AMENDMENT Number 2 TO
Exhibit 10.40
AMENDMENT
Number 2
TO
THE MASTER AGREEMENT
BETWEEN
CITIBANK, N.A.
AND
TRX DATA SERVICES INC.
The Master Services Agreement (the “Agreement”), effective as of February 1, 2002, by and between Citibank, N.A. (“Citi”) and TRX Data Services, Inc. (“Provider”), in consideration of the mutual promises of the parties is hereby amended as follows:
1. The following shall be added as a new Subsections G and H to Section 11 “Compliance with Citi Policies and Procedures”:
G. Diversity Initiative. Provider acknowledges that Citi has implemented a Supplier Diversity Program which, among other initiatives, encourages the use of minority and women-owned businesses (“Diverse Suppliers”) as suppliers and subcontractors to the fullest possible extent consistent with the efficient performance of its business strategies. To assist Citi in complying with these goals, Provider will (at no additional cost to Citi) report to Citi within fifteen (15) days of the last day of each calendar quarter, the dollar amount spent by Provider in connection with this Agreement with any Diverse Suppliers which are involved in the provision of the goods and services under this Agreement. These reports shall be forwarded to the attention of the Citigroup Supplier Diversity Program, 333 West 34th Street, New York, NY 10001, attention Director Supplier Diversity Program. All such reports shall be kept and treated by Citi in accordance with Citi’s confidentiality obligations herein. Provider further acknowledges that Citi prefers, when contracting with suppliers that are not directly Diverse Suppliers, to contract with suppliers who can substantiate that a minimum of ten percent (10%) of the subcontractors or suppliers that they utilize in providing their products or services to Citi are Diverse Suppliers.
H. Equipment and Network Security. If access to Citi’s or an Affiliate’s computer systems, other equipment or personal property (“Citi’s Systems”) is required in order for Provider to fulfill its obligations to Citi, then Citi shall determine the nature and extent of such access. If Citi or an Affiliate provides Provider with remote access to Citi’s Systems, then any and all information relating to such remote access shall be considered Citi’s Confidential Information and shall be subject to the obligations of confidentiality set forth in Section 8 of the Agreement. In addition, any and all access to Citi’s Systems shall be subject to the following.
| 1) | Citi’s Systems shall be used solely to perform Services for Citi, and shall not be used for any purpose other than the legitimate business purposes of Citi. |
| 2) | Access to Citi’s Systems shall be restricted to Provider’s Personnel who need access in order for Provider to fulfill its obligations under this Agreement; and no access rights will be transferred to any other individuals without the prior written consent of Citi. |
| 3) | Provider will ensure that its Personnel do not attempt to break Citi’s or an Affiliate’s security systems, or attempt to obtain access to any programs or data beyond the scope of the access granted by Citi in writing. |
| 4) | Without limiting any of its other rights, Citi reserves (for itself and its Affiliates) the rights to restrict and monitor the use of Citi’s Systems, and to access, seize, copy and disclose any information, data or files developed, processed, transmitted, displayed, reproduced or otherwise accessed in conjunction with such use. Citi or an Affiliate may exercise its rights reserved hereunder: (i) to verify the performance of Services or the quality of Deliverables; (ii) to assure compliance by Provider’s Personnel with Citi’s or the Affiliate’s policies and procedures; (iii) to investigate conduct that may be illegal or may adversely affect Citi, an Affiliate or its or their employees; or (iv) to prevent inappropriate or excessive personal use of Citi’s Systems. Provider will advise its Personnel concerning the rights reserved hereunder. Notwithstanding the foregoing, this Section shall not apply to Provider’s IP addresses that pass through Citi’s Systems. |
2. The following shall be added at the end of Section 20 “Audit”:
Licensor shall be required to perform a SAS 70 Audit and provide the results to Citi consistent with the terms of this Section 20. All expenses related to such audit shall be paid by Citi. Provider agrees that the results of such audit shall not be shared with any of Provider’s customers. Upon Citi’s request, Provider will provide a completed audited statement of the financial condition of Provider’s organization, including (i) audited year-end results for the three (3) previous years, including revenues, expenses, net income, total assets, liabilities and footnotes; and (ii) the most recent financial interim statement.
3. Section 13 B “Export” shall be deleted in its entirety and replaced with the following:
B. Export Controls. Without limiting the generality of Section 20.1, Provider specifically agrees to comply, and will cause its Personnel to comply, with the requirements of all applicable export laws and regulations, including but not limited to the U.S. Export Administration Regulations. Unless authorized by U.S. regulation or Export License, Provider will not export or reexport, directly or indirectly, any software or technology received from Citi, or allow the direct product thereof to be exported or reexported, directly or indirectly, to (a) any country in Country Group E:2 of the Export Administration Regulations of the Department of Commerce (see http://www.bxa.doc.gov) or any other country subject to sanctions administered by the Office of Foreign Assets Control (see http://www.treas.gov/ofac/); or (b) any non-civil (i.e. military) end-users or for any non-civil end-uses in any country in Country Group D:1 of the Export Administration Regulations, as revised from time to time. Provider understands that countries other than the U.S. may restrict the import or use of strong encryption products and may restrict exports, and Provider agrees that it shall be solely responsible for compliance with any such import or use restriction. If requested by Citi, Provider shall cause its Personnel to execute and return to Citi the appropriate form of Assurance of Compliance set forth as Appendix A, either A-1 or A-2. (Attached)
