Dated September 29, 2014 THE ROYAL BANK OF SCOTLAND GROUP PLC and CITIZENS FINANCIAL GROUP, INC. TRANSITIONAL SERVICES AGREEMENT TABLE OF CONTENTS

including, without limitation, all Personal Data provided in relation to the Services to a Provider, any member of the Provider’s Group, or any Third Party Supplier, by or on behalf of the Recipient or any member of the Recipient’s Group; or

generated by the Provider, any member of the Provider’s Group, or any Third Party Supplier in the course of providing the Services;

the services (or any element of the services) specified in the Service Schedules;

any Incidental Services provided pursuant to Section 2.2.1; and

any Omitted Services added to the Service Schedules pursuant to Section 2.2.2; and

by the Provider, to the extent necessary to allow the provision of the Services or performance of the Provider’s other obligations under this TSA by the Provider to or for the benefit of the Recipient or receipt of the Services by the Recipient; or

by the Recipient, to the extent necessary for the Recipient to receive the benefit of the Services provided by the Provider under this TSA;

Singular, Plural, Gender

References to Persons and Companies

a person shall include any company, partnership, trust, joint venture, firm, association, unincorporated association, organization, or any government, state or local body or authority (whether or not having separate legal personality); and

a company shall include any company, corporation or any body corporate, wherever incorporated.

Schedules, Sections, Appendices, Paragraphs

Headings

Includes, in writing

Agreed

Information

References to Law

that statute or provision as modified or amended from time to time, whether before or after the date of this TSA; and

any subordinate legislation or regulation made from time to time under that statute or statutory provision, including (where applicable) that statute or statutory provision as modified or amended.

Precedence

the Sections of this TSA;

the Schedules to this TSA; and

any other document referred to in this TSA.

Costs

Each Provider specified in a Service Schedule shall provide the Services to the relevant Recipient specified in that Service Schedule for the relevant Service Term in accordance with the terms of this TSA. CFG shall timely pay for all Services provided to a CFG Recipient (regardless of whether it is the Recipient, its Affiliate or any of their respective third party service providers who receive the Services) and RBSG shall timely pay for all Services provided to an RBSG Recipient (regardless of whether it is the Recipient, its Affiliate or any of their respective third party service providers who receive the Services), in each case in accordance with the terms of this TSA.

A Provider shall provide the Services only to the Recipient specified in the relevant Service Schedule. If a Recipient wishes to add or substitute an Affiliate as a Recipient, such addition or substitution must be agreed in accordance with the Change Control Procedure. The applicable Provider shall not unreasonably withhold or delay its consent to add such requested Affiliate as a Recipient.

If the Provider wishes to provide Services to the Recipient via any additional Affiliate or substitute an Affiliate as Provider, such addition or substitution must be agreed in accordance with the Change Control Procedure. The applicable Recipient shall not unreasonably withhold or delay its consent to add such requested Affiliate as a Provider.

Without prejudice to the Mandatory Change provisions set out in Section 10.2, a Provider shall not be in breach of this TSA to the extent that it is unable to provide any of the Services or perform any of its other obligations under this TSA, in each case to the extent that to do so would result in a breach of Regulation, so long as, if and to the extent commercially practicable, such Provider has promptly notified the applicable Recipient of such prohibition, has consulted with the applicable Recipient to explain why the Provider reasonably believes such prohibition applies, and has worked together with the Recipient in good faith to either arrange for modification of the relevant Service(s) at issue or a transition of such Service(s) to a Successor Provider. For the avoidance of doubt, the transition of any Service(s) to a Successor Provider pursuant to this Section 2.1.4 terminates the applicable Service(s) and related Service Schedule(s) under this TSA and does not create a Third Party Agreement for which the Provider is responsible for the remainder of the Service Term(s) with respect to the affected Service(s).

Subject to the requirements set forth below, a Provider may subcontract the provision of any or all of the Services or any of the Provider’s other obligations under this TSA. Except in relation to an Existing Third Party Agreement:

in selecting the subcontractor in question, the Provider shall have followed its applicable Policies on vendor procurement and approval;

the Provider will notify the Recipient in advance of entering into any subcontract at a meeting of the TSA Committee;

the Provider shall ensure any Third Party Consent that is required for the Recipient to receive the Services (and to sublicense to the extent necessary to receive the full benefit of the Services) is obtained and maintained for the duration of the applicable Service Term;

the Provider shall not be entitled to increase the Charges to reflect any increase in the costs incurred by the Provider under that subcontract, compared to the costs previously incurred by the Provider, other than to the extent it would have been permitted to do so, had it not entered into the subcontract; and

the Provider shall furnish the Recipient with information about the subcontractor in question which is reasonable for diligence purposes, and the Recipient approves of the use of the subcontractor via the Change Control Procedure, with such approval not to be unreasonably withheld or delayed.

Each Party shall be primarily liable under this TSA for any default in the performance of obligations under this TSA by any Provider in such Party’s Group, as well as any such default by any subcontractor of such Provider.

In the event that the Provider is to participate in any credit or other business decision with respect to the Recipient's customers or potential customers under a Service Schedule, then prior to commencing any Services under such Service Schedule, the Provider shall distribute to each of its personnel who may have such interaction or make such a decision the following Fairness Statement:

In the event that the Provider interacts directly with the Recipient’s customers or potential customers in the course of providing Services hereunder, then the Provider agrees that, subject to the Change Control Procedure with respect to any changes in Regulation subsequent to the date hereof:

the Services will be performed in accordance with any and all laws relating to the handling of customer complaints that are applicable to the Services (“CC Laws”),

the Provider shall not take, or omit to take, any act that could reasonably be expected to lead to the Recipient being in breach of any CC Law, and

it shall have in place and comply with its own complaints handling policy (the “Service Provider CHP”) to ensure that the Provider complies with all CC Laws.

From the Service Commencement Date:

each Provider shall provide, with no change to the Charges, in addition to the Services, any other services, functions and responsibilities which are reasonably necessary for or incidental to, or which otherwise constitute an integral part of, the provision of the Services provided by such Provider, provided that no such service, function or responsibility that was not provided during the six months (or, if applicable, such shorter period) prior to the Service Commencement Date shall be required to be provided pursuant to this provision; and

each Recipient shall provide, with no change to the Charges, in addition to the applicable Recipient Dependencies set out in the Service Schedules, any information, cooperation and assistance and undertake any other responsibilities which are reasonably necessary for or incidental to, or which otherwise constitute an integral part of, the performance of the Recipient Dependencies or the receipt of the Services set out in the Service Schedules, provided that no such information, cooperation and assistance or any other responsibility that was not provided during the six months (or, if applicable, such shorter period) prior to the Service Commencement Date shall be required to be provided pursuant to this provision,

Without limiting Section 2.2.1, if, during the six months immediately following the Service Commencement Date, either Party identifies any Service or any element of a Service (including any Recipient Dependency) that:

was provided by or on behalf of a Provider to a Recipient or any of its Affiliates (or, in the case of a Recipient Dependency, was a dependency in respect of such

is not included in the Services set out in the Service Schedules or is not appropriately documented within the relevant Service Schedule; and

is not an Excluded Service

If at any time more than six months after the Service Commencement Date an Omitted Service is identified, such Omitted Service may be added to the relevant Service Schedule only via the Change Control Procedure.

Each Provider shall provide each of the Services:

in the same manner and with the same skill and care as they were provided to the applicable Recipient during the six-month period (or, if applicable, such shorter period) prior to the Service Commencement Date;

if so specified for a Service, in accordance with any specified Service Level within a Service Schedule for the relevant Service; and

if no Service Level is specified within a Service Schedule for the relevant Service, with the same priority and with the same level of service as they were provided to the applicable Recipient during the six-month period (or, if applicable, such shorter period) prior to the Service Commencement Date.

