other Schedules thereto, Supplier shall make available the standard version of the Upgraded PFM that Supplier generally makes available to its commercial and consumer customers.
(c) Notwithstanding anything herein to the contrary, (i) Supplier shall not deploy, make available or provide links to any paid FinApps or a FinApp Store, or any similar service offerings, as part of the Hosted Service without the advance written approval of Bank of America; (ii) Supplier shall not materially modify the functionality of the Hosted Services used by Bank of America or its Registered Users, or eliminate a feature of the Hosted Services used by Bank of America or its Registered Users, without the advance written approval of Bank of America; (iii) Bank of America may use the Supplier provided CBDK to modify and configure the Hosted Service; and (iv) the Hosted Service shall have the look and feel of a Bank of America web site and Bank of America shall have the right to approve the look and feel of the Hosted Service and the use of any Bank of America brands, logos and marks used in connection with the Hosted Service.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
14
|
SCHEDULE A-2
Service Specifications – MFP Services
(d) The Service Pages for the Hosted Service will be served on a single URL as determined by Bank of America in its sole discretion.
(e) Service Pages will be constructed with Supplier core FinApps as described above in Upgraded PFM Key Features. Supplier FinApps can reside inside the Hosted service pages hosted by Supplier or within the online banking pages hosted by the Bank of America. Unless otherwise agreed to by Bank of America in writing, all FinApps available as part of the Hosted Service shall be owned by Supplier and shall be made available without charge to Registered Users. Such FinApps shall be hosted by Yodlee. The Hosted Service and the FinApps shall not contain any computer instructions, software code, or other technological means whose purpose is to disrupt, damage or interfere with the computers and systems of Bank of America or Registered Users.
(f) The Service Pages will be hosted solely by Supplier and all Supplier Technology shall be exclusively hosted, maintained and operated by Supplier. Bank of America shall maintain, operate, serve and otherwise be responsible for the Bank of America Site.
(g) Bank of America shall not repackage, redistribute, divert, license, rent, or resell Registered User relating to Held Away Accounts to or for the benefit of any third party (other than to Registered Users to whom the data relates).
(h) With respect to the Upgraded PFM, all Service Site pages or components Supplier develops or hosts that will be branded with the Bank of America name or logo, shall have the “look and feel” of Bank of America Web Sites. All Web Site hosting services Supplier provides, shall conform to the “Web Content Accessibility Guidelines,” of the Worldwide Web Consortium available at. http://www.w3.org/TR/WCAG20/. Supplier shall comply with “Conformance Level Double-A,” which provides for satisfaction of Priority 1 and 2 Checkpoints, as defined in such guidelines. Supplier shall, at its expense, promptly revise or modify Service Site pages or components developed, or Service Site hosting services provided, by Supplier to bring them into compliance with such guidelines as reasonably determined by Bank of America.
|B.
|SDK Service Offering.
(a) During the term, Supplier hereby grants to Bank of America a nonexclusive, nontransferable, limited right and license to use the SDK solely as necessary to develop and integrate (or have developed and integrated for it) the Applications for use on the Bank of America Site by Registered Users which, through the use of the SDK, allow Registered Users to add accounts and retrieve information on those accounts. Notwithstanding any other provision, Bank of America shall not distribute, re-distribute, white label, co-brand, and or sub-brand an Application and/or Integrated Services to any entity that provides financial services, financial advice, or financial products or to any other entity or association. Bank of America shall not use the SDK for any other purpose, including but not limited to (1) payments or money transfers of any type, (2) consumer personal finance applications where the end user is not an individual consumer, (3) electronic funds transfers, (4) bill payment applications, (5) account opening or identity verification/authentication applications, (6) enterprise single sign-on applications, or (7) market research applications.
(b) Bank of America shall be solely responsible for (i) providing, operating and maintaining the Applications and hosting the Applications for the Merrill Lynch site, and (ii) serving, operating and maintaining the Integrated Service, the Integrated Service web pages and the Merrill Lynch Site.
(c) Use of Registered User Data. Bank of America shall use the Registered User data related to Held Away Accounts solely on Bank of America Site(s) for the Application in the Integrated Service and shall not display the Registered User data on any other web site. Furthermore, Bank of America shall not repackage, redistribute, divert, license, rent, or resell Registered User data related to the Held Away Accounts to or for the benefit of any third party.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
15
|
SCHEDULE A-2
Service Specifications – MFP Services
|2.
|Functional Specifications. The following is a list of functional specifications for hosting the applications.
Yodlee PersonalFinance Product Description
Yodlee Mobile Product Description
SAML Implementation Guide
Alerts implementation Guide
Installation Guide
Operational Guide
Application Configuration and Deployment Guide
Cobrand Deployment Kit (CBDK)
|3.
|Documentation: (ex. technical and operating manuals, database schematics, brochures or help systems).
The latest version of Product, Operational and Security Documentation can be made available to Bank of America upon reasonable demand. This documentation can include:
Operational Documentation:
|•
|Operations Run Book
|•
|Change Management policy and procedures
|•
|Network/Systems Mapping list (VIPs, etc.)
|•
|Backup and Restore Procedures
|•
|Network Diagrams
|•
|O/S Secure Build documentation
|•
|Capacity models
|•
|Business Continuity Plan
|•
|Disaster Recovery Plan
|•
|Yodlee data base inventory and management
|•
|Oracle Backup procedures
|•
|SLA Reporting – Systems Administrator Guide
|•
|SLA Reporting – Systems Operator Guide
|•
|Yodlee Monitoring Systems Design document
|•
|Root Cause Analysis policy and procedure
|•
|Keynote and Segue Monitoring systems and guides
|•
|Batch processing tracking and reporting
|•
|Centrify Systems Administrators Guide
Security Documentation
|•
|Security Policy Summary
Product Documentation:
|•
|Yodlee PersonalFinance Product Description
|•
|Yodlee Mobile Product Description
|•
|SAML Implementation Guide
|•
|Alerts Implementation Guide
|•
|Installation Guide
|•
|Operational Guide
|•
|Application Configuration and Deployment Guide
|•
|Cobrand Deployment Kit (CBDK)
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
16
|
SCHEDULE A-2
Service Specifications – MFP Services
|4.
|Agreement Change Control Procedure:
Bank of America and Supplier may request a change to this SCHEDULE [A-2], using a Project Change Authorization form, using a format acceptable to both parties. Any change to the responsibilities defined in this SCHEDULE [A-2] may affect the charges and estimated schedule or other terms. Depending on the scope of the change, Supplier may charge Bank of America for Supplier’s efforts required to analyze the change. Supplier shall provide Bank of America will an estimate of the charges, and will perform the analysis only upon written authorization from Bank of America.
Change requests require a response from the receiving party within thirty (30) days, unless a longer period of time is agreed to by the parties during the thirty (30) day period.
This SCHEDULE [A-2] shall be amended, within thirty (30) days of approval by both parties of the change request, by issuing an Amendment to the Agreement reflecting all the changed requirements and related adjustments in professional and other fees, estimated schedule and other terms. Supplier shall document any approved changes in a Project Change Authorization form.
|5.
|Other Provisions:
|a.
|Bank of America Data Source Recommendations. Bank of America shall have the right to recommend Data Sources to Yodlee for inclusion in the Services that are not then made available by Yodlee for inclusion in the Services. Upon receiving any such recommendation, Yodlee will use reasonable efforts to establish an agreement with the appropriate Data Source Provider for the inclusion of the recommended Data Source, provided that Yodlee shall not be required to include such Data Source or pay or agree to pay any royalty or other compensation to the Data Source Provider. Upon Yodlee’s request, Bank of America shall provide contact information for a Data Source Provider to Yodlee for the purpose of establishing a relationship with such appropriate Data Source Provider for any recommended Data Source.
|b.
|Data Source Referrals. For any Data Source Provider that expresses to Bank of America an interest in participating in one or more of the Services, Bank of America shall make best efforts to: (a) refer such Data Source Provider to Yodlee, and (b) provide to Yodlee the name and any contact information of such Data Source Provider in Bank of America’s possession.
|c.
|Removal. Notwithstanding any provision in this Agreement to the contrary, Yodlee shall be entitled to remove any Data Source from the Service upon notice to Bank of America if: (a) Yodlee determines that retrieval of content or data from such Data Source violates any law, rule, regulation or court order, or (b) Yodlee receives notice or demand from the Data Source Provider responsible for such Data Source that threatens legal action based on retrieval of content or data from a Data Source. In the case where Yodlee removes any Data Source as a result of (a) or (b) above or as the result of any unfavorable court decision relating to aggregation, Yodlee shall give Bank of America as much advance notice of such removal as possible. In all other cases, Yodlee shall notify Bank of America of Yodlee’s intent to remove such Data Source at least 30 days prior to removal of such Data Source from the Service. Bank of America reserves the right to terminate this agreement should Yodlee remove [****]% of the following financial institutions (or their successors) based on either (a) or (b) above: [****]. Bank of America may exercise such termination right only by delivering at least 30 days advance written notice during the 30 day period beginning on the date Yodlee notifies Bank of America of the removal of the first data source in excess of [****]%.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
17
|
SCHEDULE A-2
Service Specifications – MFP Services
|d.
|Registration. Bank of America shall be solely responsible for operating and maintaining the user registration process for the Services. Notwithstanding Bank of America’s operation and maintenance of an independent user registration process for a Bank of America service, Yodlee shall maintain all PIN Vault information for Registered Users of the Service during the Term of the Agreement. The Registration Process will be set up in accordance with the CBDK. All registrations are subject to successful processing by Yodlee, which shall be based on, to the extent possible, confirming the accuracy and adequacy of the registration information submitted by the registrant. Yodlee specifically reserves the right to reject any registration; provided that such rejection is based on a determination by Yodlee, in its reasonable discretion, that (a) acceptance of such a registration would result in a breach of a law, rule or regulation, (b) such registration originated from a user known or reasonably suspected to participate in hacking or to misuse Yodlee’s other services, or (c) such rejection is based on any other reason agreed to by Bank of America.
|e.
|Service Username and Password. New Registered Users of the Service will select a valid Service username and password. All Service usernames must be unique.
|f.
|Registered User Data. Bank of America shall own, and Bank of America’s privacy policy shall govern, the use of all Registered User Information, and Consumer Information (collectively, “Protected Information”). Yodlee shall only use Protected Information in accordance with the provisions of Section 15 and 26.3, and the Information Security requirements set forth in Schedule D, of the GSA.
|g
|Active User. A Registered User is considered “Active” if the Registered User has logged into Hosted Service, or received an alert or a budget summary report in the past [****].
|6.
|FinApps:
|A.
|FinApps
FinApps are functionalities which can be developed by Yodlee or Bank of America.
|7.
|Development and Configuration of Integrated Service and Hosted Service
(a) Development Environment. Bank of America shall have access to a development environment beginning on the Delivery Date, to build and test the Applications and the Integrated Services (the “Development Period”). The Development Environment shall consist of a test SDK Service and a database with sufficient storage capacity sufficient to store 3,000 accounts. Bank of America shall be solely responsible for providing its own user accounts for testing purposes.
(b) Production Environment. Upon Bank of America’s request (but no later than the end of the Development Period, unless otherwise mutually agreed), Bank of America’s SDK will be transferred to a production environment in order for Bank of America to commercially launch the Applications and the Integrated Services. Bank of America will have access to the production environment for the remainder of the Term.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
18
|
|
SCHEDULE A-2
Service Specifications – MFP Services
|8.
|Reports
Each month, Supplier will provide to Bank of America access to the following high-level statistics concerning usage of the Hosted and Integrated Services:
|•
|Registered Users – added, cumulative, average
|•
|Active Registered Users – total, active rate, average accounts owned per user
|•
|Integrated Registered Users (added at least one account) – total, integration rate
|•
|FinApps available, FinApps purchased, Total amount
|9.
|Beta
Supplier will set up a Beta instance of the Service Pages for the Upgraded PFM. The Beta website will be accessible from the Service Pages as a place to showcase new feature / functionality, but will not be used by Registered Users as part of their use of the Hosted Service. The Beta website will be maintained and operated by Supplier in consultation with Bank of America. However, the Beta website is not subject to standard SLAs defined elsewhere in the contract. Bank of America will control the access of the beta site for their end users. For avoidance of doubt, the Implementation Date will not be deemed to have occurred until the Hosted Service is operating in full production for the Registered Users of the Bank of America Consumer/Small Business Division on a non-Beta site.
|10.
|Other Terms
(i) Registered User Data. Bank of America shall own, and Bank of America’s privacy policy and information security policy shall govern, the use of all Registered User information, Customer Information, Consumer Information and registration data (collectively, “Protected Information”). For avoidance of doubt, with respect its handling and processing of the Protected Information and its performance of the Hosted Services, Supplier shall at all times comply with the “Confidentiality and Information Protection” section of the Agreement and SCHEDULE D of the Agreement.
(j) Customizations. The following aspects of the Hosted Service and Integrated Service are not customizable:
|•
|The financial account categories used for classifying financial data in the Hosted Service (e.g., , bank, investment, credit cards)
|•
|The Data Sources made available by Supplier for inclusion in the Hosted and Integrated Services.
|•
|The names of the categories and Data Sources.
|•
|The information retrieved from each Data Source.
(k) Content Distribution Network. Static content in Yodlee’s hosted application and FinApps are served using CDN (Content Distribution Network). Images, text, Flex files and style sheets are some examples of content which are served through geographically distributed CDN servers. No personally identifiable information is served through CDN. In order to facilitate this, Bank of America hereby authorizes Yodlee and the CDN provider to pull a certificate on behalf of the Company.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
19
|
SCHEDULE A-2
Service Specifications – MFP Services
|11.
|Branding of Certain Content.
