Singapore Regulatory Compliance Exhibit
- Notabene warrants and represents that Notabene will perform and procure the performance of its obligations under this Agreement in compliance with applicable Singapore laws, regulations, regulatory policies, and guidelines (in each case, issued by the Monetary Authority of Singapore (“MAS”) or another governmental authority in Singapore) which relate to the performance of the Subscription Services, including the MAS’s Guidelines on Outsourcing, Guidelines on Business Continuity Management, and Technology Risk Management Guidelines.
- Without limiting the generality of paragraph 1 of this Exhibit, Notabene represents and warrants that it has implemented and will maintain:
2.1. appropriate business continuity management plans to respond to disruptions, crises, and/or disasters and for the quick recovery of business functions with minimal disruptions to the performance of the Subscription Services;
2.2. effective risk management practices and internal controls to achieve data confidentiality and integrity, system security and reliability, as well as stability and resilience in its IT operating environment; and
2.3. appropriate security policies, procedures, and controls that will enable Customer to protect the confidentiality and security of customer information. - In particular, Notabene agrees that it will:
- 3.1. subject to Section 3.8 below, provide copies of its business continuity management plans, disaster recovery test results, and reports on its security and control environment of Notabene or of its subcontractors (if any), in relation to this Agreement and/or the provision of the Subscription Services, to Customer as soon as possible upon request by Customer or the MAS;
- 3.2. regularly test its business continuity management plans in relation to this Agreement and/or the provision of the Subscription Services and promptly notify Customer of any test finding that may adversely affect Notabene’s or its subcontractor’s performance of the Subscription Services;
- 3.3. promptly notify Customer of any substantial changes in its business continuity management plans or security and control programs in relation to this Agreement and/or the provision of the Subscription Services;
- 3.4. promptly notify Customer of any breach of Notabene’s or its subcontractors’ security and control environment in relation to this Agreement and/or the provision of the Subscription Services and any other adverse development that could result in the Subscription Services being unavailable or inaccessible to Customer;
- 3.5. notify Customer at least fourteen (14) days prior to entering into any subcontracting arrangement, provided that should Notabene choose to subcontract any part of this Agreement, Customer has the right to terminate this Agreement if Customer does not agree to the subcontracting arrangement. Notabene shall reasonably endeavour to procure any such subcontractor’s compliance with this Exhibit; and
- 3.6. permit Customer to conduct, and provide its reasonable cooperation with, audits on Notabene with fourteen (14) days’ prior notice, no more than once a year, whether such audit is by Customer’s internal or external auditors (including agents appointed by Customer and where necessary or expedient, the MAS and agents appointed by the MAS); and reasonably endeavour to permit Customer to conduct audits on Customer’s subcontractors (if any) as above. In the event that Customer carries out an audit, Notabene shall provide, subject to Section 3.8 below, Customer and its duly authorised representatives access to all relevant records, information, or documents held by Notabene appropriate for the purpose of such audit, including without limitation:
- 3.6.1. records and documents of transactions and Customer’s confidential information given to, stored at or processed by Notabene and/or its subcontractors; and
- 3.6.2. copies of reports and findings made on Notabene and/or its subcontractors, whether produced by Notabene and/or its subcontractors’ internal or external auditors, or by agents appointed by Notabene and its subcontractors, in relation to this Agreement and/or the provision of the Subscription Services.
- 3.7. provided that the Parties shall bear their own costs and expenses incurred in respect of an inspection carried out, unless the inspection identifies a material default by Notabene in complying with its obligations under this Agreement, in which case Notabene shall reimburse Customer for all its reasonable costs incurred in the course of the inspection. Notabene acknowledges that Customer may submit to the MAS copies of its audit reports and/or other reports or information on Customer and/or Notabene that is related to the provision of the Subscription Services and as required by MAS.
- 3.8. To the extent that any information or documents required or requested to be provided under this Exhibit are in the possession of a third party (including but not limited to a subcontractor of Customer) or subject to a third party's consent for the disclosure (where such third party includes but is not limited to a subcontractor of Customer), Notabene shall reasonably endeavour to (i) procure the release of such information or documents or (ii) obtain the relevant consents in order to allow such information and documents to be provided to Customer. This Section 3.8 pertains to this Exhibit in its entirety.