Novation Agreement, dated August 19, 2021, among Broadridge Financial Solutions, Inc., IBM United Kingdom Limited and Kyndryl UK Limited

    This Novation Agreement (this “Novation Agreement”), dated August 19, 2021, is entered into by and among IBM United Kingdom Limited (“Transferor”), Kyndryl UK Limited (“Kyndryl” or “Transferee”), and Broadridge Financial Solutions Limited (“Customer”). Transferor, Transferee and Customer are collectively referred to herein as the "Parties" and individually as a “Party”. Any capitalized terms used but not defined herein shall have the meanings given to such terms in: (A) prior to the Transfer Date, the Old Service Agreement, and (B) on or after the Transfer Date, the New Agreement, in each case, as hereinafter defined.

WHEREAS, on October 8, 2020, Transferor announced its intention to separate the Infrastructure Services unit from its Global Technology Services division and move such Infrastructure Services unit into Transferee, which will ultimately become a new publicly traded company;

WHEREAS, as a preliminary step in this separation, in all jurisdictions where Transferor provides services to Customer under the Old Service Agreement, Kyndryl shall commence operations as a wholly owned Transferor affiliate as of September 1, 2021 (the “Transfer Date”);

WHEREAS, Transferee will then be spun out of Transferor and become a separate, publicly traded company (the “Spin”) on a date to be announced (the “Spin Date”);

WHEREAS, Transferor and Customer are parties to the Information Technology Services Agreement, made and entered into as of March 22, 2014 and amended and restated on December 02, 2019 together with all exhibits, attachments, and amendments thereto, and all statements of work made pursuant to it (the “ITSA”) also referred to hereafter as the “Old Service Agreement” pursuant to which Transferor provides certain information technology services to Customer;

WHEREAS, in connection with the Spin, Transferor intends to transfer by novation all of its rights, liabilities, duties and obligations under the Old Service Agreement to Transferee and Transferee intends to accept the transfer by novation of all such rights, liabilities, duties and obligations, as of the Transfer Date

WHEREAS, the Parties have agreed to make certain amendments to the ITSA as set out in the Attachments to this Novation Agreement.

NOW, THEREFORE, in consideration of the representations, warranties, promises and covenants contained herein, and other good and valuable consideration, the receipt, sufficiency and adequacy of which are hereby acknowledged, the Parties, intending to be legally bound, agree as follows:

1.Effective as of the Transfer Date: (a) Transferor hereby novates to Transferee all of its rights, title and interests and duties, liabilities and obligations in, to and under the Old Service Agreement, thereby replacing the Old Service Agreement with a new agreement that duplicates the Old Service Agreement (as hereby amended) in its entirety, except Transferee is a party in place of Transferor (collectively, the “New Agreement”); (b) Transferee hereby expressly accepts all such rights, title and interests and assumes and agrees to be bound by and to perform all such duties, liabilities and obligations under the New Agreement. All references in the New Agreement to “IBM United Kingdom Limited” (or “IBM”) (except for any new references to IBM added to the New Agreement pursuant to this Novation Agreement, or where IBM is referred to in its capacity as a Subcontractor to the Transferee) shall be deemed from and after the Transfer Date to be references to “Kyndryl UK Limited” (or “Kyndryl”). Customer’s contractual relationship under the New Agreement will, as of the Transfer Date, be between Customer and Transferee instead of Transferor. Customer may enforce the duties, liabilities and obligations of the Transferor in, to and under the Old Service Agreement and pursue any claims and demands under or in connection with the Old Service Agreement, against the Transferee, whether arising before, on or after the Transfer Date, as though the Transferee were the original party to the Old Service Agreement instead of the Transferor.

2.Notwithstanding anything to the contrary herein or in the New Agreement, as a material inducement for Customer to enter into this Novation Agreement, in consideration of which Transferor will receive substantial benefit, but only during the period from the Transfer Date to the Spin Date, Transferor hereby agrees that it shall be jointly and severally liable for the performance of all obligations, duties and liabilities of Transferee under the New Agreement.