In connection with Supplier’s provision of the following data to Bank of America, the parties agree to the following additional terms concerning the following data and functionality:
(a) Zillow Terms. In connection with Supplier’s provision of the Zillow.com data to the Contracted Divisions and their customers, the parties agree:
i. The Zillow.com data and Zillow service are provided AS IS. Supplier is not responsible for the accuracy or reliability of any data from Zillow.com, or for any interruptions in the availability of the Zillow.com service, whether the result of actions by Zillow or any third party.
ii. Zillow data will not be used for any purpose other than for the individual use by Registered Users as part of the Hosted or SDK Service.
|12.
|Functional Specifications. The functional specifications associated with the Upgraded PFM are set forth in the documents below (all of which have been provided to Bank of America on or prior to December 14, 2011). In the event of a conflict between the documents listed below and this Agreement (including this SCHEDULE), the Agreement (and/or this SCHEDULE) shall control.
|Yodlee PersonalFinance Product Description for Upgraded PFM
|SAML Implementation Guide for Upgraded PFM
|Alerts Implementation Guide for Upgraded PFM
|Cobrand Deployment Kit (CBDK) for Upgraded PFM
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
20
|
SCHEDULE A-2
Service Specifications – MFP Services
EXHIBIT 1 TO SCHEDULE A-2
MINIMUM END USER TERMS AND CONDITIONS Customer End User Agreements. Bank of America shall prepare and enter into an agreement with each end user customer, which governs the relationship between Bank of America and the customer for the Service and contains terms substantially similar to those set forth below. Bank of America is solely responsible for the content and effectiveness of the Customer End User Agreement. Bank of America will not make any representations or warranties about Yodlee or the Service that Yodlee has not first approved in writing.
|1.
|Acceptance of Terms and Conditions.
When you click on the “I Accept” button, you agree to these Terms and Conditions. If you do not agree to all of these Terms and Conditions, click on the “I Decline” button. If you do not accept these Terms and Conditions, you will not be able to use the Service. These Terms and Conditions supplement your Merrill Lynch account agreement(s) that you entered into when you established your Merrill Lynch account(s), as well as the Merrill Lynch website Terms and Conditions, Merrill Lynch Direct Terms of Service, or Benefits OnLine Terms and Conditions, as applicable.
These Terms and Conditions may be amended or supplemented from time to time upon notice, delivered by regular mail, by e-mail or by a persistent alert on your Merrill Lynch website. If you continue to use the Service thereafter, your continued use constitutes your acceptance of the changes and an agreement to be bound by this agreement, as amended. If you do not agree to the changes, you agree to discontinue your use of the Service. You can review the most current version of these Terms and Conditions at any time at the Agreements and Disclosures section of your Merrill Lynch website.
|2.
|The Service.
A. The My Financial Picture service allows users to consolidate and manage their financial and rewards information accessible on the Internet. Merrill Lynch and its service providers make this Service available by means of its proprietary technology which enables users to view and maintain information stored at various websites. The Service is currently offered to Merrill Lynch clients without additional charge.
B. Service Limitations. As an Internet-based service that employs relatively new technology, it is not possible to anticipate technical or other difficulties in providing the Service. These difficulties may result in loss of data, personalization settings or other service interruptions. For this reason, you agree that the Service is provided “AS-IS”, without warranties of any kind. Merrill Lynch does not assume responsibility for the timeliness, deletion, misdelivery or failure to store any user data, communications or personalization settings.
C. Service Changes and Discontinuation. Merrill Lynch reserves the right to change or discontinue, temporarily or permanently, the Service at any time without notice. You agree that Merrill Lynch will not be liable to you or any third party for any modification or discontinuance of the Service.
D. Cancellation. You may cancel your enrollment in the Service at any time by sending a request to cancel by email to mfpsapport@ml.com. Upon receipt of your request, your account will be cancelled and all your My Financial Picture information will be deleted. (Please note that extended periods of inactivity may also result in your enrollment being canceled.)
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
21
|
SCHEDULE A-2
Service Specifications – MFP Services
|3.
|Your Obligations.
For the benefit and security of our users as well as Merrill Lynch, there are a few mandatory guidelines that we require that you abide by when using the Service. Any conduct that violates these guidelines is grounds for termination of your enrollment. For this reason, we ask that you carefully read and follow them.
A. Provide Accurate Information. You agree to provide true, accurate, current and complete information about yourself and your accounts maintained at other websites, as requested in the enrollment and account setup pages and you agree to not misrepresent your identity or your account information. You agree to keep your enrollment and account information up to date and accurate.
B. Guard Your User ID and Password. You will choose a My Financial Picture User ID and password when enrolling. You are responsible for maintaining the confidentiality of your ID and password. You are fully responsible for all activities that occur using your ID and password. Notify Merrill Lynch immediately of any unauthorized use of your ID and password or any other breach of security. Merrill Lynch will not be liable for any loss that you may incur as a result of someone else using your ID and password as a result of your intentional or unintentional conduct, including negligence by you. You agree not to use anyone else’s ID and password at any time.
C. Obey the Law. You agree not to use the Service for illegal purposes or for the transmission of material that is unlawful, harassing, libelous (untrue and damaging to others), invasive of another’s privacy, abusive, threatening, or obscene, or that infringes the rights of others.
D. Restrictions on Commercial Use or Resale. Your right to use the Service is personal to you; therefore, you agree not to resell or make any commercial use of the Service.
E. Proprietary Rights. You are only permitted to use the content delivered to you through the Service only on the Service website. You may not copy, reproduce, distribute, or create derivative works from this content. Further, you agree not to reverse engineer or reverse compile any of the Service technology, including but not limited to, any Java applets associated with the Service.
|4.
|Rights You Grant to Merrill Lynch.
A. Content You Provide. Subject to Merrill Lynch’s Privacy Notice, which is displayed on the website, you are licensing to Merrill Lynch any information, data, passwords, materials or other content (collectively, “Content”) you provide through or to Merrill Lynch or the Service. Merrill Lynch and its service providers may use, modify, display, distribute and create new material using such Content but only to provide the Services to you. By submitting Content, you agree that the owner of such Content has expressly agreed that, without any particular time limit, and without the payment of any fees, Merrill Lynch and its service providers may use the Content for the purposes set out above. You agree that Merrill Lynch may use aggregated Customer Data that does not identify you individually for their own business purposes.
B. Usernames and Password Privacy. Neither Merrill Lynch nor its service providers’ employees have access to your third party site usernames and passwords. Furthermore, no Merrill Lynch or service provider employee can view or retrieve your My Financial Picture User ID or password. Should you forget your password, you will need to re-enroll as a new user, unless you have enabled the automated password reset feature. The automated password reset feature prompts you with a series of questions, which when answered correctly, prompts the Service to email your password to your email address.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
22
|
SCHEDULE A-2
Service Specifications – MFP Services
|5.
|Third Party Accounts.
A. Third Party Accounts. By using the Service, you authorize the Service (through Merrill Lynch and its service providers) to access third party sites designated by you, on your behalf, to retrieve information requested by you. You hereby authorize and permit Merrill Lynch and its service providers to use information submitted by you to the Service (such as user names and account passwords) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For all purposes hereof, you hereby grant Merrill Lynch and its service providers a limited power of attorney, and you hereby appoint Merrill Lynch and its service providers as your true and lawful attorneys-in-fact and agents, with full power of substitution and resubstitution, for you and in your name, place and stead, in any and all capacities, to access third party sites, retrieve information, and use your information, all as described above, with the full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN THE SERVICE IS ACCESSING AND RETRIEVING INFORMATION FROM THIRD PARTY SITES, WE ARE ACTING AS YOUR AGENTS, AND NOT THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You agree that such third party account providers shall be entitled to rely on the foregoing authorization, agency and power-of-attorney granted by you.
Except for certain relationships, you understand that Merrill Lynch has any relationship to or affiliation or connection with any third party sites available for use with the Service. The Service is not endorsed or sponsored by any such third party sites. You agree that Merrill Lynch neither assumes any responsibility nor incurs any liability with respect to the acts, omissions or determinations of any such third party sites.
You acknowledge and agree that Merrill Lynch may not maintain the same level of security against unauthorized access to your My Financial Picture information as the third party sites from which you authorize the Service to retrieve information on your behalf.
|6.
|Other Important Legal Matters.
A. DISCLAIMER OF WARRANTIES.
YOU EXPRESSLY UNDERSTAND AND AGREE THAT:
YOUR USE OF THE SERVICE AND ALL INFORMATION, PRODUCTS AND OTHER CONTENT (INCLUDING THAT OF THIRD PARTIES) INCLUDED IN OR ACCESSIBLE FROM THE SERVICE IS AT YOUR RISK. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. MERRILL LYNCH EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND AS TO THE SERVICE AND ALL INFORMATION, PRODUCTS AND OTHER CONTENT (INCLUDING THAT OF THIRD PARTIES) INCLUDED IN OR ACCESSIBLE FROM THE SERVICE, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
MERRILL LYNCH DOES NOT MAKE ANY WARRANTY THAT (i) THE SERVICE WILL MEET YOUR REQUIREMENTS, (ii) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY YOU THROUGH THE SERVICE WILL MEET YOUR EXPECTATIONS, AND (V) ANY ERRORS IN THE TECHNOLOGY WILL BE CORRECTED.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
23
|
SCHEDULE A-2
Service Specifications – MFP Services
ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICE IS DONE AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM MERRILL LYNCH OR THROUGH OR FROM THE SERVICE WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THESE TERMS AND CONDITIONS.
Some jurisdictions do not allow the exclusion of certain warranties. Accordingly, some of the above limitations may not apply to you.
TO THE EXTENT THAT ANY PART OF THIS SECTION IS NOT CONSISTENT WITH ANY OTHER PART OF THESE TERMS, THEN THIS SECTION WILL CONTROL.
B. Third Party Products and Services. You should be cautious when browsing the Internet and to use good judgment and discretion when making purchases, obtaining information, or transmitting information. From this site, users may visit or be directed to sites containing information or material that may be offensive or inappropriate to some people. Merrill Lynch does not make any effort to review the content of these sites, nor is Merrill Lynch responsible for the validity, legality, copyright compliance, or decency of the content contained in these sites. In addition, Merrill Lynch does not endorse or control the content of any other user and is not responsible or liable for any content, even though it could be unlawful, harassing, libelous, privacy invading, abusive, threatening, harmful, vulgar, obscene or otherwise objectionable, or that it infringes or may infringe upon the intellectual property or other rights of another. You acknowledge that Merrill Lynch does not pre-screen content, but that Merrill Lynch and its designees will have the right (but not the obligation) in their sole discretion to refuse, edit, move or remove any content that is available via the Service.
C. LIMITATION OF LIABILITY. YOU AGREE THAT NEITHER MERRILL LYNCH NOR ANY OF ITS RESPECTIVE AFFILIATES, DIRECTORS, OFFICERS, EMPLOYEES, OR ACCOUNT PROVIDERS OR ANY OF THEIR AFFILIATES WILL BE LIABLE FOR ANY HARMS, WHICH LAWYERS AND COURTS OFTEN CALL DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES, EVEN IF MERRILL LYNCH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM: (i) THE USE OR THE INABILITY TO USE THE SERVICE; (ii) THE COST OF GETTING SUBSTITUTE GOODS AND SERVICES RESULTING FROM ANY PRODUCTS, DATA, INFORMATION OR SERVICES PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO, THROUGH OR FROM THE SERVICE; (iii) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (iv) STATEMENTS OR CONDUCT OF ANYONE ON THE SERVICE; (v) THE USE, INABILITY TO USE, UNAUTHORIZED USE, PERFORMANCE OR NON-PERFORMANCE OF ANY THIRD PARTY ACCOUNT PROVIDER SITE, EVEN IF THE PROVIDER HAS BEEN ADVISED PREVIOUSLY OF THE POSSIBILITY OF SUCH DAMAGES; OR (vi) ANY OTHER MATTER RELATING TO THE SERVICE.
Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages. Accordingly, some of the above limitations may not apply to you.
D. Indemnification. You agree to protect and fully compensate Merrill Lynch and its respective affiliates, directors, officers, employees, agents and service providers from any and all third party claims, liability, damages, expenses and costs (including, but not limited to, reasonable attorneys fees) caused by or arising from your use of the Service, your violation of these Terms and Conditions or your infringement, or infringement by any other user of your account, of any intellectual property or other right of anyone.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
24
|
SCHEDULE A-2
Service Specifications – MFP Services
E. Other. This agreement cannot be changed or any of the parties’ rights waived unless the parties agree in writing (which may be electronic) or you continue using the Service following receipt of notice of any changes sent to you by Merrill Lynch. This agreement is personal to you and you may not assign it to anyone. All notices to you shall be in writing (which may be electronic) and shall be made either via e-mail, conventional mail or a persistent website alert, at Merrill Lynch’s discretion. Merrill Lynch may broadcast notices or messages through the Service to inform you of changes to the Terms and Conditions, the Service, or other matters of importance; such broadcasts shall constitute notice to you. All notices to Merrill Lynch must be made in writing to the customer service address on your Merrill Lynch statement. If any provision of these Terms and Conditions is held to be unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties with the other provisions remaining in full force and effect. The laws of the State of New York govern the interpretation and performance of this agreement.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
25
|
SCHEDULE A-3
Service Specifications – IAV Services
SCHEDULE A-3
IAV SERVICES
Supplier shall provide the IAV SDK and the SDK Service described herein.
Capitalized terms used herein and not otherwise defined herein or in the GSA shall have the meanings set forth below:
“Account Verification” is the process of either (a) retrieving the specified customer account information from a single financial institution Data Source and presenting such account information to Bank of America for Bank of America’s use in verifying financial accounts or otherwise authenticating customers, or (b) providing a corresponding error code to Bank of America due to invalid credentials or account and routing numbers from customer for a single financial institution account. An Account Verification may be used only one (1) time, only at the specific time requested and solely for the single, specific purpose requested.
“Account Verification Request” means a single Account Verification attempt (a) where a customer provides valid credentials or (b) where a customer provides invalid credentials.
“Application” means a software application specifically that receives, uses, displays and manipulates Customer Data supplied via the SDK Service and is solely developed by or for Bank of Americaand owned by Bank of America.
“Company Site” means Bank of America sites on the World Wide Web
“Customer Data” means a customer’s account information, account access information and registration information, as provided by customers and/or retrieved by Yodlee from a Data Source and/or provided by Bank of America. Customer Data is deemed Customer Information as such term is defined in the GSA.
“Data Service” means the return of related account information to Company without determination of the validity or verification of the data returned.
“Delivery Date” means the date the SDK Service is enabled in accordance with its specifications in its stage environment.
“Integrated Service” means the service provided through the integration of the SDK Service and the Application pursuant to this schedule.