Subject to the Change Control Procedure with respect to any change in Regulation coming into effect after the date hereof, the Provider shall provide and procure the provision of the Services in compliance with the Regulation applicable to the Provider.

Subject to the Change Control Procedure with respect to any change in Regulation coming into effect after the date hereof, the Provider shall provide and procure the provision of the Services in accordance with the Policies applicable to the Provider.

Without prejudice to Section 2.3.3, each Party shall ensure that, as part of the meetings of the TSA Committee, it notifies the other Party of any changes it has made to the Policies (and, to the extent reasonably practicable, of any proposed changes to the Policies). Notwithstanding the foregoing, if and to the extent that any proposed change to the Policies would materially increase the risk or reduce the operational controls available to the Provider or the Recipient in connection with the provision or receipt of the Services or materially increase the cost or reduce the benefit to the Recipient in receiving the Services or the Provider in providing the Services (an “Adverse Policy Change”), the relevant Party shall undertake an impact assessment in advance of the change being implemented and involve the other Party in that impact assessment. In respect of any Adverse Policy Change the Parties shall, acting reasonably and in good faith, develop, agree and implement a remedial plan with the objective of mitigating any material increase in risk or reduction in operational controls available to the Provider or the Recipient in connection with the provision or receipt of the Services or material increase in the cost or reduction in the benefit to the Recipient or Provider in receiving or providing the Services. Any obligations set out in the Service Schedules which require compliance with policies shall be construed as referring to the Policies.

If and to the extent a Provider is aware of any material failure, or any circumstances that, in the Provider’s reasonable opinion, would be reasonably likely to result in a material failure, to provide any material part of the Services in accordance with Section 2.3.1, 2.3.2 or 2.3.3, then, without prejudice to the Recipient’s other rights and remedies, the Provider shall as soon as reasonably practicable:

inform the Recipient (and the TSA Committee) of such failure or potential failure (and, if known, what the Provider considers to be the cause of the problem);

advise the Recipient of the remedial efforts being undertaken with respect to that failure or to prevent that potential failure; and

subject to any duty of confidentiality owed by the Provider, provide the Recipient with further information in relation to the failure or potential failure if and to the extent that information has been produced by, or is otherwise in the possession or control of, the Provider or any of its Affiliates for its own purposes and the Recipient reasonably requires that information at the time in order to manage communications with its customers, employees, investors, suppliers and any Competent Authority.

Each Service Schedule shall specify any “Recipient Dependencies” for the relevant Service, which are, above and beyond a Recipient’s general obligations under Section

If and to the extent a Recipient is aware of any material failure, or any circumstances that, in the Recipient’s reasonable opinion, would be reasonably likely to result in a material failure, to perform any material part of the Recipient Dependencies that are set out in a Service Schedule in accordance with this TSA, then, without prejudice to the applicable Provider’s other rights and remedies, the Recipient shall, as soon as reasonably practicable:

inform the Provider of such failure or potential failure and, if known, what the Recipient considers to be the cause of the problem; and

undertake appropriate remedial efforts and promptly advise the Provider of the remedial efforts being undertaken with respect to that failure or to prevent that potential failure.

Without prejudice to any right or remedy of a Provider under this TSA in respect of any other obligations of the Recipient (including in relation to any Recipient Dependency or any Incidental Service performed by a Recipient which is not set out in a Service Schedule), if and to the extent the Recipient fails to perform a Recipient Dependency that is set out in a Service Schedule, Section 2.4.4 sets out the Provider’s sole and exclusive remedy in respect of the failure by the Recipient to meet that Recipient Dependency other than with respect to:

any such failure which causes unauthorized or unlawful access by a third party to the Provider’s computing systems or loss or corruption of the Provider’s data; or

any obligation of the Recipient to pay any amount (including any Charges) to the Provider under this TSA.

Each Party recognizes that each Provider is reliant and dependent on the performance of the Recipient Dependencies in order to provide the Services and to perform its other obligations under this TSA. A Provider shall not be in breach of this TSA to the extent that its failure to provide the Services or perform its other obligations under this TSA is a result of a breach by the Recipient of a Recipient Dependency (provided that such relief shall not prejudice any rights or remedies of the Recipient in respect of any prior breach by the Provider, to the extent that such prior breach caused the Recipient’s breach of the relevant Recipient Dependency and was not itself caused by a breach by the Recipient of a Recipient Dependency). Any disputes relating to the Provider’s relief from a breach by the Recipient of a Recipient Dependency shall be resolved in accordance with Section 11. Nothing in this Section 2.4.4 shall exclude or limit the liability of the Provider in relation to any failure to provide the Services or perform its other obligations

A Recipient shall not be in breach of this TSA to the extent that its failure to perform a Recipient Dependency is a result of a breach by the applicable Provider of an obligation of the Provider (provided that such relief shall not prejudice any rights or remedies of the Provider in respect of any prior breach by the Recipient, to the extent that such prior breach caused the Provider’s breach of the relevant obligation and was not itself caused by a breach of the Provider’s obligations under this TSA). Nothing in this Section 2.4.5 shall exclude or limit the liability of the Recipient in relation to any failure to perform a Recipient Dependency to the extent that such failure is not the result of a breach by the Provider of its obligations under this TSA.

From the Service Commencement Date and thereafter until the Scheduled End Date, each Provider shall, with respect to each Service for which the Service Schedule requires a certain Service Level:

record the actual service level achieved for such Service in each calendar month against the relevant Service Level; and

on a quarterly basis (or such alternate frequency if so specified in the relevant Service Schedule) report its performance in respect of the applicable Service Level.

At the TSA Committee, the Parties will review each Provider’s performance against the Service Levels for the previous reporting period. In the event that a Provider has failed to meet any Service Level, that Provider shall present an appropriate action plan detailing steps to remedy the situation.

If, during a Service Term:

a Third Party Agreement is terminated by a Provider (or any member of its Group) or by the Third Party Supplier (for any reason other than Force Majeure (for which Section 14.2 shall apply) or for insolvency of the Third Party Supplier (for which Section 3.1.7 shall apply));

a Third Party Agreement expires or is terminated other than as provided in Section 3.1.1(i); or

a Third Party Agreement otherwise ceases to be available to a Provider for the provisions of Services to a Recipient (for example, by virtue of application of a change of control or similar provision),

Each Provider shall, acting reasonably and in good faith, involve the applicable Recipient to the extent within its reasonable control in any negotiations with any Third Party Supplier in relation to any material change to, or extension, renewal or replacement of, a Third Party Agreement and migration to an alternative Third Party Supplier if and to the extent such change, extension, renewal or replacement would be reasonably likely to materially impact the relevant Service or the Charges for such Service provided under a relevant Service Schedule and this TSA, in each case in respect of the period from the date hereof until the end of the Service Term (and in such event shall to the extent within its reasonable control permit the Recipient to negotiate with the relevant Third Party Supplier in respect of any increase in the Provider’s costs of implementing such change, extension, renewal, replacement or migration unless the Provider agrees to bear such increased costs and not change the Charges for the Service).

The Recipient shall not unreasonably withhold or delay its approval of the costs referred to in Section 3.1.2. Any disputes as to the Recipient’s payment of such costs shall be resolved by the TSA Committee.

Each Party shall use commercially reasonable efforts to mitigate to the extent within its reasonable control any costs required to be incurred in respect of the negotiation and implementation of any change to, or extension, renewal or replacement of, a Third Party Agreement and migration to an alternative Third Party Supplier.

Each Provider shall ensure that, to the extent reasonably practicable, as part of the meetings of the TSA Committee, it gives the Recipient reasonable advance notice of any Third Party Agreements which are expected to be breached or due to expire, terminate or be renewed.