3.Transferor and Transferee each represents and warrants that: (a) on or before the Transfer Date, Transferee shall: (i) commence operations as a wholly owned Transferor affiliate in all jurisdictions where Transferee provides services to Customer under the New Agreement, and (ii) the entire portion of Transferor’s business that provides any services to Customer under the Old Service Agreement shall be transferred to Transferee (excluding that part of the business for services which are still provided by the Transferor pursuant to Section 8 herein, which services the Transferor shall provide as a Subcontractor to the Transferee under the New Agreement); (b) as of the Transfer Date, Transferee shall be adequately capitalized to meet or exceed all duties, liabilities and obligations under all of Transferee’s respective contracts with Customer and third parties; (c) the security, controls, infrastructure, software, processes and personnel used by Transferee to provide the services to Customer under the New Agreement shall be the same or better than the security, controls, infrastructure, software, processes and personnel used by Transferor to provide the services to Customer under the Old Service Agreement; and (d) Transferee shall comply in a timely and thorough manner with the applicable requirements of Customer’s enterprise vendor management program.

4.Solely during the period from the Transfer Date to the Spin Date, Transferor and Transferee shall jointly and severally indemnify, defend and hold Customer harmless from and against any breach of Section 3 herein. From and after the Spin Date, Transferee shall indemnify, defend and hold Customer harmless from and against any breach of Section 3 herein.

5.Customer consents to the novation of the Old Service Agreement (as hereby amended) from Transferor to Transferee.

6.On the Transfer Date, Transferor hereby releases and forever discharges Customer from all of Customer’s duties, liabilities and obligations and from all claims and demands by the Transferor under or in connection with the Old Service Agreement and the New Agreement.

7.On the Spin Date, except for claims based on fraud, gross negligence or willful misconduct, Customer hereby releases and forever discharges Transferor from any breach of contract claims solely under the New Agreement. Notwithstanding the foregoing and for the avoidance of doubt, the release in this Section 7 only applies to breach of contract claims under the New Agreement, and applies neither to claims based on any other agreement, including, without limitation, the Novation Agreement, claims against Transferee in respect of the acts or omissions of IBM United Kingdom Limited acting as a Subcontractor under the New Agreement, nor to claims against Transferor for damages incurred by Customer based on any other legal theory.

8.Subject to Section 9 herein, Customer agrees that Transferee may engage Transferor as a subcontractor to perform only the following services listed and detailed in this Section 8, under the New Agreement from and after the Transfer Date, in each case, solely from the applicable Support Service Location(s): (a) Managed Firewall Service; (b) Managed NIDS; (c) SRD File Transfer Service (all as defined in the ITSA). For the avoidance of doubt, other than the foregoing services listed in this Section 8, Transferee must obtain Customer’s prior written consent pursuant to the New Agreement to subcontract any services performed under the New Agreement to Transferor.

9.Notwithstanding anything to the contrary in the New Agreement or herein, Transferor and Transferee hereby agree that the agreement between them governing Transferor’s provision of the services to Customer on behalf of Transferee shall: (a) contain provisions at least materially equivalent to those contained in the New Agreement that shall enable Transferee to comply with Transferee’s obligations under the New Agreement; and (b) in connection with any services under the New Agreement performed by Transferor and the locations where such services are performed: (i) require Transferor to comply with all information security and architecture, audit, inspection, data, data processing, data protection and other material provisions under the New Agreement (as if Transferor were Supplier under the New Agreement, and such locations were Service Locations owned or leased by Supplier under the New Agreement), and (ii) permit Customer to exercise directly against Transferor, all information security and architecture, audit, inspection, data, data processing, data protection and other material provisions under the New Agreement (as if Transferor were Supplier under the New

Agreement, and such locations were Service Locations owned or leased by Supplier under the New Agreement).

10.Attachments A, B C and D attached hereto and made a part hereof set forth amendments to the Old Service Agreement that together with the Old Service Agreement, constitute the New Agreement.

11.Promptly after the Transfer Date, Transferor and Transferee shall, at their sole cost and expense, cooperate with Customer, as requested by Customer in responding to Customer’s clients’ questions about the foregoing to such clients’ reasonable satisfaction.

12.Transferor will provide Customer with at least seven (7) days’ written notice prior to the Spin Date.

13.All liability arising under or relating to this Novation Agreement shall be determined and resolved in accordance with: (a) prior to the Transfer Date, the Old Service Agreement, and (b) on or after the Transfer Date, the New Agreement.