“Integrated Service Pages” means all pages on which the Integrated Service is displayed or made available for use by Bank of America Customers.
“Launch Date” means the date on which Bank of America makes the Integrated Service generally available on a commercial basis.
“SDK” means the Yodlee platform software development kit for the currently available Instant Account Verification product version.
“SDK Service” means the service provided by Yodlee to supply customer account information to be used solely with Applications on the Company Site developed with the SDK.
“Territory” means the United States.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
26
|
SCHEDULE A-3
Service Specifications – IAV Services
|1.
|SDK Service Offering
License Grant. Notwithstanding anything else in the Agreement to the contrary, the terms of this Section 1 contain all terms of the license grant from Yodlee to Bank of America related to the IAV SDK and IAV SDK Services. During the Term, Yodlee hereby grants to Bank of America a nonexclusive, nontransferable, limited right and license to use the SDK solely as necessary to develop and integrate (or have developed and integrated for it) the following Applications for use by Bank of America customers on the Company Site by Bank of America customers that have accounts domiciled in the Territory. If Users access the Integrated Service from locations outside the Territory, Bank of America shall be solely responsible for providing access to those users whose point of access is located outside of the Territory and agrees to indemnify Yodlee in connection therewith. Bank of America shall not market or distribute the Application or Integrated Service outside of the Territory. Bank of America will use the SDK Service to confirm ownership of external financial accounts (e.g. bank accounts) via the following method:
|•
|Instant Account Verification – Data Service. Bank of America will request customers to provide online account credentials to external financial institution web sites housing consumers’ checking and savings accounts, and in turn, will pass the credentials to Yodlee (via the SDK). Using the customer’s account credentials, Yodlee will verify the customer credentials with the Data Source. If invalid, Yodlee will provide a corresponding error code to Bank of America. If valid, Yodlee will continue with the process of gathering account information account type, account number, account holder name field and current balance (available or ledger, whichever the web site presents) from Data Source and return to Bank of America (processed according to the SDK Specifications). Bank of America will then determine account ownership.
|•
|Instant Account Verification – Matching Service. Bank of America will request customer to provide online account credentials, account type, routing and transit number, and account number to external financial accounts in addition to system user name and user surname passed on via SDK. Using customer’s account credentials, Yodlee will attempt to verify customer’s credentials and account information with the Data Source. If invalid, or if Yodlee encounters a website or UAR error, Yodlee will provide a corresponding error message to the customer. Matching is based on a set of rules that are selected for configuration by Bank of America. Based on the matching rules, the user entered information and the information from the data source will be matched and a confirmation of successful verification will be provided.
Yodlee shall not be required to perform Instant Account Verifications on Data Sources not supported by Yodlee for that purpose. Notwithstanding any other provision, use of the SDK Service is expressly limited to obtaining Instant Account Verification – Data Service data elements. Neither Bank of America nor ML shall use the SDK for any other purpose, including but not limited to: (1) consumer personal finance applications, (2) electronic funds transfers, (3) bill payment or presentment applications, (4) enterprise single sign-on applications, (5) market research applications, or (6) email or news information services. Notwithstanding this section, Bank of America may use the data elements entered into or provided by the SDK Services in any manner it chooses.
Applications. Bank of America shall be solely responsible for (i) providing, operating and maintaining the Applications and hosting the Applications for the Company Site, and (ii) serving, operating and maintaining the Integrated Service, hosting the Integrated Service Pages, and hosting, operating, and maintaining the Required Documentation listed below, and the Company Site.
Use of Customer Data. Bank of America shall not use the information returned from Yodlee in connection with the account verification request to make creditworthiness determinations Bank of America shall not repackage, redistribute, divert, license, rent, or resell Customer Data or the result of any Account Verification to or for the benefit of any third party.
Development Environment. Bank of America shall have access to a development environment beginning on the Delivery Date, to build and test the Applications and the Integrated Services (the “Development Period”). The development environment shall consist of a test SDK service and a database with storage capacity sufficient to store 3,000 accounts. Bank of America shall be solely responsible for providing its own user accounts for testing purposes. Bank of America will have access to the development environment for the remainder of the term.
Production Environment. Upon Bank of America’s request (but no later than the end of the Development Period, unless otherwise mutually agreed), Bank of America’s SDK will be transferred to a production environment in order for Bank of America to commercially launch the Applications and the Integrated Services. Bank of America will have access to the production environment for the remainder of the term.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
27
|
SCHEDULE A-3
Service Specifications – IAV Services
|2.
|Required Documentation
The Integrated Service shall also include the following:
|•
|Terms and Conditions between customers and Bank of America (containing terms for the benefit of Yodlee similar to Exhibit 1)
|3.
|Development and Customization of Integrated Service
Data Sources. Bank of America shall determine which Data Sources shall be available for users to access via the Integrated Service. Such selection shall be made from the master Data Source list supplied by Yodlee from time to time. Yodlee may enable or disable data sources depending upon their reasonable availability.
Customizations. The following aspects of the Integrated Service are not customizable:
|•
|The categories and Data Sources made available by Yodlee for inclusion in the Integrated Service and the classification of Data Sources in those categories.
|•
|The names of the categories and Data Sources.
|•
|The information retrieved from each Data Source.
|4.
|Data and Reports
Each month, Yodlee will provide to Bank of America access to the number of Account Verification attempts, including successful and unsuccessful attempts
|5.
|Management of Accounts
Yodlee will not provide ongoing management of accounts or users for Bank of America. Bank of America will maintain the outcome of the verification attempt. Yodlee will maintain encrypted consumer credentials for use in automated trouble resolution.
Routing Numbers. Bank of America and Supplier shall discuss the ability for Bank of America to periodically communicate to Yodlee those routing numbers supplied by Customers that are unsuccessfully matched against Yodlee’s routing number mapping table.
|6.
|Agreement Change Control Procedure:
Bank of America and Supplier may request a change to this SCHEDULE A-3, using a project change authorization form, using a format acceptable to both parties. Any change to the responsibilities defined in this SCHEDULE A-3 may affect the charges and estimated schedule or other terms. Depending on the scope of the change, Supplier may charge Bank of America for Supplier’s efforts required to analyze the change. Supplier shall provide Bank of America with an estimate of the charges, and will perform the analysis only upon written authorization from Bank of America.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
28
|
SCHEDULE A-3
Service Specifications – IAV Services
|
EXHIBIT 1 TO SCHEDULE A-3
MINIMUM END USER TERMS AND CONDITIONS
Customer End User Agreements. Bank of America shall prepare and enter into an agreement with each end user customer, which governs the relationship between Bank of America and the customer for the Service and contains terms substantially similar to those set forth below. Bank of America is solely responsible for the content and effectiveness of the Customer End User Agreement.
The Account Verification Service is intended to verify your authority and access to external financial accounts by confirming your ability to access to the external financial account. Your use of the Account Verification Service is subject to the terms and conditions of this Account Verification User Agreement and [Company]’s User Agreement incorporated herein by reference. Proceeding with using this service constitutes your assent to and acceptance of this Agreement.
PROVIDE ACCURATE INFORMATION. You agree to provide true, accurate, current and complete information about yourself and your accounts maintained at other financial institutions and you agree to not misrepresent your identity or your account information.
INSTANT ACCOUNT VERIFICATION SERVICE. By using the Instant Verification Service, you authorize [Company] and its supplier [Yodlee, Inc. (“Yodlee”) or “Service Provider”] to access third party sites designated by you, on your behalf, to retrieve information requested by you. For all purposes hereof, you hereby grant [Company] and Yodlee a limited power of attorney, and you hereby appoint [Company] and Yodlee as your true and. lawful attorney-in-fact and agent, with full power of substitution and re-substitution, for you and in your name, place and stead, in any and all capacities, to access third party internet sites, servers or documents, retrieve information, and use your information, all as described above, with the full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN [COMPANY] OR YODLEE ACCESSES AND RETRIEVES INFORMATION FROM THIRD PARTY SITES, [COMPANY] AND YODLEE ARE ACTING AS YOUR AGENT, AND NOT THE AGENT OR ON BEHALF OF THE THIRD PARTY. You agree that third party account providers shall be entitled to rely on the foregoing authorization, agency and power of attorney granted by you. You understand and agree that the Instant Verification Service is not endorsed or sponsored by any third party account providers accessible through the Instant Verification Service. You are licensing to Company and Yodlee any information, data, passwords, materials or other content (collectively, “Content”) you provide through or to the Instant Verification Service. Company and Yodlee may use, modify, display, distribute and create new material using such Content to provide the Instant Verification Service to you. By submitting Content, you automatically agree, or promise that the owner of such Content has expressly agreed that, without any particular time limit, and without the payment of any fees, Company and Yodlee may use the Content for the purposes set out above. As between Company and Yodlee, Company owns your confidential account information,
USE OF RESULTS LIMITED. You agree that the results of the Account Verification Service are for use by you and Company and its service providers only in connection with the [Company] Service, on [Company]’s website. You agree not to reverse engineer or reverse compile any of the service technology, including but not limited to, any Java applets associated with the Instant Account Service.
LIMITATION OF LIABILITY. YOU AGREE THAT NEITHER [COMPANY] NOR YODLEE NOR ANY OF THEIR AFFILIATES, ACCOUNT PROVIDERS OR ANY OF THEIR AFFILIATES WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES, EVEN IF [COMPANY] OR YODLEE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, RESULTING FROM THE USE OR THE INABILITY TO USE THE INSTANT VERIFICATION SERVICE OR ANY OTHER MATTER RELATING TO THE INSTANT VERIFICATION SERVICE, INCLUDING BUT NOT LIMITED TO (i) THE COST OF GETTING SUBSTITUTE GOODS AND SERVICES, (ii) ANY PRODUCTS, DATA, INFORMATION OR SERVICES
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
29
|
SCHEDULE A-3
Service Specifications – IAV Services
PURCHASED OR OBTAINED OR MESSAGES RECEIVED OR TRANSACTIONS ENTERED INTO, THROUGH OR FROM THE INSTANT VERIFICATION SERVICE; (iii) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (iv) STATEMENTS OR CONDUCT OF ANYONE ON THE INSTANT VERIFICATION SERVICE; OR (v) THE USE, INABILITY TO USE, UNAUTHORIZED USE, PERFORMANCE OR NON-PERFORMANCE OF ANY THIRD PARTY ACCOUNT PROVIDER SITE, EVEN IF THE PROVIDER HAS BEEN ADVISED PREVIOUSLY OF THE POSSIBILITY OF SUCH DAMAGES.
INDEMNIFICATION. You agree to indemnify and hold harmless [Company] and Yodlee and their affiliates from any and all third party claims, liability, damages, expenses and costs (including, but not limited to, reasonable attorneys fees) caused by or arising from your use of the Instant Verification Service or your violation of these terms.
You agree that Yodlee is a third party beneficiary of the above provisions, with all rights to enforce such provisions as if Yodlee were a party to this Agreement.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
30
|
SCHEDULE A-4
Service Specifications – Data Extract Services
SCHEDULE A-4
DATA EXTRACT SERVICES
Data Extracts. Bank of America is hereby granted an internal-use only license to the Yodlee Data Extracts during the Term.
|A.
|DataExtracts Reports Content
Data Extracts consist of reports for the following general categories of data:
|•
|Customer registration data
|•
|Customer aggregation data
|•
|Bank account data
|•
|Bank transaction data
|•
|Card account data
|•
|Card statement data
|•
|Card transaction data
|•
|Investment account data
|•
|Investment transaction data
|•
|Investment holding data
|•
|Loan Account data
|•
|Loan Statement data
|•
|Loan Transaction data
|•
|Insurance account data
|•
|Insurance statement data
|•
|Insurance transaction data
|•
|Insurance mutual fund data
|•
|Insurance Annuity data
|•
|Currency Exchange Rate
|•
|Rewards Program Data
|•
|Rewards Balance Data
Details concerning the data provided in the above categories can be found in the Yodlee DataExtracts Product Description document, provided separately.
|B.
|DataExtracts Reports Procedures
Transaction data files can be configured to be delivered daily, weekly or monthly as needed by Bank of America. Account summary files can be configured to be delivered monthly.
DataExtracts files will be encrypted with a PGP key (RSA type) provided by Bank of America and placed on the reports server in a designated folder. Data will be transported using sFTP from Yodlee report server to Bank of America.
Yodlee will provide files by 5AM EST on the day of file delivery. Investment data will be as of 10 p.m. EST the previous night. All other data will be as of 10 am EST the previous day.
If the DataExtracts file is, late, or incomplete, Yodlee will inform Bank of America as soon as the problem is identified and this shall be considered a Priority 1 incident as outlined in Schedule C-1, Section E. DataExtracts are supported in the “txt” file format.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
31
|
SCHEDULE B-1
Service Fees – Aggregation Services
SCHEDULE B-1
1. Aggregation/PFM Subscription Fee. Bank of America shall pay to Supplier a non-refundable annual subscription fee of [****] for use of the financial aggregation services rendered under SCHEDULE A-1 for Bank of America’s Consumer and Small Business division (or any successor division thereof), which shall be paid on January 1, 2012 and each anniversary thereof during the Schedule Term (“Subscription Fee”). [****].
2. Monthly Active User Fees. Beginning on October 1, 2011, Bank of America shall pay a monthly fee for each Active User under SCHEDULE A-1 and A-2 (“Monthly Active User Fees”). Supplier shall calculate the Monthly Active User Fees at the end of each calendar month based on the table below, and Supplier shall invoice Bank of America for such Monthly Active User Fees within thirty (30) days following the end of each calendar month. Bank of America shall pay such Monthly Active User Fees within thirty (30) days after its receipt of Supplier’s invoice for such Monthly Active User Fees.
|
Number of Active Users [****]
|Monthly Per Active User Fee Per Month
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
32
|
SCHEDULE B-1
Service Fees – Aggregation Services
3. The above variable fees apply to all Active Users for the month. By way of example only, in the event of [****].
The fees are based on an average of up to one refresh per active Account per day. Through use of the SDK, if the actual number of refreshes exceeds an average of one refresh per active Account per day, Supplier reserves the right to collect an additional reasonable refresh fee per each additional refresh in excess of the average. Prior to collecting any additional refresh charges, Supplier will provide written notice to Bank of America of the amount and method of calculation, of the proposed refresh charges, along with sufficient detail for Bank of America to understand the reasons for the proposed charges, and Bank of America will thereafter have a thirty (30) day period to make any adjustments necessary to avoid such additional refresh charges. For avoidance of doubt, Supplier shall only be permitted to charge any excess refresh charges if Bank of America is unable to make the adjustments necessary to avoid such charges.