Notwithstanding the provisions of Section 3.1.1, prior to any termination or expiry or renewal of a Third Party Agreement, the Parties shall consult with each other to determine whether, upon termination or expiry of the relevant Third Party Agreement, the applicable Recipient wishes to establish independent arrangements for the Service to which such Third Party Agreement relates. The applicable Provider shall, to the extent reasonably practicable, give the Recipient reasonable advance notice of that termination, expiry or renewal. If the Recipient elects to terminate the affected Service and migrate to a

In the event of the insolvency of a Third Party Supplier required for the provision or receipt of a Service or the performance of any obligation of the Provider or the applicable Recipient for such Service, the Provider may discontinue (which, for the avoidance of doubt, shall include electing not to replace) such Service without the discontinuance being a breach or causing any liability of the Provider to the relevant Recipient.

For the avoidance of doubt, the provisions of Section 3.1.1 through Section 3.1.7, inclusive, shall not affect the rights of a Provider to terminate a Service, or for a Service to terminate, pursuant to Section 6 hereof.

Except as provided in Section 3.1, in the event that a Third Party Supplier increases or decreases its fees in relation to a Service during a Service Term:

the affected Provider shall promptly notify the TSA Committee of the change in fees, with such notice to include supporting documentation as might reasonably be expected to explain the change in fees to the affected Recipient; and

the Charges for the relevant Service shall be adjusted accordingly.

In the event that a Third Party Supplier increases or decreases its fees (including but not limited to a change in fees owing to a material change in volume or usage by the Recipient) in relation to a Service (or portion of a Service) for which, pursuant to the applicable Service Schedule, the Third Party Supplier directly invoices the Recipient, the applicable Recipient shall promptly inform the TSA Committee of such change in fees.

So far as it relates to the provision of a Service or the performance of a Provider’s other obligations under this TSA, the Provider shall manage exclusively its relationship with Third Party Suppliers and the applicable Recipient shall not discuss with any Third Party Supplier the provision of the Services or the performance of the Provider’s other obligations under this TSA, except:

to the extent required to do so by a court, competent judicial authority and/or a Competent Authority;

as agreed by the TSA Committee;

as may be necessary to pay invoices for a Service for which, pursuant to the applicable Service Schedule, a Third Party Supplier directly invoices the Recipient or to make a query about such an invoice;

as may otherwise be expressly permitted by a Service Schedule or otherwise by this TSA (including the Migration Principles); or

if in the Provider’s opinion and only to the extent reasonably necessary in order for the Recipient to be able to receive the Services under the applicable Service Schedule,

If a Provider breaches this TSA as a result of the acts or omissions of a Third Party Supplier, the Provider’s liability is subject to the Section 8.2 limitations and caps on liability.

Notwithstanding the limitations in Section 3.4.1, any amounts recovered by a Provider from a Third Party Supplier which are in relation to Losses incurred as a result of the acts or omissions of the Third Party Supplier shall be divided among the Provider and Recipient in proportion to their Losses, provided, however, that any amounts paid over to the Recipient shall not exceed the amount of the Recipient’s Losses. For the avoidance of any doubt:

any amounts paid over to a Recipient pursuant to this Section 3.4.2 are independent of and not to be part of any limitations or caps on the liability of the Parties as set forth in Section 8.2; and

if a Provider’s commercially reasonable efforts to recover such amounts from a Third Party Supplier are unsuccessful, such a failure to recover any amounts is not a breach and is not a liability of the Provider.

Without prejudice to the Parties’ rights and obligations in relation to mitigation of losses at law or in equity, each Provider and Recipient shall use commercially reasonable efforts to mitigate the quantum of Losses and/or any other adverse consequences incurred or suffered by the Recipient and members of the Recipient’s Group as a result of the breach of a Third Party Agreement by a Third Party Supplier (to the extent a Party is aware of such breach).

In relation to a Service for which, pursuant to the applicable Service Schedule, the Provider issues an invoice, each Party shall pay on behalf of the Recipients in its Group to the applicable Provider the Charges as set forth in the relevant Service Schedule in respect of the provision of the relevant Services and the performance of other obligations

In relation to a Service (or portion of a Service) for which, pursuant to the applicable Service Schedule, a Third Party Supplier directly invoices the Recipient, each Party shall ensure that the Recipients in its Group make timely payments directly to the applicable Third Party Supplier.

Without prejudice to the rights and remedies of either Party, if a Recipient is unable to undertake an activity on the date allocated to it in the Migration Plan owing to the material fault of the other Party and as a consequence the date of completion of Migration of a Service is after the Scheduled End Date then:

the Parties shall submit the matter to the TSA Committee and, acting reasonably and in good faith, work together to reschedule such activity in a manner that minimizes any delay to completion of Migration and agree to an adjustment of Charges as is appropriate to reflect the extent and materiality of the fault;

the Recipient shall continue to pay Charges (subject to any adjustments made pursuant to Section 4.1.3(i)) until the Revised Migration Date; and

the Scheduled End Date in the relevant Service Schedule shall be construed as a reference to the Revised Migration Date.

Unless otherwise expressly stated in or contemplated by this TSA, the Charges are the only amounts payable by the Recipient in respect of the Services.

The Charges for any Service shall be invoiced by RBSG or CFG as the Provider of that Service in accordance with this Section 4.2 and each invoice shall be substantially in the form of the template attached in Schedule 2 applicable to the relevant Provider. Invoices shall be sent to the address for invoices specified in the Service Schedule to which the relevant invoice relates.

The Charges with respect to any month shall be invoiced by the Provider:

if CFG or an Affiliate of CFG is the Provider, within 30 days following the end of the month after which the relevant Services are provided or obligations are performed, or in respect of which the Charges are otherwise due or the relevant costs incurred by the Provider. To the extent applicable, a true-up of Charges for a Service shall be invoiced as indicated in the Service Schedule to which the true-up relates;

if an Affiliate of RBSG within the United States is the Provider, within 30 days following the end of the month after which the relevant Services are provided or obligations are performed, or in respect of which the Charges are otherwise due

if RBSG or an Affiliate of RBSG outside the United States is the Provider, within 30 days following the end of the quarter after which the relevant Services are provided or obligations are performed, or in respect of which the Charges are otherwise due or the relevant costs incurred by the Provider. To the extent applicable, a true-up of Charges for a Service shall be invoiced on an annual basis in the month of February.

If any part of the Charges is subject to a bona fide dispute, then that part of the Charges subject to dispute shall be referred to the TSA Committee and any part of the Charges that is not subject to dispute is to be paid pursuant to this Section 4.

Any amount due under this TSA for which a time for payment is not otherwise specified shall be due and payable within 30 days of the receipt of a valid invoice for such amount.

Payments due in respect of a Service pursuant to this TSA shall be made to the account specified in the relevant Service Schedule or such other account as the Provider may notify the Recipient from time to time.