4. The following shall be added as a new Subsection C to Section 13 “Compliance with Laws”.
C. Insider Trading and Tipping Notice. The Provider acknowledges that the federal securities laws, other applicable local laws, and the Citi’s policies and procedures prohibit any person or entity that has received from the Citi material, nonpublic information about a company, from purchasing or selling securities of that company or from communicating such information to any other person or entity that may sell or purchase such securities
2
5. Section 10 “Insurance” shall be deleted in its entirety and replaced with the following:
INSURANCE REQUIREMENTS
A. Required Coverage. During the term of this Agreement and for so long as any Work Order has not yet been completed or terminated, Provider will maintain, at its own expense, insurance coverage with limits of no less than those set forth below, and with insurers with a minimum A.M. Best Financial Strength rating of “A- (Excellent)” and Financial Size rating of “X”, or equivalent ratings from other valid rating agencies and under forms of policies satisfactory to Citi.
| (1) | Professional Liability Insurance (“Errors and Omissions”) in the minimum amount of $2,000,000 per occurrence, covering losses from any act, errors, omissions, negligence, breach of contract and/or misrepresentations related to Provider’s obligations under this Agreement. This insurance shall be maintained for a period of at least [*] after completion of all Work Orders. |
| (2) | Fidelity/Crime Insurance in the minimum amount of $2,000,000 per occurrence providing coverage for any loss sustained by Citi or an Affiliate as a result of any dishonest act by Provider’s officers, employees, agents or subcontractors (whether acting alone or in collusion with others), including but not limited to theft, forgery, alteration, or transfer of funds (electronically or otherwise). Such insurance must cover (i) property of the Provider; (ii) property of others, which the Provider holds in its care, custody and control; and (iii) property of others for which the Provider is legally liable. |
| (3) | Commercial General Liability including broad form contractual liability and personal injury endorsement, providing coverage against liability for bodily injury, death, and property damages in the minimum amount of $1,000,000 per occurrence and no less than $2,000,000 annual aggregate. |
| (4) | Automobile Liability in the minimum amount of $1,000,000 Combined Single Limit (“CSL”) per occurrence for bodily injury and property damage (covering owned, non-owned and hired vehicles). |
| (5) | Workers Compensation insurance covering Provider’s employees pursuant to applicable state laws and at the statutory limits required for each such state, and Employers Liability coverage in the minimum amount of $500,000 per loss. |
| (6) | Umbrella/Excess Liability providing excess liability coverage in the minimum amount of $5,000,000 per occurrence, to supplement the primary coverage limits for Commercial General Liability, Automobile Liability and Employers Liability provided under the policies listed above. |
B. Certificates of Insurance. Provider will deliver Certificates of Insurance to Citi prior to the execution of the Master Agreement. Said certificate shall indicate that policies providing coverage and limits of insurance are in full force and effect. Each Certificate shall provide that no less than thirty (30) days notice will be given in writing to Citi prior to cancellation, termination, or material alteration of any one of the policies. At least ten (10) days before the expiration of an insurance policy required hereunder, Provider will deliver to Citi a certificate of insurance attesting to the renewal of such insurance. In addition, each policy required pursuant to Subsections A(3), A(4), A(5) (Employers Liability only) and A(6) shall name Citi, Affiliates and assignees (suggest other parties if necessary) as additional insureds. Each policy required pursuant to Subsection A(2) shall name Citi, Affiliates and assignees as loss
[*] - Confidental Treatment Requested
3
payees. Citi’s acceptance of delivery of a Certificate of Insurance that does not conform to the requirements of this Section shall not relieve Provider of its obligation to provide insurance conforming to the requirements hereof.
C. No Limitation. The requirements set forth above as to types, limits and approval of insurance coverage to be maintained by Provider will not in any manner limit the liabilities and obligations assumed by Provider under this Agreement.
6. The parties agree that upon execution of this Amendment #2, they will take steps to consolidate all existing Amendments and Exhibits to the Master Agreement into one Amended and Restated Master Agreement, which accurately reflects the terms and conditions of such Amendments and Exhibits.
All other provisions of the Agreement remain unchanged and in full effect.