The Parties will work in good faith to agree upon and implement, prior to launch, a batch feed process that reduces the likelihood of the potential refresh issue in the preceding paragraph.
4. Data Resource Fee – Per Schedule C-1, Section C, Subsection 1c, Bank of America shall pay to Supplier a non-refundable annual Data Resource Fee of [****] for data resources, which shall be paid on [****] and each anniversary thereof during the Schedule Term (“Data Resource Fee”) unless Bank of America provides Supplier with written notice of nonrenewal at least [****] prior to such anniversary date. Any service level commitments in Schedule C-1 that are dependent upon the data resources covered by the Data Resource Fee shall terminate upon such nonrenewal by Bank of America.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
33
|
SCHEDULE B-2
Service Fees – MFP Services
SCHEDULE B-2
MFP SERVICE FEES
AGGREGATION/PFM FOR MY FINANCIAL. PICTURE
1. License Fee. Bank of America shall pay to Supplier a non-refundable annual license fee (“License Fee”) of [****].
2. Maintenance and Support Fee. Bank of America shall pay to Supplier a non-refundable annual maintenance fee (“Maintenance and Support Fee”) of [****].
Bank of America shall owe the Maintenance and Support Fee on each anniversary of January 1, 2011.
3. Monthly Active User Fees. Beginning on July 1, 2010, Bank of America shall pay a monthly fee for each Active User for Bank of America under Schedule A-2 attached to the GSA. Supplier shall calculate the foregoing Per Active User Fees at the end of each calendar month, and Supplier shall invoice Bank of America for such Per Active User Fees within thirty (30) days following the end of each calendar month. Bank of America shall pay such Per Active User Fees within thirty (30) days after its receipt of Supplier’s invoice for such Per Registered User Fees.
A.
|
Number of Active Users [****]
|Monthly Per Active User Fee Per
Month
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
34
|
SCHEDULE B-2
Service Fees – MFP Services
The above variable fees apply to all Active Users for the month. By way of example only, in the event of [****].
The Service fees are based on [****].
4. As outlined in Section 6.5, the parties acknowledge that the fees payable pursuant to Sections 1 through 3 of this Schedule B-2 shall apply to the Minimum Quarterly Payments, as defined in Section 6.5, in the quarter in which they are paid.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
35
|
SCHEDULE B-3
Service Fees – IAV Services
SCHEDULE B-3
IAV SERVICE FEES
|1.
|License Fee. Bank of America shall pay to Supplier a non-refundable license fee (“License Fee”) of [****]. The License Fee will be invoiced on December 20, 2013 and each anniversary of such date thereafter.
|2.
|Account Verification Fees
Beginning on December 20, 2013, Bank of America shall pay Supplier an Account Verification fee for each Instant Account Verification (“IAV”) Request based on the Account Verification Fee schedule below (the “Account Verification Fees”):
|
ACCOUNT VERIFICATION FEES
|
Total number of IAV requests per month
|Per IAV Request Fee
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
|
[****]
|[****
|]
The above variable fees apply to all IAV requests in a month. By way of example only, in the event of [****].
Supplier shall calculate the foregoing Account Verification Fees at the end of each calendar month and invoice Bank of America for such fees within thirty (30) days following the end of such month. Bank of America shall pay such Account Verification Fees within thirty (30) days after its receipt of Supplier’s invoice.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
36
|
SCHEDULE B-4
Service Fees – DATA EXTRACT Services
SCHEDULE B-4
DATA EXTRACT SERVICE FEES
|4.
|Data Extract Fees.
(a) Subscription & Data Extract Maintenance Fee. Bank of America shall pay to Supplier a non-refundable annual subscription fee (“Subscription Fee”) of [****]. This subscription fee provides for up to [****] Active Users per month on July 15, 2013 and on each anniversary of such date thereafter. If the number of Active Users nears [****], Parties will discuss additional fees.
(b) Optimized File Processing Fee. Bank of America shall also pay Supplier a monthly fee of [****] per Registered User with Held Away Accounts for the Optimized File Processing.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
37
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
SCHEDULE C-1
YODLEE PLATFORM SUPPORT LEVELS AND PROCEDURES (SLA)
Yodlee shall provide Company access to Yodlee technical support personnel to assist Company with the resolution of problems with the Yodlee Services described on the Product Schedule(s). A sufficient number of trained, qualified personnel shall be designated by Yodlee to respond to telephone and web inquiries by Company in accordance with the provisions and response times as set forth in this SLA. Company will escalate problems to Yodlee after having provided the first level of support (Tier 1 support) to Company’s End-Users. Additional product-specific SLA terms (if applicable) are attached to the relevant Product Schedule(s) and are incorporated herein by reference.
|A.
|DEFINITIONS
|1.
|“Action Plan” means the plan of the Support Engineer on how to resolve a Service Request once it is accepted into the engineers work log. An action plan will consist of a Problem Statement, steps to resolve, and estimated time to resolution.
|2.
|“Agent” or “Data Agent” means the site-specific code that traverses a Data Source’s web pages or makes a direct, electronic connection to a Data Source to obtain data.
|3.
|“Agent Errors” means [****].
|4.
|“Business Day” means 7am Pacific Time (“PT”) to 7 pm PT Monday through Friday, excluding Yodlee Holidays,
|4A.
|“Company” means Bank of America, N.A.
|5.
|“Data” means Customer Data retrieved by Yodlee from a Data Source.
|6.
|“Data Quality Event” means an event where the Data is not complete or correct, as specified in Section C herein, provided that Data Quality Events shall not include Data issues due to reasons beyond Yodlee’s control, such as UAR Errors and Site Errors.
|7.
|“Defect” means a software defect, acknowledged by Yodlee with a bug tracking number and associated with a Service Request, that prevents the Service from operating as described in the documentation or causes the Service to operate in a manner materially different than described in the documentation.
|8.
|“Emergency Maintenance” means critical system changes that cannot wait for Scheduled Maintenance. These changes could destabilize the system if not addressed expeditiously.
|9.
|“Held Away Account” means an account at an institution other than Bank of America.
|10.
|“Hotfix” means one specific Defect fix for a given case (usually relates to a P1 Service Request).
|11.
|“Major Release” means a major upgrade to the product containing new features along with product defect fixes. (Version number X.x.x)
|12.
|“Minor Release” means a scheduled update to a Major Release that includes some new features. (Version number x.X.x)
|13.
|“Maintenance Release” means a scheduled update to a Minor Release to correct and consolidate defects. (Version number x.x.X)
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
38
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
|14.
|“Priority” means the Table C priority level assigned to each individual Service Request.
|15.
|“Problem Definition” means the phase where the problem is identified and a problem statement is prepared and presented to Company.
|16.
|“Problem Statement” means a concise statement defining the problem.
|17.
|“Scheduled Maintenance” means system/software/Service maintenance that are scheduled to fix non critical errors and implement system/software/Service changes. These are primarily scheduled during weekend off hours.
|18.
|“Site Errors” means the types of failures that relate to Data Source errors, due to a maintenance window, network, datafeed or system outage, or other internal failure at the Data Source. These are not regarded as product or service “defects”, and are therefore not subject to the SLA commitments defined herein. Site-related failures are measured daily and are measured reported as an aggregate percentage. A current list of Site Error codes (which Yodlee may update periodically) will be provided.
|19.
|“Service Request” means a problem that is reported by Company. A unique ID number identifies each Service Request.
|20.
|“Technical Support Initial Response Time” means the period that starts when Company or member of Technical Support Staff opens a Service Request (as defined by the assignment of a unique Service Request ID number).
|21.
|“UAR Error” or User Action Required Error” means the types of failures that result from a dependency on an End-User. This may be the result of inaccurate information provided by the End-User or the need for an End-User to perform some action on the Data Source before the Data Agent can be successfully executed. These are not regarded as product or service “defects”, and are therefore not subject to the SLA commitments defined herein. A current list of UAR Error codes (which Yodlee may update periodically) will be provided.
|22.
|“Update” means the periodic update given to Company on the status of the Service Request that will include: a statement of the problem, what has been done to this point to resolve the problem, what the next steps are toward reaching resolution and estimated time to resolution.
|23.
|“Uptime” means the total time the Service is available during a particular period. The total time reflects time taken to resolve all P1 problems.
|24.
|“Yodlee CustomerCare” means Yodlee’s online system for reporting, escalating, and resolving customer issues, Company’s usage of which is limited solely to the following modules and features absent a separate Yodlee CustomerCare Product Schedule and Company’s payment of additional Yodlee CustomerCare fees: Administration Module, Customer Management Module (Including Customer Profile Data), and GroupPolicyManager.
|B.
|OPERATIONS METRICS
Yodlee will expend commercially reasonable efforts to meet and/or exceed the following operational performance metrics:
|1.
|[****] system uptime per month if test accounts (Yodlee credentials utilized to monitor the service) are provided by Company (Scheduled or Emergency Maintenance excluded).
|2.
|[****]% system uptime per month if no test accounts (for the Service) provided by Company (Scheduled of Emergency Maintenance excluded).
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
39
|
SCHEDULE C-1
Performance Measurement – Aggregation Services
|3.
|Scheduled Maintenance/Downtime
|a.
|Yodlee shall provide Company with at least [****] calendar days’ notice of any Scheduled Maintenance.
|b.
|Scheduled Maintenance shall not exceed [****] downtime in a particular instance and [****] in aggregate in any given month unless pre-approved by BAC.
|c.
|Standard Scheduled maintenance windows are Saturdays from 10:00 pm to 2:00 am PT (1:00 am-5:0D am ET)
|d.
|On occasion, Emergency Maintenance may be required. Emergency Maintenance may include, but is not limited to security related issues and/or technical problems that could impact the availability of the Service. In such cases, Yodlee will notify Company prior to downtime as time permits.
|4.
|Outage Reports
|a.
|Yodlee will provide a Root Cause Analysis (RCA) report (SLA Exhibit II) within [****] of closure of P1 incidents.
|5.
|Credits – If for any reason Yodlee does not meet [****]% Service uptime, the following applies:
|a.
|For the first month that Service uptime is below [****]%, Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company wall a written corrective action plan
|b.
|if Service uptime falls below [****]% for a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company with a written corrective action plan
|•
|Apply a credit of [****]% against monthly invoice for usage Fees for the [****] month that Service uptime is below [****]%
|c.
|If Service uptime falls below [****]% for any [****], Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company with a written corrective action plan
|•
|Apply a credit of [****]% against monthly invoice for usage fees for the [****] month that Service uptime is below [****]%
|d.
|If Service uptime for any [****] falls below [****]%, Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company with a written corrective action plan
|•
|Apply a credit of [****]% against monthly invoice for usage fees for the failed month
|e.
|If Service uptime with respect to the Services in any SCHEDULE to this Agreement falls below [****]% for any [****] (the “Uptime Default Trigger”):
|•
|Yodlee shall apply a credit of [****]% against monthly invoices for usage fees for the [****] failed month, or
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
40
|
SCHEDULE C-1
Performance Measurement – Aggregation Services
|•
|Company shall have the right to terminate that SCHEDULE (and only that SCHEDULE) on written notice to Yodlee within thirty (30) days after the occurrence of that Uptime Default Trigger (the “Trigger Period”). If Company does not terminate the applicable SCHEDULE as a result of such Uptime Default Trigger within the applicable Trigger Period, it shall not thereafter have the right to terminate such SCHEDULE as a result of that Uptime Default Trigger, but Company shall still have the right to terminate an impacted SCHEDULE upon the occurrence of any future Uptime Default Triggers.
|C.
|DATA QUALITY METRICS
Yodlee will meet the following coverage, reliability, and population data quality service levels when collecting and storing data.
|1.
|Data Source Coverage
Yodlee will support the Data Sources that (a) are part of Yodlee’s master list of Data Sources or (b) are made available to Company pursuant to sub-section 2 below,
Yodlee’s obligation to meet the aforementioned requirements is subject to the following:
|•
|Yodlee will expend all commercially reasonable efforts to obtain Data Source Test Accounts to add and adequately test Data Sources. Unavailability of Data Source Test Accounts that directly results in Yodlee’s inability to support a Data Source shall not be construed as a violation of the Data Quality Metric described in this Section.
|•
|Unavailability of a Data Source to Yodlee’s Data Agent due to any of the following reasons shall not be construed as a violation of the Data Quality Metric described in this Section.
|•
|The non-existence of an electronic interface containing Data.
|•
|A Data Source electronically blocking access that prevents a Data Agent from gaining access to Data. However, if such Data Source had previously provided access, then Yodlee shall use commercially reasonable efforts to restore access to such Data Source.
|•
|Legal action by or agreement with the Data Source that prevents Yodlee from legally gaining access to Data via supported methods.
|•
|User authentication methods employed by the Data Source that result in incompatibility with the Data Agent and Yodlee’s Data collection infrastructure
|2.
|New Data Sources; Dedicated Data Team.
Subject to Company’s payment of a separately contracted Dedicated Data Team resource fee, the Dedicated Data Team members will make New Data Sources available to Company based on prioritization established by Company, provided that such New Data Sources are not to be accessed via direct datafeed. New Data Sources to be accessed via direct datafeeds will require Professional Services SOWs and a datafeed agreement with each such New Data Source.
The Dedicated Data Team will be responsible for adding and maintaining new Data Sources that Company has requested , or any other Data-related tasks as communicated in writing by Company. The priority of those new Data Sources will be assigned by the Company.