Each Party represents and warrants to the other that as at the date hereof:

it is duly constituted, organized and validly existing under the laws of the jurisdiction of its incorporation;

it has the legal right and full power and authority to execute and deliver, and it and its Affiliates, as applicable, have the legal right and full power and authority to exercise its and their rights and perform its and their obligations under, this TSA, the Service Schedules and any documents which are to be executed by it or any of them pursuant to this TSA;

its and its Affiliates’ contemplated provision or receipt, as applicable, of Services in the Service Schedules does not conflict with any other contract to which it is a Party;

this TSA and the contemplated provision of the Services by it or any Affiliate pursuant to the Service Schedules is compliant in all material respects with all Regulation applicable to it and them, including, for the avoidance of any doubt and to the extent applicable, Regulation W of the Board of Governors of the Federal Reserve System;

this TSA and the contemplated receipt of the Services by it or any Affiliate pursuant to the Service Schedules is compliant in all material respects with all Regulation applicable to it and them, including, for the avoidance of any doubt and to the extent applicable, Regulation W of the Board of Governors of the Federal Reserve System;

it is satisfied that all Charges for the Services provided hereunder were negotiated and determined on an arm’s-length basis;

its and its Affiliates’ contemplated provision or receipt, as applicable, of Services in the Service Schedules is compliant in all material respects with the Policies applicable to it and them;

the manner, priority and level of service (including any applicable Service Levels), skill and care as provided by each Provider of services to it or its Affiliates in respect of the Existing Services during the six-month period (or, if applicable, such shorter period) prior to the date hereof is adequate and sufficient for its needs;

its provision or receipt, as applicable of Existing Services by it and its Affiliates during the six-month period (or, if applicable, such shorter period) prior to the date hereof was compliant with all Regulation applicable to it and them;

its and its Affiliates’ possession, storage, processing or access to the other Party’s and its Affiliates’ Personal Data during the six-month period (or, if applicable, such shorter period) prior to the date hereof was compliant in all material respects with the applicable Fraud Prevention Policy;

its and its Affiliates’ possession, storage, processing or access to the other Party’s and its Affiliates’ Confidential Information during the six-month period (or, if applicable, such shorter period) prior to the date hereof was compliant in all material respects with the applicable Fraud Prevention Policy;

its and its Affiliates’ provision or receipt, as applicable, of Existing Services during the six-month period (or, if applicable, such shorter period) prior to the date hereof was compliant in all material respects with the Policies applicable to it and them; and

its and its Affiliates’ provision or receipt, as applicable, of Existing Services during the six-month period (or, if applicable, such shorter period) prior to the date hereof complied with the requirements, including any specified Service Level, for the corresponding Services as set forth in the Service Schedules hereto.

Each Party shall and shall cause its Affiliates to:

subject to the Change Control Procedure with respect to any change in Regulation after the Service Commencement Date, comply with Regulation in connection with the performance of its obligations under this TSA including (in the case of a Provider) its provision of the Services and (in the case of a Recipient) its receipt of the Services;

perform its obligations under this TSA, including (in the case of a Provider) its provision of the Services and (in the case of a Recipient) its receipt of the Services;

provide on a timely basis such information and data as the other Party may reasonably require for the purposes of the provision of the Services; and

participate in discussions regarding the provision or receipt of the Services (as applicable) to the extent reasonably required by the other Party in order to enable the Services to be properly provided or received.

Without prejudice to the Mandatory Change provisions set out in Section 10.2, each Party shall promptly notify the other upon becoming aware of any proposed changes to a Regulation or new Regulation which will or are likely to impact the provision or receipt of the Services.

If a Party or any of its Affiliates or, to its knowledge, any Third Party Supplier is subject to any investigation by any Competent Authority and such investigation is relevant to the performance of the obligations under this TSA, then, to the extent permitted by Regulation and the Competent Authority, the Party shall as soon as reasonably practicable notify the other Party of such investigation (such notice to contain reasonable detail relating to the reason for the investigation and why it is relevant to the provision or receipt of the

If the Recipient wishes to continue to receive a Service after the expiry of the relevant Service Term (or any period previously specified by the Recipient in accordance with this Section) owing to the material fault of the Provider pursuant to Section 4.1.3, it must give, together with an explanation as to why such extension is attributable to the material fault of the Provider, notice to specify the period for which the Recipient wishes to continue to receive the Service; provided, however, that such extension period shall not extend beyond December 31, 2016.

Promptly upon receipt of such notice, the relevant Provider shall indicate if it:

agrees, in which case the Service Term shall be extended until the Revised Migration Date; or

disagrees, as to either the degree of fault attributed to it or the period for which the relevant Service should be extended, in which case such dispute shall be resolved pursuant to Section 11.

Notwithstanding any other provision of this TSA, the Recipient may terminate any of the Services, or any separable part of the Services, by providing the Provider with mailed notice of such termination, such notice to be:

at least the period of notice specified in the relevant Service Schedule for the termination of that Service; or

if no such notice period is specified, at least three months’ notice.

The Recipient is not responsible or liable for any Provider costs incurred as a result of an early termination notice made in compliance herewith; provided, however, that a Recipient shall reimburse the Provider for any costs incurred by the Provider as a result of a Service being terminated early by the Recipient where such Service is provided pursuant to a Third Party Agreement which was renewed, extended or replaced after the Service Commencement Date.

If a Service Schedule expressly permits the Provider to terminate the relevant Service upon notice, then, notwithstanding any other provisions of this TSA, such Provider may terminate the relevant Service pursuant to the applicable termination procedures, and such Provider is not responsible or liable for any Recipient costs incurred as a result of an early termination in compliance herewith.

Each Party shall have a right to terminate this TSA if directed in writing by a Competent Authority. A Party may exercise such right upon 90 days’ prior notice, or such shorter timeframe as required by a Competent Authority or to comply with Regulation.

In the event of a termination of this TSA pursuant to this Section 6.6, the Parties acknowledge and agree that Migration of the Services may not be fully implemented as of such termination and, to the extent required by a Competent Authority, neither Party will have any obligation to assist in the Migration of the Services after such termination.

Subject to Section 6.7.2, each Party (the “Non-Defaulting Party”) may terminate a Service immediately by notice to the other Party (the “Defaulting Party”) if the Defaulting Party or any Affiliate commits a material breach of its obligations with respect to that Service under this TSA and the applicable Service Schedule and (where the breach is capable of being remedied) that breach has not been remedied within 30 days after receipt of a written request to do so from the Non-Defaulting Party.

In the event that a Party elects to terminate a Service pursuant to Section 6.7.1, the TSA shall be deemed to continue in full force and effect in accordance with its terms, except with respect to such terminated Service.

Unless otherwise specified, any breach in respect of any individual Service Schedule shall not constitute a breach of this TSA or a breach of any other Service Schedule, and unless otherwise agreed in writing, the Parties will continue to provide Services and honor all other commitments under this TSA during the course of dispute resolution

Except if and to the extent otherwise agreed in the relevant Service Schedule or Migration Plan, and subject always to Regulation, in the event of the termination or expiry of a Service pursuant to this TSA:

to the extent that:

any Recipient Data is in the possession or reasonable control of the Provider or its Affiliates, the Provider shall provide to the Recipient such Recipient Data in its then-current format; and

any Provider Data is in the possession or reasonable control of the Recipient or its Affiliates, the Recipient shall provide to the Provider such Provider Data in its then-current format;

once the Provider has provided the Recipient Data in accordance with Section 6.9.1(i)(a), the Provider will (to the extent reasonably practicable) delete or destroy its copy or copies of such data, unless required to maintain a copy by Regulation or the requirements of any Competent Authority or to the extent such Recipient Data also relates to the Provider’s Group’s business; and

once the Recipient has provided the Provider Data in accordance with Section 6.9.1(i)(b) the Recipient will (to the extent reasonably practicable) delete or destroy its copy or copies of such data, unless required to maintain a copy by Regulation or the requirements of any Competent Authority or to the extent such Provider Data also relates to the Recipient’s Group’s business.

Each Party will bear its own costs in complying with its obligations under this Section 6.9.

Any Recipient Data retained by Provider and any Provider Data retained by Recipient pursuant to Section 6.9.1 shall be subject to the Data Protection requirements set forth in Section 13 and the Confidentiality requirements set forth in Section 13 for as long as such data is retained.

The Parties shall act reasonably and in good faith in accordance with the Migration Principles as set forth in Schedule 3 and perform their respective obligations in relation to Migration (including those obligations agreed as part of a Migration Plan).