UNDERSTOOD AND AGREED:
| CITIBANK, N.A. | TRX DATA SERVICES INC. | |||||
| Signature: | /s/ Michael Valentini | Signature: | /s/ Norwood H. Davis III | |||
| Printed Name | Michael Valentini | Printed Name: | Norwood H. Davis III | |||
| Title: |
| Title: | President | |||
| Date: | 12/19/05 | Date: | 6 December 2005 | |||
4
APPENDIX A-1
ASSURANCE OF COMPLIANCE
WITH EXPORT LAW AND REGULATIONS
(PROVIDER’S PERSONNEL, US RESIDENT)
I hereby certify that, unless the permission of the U.S. Departments of Commerce, Treasury, or State, as applicable, is obtained, either in writing or in accordance with applicable regulations; I will not export, reexport or otherwise disclose, directly or indirectly, any proprietary software or technical data received from Citi, Citigroup or any of its direct or indirect subsidiaries or affiliates (collectively, “Citigroup”), or the direct product of any such software or technical data, to any of the following nations or nationals thereof:
| 1. | Country Group E:2 (currently Cuba and Libya) or any other embargoed destinations (currently Iran, Iraq, Sudan, Syria, or the Taliban controlled areas of Afghanistan). |
| 2. | Non-civil (i.e., military) end-users or for any non-civil (i.e., military) end uses in Country Groups D:1 (currently Albania, Armenia, Azerbaijan, Belarus, Bulgaria, China (PRC), Cambodia, Estonia, Georgia, Kazakhstan, North Korea, Kyrgystan, Laos, Latvia, Lithuania, Macau, Moldova, Mongolia, Romania, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, and Vietnam). |
I agree to be bound by any future modifications of the foregoing list of restricted destinations by amendments to the U.S. Export Administration Regulations or other U.S. Government agencies.
I understand that prior approval of the U.S. Department of Commerce or other appropriate agencies can be provided by regulations authorizing certain exports or by licenses or other authorizations obtained after prior application to the agency.
Additionally, I understand that countries other than the U.S. may restrict exports and may also restrict the import or use of strong encryption products and agree that we shall be solely responsible for compliance with any such export, import or use restrictions.
Further, I understand that failure to comply with the U.S. export regulations exposes Citigroup (and individuals providing services to Citigroup) to severe criminal and administrative penalties and sanctions, as well as adverse publicity, and that violation of this Assurance can result in the termination of my service assignment.
| Signature: | /s/ Norwood H. Davis III | |
| Name: | Norwood H. Davis III | |
| Date: | 6 December 2005 | |
| Name of Provider that employs the signatory: | TRX Data Services, Inc. |
5
APPENDIX A-2
ASSURANCE OF COMPLIANCE
WITH EXPORT LAW AND REGULATIONS
(PROVIDER’S PERSONNEL, FOREIGN NATIONAL)
[DATE]
[Business]
[Street Address]
[City, State, Zip]
[Attn: Export Licensing Coordinator]
Re: No Reexport of Controlled Technical Data or Software
To whom it may concern:
During my engagement with any direct or indirect subsidiary or affiliate of Citigroup (collectively “Citigroup”), I may have access to proprietary technical data and computer software. As a foreign national (non-U.S. citizen without U.S. permanent residency status), I understand that this access constitutes an export of technical data/software from the United States and is therefore governed by the provisions of the U.S. Export Administration Regulations (“EAR”).
Consequently, I agree to comply with U.S. Export Administration Regulations as they pertain to any technical data or computer software to which I have access. I hereby certify that, unless prior written authorization is received from the U.S. Department of Commerce or other appropriate agencies, I shall not knowingly reexport, directly or indirectly, this technical data/computer software without full compliance with U.S. export control laws, and in particular I will not export it to any of the following nations or nationals thereof:
| 1. | Country Group E:2 (currently Cuba and Libya) or any other generally embargoed destinations (currently Iran, Sudan, Syria), or |
| 2. | Non-civil (i.e., military) end-users or for any non-civil (i.e., military) end uses in Country Groups D:1 (currently Albania, Armenia, Azerbaijan, Belarus, Bulgaria, China, Cambodia, Estonia, Georgia, Kazakhstan, North Korea, Kyrgystan, Laos, Latvia, Lithuania, Macau, Moldova, Mongolia, Romania, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, and Vietnam. |
I agree to be bound by any future modifications of the foregoing list of restricted destinations by amendments to the U.S. Export Administration Regulations or other U.S. Government agencies.
I also agree that, without the prior approval of the U.S. Department of Commerce or other appropriate agencies, I shall not knowingly export to any of the above nations, directly or indirectly, any product (or any part thereof), process or service which is the direct product of this technical data/computer software.
I understand that prior approval of the U.S. Department of Commerce or other appropriate agencies can be provided by regulations authorizing certain exports or by licenses or other authorizations obtained after prior application to the agency, and that prior regulatory approvals are more likely to be available for exports to the second group of countries.
6
Additionally, I understand that countries other than the U.S. may restrict the import or use of strong encryption products and export of any products, and I agree that I will accept responsibility for compliance with any such restrictions.
I certify that I understand that this assurance I am providing is a condition to my having access to such data or software and applies in addition to any commercial nondisclosure agreements to which I am now or may be a party. Failure to comply exposes Citigroup (and individuals providing services to Citigroup) to severe criminal and administrative penalties and sanctions, as well as adverse publicity. Additional personal liability can result, including disciplinary action up to and including termination and/or problems under U.S. immigration laws.
| Signature: | /s/ Norwood H. Davis III | |
| Name: | Norwood H. Davis III | |
| Date: | 6 December 2005 | |
| Name of Provider that employs the signatory: | TRX Data Services, Inc. |
7