14.Any invoice received by Customer from Transferor for services rendered under the Old Service Agreement prior to the Transfer Date should be paid according to the terms of the invoice. Transferee shall provide Customer’s enterprise vendor management group with further written information to enable Customer to make other payments directly to Transferee.

15.Effective as of the Transfer Date and subject to Section 9 herein, Transferee shall be the processor of personal data under the New Agreement, including under any data processing agreements in the New Agreement and in respect of any business contact information Transferor collected in connection with providing services to Customer under the Old Service Agreement. In addition, subject to Section 9 herein, Transferee may engage as subprocessors, Transferee’s Affiliates pre-approved in writing by Customer and Transferor (solely with respect to the services set forth in Section 8 herein) under the New Agreement. Following the Spin Date, Transferee’s subprocessors that are located in non-adequate countries shall be considered Data Importers under the EU Standard Contractual Clause attached to the applicable data processing agreement.

16.Transferor, Transferee and Customer each represents and warrants and covenants to the other that: (a) it has full power and authority to enter into this Agreement and to consummate (or to consent to, in the case of Customer) the transactions contemplated hereby; (b) the execution and delivery of this Novation Agreement have been duly authorized by all necessary action on the part of such Party; and (c) this Novation Agreement constitutes a valid and binding agreement and obligation of each Party, enforceable against such Party in accordance with its terms.

17.This Novation Agreement, together with the Old Service Agreement and the New Agreement, are the complete agreement between the Parties and replace any prior oral and/or written communications between the Parties concerning this subject matter, and no Party has

relied or is relying upon any representation made by or on behalf of the other that is not specified in the foregoing agreements. This Novation Agreement shall be binding upon and inure to the benefit of each of the Parties and their respective successors and assigns.

    

18.This Novation Agreement shall apply the governing law and jurisdiction provisions from: (a) if prior to the Transfer Date, the Old Service Agreement, and (b) if on or after the Transfer Date, the New Agreement.

19.This Novation Agreement may be executed in one or more counterparts, each of which shall be deemed an original, and all of which together will constitute one and the same instrument, and signatures may be exchanged electronically and shall be deemed originals. Any copy of this Novation Agreement made by reliable means is considered an original.

    IN WITNESS WHEREOF, the Parties have executed this Novation Agreement as of the day and year first above written.

Effective as of the Transfer Date:

1.Section 29.11 (Notices) of the ITSA, is amended to update the notification information for the Supplier as follows:

For Supplier:

Kyndryl UK Limited

Attention:

with a copy to:

Kyndryl UK Limited

2.With effect from the Transfer Date:

b.there is no change to the Service Locations for the Managed Cloud Environment;

c.the IBM Support Service Locations will all move to Kyndryl UK Limited Affiliates; and

d.Articles 3 and 4 in Exhibit 9 (Service Locations and Support Service Locations) of the ITSA are hereby amended to read as set out in Attachment C to the Novation Agreement.

4.    With effect from the Transfer Date, the approved subcontractors as at that date will become direct subcontractors to Kyndryl UK Limited, as will IBM United Kingdom Limited as referred to in section 8 of the Novation Agreement and Articles 3 and 4 in Exhibit 16 (Approved Subcontractors) of the ITSA are hereby amended to read as set out in Attachment D.

5. Notwithstanding anything to the contrary in the ITSA: (a) the EBA Financial Services Addendum attached as Attachment B hereto and made a part hereof (the “EBA Addendum”) applies to the ITSA where Customer uses the Services to perform outsourcing that is subject to the regulatory oversight of the Regulator (as defined in the EBA Addendum) under Applicable Law (as defined in the EBA Addendum) as long as Customer or End-Client (as defined in the EBA Addendum) is a Regulated Entity (as defined in the EBA Addendum) and is subject to oversight by the Regulator in relation to any Services being consumed under the ITSA, as applicable; and (b) to the extent any obligations or rights set forth in the ITSA prior to the

Transfer Date conflicts with any requirement set forth in the EBA Addendum, then the more stringent obligations on Kyndryl and the broader rights available to the Client shall apply on and after the Transfer Date.

1.Definitions. The following definitions apply to this EBA Addendum:

“Applicable Law” means the applicable laws and regulations administered by the Regulator in connection with Regulated Entity’s use of the Kyndryl Services.