Failure to timely complete Migration of a Service is not a breach of this TSA.

for or in respect of any loss of profit, loss of revenue, loss of goodwill or indirect or consequential losses, punitive, special or consequential damages; or

for the value of any lost or corrupted data; or

for the costs of reconstituting, restoring or rectifying lost or corrupted data (in each case, other than to the extent arising from a breach of Section 19.1),

Except in the case of death or personal injury, willful misconduct, fraud or fraudulent misrepresentation, criminal liability, intentional tort, intentional breach of a Service Schedule or of this TSA, or Charges that have been paid or come due in connection with the Services, each of the RBSG Group’s and the CFG Group’s aggregate liability to members of the other Group in respect of any individual Service shall be limited to an amount equal to 12 times the Monthly Charge for such Service, where “Monthly Charge”

Except in the case of death or personal injury, willful misconduct, fraud or fraudulent misrepresentation, criminal liability, intentional tort, intentional breach of a Service Schedule or of this TSA, or Charges that have been paid or come due in connection with the Services, each such Group’s aggregate liability to the members of the other Group in connection with this TSA in respect of any given calendar year shall be limited to the amounts set forth below:

The limits on, and exclusions of, liability set out in this Section 8 shall not apply in respect of:

any liability for death or personal injury;

any liability for willful misconduct;

any liability for fraud or fraudulent misrepresentation;

any criminal liability;

any liability for intentional tort;

intentional breach of a Service Schedule or of this TSA;

any other liability that cannot be lawfully excluded; and

the obligation of any Party to pay Charges with respect to Services that have been provided.

Subject to the exclusions from liability in Section 8.1, RBSG and CFG agree to indemnify and hold harmless each other and each of their respective (and their respective Affiliates’) Affiliates, and each of their and their respective Affiliates’ directors, officers, employees and agents, and each of the heirs, executors, successors and assigns of any of the foregoing (collectively, the “Indemnitees”), from and against any and all Losses of the Indemnitees relating to, arising out of or resulting from any of the following by such indemnifying Party or by any person in such indemnifying Party’s Group:

breach of its obligations under this TSA;

breach of its representations and warranties under this TSA;

violations of Regulation in connection with this TSA; or

infringement, misappropriation or violation of Intellectual Property Rights of a third party in connection with the provision or receipt of Services under this TSA;

the aggregate liability pursuant to this Section 8.3 shall not exceed the cap on damages in Section 8.2 (subject to the exclusions from the cap set forth therein); and

a Provider shall have no liability under this Section 8.3 with respect to any infringement, misappropriation or violation of Intellectual Property Rights of a third party to the extent that such claim is based upon or related to:

Services that have been modified by the Recipient;

use of the Services in conjunction or combination with any software, data or other materials not provided by the Provider of the Services; or

use of the Services in a manner or for any purpose other than as directed by the Provider or as expressly permitted by this TSA.

The Parties will establish a TSA Management and Change Control Committee (the “TSA Committee”) to monitor overall performance and trends in performance of all Services

Subject to Sections 10.2 to 10.4 (inclusive), in the event that a Party wishes to make any Change it shall be managed by way of the “Change Control Procedure” as set forth in this Section 10.1.1.

At each meeting of the TSA Committee (or, with respect to any proposed action of the TSA Committee in the absence of a meeting, by notice to each TSA Committee member) each Party shall, acting reasonably and in good faith, provide the other with an indicative forecast of any Changes it proposes making to the Services.

Upon realization of the need for a Change, either Party shall provide prompt notice to the other Party of a Change request (“Change Control Request”) in writing, specifying in as much detail as is reasonably practicable the nature of the proposed Change. Within four weeks of receipt of a Change Control Request, the Party that received such notice shall provide a response indicating whether it can make the proposed Change, its estimated costs of making the proposed Change and an estimated schedule for implementing the proposed Change.

The timing of implementation of any Change will be determined by the TSA Committee.

Where a Change Control Request is in respect of a Mandatory Change, the Parties shall, as soon as reasonably practicable thereafter, meet to discuss and agree the terms on which, and the time frame in which, each Party shall implement that Mandatory Change (which shall be within the time frame required to comply with the relevant Regulation, except where it would not be reasonable for each Party to implement such Mandatory Change within such time frame, in which case each Party shall implement such Mandatory Change as soon as reasonably practicable thereafter). The Parties shall work together in good faith to mitigate the consequences of any delay in implementing the Mandatory Change beyond the date required to comply with the Regulation.

To the extent that a Mandatory Change requested by a Party increases the cost to the other Party of providing or receiving the Services (including, for the avoidance of doubt, the costs and appropriate margin of implementing the Mandatory Change and incremental running costs and appropriate margin incurred by the other Party arising as a result of that Mandatory Change), then the increased cost and margin to the other Party will be added to the Charges paid by the Party for the relevant Service.

Where a Change Control Request submitted by a Party is in respect of a Discretionary Change, the Parties shall, as soon as reasonably practicable thereafter, meet to discuss the terms of the Discretionary Change.

To the extent that a Discretionary Change requested by a Party increases the cost to the other Party or any of its Affiliates in providing or receiving the relevant Service (including, for the avoidance of doubt, the costs and appropriate margin of implementing the Discretionary Change and incremental running costs and appropriate margin arising as a result of that Discretionary Change), then:

if the Party that requested the Discretionary Change or any Affiliate is the Recipient of the applicable Service, the increased cost and margin to the Provider of the Service will be added to the Charges paid by the Party for the relevant Service; or

if the Party that requested the Discretionary Change or any Affiliate is the Provider of the applicable Service, the increased cost to the Recipient of the Service will be deducted from the Charges paid by the Recipient for the relevant Service.

For the avoidance of doubt, the Party being requested to implement a Discretionary Change may refuse to implement any Discretionary Change.

If a Change is required to respond to an Emergency, the affected Party shall use commercially reasonable efforts to notify the other Party and obtain the other Party’s prior consent for the Change but if the notifying Party is the Provider and the Provider is not able to notify the Recipient and obtain consent, the Provider shall be entitled, without limiting any rights and remedies of the Recipient in respect of any breach of this TSA (as if such Change had not been made), to nevertheless make the minimum necessary temporary Change as necessary to respond to the Emergency in accordance with the terms of any applicable disaster recovery plans. As soon as practicable following the implementation of any temporary Change, the Provider shall notify the Recipient of the temporary Change and the nature of the Emergency and shall then retroactively comply with the terms of the Change Control Procedure.

“Emergency” means a Change that is required to ensure (i) continued provision of, or the continued operation and integrity of, the Services; or (ii) the continued operation and integrity of the Provider Systems, in each case the implementation of which cannot wait (including for reasons of stability and performance) for authorization through the Change Control Procedure.

The Parties shall in the first instance attempt to resolve any dispute in relation to any aspect of, or failure to agree any matter arising in relation to, this TSA or any document agreed or contemplated as being agreed pursuant to this TSA (a “Dispute”) informally through discussion as follows:

the TSA Committee will meet to resolve the Dispute, and if the TSA Committee cannot resolve the Dispute unanimously within 10 Business Days of the Dispute being referred to them, then;

the Dispute shall promptly be referred by the TSA Committee to a nominated senior individual of each Party (the “Senior Nominees”), and if the Senior Nominees cannot resolve the Dispute unanimously within 10 Business Days of the Dispute being referred to them (unless a longer period is mutually agreed), then;

the dispute resolution process shall be deemed to have been exhausted in respect of the Dispute, and each Party shall be free to pursue its rights at law in respect of such Dispute without further reference to the dispute procedure under this Section 11.1.

The Parties will discuss in good faith, at either Party’s request, measures to shorten the time contemplated by this Section 11 to complete the Dispute resolution process.

Each Provider hereby grants to the applicable Recipient a non-exclusive, worldwide, royalty-free, fully paid-up license during the Service Term to use all Intellectual Property Rights (other than trademarks and domain names) Licensable by the Provider and utilized by the Provider in the provision of the Services solely to the extent necessary to receive and use the Services or complete Migration (and with a right to sublicense to customers of the Recipient to the extent necessary to enable such customers to benefit from the provision of the Services).