On a monthly basis, the Dedicated Data Team will report to the Company the status of their Data Source additions or other requested Data-related services provided by the Dedicated Data Team, including, but not limited to Data Sources that they added, Data Sources that are waiting to be added, technical or administrative problems with their addition of a Data Source or other requested task, and the resolution of any such previously report past problems.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
41
|
SCHEDULE C-1
Performance Measurement – Aggregation Services
|3.
|Data Quality Completeness And Correctness
Yodlee will provide a Data monitoring infrastructure designed to assess Data quality within the following two areas:
|(1)
|Completeness of Data as defined by whether the Data in Yodlee’s database contains all entries available at the Data Source for a given account and set of Data fields. For example, if an investment account contains 10 holdings and 100 transactions at the Data Source, all of the entries concerning such holdings and transaction should also be represented in the Yodlee database, unless such Data is incomplete due to datafeed problems that are not the fault of Yodlee.
|(2)
|Correctness of Data Field values as defined by whether the values of individual Data Field elements in Yodlee’s database match the corresponding values available at the Data Source for a given account. For example, if the transaction quantity at the Data Source is “100” the corresponding value in the Yodlee database should be “100”, unless such Data is incorrect due to datafeed problems that are not the fault of Yodlee.
Company agrees to cooperate with Yodlee to help refine Yodlee’s set of Data accuracy rules. Yodlee agrees to use commercially reasonable efforts to improve Data Agent quality using the results of such Data accuracy assessments and to reduce the incidence of Data Quality Events for the Data Sources pursuant to this SLA.
|4.
|Data Quality Events
|A.
|A “Data Quality Event” shall be deemed to have occurred where:
|(1)
|[****]
|(2)
|[****],
|b.
|Measuring Impact Of A “Data Quality Event”
|(1)
|When a Data Quality Event is reported Yodlee will identify a) the time period over which the Data Quality Event occurred based on review of Yodlee internal records, b) assess if the event affected some or all Active Users who accessed the site during the period the Data Quality Event occurred, c) tabulate the overall impact of the Data Quality Event by identifying the total number of Users who accessed the site during the period the Data Quality Event occurred.
|(2)
|Monthly, Yodeled will report five (5) metrics for each Data Quality Event: a) time period of the event b) percent of Active Users affected, c) total number of Active Users accessing the affected Data Source, d) number of Active Users affected by the event, and e) percent of total Active Users affected by the event. Reference sample report in SLA Exhibit I.
|C.
|Data Quality Performance
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in a month:
|•
|For the first month that more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event, Yodlee shall:
|•
|Provide Company with a root cause analysis.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
42
|
SCHEDULE C-1
Performance Measurement – Aggregation Services
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis; and
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice for the monthly invoice for usage fees
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in [****], Yodlee shall:
|•
|Provide Company with a root cause analysis;
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice for usage fees.
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event for [****], then Company shall have the right to terminate this Agreement.
If Yodlee fails to correct a Data Quality Event, and respond to Company that issue has been resolved, within [****] after receipt of a Service Request from Company accurately detailing the issue, Yodlee
|•
|Provide Company with a written corrective action plan on any occasion [****] failures occur in a month;
|•
|Apply a credit of [****]% against the monthly invoice for usage fees for [****] failures in a month;
|•
|Apply a credit of [****]% against the monthly invoice for usage fees for [****] failures in a month.
|D.
|AGENT ERRORS
Reference sample report Agent Errors Report in SLA Exhibit I.
Yodlee Data Agents will meet the following performance levels:
|1.
|Agent Errors on Bank of America accounts
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a month Yodlee shall:
|•
|Provide Company with a root cause analysis.
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis; and
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees for [****] Active Users.
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in [****], Yodlee shall:
|•
|Provide Company with a root cause analysis;
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
43
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees for [****] Active Users.
|2.
|Agent Errors on Feld-Away Accounts
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a month Yodlee shall:
|•
|Provide Company with a root cause analysis.
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis; and
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees for [****] Active Users with Held-Away Accounts.
If more than [****]% of accounts held by [****] Active Users are impacted by a an Agent Error in [****], Yodlee shall
|•
|Provide Company with a root cause analysis;
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees. for [****] Active Users with Held-Away Accounts
|E.
|USER ACTION REQUIRED CONDITIONS
User Action required applies to accounts where the User has been notified that their credentials in the Yodlee Service need updating in order for the Agent to continue successfully accessing their site information, or where some other condition requires the Customer to take action to re-enable Date retrieval. Credential updates include user login ID, passwords, challenge questions and other multi-factor authentication information required by the target site. Other conditions can include acknowledging additional or supplemental user terms and conditions at the Data Source. In those instances where the User has received such notice and fails to take the required action within 90 days of the notification the condition will no longer be counted against the following metrics.
|1.
|User Action Required on Bank of America accounts (fed or scraped): If more than [****]% of accounts held by [****] Active Users are impacted by a User Action Required condition in a month Yodlee shall provide Company with a root cause analysis.
|2.
|User Action Required on Held-Away accounts: If more than [****]% of accounts held by [****] Active Users are impacted by User Action Required condition in a month Yodlee shall Provide Company with a root cause analysis.
Reference sample report in SLA Exhibit I.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
44
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
|F.
|PRIORITY DEFINITION TABLE
COMPANY SHALL ASSIGN PRIORITY BASED UPON THE FOLLOWING DEFINITIONS:
|
Priority
|
Priority Definition
|P1
|A catastrophic error resulting in loss of Service that includes but not limited to:
|
•
|
The Service is not available.
|
•
|
A critical Service function is unavailable or unable to be performed, causing an immediate and very high level of impact on, economics, operations, or brand.
|
•
|
An incident that impacts multiple customers or business units and has the potential to have a high level of impact on End-Users, economics or operations, or that causes a regulatory or compliance breach.
|
•
|
An incident that, if not resolved within the up-time commitments will impact multiple customers or business units and have the potential to have a high level of impact on customers, economics or operations or an incident resulting from degraded performance to an enterprise implementation of the Service.
|
•
|
Security breach.
|
•
|
A software error rendering the application/service unusable
|P2
|A partial failure resulting in loss of capacity, features or functionality of the Service that includes but is not limited to:
|
•
|
An incident has an immediate and moderate level of impact on business operations
|
•
|
Service or system failure that impacts End-Users.
|
•
|
Significant degradation in response time or functional performance [Example: page load times go from 5 seconds to 10 seconds over a period of hours]
|
•
|
Software error that impacts standard features and functionality resulting in the Service being critically restricted in use
|
•
|
All Data issues due to controllable reasons.
|P3
|A partial failure resulting in loss of capacity, features or functionality of the service impacting
|
•
|
End-Users that includes but is not limited to:
|
•
|
An incident that has a low level of impact on business operations and typically affects a single or low number of End-Users
|
•
|
A software error that impacts a minor feature and/or function of the Service impacting End-Users.
|
•
|
Any problem that is not a P1 or P2
F. TECHNICAL SUPPORT RESPONSE TIME TABLE
|
Issue Type
|
Initial Response
|
Problem
|
Updates
|
Time To Resolution
|[****]
|[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
|
[****]
[****]
[****].
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
45
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
|H.
|PROBLEM NOTIFICATION
|1.
|If internal monitoring and/or support resources detect a P1 incident, Yodlee will notify Company and resolution of the incident will follow the P1 process,
|2.
|If Company detects a P1 incident; Company will notify Yodlee support via phone (1-800-928-3457).
|3.
|For P2 and P3 incidents, Company will notify Yodlee support by opening a Service Request in the YodleeCustomerCare tool
|4.
|Upon receipt of notification, Yodlee shall assign a Service Request to the incident reported by Company and provide a tracking number to Company.
|5.
|Regardless of the mechanism used to report the incident, if Company does not receive a response from Yodlee within the guidelines set forth in Section B of this SLA, Company should contact Yodlee per SLA Exhibit III below.
|6.
|Support hours of operation are 7x24.
|7.
|Yodlee expects Company to identify, investigate and attempt to resolve End-User issues prior to contacting Yodlee. In the event Company is not able to resolve the problem, it should be escalated to Yodlee Support using the above process. End-User email threads should not be forwarded to Yodlee Support without summarized detail. Company should have the following Information available when opening a Service Request in the Yodlee CustomerCare tool;
|1.
|Date Observed:
|2.
|Feature:
|3.
|End-User’s User Name/s:
|4.
|End-User’s Email Address:
|5.
|Client OS:
|6.
|Client Browser type and Version.
|7.
|Site Display Name:
|8.
|Member Item ID:
|9.
|Specific to a Site:
|a.
|If No, list additional Sites:
|10.
|Expected Result:
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
46
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
|11.
|Actual Result:
|a.
|Error Code:
|b.
|Actual Result Frequency:
|c.
|Repeatable by Others: Yes/No
|12.
|Steps to Reproduce.
|a.
|13.
|Additional info/Attachment
|I.
|PRODUCT LIFECYCLE
Yodlee will support the then-current Major Release of each Service plus two Major Releases back (e.g., if the then current Major Release is 9.x, support per this SLA would be provided for 9.x, 8.x, and 7.x). If a Defect is discovered during this phase, Yodlee will respond and address the Defect in accordance with the provisions of this SLA. Yodlee will make new Major Releases generally available to its clients no more frequently than once per year on average.
Once a Major Release is more than two versions older than the then-current Major Release, that version will be deemed “EOL” and Defect support per this SLA will no longer be available (e.g. when the current Major Release is 9.x, version 6.x will no longer be supported per this SLA). Yodlee Support will attempt to answer questions concerning the EOL version of the product, but support will not be provided per the requirements of this SLA.
|J.
|MINOR AND MAINTENANCE RELEASES
In conjunction with the above Product Lifecycle, Yodlee will provide BANA with Minor Releases and Maintenance Releases on a periodic basis for no additional fee. The frequency of Maintenance Releases will depend upon the number of field reported escalations from BANA and/or Defects reported from Yodlee Support, Operations, Engineering and QA groups. For P1 issues Yodlee will promptly provide a Hotfix once that fix becomes available (coded and tested).
|K.
|OPERATIONAL REPORTS
Yodlee to provide the following to BANA on a monthly basis
|8.
|Monthly Uptime Report (see SLA Exhibit I)
|9.
|Root Cause Analysis Report (P1 incident) (See SLA Exhibit II). – delivered at each incident
|10.
|Scorecard Metrics
|11.
|Added, Deleted and Re-branded Site report
|L.
|FILE FEEDS
Yodlee to provide to BANA a custom BAC My Portfolio data extract file for previous day activity by 10:00 am ET every day. Monday morning files will contain all data. All other days will have a delta from the previous day.
Late or missed files will be escalated to Yodlee through the standard escalation process.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
47
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
SLA EXHIBIT I
SAMPLE OPERATIONS MONTHLY REPORT
|Co Brand
|Unscheduled Downtime minutes
|DC
|Month End Uptime %
|
Mthly
SLA %
|MTD Unscheduled Downtime(min)
|MTD Scheduled Downtime
|MTD Partial Downtime (min)
Production Full Outage Issues
|•
|05/05/2004 between 01:50 PM PST to 02:05 PM PST Network switches that support connection from the database servers to the disk storage arrays (EMC disk storage) went down and caused a database server failover. During the failover the web/app servers lost connection to the database servers. Once the data base server was up and running (after failover -few minutes), the web/app servers reconnected to the database and at that point service was fully restored.
Production Partial Outage Issues
|•
|None
Scheduled Maintenance
|•
|05/01/2004 10:00 PM to 05/02/2004 02:00 AM PST. Database maintenance for the patch upgrade. Also added a new node to the cluster group Completed: 240 Maintenance minutes used
|•
|05/22/2004 10:00 PM to 11:45 PM PST. Database maintenance Completed: 105 Maintenance minutes used
SAMPLE DATA QUALITY EVENT MONTHLY REPORT
|
Site
Affected
|
Start Date of
Event
|Duration
|
% Active
Users
Affected
|
Total #
Active
Users At
Site
|# Active Users Affected
|Total [****] Active Users In Month
|
Percent
Active Users Affected
SAMPLE AGENT ERROR MONTHLY REPORT
|Category
|
# Agent Errors Reported To
Active Users
|
# Successful Updates Reported To
Active Users
|% Agent Errors
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
48
|
|
SCHEDULE C-1
Performance Measurements – Aggregation Services
SLA EXHIBIT II
SAMPLE ROOT CAUSE ANALYSIS REPORT
|Date:
|Customer(s) affected:
|Start Time:
|Stop Time:
|SR #
|YCM #
|SLA ticket#
|Prepared by:
|
How was the Problem detected or reported:
|
Impact analysis:
|
Problem Summary:
|
Resolution:
|
Yodlee Escalation & Resources Involved:
|Ops-Monitoring:
|Customer-Care:
|Ops-Support
|Ops-Mgmt:
|DBA:
|Sustaining:
**** Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
49
|
SCHEDULE C-1
Performance Measurement – Aggregation Services
SLA EXHIBIT III
YODLEE ESCALATION CONTACT LIST
In the event that Yodlee has not met its SLA obligations within the time frame specified or Support received does not meet the spirit of this SLA. Company may escalate a given issue according to this contact list.