“BRRD” means Directive 2014/59/EU establishing a framework for the recovery and resolution of credit institutions and investment firms and any valid laws which give effect to its provisions under Applicable Law.

“EBA Guidelines” means EBA/GL/2019/02, “Guidelines on outsourcing”, published by the European Banking Authority on 25 February 2019, or any successor or update thereto (subject to such successor or update being in force).

“End-Clients” has the meaning given to it in Exhibit 1 (Definitions) of the ITSA.

“Notice” means any notice provided in accordance with the Agreement.

“Regulated Entity” means the Customer or the End-Clients if and so long as: (i) such entity is regulated by or subject to oversight by the Regulator; and (ii) such entity is either (A) an “institution” as defined in Article 4(1)(3) of Regulation (EU) No 575/2013, (B) a “payment institution” as defined in Article 4(4) of Directive (EU) 2015/2366 or “electronic money institution” as defined in Article 2(1) of Directive 2009/110/EC, in each case provided such entity subject to the EBA Guidelines, or (C) otherwise subject to the EBA Guidelines pursuant to Applicable Law.

“Regulator” means a government, regulatory body, or competent authority in the European Economic Area, with binding authority to regulate Regulated Entity’s financial services activities.

“Resolution Authority” has the meaning as set out in Article 2 of the BRRD.

“Special Resolution Event” means, with respect to a BRRD Institution, the occurrence of an insolvency, resolution, or other similar proceeding or event, including pursuant to recovery and resolution, special administration, special resolution regime or analogous applicable laws or regulations.

“Sub-outsourcing” means a situation where Kyndryl further transfers its obligations to provide the Services under the Agreement to another service provider.

All capitalized terms used but not defined in this Addendum have the same means ascribed to them in the Agreement (as hereby amended).

2.Information Security Program. The parties agree that Kyndryl has, pursuant to the ITSA, implemented and will maintain an information and security program which is designed to provide at least the same level of protection as evidenced by:

•the Kyndryl security controls verified by Kyndryl’s appropriately skilled and knowledgeable external auditors in its then-current System Organization Controls 1, Type 2 report (the "Report"); and

•its then-current certification under ISO 27001 (the “Certifications”)

or, in each case, such alternative industry standard reports or certifications that are its successor or reasonable alternative (provided that they are at least as protective as the standards set out above) as determined by the Parties (together, the "Kyndryl Information Security Program").

Kyndryl shall provide to Customer and End-Clients, at Customer’s request and no additional charge, copies of Kyndryl’s Report and Certifications. Customer may by Notice submit requests for the expansion of scope of Certifications and the Report, and the Parties shall agree on the scope of such expansion.

a.Kyndryl agrees to provide the Regulated Entity (which, as defined below, could be either Customer or the End-Clients), the Regulator and the Resolution Authority (each a “Requester”) with:

i.full access to its relevant business premises (e.g., head offices and operations centers), including the full range of relevant devices, systems, networks and data used for providing the services outsourced, including related financial information, personnel and Kyndryl’s external auditors; and

ii.unrestricted rights of inspection and auditing related to the Services used by Customer to enable the Requester to monitor the Services and to ensure compliance with all applicable regulatory and contractual requirements.

(3.a.i. and ii. are collectively the "Right of Access and Audit").

b.The Requester will exercise the Right of Access and Audit and Kyndryl will cooperate with the Requester in accordance with the following stipulations in the EBA Guidelines:

i.The Requester will exercise the Right of Access and Audit in a proportional manner, taking into account the complexity of the Services used by Customer, the risks arising from the Services used by Customer, the criticality or importance of the Services used by Customer, and the potential impact of the Services on the continuity of Customer's activities.

ii.The Requester shall adhere to relevant, commonly accepted, national and international audit standards.

iii.The Requester can appoint a third party to exercise the Right of Access and Audit. The Requester or such third party shall have the appropriate and relevant skills and knowledge to perform the audit effectively.

iv.If the Requester's exercise of the Right of Access and Audit could, in Kyndryl’s reasonable opinion, create a risk for another Kyndryl customer's environment (e.g., impact on service levels, availability of data, and confidentiality), Requester and Kyndryl shall agree on a way to address the request that provides Requester a similar level of assurance

which ensures that risks to another Kyrndryl customer’s environment are avoided or mitigated.