Each Recipient hereby acknowledges and agrees that, as between the Recipient and the applicable Provider:

the Provider’s Intellectual Property existing as of the date hereof (“Provider’s Existing IP”) will remain the sole and exclusive property of the Provider;

the Provider shall own all Intellectual Property Rights subsisting in any and all adaptations of, modifications and enhancements to and works derived from Provider’s Existing IP that are created, developed, conceived or reduced to practice by or on behalf of the Provider or the Recipient during the Service Term (“Provider’s Derivative IP”); and

the Provider shall own all Intellectual Property Rights, other than Recipient’s Derivative IP and Recipient’s New IP (as defined below), that are created, developed, conceived or reduced to practice by or on behalf of the Provider during the Service Term (“Provider’s New IP”).

Each Recipient hereby irrevocably assigns and agrees to assign to the applicable Provider all right, title and interest in and to Provider’s Derivative IP and Provider’s New IP.

Each Recipient hereby grants the applicable Provider a non-exclusive, worldwide, royalty-free, fully paid-up license during the Service Term to use all Intellectual Property Rights (other than trademarks and domain names) Licensable by the Recipient solely to the extent necessary to provide the Services.

Without prejudice to Section 12.1, each Provider hereby acknowledges and agrees that, as between the Provider and the applicable Recipient:

the Recipient’s Intellectual Property existing as of the date hereof (“Recipient’s Existing IP”) will remain the sole and exclusive property of the Recipient; and

the Recipient shall own all Intellectual Property Rights subsisting in any and all adaptations of, modifications and enhancements to and works derived from Recipient’s Existing IP that are created, developed, conceived or reduced to practice by or on behalf of the Provider or the Recipient during the Service Term (“Recipient’s Derivative IP”); and

the Recipient shall own all Intellectual Property Rights, other than Provider’s Derivative IP, that are, at the Recipient’s expense, created, developed, conceived or reduced to practice by or on behalf of the Provider specifically at the written direction of, and solely for, the Recipient during the Service Term (“Recipient’s New IP”). Notwithstanding the foregoing, the applicable Recipient shall hereby grant such Provider a perpetual, irrevocable, non-exclusive, worldwide, royalty-free, fully paid-up and unrestricted license to use and reproduce software included in Recipient’s New IP, including any and all object code, source code, information and/or documentation related thereto.

Each Provider hereby irrevocably assigns and agrees to assign to the applicable Recipient all right, title and interest in and to Recipient’s Derivative IP and Recipient’s New IP.

Each Party acknowledges and agrees that, solely to permit it or its Affiliates to perform its obligations pursuant to this TSA and the Service Schedules, the other Party’s Group may provide it with Confidential Information, including Personal Data. Each Party further acknowledges and agrees that it and its Affiliates shall have the right to use the other Party’s Group’s Confidential Information, including Personal Data, solely to fulfill and perform its obligations under this TSA and otherwise comply with Regulation. Regulation in respect of Personal Data may include U.S. federal data privacy laws and regulations such as the GLB Act, the Federal “Privacy of Consumer Financial Information” Regulation (12 CFR Part 30), as amended from time to time, issued pursuant to Section 504 of the GLB Act, and the Health and Insurance Portability and Accountability Act of 1996 (42 U.S.C. § 1320d), U.S. state data privacy laws such as the Massachusetts Data Protection Act (201 CMR 17) and, if applicable, international data privacy laws such as The Data Protection Act 1998 and Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data. Each Party may provide guidelines to help the other Party comply with such Regulation, but each Party using its own legal advisors will remain fully responsible, subject to the Change Control Procedure in respect of any change in Regulation after the date hereof, for interpreting and complying with such Regulation with respect to its own business. A Party shall have no right to use, reuse or disclose any Personal Data to any person or entity for any reason not specifically permitted under this TSA or a Service Schedule.

Each Party confirms that, when it or its Affiliate is processing data, it or the Affiliate shall:

only process Personal Data in accordance with the other Party’s instructions; and

take appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access and against all other unlawful forms of processing.

The Parties shall respectively comply with all Regulation, subject to the Change Control Procedure in respect of any change in Regulation after the date hereof, in respect of Confidential Information, including Personal Data, including securing such consents, registrations and notifications as may be required to enable the Provider and any Third

If requested by RBSG, CFG will enter into an agreement with RBSG on the terms of the Commission Decision of February 15, 2010 on standard contractual clauses for the transfer of Personal Data to processors established in third countries (2010/87/EC) or the Commission Decision of 27 December 2004 on an alternative set of standard contractual clauses for the transfer of Personal Data to third countries (2004/915/EC), as appropriate.

The Parties hereby covenant and agree to keep confidential all Confidential Information relating to the other Party’s Group. Without limiting the generality of the foregoing, each Party’s Group shall cause its employees and agents to exercise the same level of care with respect to Confidential Information relating to the other Party’s Group as it would with respect to proprietary information, materials and processes relating to itself. “Confidential Information” shall mean all information, materials and processes relating to a Party’s Group or its employees, third party vendors, counterparties or customers obtained by the other Party’s Group at any time (whether prior to or after the date hereof) in any format whatsoever (whether orally, visually, in writing, electronically or in any other form) arising out of the rendering or receipt of Services hereunder (or preparations for the same or for the termination thereof) and shall include, but not be limited to, economic and business information or data, business plans, software and information relating to personnel, products, financial performance and projections, processes, strategies and systems but shall not include information which:

is or becomes generally available to the public other than by release in violation of the provisions of this Section 13;

is or becomes available on a non-confidential basis to a Party from a source other than the other Party to this TSA, provided that the Party in question reasonably believes that such source is not or was not bound by an obligation to the other Party to hold such information confidential; and

is acquired or developed independently by a Party without use or reference to otherwise Confidential Information of the other Party.

The provisions of Section 13.2.1 shall not prohibit a Party’s disclosure or use of the other Party’s Group’s Confidential Information if and to the extent such Confidential Information

Each Party shall notify the other Party immediately of any suspected or known fraud relevant to its activities under this TSA or any Service Schedule, or of any unauthorized access, possession, use, or knowledge, or attempt thereof, of the other Party’s Group's Confidential Information, or of the occurrence of any other incident relating to the Services that could cause financial, customer or reputational loss to another Party, and agrees to cooperate with the other Party to investigate the occurrence and mitigate the impact of such an event. Each Party shall promptly provide the other Party with full details of any such event and use all available efforts to prevent a recurrence of any such event.

Notwithstanding any provision of this Section 13 to the contrary, a receiving Party’s Group may disclose such portion of the Confidential Information relating to the disclosing Party’s Group to the extent, but only to the extent, the receiving Party reasonably believes that such disclosure is required under Regulation or the rules of a Competent Authority, or under a subpoena or other legal process; provided that if practicable and permissible under Regulation or rules, the receiving Party shall first notify the disclosing Party of such requirement and allow such Party a reasonable opportunity to seek a protective order or other appropriate remedy to prevent such disclosure and cooperate with the disclosing Party in any lawful effort by the disclosing Party to contest the legal validity of such requirement and prevent such disclosure.

The Parties agree that monetary damages will not be an adequate remedy if this Section 13 regarding Data Protection and Confidential Information is breached, and therefore, a disclosing Party shall, in addition to any other legal or equitable remedies, be entitled to seek injunctive relief against any breach or threatened breach of this Section 13 by the receiving Party with respect to the disclosing Party’s Group’s Confidential Information.