Primary:
Manager, Client Services
Alternate:
VP, Client Services
Sr. Director, Data Center Operations
SVP, Operations
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
50
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
SCHEDULE C-2
MFP Support Levels and Procedures
YODLEE PLATFORM SUPPORT LEVELS AND PROCEDURES (SLA)
Yodlee shall provide Company access to Yodlee technical support personnel to assist Company with the resolution of problems with the Yodlee Services described on the Product Schedule(s). A sufficient number of trained, qualified personnel shall be designated by Yodlee to respond to telephone and web inquiries by Company in accordance with the provisions and response times as set forth in this SLA. Company will escalate problems to Yodlee after having provided the first level of support (Tier 1 support) to Company’s End-Users. Additional product-specific SLA terms (if applicable) are attached to the relevant Product Schedule(s) and are incorporated herein by reference.
|A.
|DEFINITIONS
|1.
|“Action Plan” means the plan of the Support Engineer on how to resolve a Service Request once it is accepted into the engineers work log. An action plan will consist of a Problem Statement, steps to resolve, and estimated time to resolution.
|2.
|“Agent” or “Data Agent” means the site-specific code that traverses a Data Source’s web pages or makes a direct, electronic connection to a Data Source to obtain data.
|3.
|“Agent Errors” means [****].
|4.
|“Business Day” means 7am Pacific Time (“PT”) to 7 pm PT Monday through Friday, excluding Yodlee Holidays,
|5.
|“Data” means Customer Data retrieved by Yodlee from a Data Source.
|6.
|“Data Quality Event” means an event where the Data is not complete or correct, as specified in Section C herein, provided that Data Quality Events shall not include Data issues due to reasons beyond Yodlee’s control, such as UAR Errors and Site Errors.
|7.
|“Defect” means a software defect, acknowledged by Yodlee with a bug tracking number and associated with a Service Request, that prevents the Service from operating as described in the documentation or causes the Service to operate in a manner materially different than described in the documentation.
|8.
|“Emergency Maintenance” means critical system changes that cannot wait for Scheduled Maintenance. These changes could destabilize the system if not addressed expeditiously.
|9.
|“Held Away Account” means an account at an institution other than Bank of America.
|10.
|“Hotfix” means one specific Defect fix for a given case (usually relates to a P1 Service Request).
|11.
|“Major Release” means a major upgrade to the product containing new features along with product defect fixes. (Version number X.x.x)
|12.
|“Minor Release” means a scheduled update to a Major Release that includes some new features. (Version number x.X.x)
|13.
|“Maintenance Release” means a scheduled update to a Minor Release to correct and consolidate defects. (Version number x.x.X)
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
51
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
|14.
|“Priority” means the Table C priority level assigned to each individual Service Request.
|15.
|“Problem Definition” means the phase where the problem is identified and a problem statement is prepared and presented to Company.
|16.
|“Problem Statement” means a concise statement defining the problem.
|17.
|“Scheduled Maintenance” means system/software/Service maintenance that are scheduled to fix non critical errors and implement system/software/Service changes. These are primarily scheduled during weekend off hours.
|18.
|“Site Errors” means the types of failures that relate to Data Source errors, due to a maintenance window, network, datafeed or system outage, or other internal failure at the Data Source. These are not regarded as product or service “defects”, and are therefore not subject to the SLA commitments defined herein. Site-related failures are measured daily and are measured reported as an aggregate percentage. A current list of Site Error codes (which Yodlee may update periodically) will be provided.
|19.
|“Service Request” means a problem that is reported by Company. A unique ID number identifies each Service Request.
|20.
|“Technical Support Initial Response Time” means the period that starts when Company or member of Technical Support Staff opens a Service Request (as defined by the assignment of a unique Service Request ID number).
|21.
|“UAR Error” or User Action Required Error” means the types of failures that result from a dependency on an End-User. This may be the result of inaccurate information provided by the End-User or the need for an End-User to perform some action on the Data Source before the Data Agent can be successfully executed. These are not regarded as product or service “defects”, and are therefore not subject to the SLA commitments defined herein. A current list of UAR Error codes (which Yodlee may update periodically) will be provided.
|22.
|“Update” means the periodic update given to Company on the status of the Service Request that will include: a statement of the problem, what has been done to this point to resolve the problem, what the next steps are toward reaching resolution and estimated time to resolution.
|23.
|“Uptime” means the total time the Service is available during a particular period. The total time reflects time taken to resolve all P1 problems.
|24.
|“Yodlee CustomerCare” means Yodlee’s online system for reporting, escalating, and resolving customer issues, Company’s usage of which is limited solely to the following modules and features absent a separate Yodlee CustomerCare Product Schedule and Company’s payment of additional Yodlee CustomerCare fees: Administration Module, Customer Management Module (Including Customer Profile Data), and GroupPolicyManager.
|B.
|OPERATIONS METRICS
Yodlee will expend commercially reasonable efforts to meet and/or exceed the following operational performance metrics:
|1.
|[****]% system uptime per month if test accounts (Yodlee credentials utilized to monitor the service) are provided by Company (Scheduled or Emergency Maintenance excluded).
|2.
|[****]% system uptime per month if no test accounts (for the Service) provided by Company (Scheduled of Emergency Maintenance excluded).
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
52
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
|3.
|Scheduled Maintenance/Downtime
|a.
|Yodlee shall provide Company with at least [****] calendar days notice of any Scheduled Maintenance.
|b.
|Scheduled Maintenance shall not exceed [****] downtime in a particular instance and [****] in aggregate in any given month unless pre-approved by BAC.
|c.
|Standard Scheduled maintenance windows are Saturdays from 10:00 pm to 2:00 am PT (1:00 am-5:0D am ET)
|d.
|On occasion, Emergency Maintenance may be required. Emergency Maintenance may include, but is not limited to security related issues and/or technical problems that could impact the availability of the Service. In such cases, Yodlee will notify Company prior to downtime as time permits.
|4.
|Outage Reports
|a.
|Yodlee will provide a Root Cause Analysis (RCA) report (SLA Exhibit II) within [****] of closure of P1 incidents.
|5.
|Credits – If for any reason Yodlee does not meet [****]% Service uptime, the following applies:
|a.
|For the first month that Service uptime is below [****]%, Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company wall a written corrective action plan
|b.
|if Service uptime falls below [****]% for [****], Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company with a written corrective action plan
|•
|Apply a credit of [****]% against monthly invoice for usage Fees for the [****] that Service uptime is below [****]%
|c.
|If Service uptime falls below [****]% for any [****], Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company with a written corrective action plan
|•
|Apply a credit of [****]% against monthly invoice for usage fees for the [****] that Service uptime is below [****]%
|d.
|If Service uptime for any [****] falls below [****]%, Yodlee shall:
|•
|Provide Company with a root cause analysis of downtime events
|•
|Provide Company with a written corrective action plan
|•
|Apply a credit of [****]% against monthly invoice for usage fees for the failed month
|e.
|If Service uptime falls below [****]% for any [****], Yodlee shall:
|•
|Apply a credit of [****]% against monthly invoice for usage fees for the [****], or
|•
|Company shall have the right to terminate the Agreement.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
53
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
|C.
|DATA QUALITY METRICS
Yodlee will meet the following coverage, reliability, and population data quality service levels when collecting and storing data.
|1.
|Data Source Coverage
Yodlee will support the Data Sources that (a) are part of Yodlee’s master list of Data Sources or (b) are made available to Company pursuant to sub-section 2 below,
Yodlee’s obligation to meet the aforementioned requirements is subject to the following:
|•
|Yodlee will expend all commercially reasonable efforts to obtain Data Source Test Accounts to add and adequately test Data Sources. Unavailability of Data Source Test Accounts that directly results in Yodlee’s inability to support a Data Source shall not be construed as a violation of the Data Quality Metric described in this Section.
|•
|Unavailability of a Data Source to Yodlee’s Data Agent due to any of the following reasons shall not be construed as a violation of the Data Quality Metric described in this Section.
|•
|The non-existence of an electronic interface containing Data.
|•
|A Data Source electronically blocking access that prevents a Data Agent from gaining access to Data. However, if such Data Source had previously provided access, then Yodlee shall use commercially reasonable efforts to restore access to such Data Source.
|•
|Legal action by or agreement with the Data Source that prevents Yodlee from legally gaining access to Data via supported methods.
|•
|User authentication methods employed by the Data Source that result in incompatibility with the Data Agent and Yodlee’s Data collection infrastructure
|2.
|New Data Sources; Dedicated Data Team.
Subject to Company’s payment of a separately contracted Dedicated Data Team resource fee, the Dedicated Data Team members will make New Data Sources available to Company based on prioritization established by Company, provided that such New Data Sources are not to be accessed via direct datafeed. New Data Sources to be accessed via direct datafeeds will require Professional Services SOWs and a datafeed agreement with each such New Data Source.
The Dedicated Data Team will be responsible for adding and maintaining new Data Sources that Company has requested , or any other Data-related tasks as communicated in writing by Company. The priority of those new Data Sources will be assigned by the Company.
On a monthly basis, the Dedicated Data Team will report to the Company the status of their Data Source additions or other requested Data-related services provided by the Dedicated Data Team, including, but not limited to Data Sources that they added, Data Sources that are waiting to be added, technical or administrative problems with their addition of a Data Source or other requested task, and the resolution of any such previously report past problems.
|3.
|Data Quality Completeness And Correctness
Yodlee will provide a Data monitoring infrastructure designed to assess Data quality within the following two areas:
|(1)
|Completeness of Data as defined by whether the Data in Yodlee’s database contains all entries available at the Data Source for a given account and set of Data fields. For example, if an investment account contains 10 holdings and 100 transactions at the Data Source, all of the entries concerning such holdings and transaction should also be represented in the Yodlee database, unless such Data is incomplete due to datafeed problems that are not the fault of Yodlee.
|(2)
|Correctness of Data Field values as defined by whether the values of individual Data Field elements in Yodlee’s database match the corresponding values available at the Data Source for a given account. For example, if the transaction quantity at the Data Source is “100” the corresponding value in the Yodlee database should be “100”, unless such Data is incorrect due to datafeed problems that are not the fault of Yodlee.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
54
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
Company agrees to cooperate with Yodlee to help refine Yodlee’s set of Data accuracy rules. Yodlee agrees to use commercially reasonable efforts to improve Data Agent quality using the results of such Data accuracy assessments and to reduce the incidence of Data Quality Events for the Data Sources pursuant to this SLA.
|4.
|Data Quality Events
|A.
|A “Data Quality Event” shall be deemed to have occurred where:
|(1)
|[****]
|(2)
|[****],
|b.
|Measuring Impact Of A “Data Quality Event”
|(1)
|When a Data Quality Event is reported Yodlee will identify a) the time period over which the Data Quality Event occurred based on review of Yodlee internal records, b) assess if the event affected some or all Active Users who accessed the site during the period the Data Quality Event occurred, c) tabulate the overall impact of the Data Quality Event by identifying the total number of Users who accessed the site during the period the Data Quality Event occurred.
|(2)
|Monthly, Yodeled will report five (5) metrics for each Data Quality Event: a) time period of the event b) percent of Active Users affected, c) total number of Active Users accessing the affected Data Source, d) number of Active Users affected by the event, and e) percent of total Active Users affected by the event. Reference sample report in SLA Exhibit I.
|C.
|Data Quality Performance
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in a month:
|•
|For the first month that more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event, Yodlee shall:
|•
|Provide Company with a root cause analysis.
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis; and
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of 5% against the monthly invoice for the monthly invoice for usage fees
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
55
|
SCHEDULE C-2
MFP Support Levels and Procedures
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in [****], Yodlee shall:
|•
|Provide Company with a root cause analysis;
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice for usage fees.
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event for [****], then Company shall have the right to terminate this Agreement.
If Yodlee fails to correct a Data Quality Event, and respond to Company that issue has been resolved, [****] after receipt of a Service Request from Company accurately detailing the issue, Yodlee
|•
|Provide Company with a written corrective action plan on any occasion [****];
|•
|Apply a credit of [****]% against the monthly invoice for usage fees for [****];
|•
|Apply a credit of [****]% against the monthly invoice for usage fees for [****].
|D.
|AGENT ERRORS
Reference sample report Agent Errors Report in SLA Exhibit I.
Yodlee Data Agents will meet the following performance levels:
|1.
|Agent Errors on Bank of America accounts
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a month Yodlee shall:
|•
|Provide Company with a root cause analysis.
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis; and
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees for [****] Active Users.
If more than [****]% of accounts held by [****] Active Users are impacted by a Data Quality Event in [****], Yodlee shall:
|•
|Provide Company with a root cause analysis;
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees for [****] Active Users.
|2.
|Agent Errors on Feld-Away Accounts
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a month Yodlee shall:
|•
|Provide Company with a root cause analysis.
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
56
|
SCHEDULE C-2
MFP Support Levels and Procedures
If more than [****]% of accounts held by [****] Active Users are impacted by an Agent Error in a [****], Yodlee shall:
|•
|Provide Company with a root cause analysis; and
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees for [****] Active Users with Held-Away Accounts.
If more than [****]% of accounts held by [****] Active Users are impacted by a an Agent Error in [****], Yodlee shall
|•
|Provide Company with a root cause analysis;
|•
|Provide Company with a written corrective action plan; and
|•
|Apply a credit of [****]% against the monthly invoice usage fees. for [****] Active Users with Held-Away Accounts
|E.
|PRIORITY DEFINITION TABLE
COMPANY SHALL ASSIGN PRIORITY BASED UPON THE FOLLOWING DEFINITIONS:
|
Priority
|
Priority Definition
|P1
|A catastrophic error resulting in loss of Service that includes but not limited to:
|
•
|
The Service is not available.
|
•
|
A critical Service function is unavailable or unable to be performed, causing an immediate and very high level of impact on, economics, operations, or brand.
|
•
|
An incident that impacts multiple customers or business units and has the potential to have a high level of impact on End-Users, economics or operations, or that causes a regulatory or compliance breach.
|
•
|
An incident that, if not resolved within the up-time commitments will impact multiple customers or business units and have the potential to have a high level of impact on customers, economics or operations or an incident resulting from degraded performance to an enterprise implementation of the Service.
|
•
|
Security breach.
|
•
|
A software error rendering the application/service unusable
|P2
|A partial failure resulting in loss of capacity, features or functionality of the Service that includes but is not limited to:
|
•
|
An incident has an immediate and moderate level of impact on business operations
|
•
|
Service or system failure that impacts End-Users.
|
•
|
Significant degradation in response time or functional performance [Example: page load times go from 5 seconds to 10 seconds over a period of hours]
|
•
|
Software error that impacts standard features and functionality resulting in the Service being critically restricted in use
|
•
|
All Data issues due to controllable reasons.
|P3
|A partial failure resulting in loss of capacity, features or functionality of the service impacting
|•
|End-Users that includes but is not limited to:
|•
|An incident that has a low level of impact on business operations and typically affects a single or low number of End-Users
|•
|A software error that impacts a minor feature and/or function of the Service impacting End-Users.
|•
|Any problem that is not a P1 or P2
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
57
|
SCHEDULE C-2
MFP Support Levels and Procedures
|F.
|TECHNICAL SUPPORT RESPONSE TIME TABLE
|
Issue Type
|
Initial
Response
|
Problem
Definition and
Action Plan
|
Updates
|
Time To Resolution
|
[****]
|[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|
[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|
[****]
|[****]
|[****]
|[****]
|[****]
|
[****]
|[****]
|[****]
|[****]
|[****]
[****]
[****].
|G.
|PROBLEM NOTIFICATION
|1.
|If internal monitoring and/or support resources detect a P1 incident, Yodlee will notify Company and resolution of the incident will follow the P1 process,
|2.
|If Company detects a P1 incident; Company will notify Yodlee support via phone (1-800-928-3457).
|3.
|For P2 and P3 incidents, Company will notify Yodlee support by opening a Service Request in the YodleeCustomerCare tool
|4.
|Upon receipt of notification, Yodlee shall assign a Service Request to the incident reported by Company and provide a tracking number to Company.
|5.
|Regardless of the mechanism used to report the incident, if Company does not receive a response from Yodlee within the guidelines set forth in Section B of this SLA, Company should contact Yodlee per SLA Exhibit III below.
|6.
|Support hours of operation are 7x24.
|7.
|Yodlee expects Company to identify, investigate and attempt to resolve End-User issues prior to contacting Yodlee. In the event Company is not able to resolve the problem, it should be escalated to Yodlee Support using the above process. End-User email threads should not be forwarded to Yodlee Support without summarized detail. Company should have the following Information available when opening a Service Request in the Yodlee CustomerCare tool;
|1.
|Date Observed:
|2.
|Feature:
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
58
|
SCHEDULE C-2
MFP Support Levels and Procedures
|3.
|End-User’s User Name/s:
|4.
|End-User’s Email Address:
|5.
|Client OS:
|6.
|Client Browser type and Version.
|7.
|Site Display Name:
|8.
|Member Item ID:
|9.
|Specific to a Site:
|a.
|If No, list additional Sites:
|10.
|Expected Result:
|11.
|Actual Result:
|a.
|Error Code:
|b.
|Actual Result Frequency:
|c.
|Repeatable by Others: Yes/No
|12.
|Steps to Reproduce.
|a.
|13.
|Additional info/Attachment
|H.
|PRODUCT LIFECYCLE
Yodlee will support the then-current Major Release of each Service plus two Major Releases back (e.g., if the then current Major Release is 9.x, support per this SLA would be provided for 9.x, 8.x, and 7.x). If a Defect is discovered during this phase, Yodlee will respond and address the Defect in accordance with the provisions of this SLA. Yodlee will make new Major Releases generally available to its clients no more frequently than once per year on average.