v.Where sufficient to comply with the Requester’s regulatory obligations, the Requester shall perform the audit by: (i) requesting Kyndryl to provide it with copies of Certifications and the Report; or (ii) if Kyndryl has implemented a process for pooled audits, through a pooled audit conducted in cooperation with other Kyndryl clients in accordance with such process.

c.Kyndryl acknowledges that nothing in this EBA Addendum will limit or restrict relevant Regulators' or Resolution Authorities' information gathering and investigatory powers under article 63(1)(a) of Directive 2014/59/EU and article 65(3) of Directive 2013/36/EU. Kyndryl's customer audit policies will not apply to the Right of Access and Audit described in this Section 3. If there is a conflict between this Section 3 and another Section of the Agreement, the terms of this Section 3 will control.

4.Performance Reporting. In addition to any reporting requirements in the Agreement, Kyndryl shall provide ongoing reporting in writing to Customer of developments that may have a material impact on Kyndryl’s ability to provide the Services.

5.Sub-outsourcing.

a.No Sub-outsourcing of any material portion of the Services is permitted under the Agreement without Customer’s prior written consent in each instance.

b.For any Sub-outsourcing, Kyndryl shall:

i.perform due diligence on the proposed sub-contractor;

ii.enter into a written agreement with such sub-contractor which requires such sub-contractor to comply with all Applicable Laws and relevant contractual obligations of Kyndryl under the ITSA (as hereby amended), as applicable; and

iii.oversee such sub-contractor in line with the terms of the ITSA (as hereby amended), as applicable.

6.Compliance with Laws and Protection of Data. Kyndryl will comply with all legal requirements regarding the protection of data that are applicable to it and binding on it in the performance of the Services, including, where applicable, requirements relating to protection of personal data, banking secrecy or similar confidentiality duties.

7.Data Retrieval. Without limiting any rights under the ITSA, in the event that Kyndryl: (a) is declared bankrupt or in liquidation (or equivalent), (b) is dissolved or wound up, or (c) discontinues its entire business operations of providing the Services (except as the result of any assignment permitted under the Agreement), Customer will have the immediate right to retrieve all data of Customer and End-Clients unless prohibited by law or the order of a governmental or regulatory body or insolvency practitioner (or equivalent).

a.This Section 6 applies to Regulated Entities that are subject to the requirements of the BRRD as implemented under Applicable Law (each a "BRRD Institution").

b.Kyndryl acknowledges that when a BRRD Institution is taken into resolution, the BRRD Institution will be subject to a range of powers exercisable by the designated Resolution Authority, including pursuant to Articles 68 and 71 of the BRRD. In the event that a BRRD Institution is taken into resolution in accordance with the BRRD, Kyndryl shall comply with all laws applicable to it in relation to that resolution and, if so requested in writing, will cooperate in good faith with the Resolution Authority (but without prejudice to any rights or remedies Kyndryl has under the Agreement) regarding any concerns in respect of the ongoing provision of the Services to Customer.

c.Kyndryl acknowledges that the occurrence of a Special Resolution Event does not, in and of itself, constitute a material breach giving rise to Kyndryl's termination for cause rights with respect to the Agreement, provided that the Customer continues to fulfill its substantive obligations under the Agreement (as such term is understood for the purposes of Article 68 of the BRRD), including payment obligations.

9.Confidentiality. Any information, responses and documentation provided by Kyndryl or by Customer in connection with this EBA Addendum (“Confidential Compliance Information”) will be treated as confidential information of the party owning it and will be provided to the recipient pursuant to confidentiality obligations reasonably acceptable to the party owning the Confidential Compliance Information (which, in case of the Regulator, means confidentiality obligations set out under applicable law) and will not be disclosed by the recipient, except that Confidential Compliance Information may be disclosed to (a) the Regulator, provided that the Customer obtains confidential treatment or similar protections, (b) the Customer, provided that all Confidential Compliance Information of Kyndryl will be treated as confidential information of Kyndryl under the Agreement and this EBA Addendum, and (c) the End-Clients which are Regulated Entities. Notwithstanding anything to the contrary in the Agreement, other Confidential Compliance Information of Kyndryl (excluding the Report, Certifications and any other information from, referring to or otherwise included in the Kyndryl Information Security Program) may be disclosed by Customer to End-Clients which are Regulated Entities.