The Provider shall maintain complete and accurate records of, and supporting documentation for, all Services provided pursuant to this TSA (“Service Records”). Until the later of:

seven years after the termination of this TSA or in the case of invoices eight years after their issuance;

all pending matters relating to this TSA (e.g., disputes) between the Parties are closed;

all pending audits relating to this TSA are closed, provided, however, that notice of any such audit was received within seven years after the termination of this TSA;

the information is no longer required to meet the Provider’s records retention policy as disclosed by the Provider to the Recipient and as such policy may be adjusted from time to time; or

any periods as required by Regulation have expired,

The Provider’s records management program shall be reasonably consistent with such industry frameworks as ISO 15489 or DoD5015.2 as in effect on the date hereof. Before the Provider destroys or otherwise disposes of any Service Records, the Recipient shall have the right to request that the Provider return such Service Records by giving notice at least sixty days prior to the applicable record retention expiration date, and the Provider shall deliver such information to the Recipient.

submit a Change Control Request to extend the time for performance of the affected Service for a period equal to the time lost by reason of the delay, provided, however, that such extension period shall not extend beyond December 31, 2016; or

terminate this TSA in relation to those Services which are affected by the Force Majeure event.

The Parties agree that the Acquired Rights Directive (Council Directive 77/187/EEC as amended by Council Directive 98/50 EEC and consolidated in Council Directive 2001/23/EEC) as amended (“ARD”) or any enactment of the ARD in any national law or any analogous national law will not apply on the commencement of the Services.

The Parties believe that on the cessation or partial cessation of the Services or any part of the Services on the termination, expiry or variation of this TSA, no transfer of the contracts of employment between a Provider or any Third Party Supplier (or any subcontractor thereof) and any of its/their employees to the applicable Recipient or a Successor Provider shall take place by reason of the ARD or any enactment of the ARD in any national law or any analogous national law.

Without prejudice to Section 15.1.1, if requested to do so by a Recipient at any time before the termination, expiry or variation of the Services, the applicable Provider will (or will procure that) all persons working on the Services (“Staff”), whether employed/engaged by the Provider, by any Third Party Supplier or any subcontractor thereof, will be redeployed or otherwise removed from the Services before the cessation of those Services so that those Staff cease to be engaged within the Services and are not affected by any transfer pursuant to the ARD or any enactment of the ARD in any national law or any analogous national law that may otherwise occur on the cessation of those Services.

Subject to Regulation, the Provider shall require any individual it employs or engages in connection with the performance of its obligations under this TSA to have satisfied the screening procedures in Sections 15.2.2 and 15.2.3 prior to such individual performing any Services hereunder.

The screening procedures set forth in Section 15.2.3 below shall apply to individuals who will be performing Services from within the United States. For individuals who will be performing Services from outside the United States:

when RBSG or its Affiliates are the Provider, they shall comply with the RBSG Policy applicable to the relevant jurisdiction; and

when CFG or its Affiliates are the Provider, they shall comply with the CFG Policy applicable to the relevant jurisdiction.

For individuals who will have no unaccompanied access to any Recipient facility, and no access to the Recipient's information technology network or the Recipient's Confidential Information (“Level 1 Clearance”), the Provider shall have conducted commercially reasonable recruitment and security vetting procedures in relation to each such individual, including, at a minimum, by verifying such individual's identity and legal right to work in the United States based on documentation satisfying Form I‑9 of the U.S. Department of Homeland Security. For individuals who may have unaccompanied access to any Recipient facility, or any access to the Recipient's information technology network or the Recipient's Confidential Information (“Level 2+ Clearance”), the Provider shall also have performed a background investigation on each such individual which, at a minimum, consists of the following:

verification of current residence;

verification of the previous two years of employment history;

verification of any specific academic, trade or professional qualifications or records that are required for the individual to perform his or her role; and

criminal records checks, including at a minimum a FIM county-level search and a FAM county and lower-court-level search;

In the event that:

the Provider is unable to comply fully with the pre-employment requirements above with respect to an individual;

the Provider is unable to verify the information described in clauses (i) through (iii) of Section 15.2.3;

the criminal records checks referred to in clause (iv) of Section 15.2.3 determine that the individual in question has (A) a conviction or program entry for a covered offense as described in Section 19 of the Federal Deposit Insurance Act, or (B) two or more convictions for crimes involving violent behavior in the previous five years; or

any pre-engagement screening activity returns information that otherwise indicates in the Provider's reasonable judgment that such individual should not be engaged to provide Services under this TSA,

the terms of the response have been approved by the other Party (such consent not to be unreasonably withheld or delayed); or

Regulation requires a response to the Competent Authority without the other Party’s consent.

The Provider shall (and shall use all commercially reasonable efforts to ensure its Third Party Suppliers providing material Services or a material element of the Services shall) promptly permit:

the Recipient or its auditors (to the extent the Recipient and its auditors are directed by a Competent Authority); and

any Competent Authority (or its designated representatives),

Subject to any restriction under Regulation or the direction of any Competent Authority, the Provider shall ensure it is (and shall use all commercially reasonable efforts to ensure its Third Party Suppliers providing material Services or a material element of the Services are) open and cooperative with the Recipient and its auditors and any Competent Authority (and its designated representatives) in performing its obligations under this Section 17.1 and shall provide such information, assistance, records and materials, access to persons engaged in the provision of the Services and explanations as required

If and to the extent the Provider does not have the rights under its relevant Third Party Agreement to ensure its Third Party Supplier grants the rights described in Sections 17.1.1 and 17.1.2, any costs in procuring such rights shall be borne by the Recipient; provided that such costs were approved by the Recipient in writing before they were incurred. If the Recipient declines, or otherwise fails, to approve such costs, the Provider shall not be required to obtain the grant of the relevant rights by that Third Party Supplier.

With respect to each Service Schedule:

The Provider shall, from time to time, but in any event no more than twice in any 12-month period (subject to the exception in Section 17.2.1(iii)), during regular business hours and upon reasonable notice, permit the Recipient or its representatives to perform audits of the Provider’s (and to the extent commercially reasonable, its Third Party Suppliers’) facilities, equipment, books and records (electronic or otherwise), operational systems, employees, contractors, subcontractors, and such other audits as may be necessary to ensure the Provider’s and its Third Party Suppliers’ compliance with the terms and conditions of this TSA and the relevant Service Schedules, as well as Regulation, and to ensure the Provider’s financial and operational viability, including but not limited to the Provider’s internal controls, pre-engagement employee screening, information and other security, business resumption, continuity, recovery, Service Level compliance, and contingency plans.

Upon request, the Provider shall provide to the Recipient at the Recipient’s expense an audit conducted by a reputable and experienced accounting firm in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, developed by the American Institute of Certified Public Accountants (AICPA), and have such accounting firm issue a Service Organization Control (SOC) 1 Type II Report (or substantially similar report in the event the SOC 1 Type II Report is no longer the industry standard) which will cover, at a minimum, the policies, procedures and controls required by this TSA and the relevant Service Schedule (the “Report”).

If an audit conducted pursuant to Section 17.2.1(i) reveals any non-compliance or other deficiencies, or the Report described in Section 17.2.1(ii) in its final an

The Parties acknowledge that the Parties and their respective Groups are subject to the international sanction laws and regulations issued from time to time by HM Treasury, the European Union, the United States of America (including, but not limited to, all applicable regulations of the Office of Foreign Assets Control (“OFAC”), the Bank Secrecy Act and the USA Patriot Act (including such regulations that may require the Provider to implement a “Customer Identification Program” or “Know Your Customer Program” to confirm that no beneficiary or client of the Provider appears on any lists issued by OFAC, including the Specially Designated Nationals list, and determine whether transactions by or with such beneficiary or client may constitute suspicious activity, such as identity theft, fraud, money laundering, terrorist financing or other threats to national security)), and the United Nations.

Neither Party shall be obliged to make any payment under, or otherwise to implement any part of the Services, if in the reasonable opinion of the relevant Party to do so is illegal or there is involvement by any person (natural, corporate or governmental) listed in the HM Treasury, the European Union, the United States of America, the United Nations or local sanctions lists, or there is any involvement by any person located in, incorporated under the laws of, or owned or controlled by, or acting on behalf of, a person located in or organized under the laws of a country or territory that is the target of comprehensive sanctions.