Once a Major Release is more than two versions older than the then-current Major Release, that version will be deemed “EOL” and Defect support per this SLA will no longer be available (e.g. when the current Major Release is 9.x, version 6.x will no longer be supported per this SLA). Yodlee Support will attempt to answer questions concerning the EOL version of the product, but support will not be provided per the requirements of this SLA.
|I.
|MINOR AND MAINTENANCE RELEASES
In conjunction with the above Product Lifecycle, Yodlee will provide BANA with Minor Releases and Maintenance Releases on a periodic basis for no additional fee. The frequency of Maintenance Releases will depend upon the number of field reported escalations from BANA and/or Defects reported from Yodlee Support, Operations, Engineering and QA groups. For P1 issues Yodlee will promptly provide a Hotfix once that fix becomes available (coded and tested).
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
59
|
SCHEDULE C-2
MFP Support Levels and Procedures
|J.
|OPERATIONAL REPORTS
Yodlee to provide the following to BANA on a monthly basis
|8.
|Monthly Uptime Report (see SLA Exhibit I)
|9.
|Root Cause Analysis Report (P1 incident) (See SLA Exhibit II).- delivered at each incident
|10.
|Scorecard Metrics
|11.
|Added, Deleted and Re-branded Site report
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
60
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
SLA EXHIBIT I
SAMPLE OPERATIONS MONTHLY REPORT
|Co Brand
|Unscheduled Downtime minutes
|DC
|Month End Uptime %
|
Mthly
SLA %
|
MTD
Unscheduled
Downtime(min)
|MTD Scheduled Downtime
|
MTD Partial Downtime
(min)
Production Full Outage Issues
|•
|05/05/2004 between 01:50 PM PST to 02:05 PM PST Network switches that support connection from the database servers to the disk storage arrays (EMC disk storage) went down and caused a database server failover. During the failover the web/app servers lost connection to the database servers. Once the data base server was up and running (after failover -few minutes), the web/app servers reconnected to the database and at that point service was fully restored.
Production Partial Outage Issues
|•
|None
Scheduled Maintenance
|•
|05/01/2004 10:00 PM to 05/02/2004 02:00 AM PST. Database maintenance for the patch upgrade. Also added a new node to the cluster group Completed: 240 Maintenance minutes used
|•
|05/22/2004 10:00 PM to 11:45 PM PST. Database maintenance Completed: 105 Maintenance minutes used
SAMPLE DATA QUALITY EVENT MONTHLY REPORT
|
Site
Affected
|Start Date of Event
|Duration
|% Active Users Affected
|
Total #
Active
Users At
Site
|# Active Users Affected
|Total [****] Active Users In Month
|
Percent
Active Users Affected
SAMPLE AGENT ERROR MONTHLY REPORT
|Category
|# Agent Errors Reported To Active Users
|
# Successful Updates Reported To
Active Users
|% Agent Errors
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
61
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
SLA EXHIBIT II
SAMPLE ROOT CAUSE ANALYSIS REPORT
|Date:
|Customer(s) affected:
|Start Time:
|Stop Time:
|SR #
|YCM #
|SLA ticket#
|Prepared by:
|
How was the Problem detected or reported:
|
Impact analysis:
|
Problem Summary:
|
Resolution:
|
Yodlee Escalation & Resources Involved:
|Ops-Monitoring:
|Customer-Care:
|Ops-Support
|Ops-Mgmt:
|DBA:
|Sustaining:
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
62
|
|
SCHEDULE C-2
MFP Support Levels and Procedures
SLA EXHIBIT III
YODLEE ESCALATION CONTACT LIST
In the event that Yodlee has not met its SLA obligations within the time frame specified or Support received does not meet the spirit of this SLA. Company may escalate a given issue according to this contact list.
Primary:
Senior Director, Client Services
Alternate:
Director, Client Partner
Sr. Director, Data Center Operations
SVP, Operations
**** Certain information on has been omitted and filed separately with the Securities and Exchange Commission.
Confidential treatment has been requested with respect to the omitted portions.
63
|
SCHEDULE C-3
IAV Support Levels and Procedures
SCHEDULE C-3
IAV Support Levels and Procedures
Schedule C-1 shall apply for the performance measurements of the IAV Services, except as noted below:
|•
|Section C “Data Quality Metrics” are not applicable and shall not apply
|•
|Section D “Agent Errors” are not applicable and shall not apply
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange
Commission. Confidential treatment has been requested with respect to the omitted portions.
64
|
SCHEDULE D
Information Security
|INFORMATION SECURITY PROGRAM
Prior to granting Supplier access to Confidential Information, Bank of America shall evaluate the Supplier’s Information Security Program and Supplier Security Controls as required in the Section entitled “Confidentiality and Information Protection.” The Supplier’s Information Security Program (the “Program”) shall address the Bank Security Requirements described below. This Program shall, at a minimum, prescribe the architecture of Supplier’s system, Confidential Information placement within the system, the security controls in place (e.g. firewalls, web page security, intrusion detection, incident response process, etc.) and contain the information called for in the Subsection entitled “Security Program Features” below. The Program shall also describe physical security measures in place to protect Confidential Information received or processed by Supplier, including those that will protect Confidential Information that has been printed or otherwise displayed in forms perceptible with or without the aid of equipment. This Program must be approved in writing by Bank of America security representatives, in Bank of America’s reasonable discretion, before Bank of America will accept Supplier’s services, disclose Confidential Information to Supplier or locate Confidential Information on Supplier’s systems. Bank of America shall provide Supplier with documentation outlining such Bank Security Requirements and Supplier Security Controls which shall be deemed a part of Bank of America’s Confidential Information under this Agreement. Supplier acknowledges that upon request in order to be allowed continued access to Confidential Information, it will make modifications to its Information Security Program to add additional measures necessary to retain Information Security standards consistent with the Bank Security Requirements.
|
PRIVACY POLICY
With respect to Confidential Information and the services provided to or on behalf of Bank of America, Supplier promptly shall conform its publicly available privacy and security policies, in Bank of America’s reasonable judgment, to those of Bank of America, as they may exist from time to time.
All capitalized terms used in this SCHEDULE D that are not defined herein shall have the meanings assigned elsewhere in this Agreement.
|PROTECTION
Supplier shall install and use a reasonable change control process to ensure that access to its systems and to Confidential Information is controlled and recorded. Supplier shall notify Bank of America of any planned system configuration changes or other changes affecting the Program applicable to Confidential Information, setting forth how such change will impact the security and protection of Confidential Information. No such change, which could reasonably be expected by Bank of America to have a material adverse impact on the security and protection of Confidential Information, may be implemented without the prior written consent of a Bank of America security representative. Bank of America may approve these types of changes prior to their becoming effective, such approval not to be unreasonably withheld or delayed.
Supplier shall permit Bank of America, at the election of Bank of America, to conduct security vulnerability (penetration) testing on those portions of the Supplier network which store or process Confidential Information on a mutually agreed schedule and terms. Supplier agrees to make available to Bank of America the results of any vulnerability testing conducted by Supplier or a qualified third party provider of this service.
Supplier shall permit Bank of America to inspect the physical system equipment, operational environment, and Confidential Information handling procedures. Supplier’s agreement with any contractor to provide services to Bank of America in support of this Agreement shall likewise permit Bank of America to conduct the same inspections
Subject to the terms of this Agreement and the Schedules attached hereto, Supplier will take commercially reasonable measures to prevent the unintended or malicious loss, destruction or alteration of Bank of America’s files, Confidential Information, software and other property received and held by Supplier. Supplier shall maintain back-up files (including off-site back-up copies) thereof and of resultant output to facilitate their
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
65
|
SCHEDULE D
Information Security
reconstruction in the case of such loss, destruction or alteration, in order to ensure uninterrupted services in accordance with the terms of this Agreement, its Schedules, Bank of America’s written policies and Supplier’s disaster recovery plans.
|DETECTION AND RESPONSE
Supplier shall monitor its system for security breaches, violations and suspicious external activity or unauthorized internal system activity. Supplier shall notify Bank of America (promptly within twenty-four (24) hours or as soon thereafter as practicable) through the defined security escalation channel of Bank of America, the Bank of America Computing Incident Response Team (“BACIRT”), in the event of a breach of security or the detection of suspicious activity. Such notification to Bank of America shall precede notifications to any other Party. Supplier shall cooperate fully with all Bank of America security investigation activities and abide by the BACIRT guidelines for escalation and control of significantly security incidents. Bank of America will provide a copy of the guidelines to Supplier, and such guidelines shall be treated as the Confidential Information of Bank of America.
Supplier shall maintain for a mutually agreed-upon length of time, and afford Bank of America reasonable access to, all records and logs of that portion of Supplier’s network that stores or processes Confidential Information. Bank of America may review and inspect any record of system activity or Confidential Information handling upon reasonable prior notice. Supplier acknowledges and agrees that records of system activity and of Confidential Information handling may be evidence (subject to appropriate chain of custody procedures) in the event of a security breach or other inappropriate activity. Upon the request of Bank of America, Supplier shall deliver the original copies of such records to Bank of America for use in any legal, investigatory or regulatory proceeding.
Supplier shall monitor industry-standard information channels (bugtraq, CERT, OEMs, etc.) for newly identified system vulnerabilities regarding the technologies and services provided to Bank of America and fix or patch any identified security problem in an adequate and timely manner. Unless otherwise expressly agreed in writing, “timely” shall mean that Supplier shall introduce such fix or patch as soon as commercially reasonable after Supplier becomes aware of the security problem. This obligation extends to all devices that comprise Supplier’s system, e.g., application software, databases, servers, firewalls, routers and switches, hubs, etc., and to all of Supplier’s other Confidential Information handling practices.
Bank of America may perform vulnerability testing of Supplier’s system to test the remediation measures implemented after a security incident or event to protect Confidential Information.
|SECURITY PROGRAM FEATURES
At the request of Bank of America, Supplier shall meet with the Bank of America information security team to discuss information security issues in much greater detail at mutually agreeable times and locations.
Bank of America acknowledges and agrees that the information Supplier so provides is Supplier’s Confidential Information, as defined in this Agreement, and is valuable proprietary information of Supplier. Supplier shall provide detailed information including, but not limited to, the following topics, which also shall be addressed in Supplier’s Program.
|1.
|Visio and Other Diagrams. The diagrams shall show the detail of the system architecture including, without limitation, the logical topology of routers, switches, Internet firewalls, management or monitoring firewalls, servers (web, application and database), intrusion detection systems, network and platform redundancy. The diagrams shall include all hosting environments, including those provided by Supplier’s Subcontractors.
|2.
|Firewalls. State the specifications of the firewalls in use and who manages them. Specify the services, tools and connectivity required to manage the firewalls.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
66
|
SCHEDULE D
Information Security
|3.
|Intrusion Detection Systems. Describe the intrusion detection system (“IDS”) environment and the security breach and event escalation process. Indicate who manages the IDS environment. Specify the services, tools and connectivity required to manage the IDS environment, and if the IDS network is host based.
|4.
|Change Management. Describe the change management process for automated systems used to provide services. Describe the process for information handling policies and practices.
|5.
|Business Continuity. Describe the business and technical disaster recovery management process.
|6.
|System Administration Access Control. Describe the positions that perform administration functions on servers, firewalls or other devices within the application and network infrastructure. Detail level of access needed to perform functions. Explain the access control mechanisms. Detail access reports generated and when reports are reviewed periodically. Describe methods used to track/log the usage of each account.
|7.
|Customer Access Control. Describe each logon process to be followed by Bank of America Customers (including Bank of America employees) to obtain access to services Supplier provides to Bank of America. Describe the initial enrollment process for such Customers. Describe the password policies and procedures Supplier’s system enforces, including, without limitation, password expiration, length of password, password revocation, invalid logon attempt threshold, etc. Describe methods used to track/log the usage of each account. Supplier shall demonstrate how a customer or end user authenticates to each application.
|8.
|Access to Confidential Information in Human-Perceptible Forms. Describe policies, procedures and controls used to protect Confidential Information when it is printed or in other perceptible forms; how and how often these policies and procedures are reviewed and tested; and what methods are used to ensure destruction of Confidential Information on hard copy.
|9.
|Operating System Baselines. Describe Supplier’s operating system security controls and configurations. Examples: Operating system services that have been removed because not required by Supplier’s services to Bank of America. Identify and provide current operating system fixes that have not been applied, if any.
|10.
|Encryption. Describe in detail the technology and usage of encryption for protecting Confidential Information, including passwords and authentication information, during transit and in all forms and locations where it may be stored.
|11.
|Application and Network Management. Specify the services, tools and connectivity required to manage the application and network environments; who carries out the management functions; and what level of physical security applies to managed devices.
|12.
|Physical Security. For each location where Confidential Information will be processed or stored or services for Bank of America produced by Supplier, describe in detail the arrangements in place for physical security.
|13
|Privacy. Describe Supplier’s privacy and security policies; indicate if they are in writing; and whether they are compatible with Bank of America’s policies.
|14.
|Location of Servers. Are web servers on a separate segment of the network from the application and database servers? If not, explain the reason this has not been done. At Bank of America’s request, Supplier shall make reasonable efforts to create this separation.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
67
|
SCHEDULE D
Information Security
|INFORMATION DESTRUCTION REQUIREMENTS
Overall Requirements
Supplier shall destroy all Confidential Information after it is no longer needed for performance under this Agreement or to satisfy regulatory requirements. Supplier must have in place or develop information destruction schedules and processes that meet Bank of America standards and that must be used in all cases when Confidential Information is no longer needed. These information destruction requirements are to be applied to paper, microfiche, disks, disk drives, tape and other destroyable electronic or digital media containing Confidential Information.
Paper and Other Shreddable Media
Paper and other shreddable media includes paper, microfiche, microfilm, compact disks (CDs) and any other media that can be shredded. This media must be shredded using shredding techniques or machines such that Confidential Information in this media is completely destroyed as set forth herein when Supplier is finished with the Confidential Information contained thereon and it is no longer needed. This media may be shredded immediately or temporarily stored in a highly secured, locked container. The media may be shredded at a location other than Supplier’s facilities; however it must be transferred in a highly secured, locked container. Supplier is responsible for supervising the shredding regardless of where the shredding activity occurs and by whom the shredding is performed. Confidential Information in this media must be completely destroyed by shredding such that the results are not readable or useable for any purpose.
Electronic Media
Electronic media includes, but is not limited to, disk drives, diskettes, tapes, universal serial bus (USB) and other media that is used for electronic recording and storage. This media is to be wiped or degaussed using a Bank of America approved wipe or degaussing tool. Wiping uses a program that repeatedly writes data to the media and thereby destroys the original content. Degaussing produces an electronic field that electronically eliminates the original data and clears the media. These techniques must meet Bank of America standards and baselines. The resulting media must be free from any machine or computer content readable for any purpose.
Certification
Those processes must be documented as a procedure by Supplier and should outline the techniques and methods to be used. The procedure must also indicate when and where Confidential Information is to be destroyed. Supplier shall keep records of all Confidential Information destruction completed and provide such records to Bank of America upon demand.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
68
|
SCHEDULE E
Background Checks
|BACKGROUND SCREENING GUIDELINES
In accordance with and subject to the terms and conditions of this Agreement, prior to any person being assigned and beginning work for Bank of America under this Agreement, the following background screening guidelines must be administered and successfully passed by that person (“Contract Person”):
|1)
|Search of the Contract Person’s social security number to verify the accuracy of the individual’s identity and current and previous addresses.
|2)
|A criminal background search of all court records in each venue of the Contract Person’s current and previous addresses over the past seven (7) years.
|3)
|A minimum of at least two (2) confirmed work references prior to assignment at Bank of America.
|4)
|Verification of any post high school education or degrees, i.e. B.A., B.S., Associate, or professional certifications.
|5)
|Validate United States citizenship or certification to work in the United States.
Supplier shall keep copies of background screening documentation and provide certification of their completion to Bank of America when requested.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
69
|
|
SCHEDULE F-1
Recovery – Aggregation Services
|
SCHEDULE F-1
Recovery – Aggregation Service
|1.
|Supplier shall establish, maintain and implement per the terms thereof, a Business Continuity Plan. The Business Continuity Plan must be in place within forty-five (45) calendar days after the assumption of Service and shall include, but not be limited to, recovery strategy, loss of critical personnel, documented recovery plans covering all areas of operations necessary to delivering Supplier’s services pursuant to this Agreement, vital records protection and testing plans. The plans shall provide, without limitation, for off-site backup of critical data files, Confidential Information, software, documentation, forms and supplies as well as alternative means of transmitting and processing Confidential Information.
|2.
|The recovery strategy shall provide for recovery after both short and long term disruptions in facilities, environmental support, workforce availability, and data processing equipment. Although short term outages can be protected with redundant resources and network diversity, the long term strategy must allow for total destruction of Supplier’s business operations for a period of six (6) months or longer and set forth a recovery strategy.
|3.
|Supplier’s recovery objectives shall not exceed the following during any recovery period:
|A.
|Time to Full Restoration: [****]
|B.
|Maximum Data Loss (stated in hours): [****]
Supplier services are expected to be architected in a manner approved by the BANA technology division and designed to maximize fault tolerance and minimize service disruption in accordance with the foregoing standards.
In the event of a change, Bank of America agrees to work with Supplier to determine a mutually agreeable date for Supplier to match the new objectives if necessary.
|4.
|Supplier shall continue to provide service to Bank of America if Bank of America activates its contingency plan or moves to an interim site to conduct its business, including during tests of Bank of America’s contingency operations plans.
|5.
|Supplier shall furnish contingency recovery plans, contingency exercise and testing schedules annually or upon request. Supplier shall provide to Bank of America, annually, or upon request, copies of all contingency exercise final reports. If requested, Supplier shall allow Bank of America, at its own expense, to observe a contingency test.
|6.
|If Supplier provides electronic interchange of data with Bank of America, Supplier shall participate, if requested, in the recovery exercise of Bank of America to validate recovery capability.
|7.
|Supplier must provide evidence of capability to meet any applicable regulatory requirements concerning business continuity.
|8.
|Supplier shall be required to participate, if requested by Bank of America, in recovery testing of a mutually agreed upon scope and frequency.
|9.
|Any Yodlee services that are designated to be dependencies to the Bank of America hosted platforms must adhere to BAC standards.
|10.
|Platforms must adhere to BAC standards.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
70
|
|
SCHEDULE F-2
Recovery – MFP Services
|
SCHEDULE F-2
Recovery – MFP Service
Supplier shall establish, maintain and implement per the terms thereof, a Business Continuity Plan.
The Business Continuity Plan must be in place within forty-five (45) calendar days after the assumption of Service and shall include, but not be limited to, recovery strategy, loss of critical personnel, documented recovery plans covering all areas of operations necessary to delivering Supplier’s services pursuant to this Agreement, vital records protection and testing plans. The plans shall provide, without limitation, for off-site backup of critical data files, Confidential Information, software, documentation, forms and supplies as well as alternative means of transmitting and. processing Confidential Information.
|2.
|The recovery strategy shall provide for recovery after both short and long term disruptions in facilities, environmental support, workforce availability, and data processing equipment. Although short term outages can be protected with redundant resources and network diversity, the long term strategy must allow for total destruction of Supplier’s business operations for a period of six (6) months or longer and set forth a recovery strategy.
|3.
|Supplier’s recovery objectives shall not exceed the following during any recovery period:
|A.
|Time to Pull Restoration from time of disruption event: [****]
|B.
|Maximum Data Loss (stated in hours) from time of disruption event: [****]
In the event of a change, Bank of America agrees to work with Supplier to determine a mutually agreeable date for Supplier to match the new objectives if necessary.
|4.
|Supplier shall continue to provide service to Bank of America if Bank of America activates its contingency plan or moves to an interim site to conduct its business, including during tests of Bank of America’s contingency operations plans.
|5.
|Supplier shall furnish contingency recovery plans, contingency exercise and testing schedules annually or upon request. Supplier shall provide to Bank of America, annually, or upon request, copies of all contingency exercise final reports and shall include, but not be limited to, disaster scenario description, exercise scope and objectives, detailed tasks, exercise issues list and remediation, and exercise results. If requested, Supplier shall allow Bank of America, at its own expense, to observe a contingency test.
|6.
|If Supplier provides electronic interchange of data with Bank of America, Supplier shall participate, if requested, in the recovery exercise of Bank of America to validate recovery capability.
|7.
|Supplier must provide evidence of capability to meet any applicable regulatory requirements concerning business continuity.
|8.
|Supplier shall be required to participate, if requested by Bank of America, in recovery testing of a mutually agreed upon scope and frequency.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
71
|
|
SCHEDULE G
Form Statement of Work
Statement of Work Number:
Effective Date:
Expiration Date:
Supplier Name:
Supplier Address:
Supplier Telephone:
Outlined below are the required components for this SOW that is to be attached to Agreement under which Supplier provides Services to Bank of America.
Description of Services/Project Scope
Supplier Deliverables
Bank of America Deliverables
Detail of Fees and Charges
a.
b.
c.
Estimate of total cost.
Prices shall not exceed [****] of estimate. Any travel and living expense expressly requested by Bank of America of Supplier must be pre-approved by Bank of America prior to Supplier incurring said expenses and shall be itemized on the monthly invoices submitted to Bank of America. Furthermore, Supplier shall book all airline travel through Bank of America Travel Department. Travel and additional expenses shall not exceed [****] without prior written consent from Bank of America.
As part of the services provided under this SOW, Supplier shall continually endeavor to improve the quality and level of service and concurrently strive to reduce Bank of America’s direct costs and the cost of service fees paid to Supplier by a minimum of [****] on an annual basis (“Productivity Savings”).
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
72
|
|
SCHEDULE G
Form Statement of Work
Project Schedule/Deliverables Schedule
Project Management/Project Communication
Work Product
Default Language:
Bank of America will own exclusively all Work Product for services provided under this Statement of Work, which shall be “works made for hire” of which Bank of America is the author to the extent permitted under applicable law. To the extent the Work Product is not, as a matter of law, works made for hire, Supplier hereby assigns to Bank of America all right, title and interest (including all Intellectual Property in the Work Product) in and to the Work Product. Supplier shall provide Bank of America upon request with all assistance reasonably required to perfect such right, title and interest, including executing a Confirmation of Assignment specifically naming the items of Work Product. Supplier shall enter into agreements with all of its Representatives and Subcontractors necessary to establish Bank of America’s sole ownership in the Work Product. Bank of America acknowledges Supplier’s and its licensors’ claims of proprietary rights in preexisting works of authorship and other intellectual property Supplier uses in its work pursuant to this Agreement. Bank of America does not claim any right not expressly granted by this Agreement in such works or intellectual property, which shall not be Work Product, even if incorporated with Work Product in the product Supplier delivers to Bank of America. Supplier grants Bank of America a perpetual, worldwide, irrevocable, nonexclusive license to any Intellectual Property Rights embedded in the Work Product, which shall permit Bank of America and any transferee or sublicensee of Bank of America, subject to the restrictions in this Agreement, to use such embedded materials as necessary or desirable for, but solely in connection with, the full use of the Work Product.
Bank of America Invoice Address
Performance Measurements
Supplier shall perform the services listed in this SOW on time and within the agreed budget. If Bank of America is not satisfied with the outcome of the project, Bank of America may request additional interviews or a rebuild of the final reporting.
List of Subcontractors to be used
The undersigned have made, agree upon and shall perform the foregoing SOW, which is incorporated into the General Services Agreement by and between the Parties dated [INSERT AGREEMENT EFFECTIVE DATE] or if no date is specified in this sentence, the latest such Agreement entered into by the Parties.
|
|BANK OF AMERICA, N.A.
|(“Supplier”)
|(“Bank of America”)
|By:
|
|By:
|
|Name:
|
|Name:
|Matthew Wallace
|Title:
|
|Title:
|Vice President
|Date:
|
|Date:
|
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
73
|
|
SCHEDULE H
IP Infringement Litigation
Supplier’s IP Infringement Litigation
Intentionally blank
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
74
|
|
SCHEDULE I
Source Code Escrow
1.0 Supplier shall add Bank of America as a beneficiary to its existing source code escrow agreement (the “Escrow Agreement”) with DSI/Iron Mountain (“Escrow Agent”) Supplier shall place into escrow under the Escrow Agreement the following materials (the “Source Code Escrow”):
1.1 Source Code, in human readable form, on magnetic media in the original programming code language for (1) the Hosted Service, and (2) on a continuing basis, all necessary updates to the foregoing within one hundred twenty (120) days of integrating any updates or within sixty (60) days of a maintenance release of, the Hosted Service which Supplier makes available to Bank of America under this Agreement;
1.2 Source Code soft copies (microfilm or CD-ROM);
1.3 To the extent applicable, necessary, non-licensor, proprietary software to the extent that licensor possesses license or other right sufficient to allow transfer or sublicense; and
1.4 To the extent applicable, Supplier will also provide description of the system/programs required for use and/or support for which the licensor neither possesses, nor has rights sufficient to allow transfer or sublicense;
2.0 The Source Code Escrow shall remain in escrow for the term of this Agreement. Supplier’s obligations under this Section are conditional upon the execution of an appropriate amendment to Supplier’s existing Source Code Escrow Agreement among Supplier, Bank of America and Escrow Agent, consistent with the terms of this Section. The Source Code Escrow Agreement shall provide that the Escrow Agent shall release the Source Code Escrow to Bank of America in the event of Supplier’s insolvency, bankruptcy, general assignment of assets for the benefit of its creditors, or involvement in an involuntary proceeding for protection of its creditors, which are not dismissed or otherwise resolved in Supplier’s favor within ninety (90) days thereafter. These events shall be deemed Release Conditions for purposes of this Section.
3.0 Upon occurrence of a Release Condition, Bank of America shall be deemed to have, automatically, a nonexclusive, nontransferable, fully paid, royalty-free, license to use, modify, copy, display and disclose to persons who have entered into a written agreement containing substantially the same confidentiality provisions as in this Agreement for the sole purpose of hosting and/or maintaining the Hosted Service for Bank of America, and otherwise to utilize the Source Code and other materials necessary to maintain the Hosted Service for use by Bank of America subject to the terms and conditions of this Agreement, such that Bank of America may continue to offer and provide the Hosted Services to Registered Users in a manner consistent with the provision of such services prior the occurrence giving rise to the Source Code Escrow release.
**** Certain information on this page has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions.
75