A Party’s Group may not store, copy, disclose or use the other Party’s Group’s Data for any purpose other than to the extent necessary to provide or receive, as applicable, the Services and to comply with Regulation.

Neither Party’s Group shall attempt to obtain access to, use or interfere with any information technology systems or data used or processed by the other Party’s Group except to the extent required to do so to provide or receive the Services (as applicable), or except to the extent expressly permitted to do so by this TSA.

Each Party’s Group shall maintain reasonable security measures to protect both Party’s Groups’ information technology systems, from third parties, and in particular from disruption by any “back door”, “time bomb”, “Trojan Horse”, “worm”, “drop dead device”, “virus” or other software routine intended or designed to (i) permit access or use of information technology systems by a third person other than as authorized by the Recipient or the Provider or (ii) disable, damage or erase, or disrupt or impair the normal operation of the Recipient’s or Provider’s information technology systems.

Each Party’s Group shall use reasonably up-to-date security measures to prevent unauthorized access to and unauthorized use of the information technology systems owned by the other Party (or, with respect to a Recipient, any member of the Recipient’s Group and, with respect to a Provider, any member of the Provider’s Group) and the other Party’s data (including, with respect to a Recipient, the Recipient Data) by third parties (including Third Party Suppliers).

A Party shall not introduce any Disabling Device into any information technology environment or any system used by the other Party’s Group in connection with the Services. Without limiting a Party’s other obligations under this TSA, the Parties agree that, in the event any Disabling Device is found in the systems used to provide the Services, (i) if such Disabling Device originated in any software, deliverable or other resource provided under this TSA or any Service Schedule, the Party that introduced the Disabling Device shall remove such Disabling Device at its sole expense and, subject to the caps on damages set forth in Section 8.2 hereof, indemnify the affected Party for all Losses incurred as a result of such Disabling Device, and (ii) in any case (wherever such Disabling Device originated), the Party that introduced the Disabling Device shall exercise commercially reasonable efforts at no additional charge to eliminate, and reduce the effects of, the Disabling Device and, if the Disabling Device causes a loss of operational efficiency or loss of data, to mitigate such losses and restore such data using generally accepted data restoration techniques.

In addition to its other obligations set forth in this TSA,

whenever a Party’s Group possesses, stores, processes or has access to the other Party’s Group’s Personal Data, it shall comply with the applicable Fraud Prevention Policy; and

whenever a Party’s Group possesses, stores, processes or has access to the other Party’s Group’s Confidential Information (inclusive of Personal Data), it shall comply with the applicable IS Requirements.

Each Party shall make the other aware as soon as reasonably practical of any information security breach which may materially adversely impact the Services or the other Party’s Group’s business.

This TSA constitutes the entire agreement between the Parties with respect to the subject matter hereof at the date hereof and supersedes all prior agreements and understandings, both oral or written, between the Parties in relation to the subject matter hereof.

In this Section 20.1, “this TSA” includes all documents entered into pursuant to it and/or this TSA.

Any provision of this TSA (including the Service Schedules hereto) may be amended or waived if, but only if, such amendment or waiver is in writing and is signed, in the case of an amendment, by each Party to this TSA, or in the case of a waiver, by the Party against whom the waiver is to be effective.

No failure or delay by any Party in exercising any right, power or privilege hereunder shall operate as a waiver thereof nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power or privilege. The rights and remedies herein provided shall be cumulative and not exclusive of any rights or remedies provided by Regulation.

if to RBSG to:

if to CFG to:

This TSA shall be governed by and construed and interpreted in accordance with the laws of the State of New York, without regard to the conflict of laws principles thereof that would result in the application of any law other than the laws of the State of New York.

EACH OF THE PARTIES HEREBY WAIVES TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY WITH RESPECT TO ANY COURT PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF AND PERMITTED UNDER OR IN CONNECTION WITH THIS TSA OR THE SERVICES CONTEMPLATED BY THIS TSA. EACH OF THE PARTIES HEREBY (A) CERTIFIES THAT NO REPRESENTATIVE, AGENT OR ATTORNEY OF THE OTHER PARTY HAS REPRESENTED, EXPRESSLY OR OTHERWISE, THAT SUCH OTHER PARTY WOULD NOT, IN THE EVENT OF LITIGATION, SEEK TO ENFORCE THE FOREGOING WAIVER AND (B) ACKNOWLEDGES THAT IT HAS BEEN INDUCED TO ENTER INTO THIS TSA AND THE SERVICES CONTEMPLATED BY THIS TSA, AS APPLICABLE, BY, AMONG OTHER THINGS, THE MUTUAL WAIVERS AND CERTIFICATIONS IN THIS SECTION 20.12.2.

With respect to any Action relating to or arising out of this TSA, subject to the provisions of Section 11, each Party to this TSA irrevocably (a) consents and submits to the exclusive jurisdiction of the courts of the State of New York and any court of the United States located in the Borough of Manhattan in New York City; (b) waives any objection which such Party may have at any time to the laying of venue of any Action brought in any such court, waives any claim that such Action has been brought in an inconvenient forum and further waives the right to object, with respect to such Action, that such court does not have jurisdiction over such party; and (c) consents to the service of process at the address set forth for notices in Section 20.7 herein; provided, however, that such manner of service

Each Party agrees that it shall comply with, and that the Services will be performed in accordance with, the Anti-Corruption Laws, subject to the Change Control Procedure in respect of any change in Anti-Corruption Laws after the date hereof, and that it shall not cause, by act or omission, any other Party to be in breach of any Anti-Corruption Laws.

Each Party shall have in place and comply with its own anti-bribery and corruption policy to ensure that it complies with the Anti-Corruption Laws (each such policy, an “Anti-Bribery and Corruption Policy”). If requested, a Party shall provide to the other Party a copy of its Anti-Bribery and Corruption Policy and, if required, the providing Party will explain to the receiving Party how the features set out in its Anti-Bribery and Corruption Policy correspond to the receiving Party’s Anti-Bribery and Corruption Policy. Subject to the Change Control Procedure, the providing Party shall promptly implement any amendments to its Anti-Bribery and Corruption Policy which the receiving Party, acting reasonably, considers necessary following its review of the providing Party’s Anti-Bribery and Corruption Policy to ensure that the providing Party complies with the Anti-Corruption Laws.

Each Party shall review its Anti-Bribery and Corruption Policy on a regular basis and shall promptly implement and notify the other Party of any amendments to its Anti-Bribery and Corruption Policy which it considers necessary for continued compliance with the Anti-Corruption Laws.

Each Party shall cooperate with the other Party and promptly provide any information or confirmation which the other Party requires from time to time in connection with the obligations set forth in this Section 20.13. Each Party acknowledges that the other Party will place reliance upon the information provided.

Each Party shall immediately notify the other Party in writing of any suspected or known breach of its Anti-Bribery and Corruption Policy or any of the Anti-Corruption Laws.

Each Party shall have the right to suspend and/or terminate any Service Schedule for material breach immediately, or on such other time specified by the terminating Party, upon written notice to the Provider under such Service Schedule if: (i) the Provider, or any person employed by it or acting on its behalf (whether with or without the knowledge of such Service Provider) fails to comply with any of the Anti-Corruption Laws or is in material breach of the Provider’s Anti-Bribery and Corruption Policy; or (ii) a Party has a reasonable suspicion that an occurrence as specified in clause (i) of this Section 20.13.6 has occurred.

Regardless of any other provision in this TSA, no Party shall be obliged to do, nor obliged to omit to do, any act which would, in its reasonable opinion, put it in breach of any Anti-Corruption Laws.