Execution Version 1 CLAIMS SERVICES AGREEMENT This Claims Services Agreement (this “Agreement”) is made as of May 9, 2024 (the “Effective Date”) by and between SageSure Capital Holdings, Inc. (“SageSure”), and Interboro Insurance Company (“Company”). WHEREAS, SageSure, its affiliate SageSure Insurance Managers, LLC, and Company entered into that certain Program Administrator Agreement dated May 9, 2024 (the “PAA”); WHEREAS, SageSure is in the business of (i) receiving and processing claims on behalf of insurance carriers and (ii) providing claim adjusting and other claim-related services to clients such as Company through licensed insurance claim adjusters and other personnel; WHEREAS, SageSure owns and maintains systems for the purpose of adjusting and managing claims; and WHEREAS, Company desires to engage SageSure as an independent contractor to provide claim administration services. THEREFORE, in consideration of the mutual promises and covenants contained herein, the parties agree as follows: 1. SCOPE OF AGREEMENT a. Company hereby retains SageSure as an independent contractor to perform claim adjusting and other claim-related services as described in Exhibit A: Authority and Service Level Agreement on claims made under insurance policies issued by Company pursuant to the PAA, on the terms and conditions set forth in this Agreement, and SageSure accepts such assignment on said terms and conditions. 2. SAGESURE DUTIES a. SageSure shall utilize properly licensed claims adjusters (“Adjusters”) to adjust all insurance claims assigned to SageSure by Company pursuant to this Agreement, including Section 3 and Exhibit A, and related Services described in Exhibit A, which will be provided by appropriate staff for which no adjuster license is required (the “Services”). SageSure shall perform the Services in accordance with the terms and conditions of this Agreement and applicable law, and shall use the standards, practices, methods and procedures, and exercise the highest degree of skill, care, diligence, prudence and foresight, that would be expected to be observed by a skilled and experienced adjusting firm carrying out activities the same as or similar to the Services under the same or similar circumstances as those contemplated in this Agreement. b. SageSure may subcontract with independent contractors to provide Adjusters or to otherwise perform the Services that SageSure provides to Company. SageSure may also assign particular duties under this Agreement to certain of its affiliates or contractors. SageSure acknowledges that the use of a subcontractor or affiliate does not eliminate SageSure’s responsibility to meet all of SageSure’s obligations described in this Agreement. c. SageSure shall possess and maintain all necessary and proper licenses and insurance required by any law or regulation governing SageSure’s activities under this Agreement. SageSure warrants that all Adjusters and other personnel employed or engaged by SageSure to render Services under this Agreement are licensed and insured where required by law or regulation. d. Services rendered by SageSure under this Agreement shall:
Execution Version 2 1) Comply with all laws, regulations and rules that apply to Services rendered by SageSure under this Agreement. 2) Not contain any statement or representation, which is knowingly false, fraudulent or in violation of any legal obligation. 3) Be based upon written criteria, standards and guidelines of the Company. e. SageSure shall furnish or require each Adjuster to provide the Adjuster’s own supplies and transportation necessary to perform the Services. f. If requested by Company, SageSure agrees to use its best efforts to make Adjusters and supervisors from its roster of qualified Adjusters available for performing the Services within twenty-four (24) hours for Services under this Agreement, as more specifically described in Exhibit A. g. SageSure may retain no more than ninety (90) days estimated claims payments and allocated loss adjustment expenses. h. SageSure shall submit an account report to Company within fifteen (15) days after the end of business each calendar month. SageSure must maintain the account on file for at least three (3) years and must make the account available to the Department of Insurance for review. The account report shall include both insurance and reinsurance transactions, if applicable, and shall adhere to the following: 1) Contents. The report must contain the following information, by state and Annual Statement line of business: claim numbers, dates of loss, policy numbers, effective dates of policies, paid losses, paid loss adjustment expenses, outstanding losses, outstanding loss adjustment expenses, net salvage and subrogation recoveries, and recovery expenses. The report must also contain paid losses, legal expenses, and salvage and subrogation recoveries from inception to date. 2) Format and Data. SageSure and the Company shall mutually agree upon the form and data field content of the loss run report upon execution of this Agreement. i. SageSure shall provide a monthly detailed Claims extract report to Company within fifteen (15) days after the last day of each calendar month detailing any Claim resulting from a catastrophic event as declared by PCS (the “CAT Report”). The CAT Report must include insurance industry or local catastrophe coding, loss date, underwriting year, cause of loss, paid loss, outstanding loss, paid loss adjustment expense and outstanding loss for each Claim required to be included on the CAT Report. j. SageSure shall promptly notify Company in the event of any data breach which results in the accidental or unlawful destruction, loss, alteration of, or the unauthorized acquisition, disclosure, or access to non-public information in SageSure’s possession in accordance with the Information and Security Agreement attached hereto as Exhibit D. k. SageSure shall not: 1) commit the Company to participate in insurance or reinsurance syndicates; 2) collect any payment from a reinsurer or commit the Company to any claim settlement with a reinsurer without prior approval of the Company. If prior approval is given, a report must be promptly forwarded to the Company; 3) permit its subproducer to serve on the Company’s board of directors; 4) jointly employ an individual who is employed with the Company; or
Execution Version 3 appoint a sub-MGA. 3. COMPANY DUTIES a. The Company has ultimate authority and responsibility for the adjustment of claims, including (1) establishing reserves, (2) claims settlement, and (3) claims payment. b. New Claims. 1) Company will assign to SageSure exclusive claim adjusting authority for all new claims brought under Company’s policies (“New Claims”). Such assignment, and all services provided by SageSure under this Agreement with respect to New Claims, shall be effective on and after the earlier of: (1) fifteen (15) business days following the Effective Date, or (2) SageSure’s written notice to the Company that it is prepared to assume and perform such services (the “New Claims Effective Date”). Company shall not engage any other person or entity to adjust New Claims following the New Claims Effective Date during the Term of this Agreement. 2) SageSure shall adjust and administer all New Claims on SageSure’s own claims management system. c. Legacy Claims. 1) For avoidance of doubt, until the transition described in paragraph 3(c)(2) below is complete, the Company, at the Company’s expense, shall continue to adjust all Legacy Claims reported to the Company prior to the Effective Date (the “Legacy Claims”). However, Legacy Claims does not include any claim for which any filing with any court or other governmental authority has commenced on or before the Effective Date. 2) The Company hereby grants SageSure the authority to oversee and direct any other person or entity providing claims services to the Company for Legacy Claims. 3) The Company will assign to SageSure exclusive claim adjusting authority for all Legacy Claims as soon as practicable after Company’s claims adjuster employees, and , become SageSure employees (the “Adjuster Transition”). The parties shall cooperate to ensure that the Adjuster Transition occurs promptly following the Effective Date and without interference to the adjusting of Legacy Claims. 4) Except as expressly set forth elsewhere in this Agreement, during the Term, each party shall be responsible for its own expenses including: (1) maintenance of its claims management systems; and (2) wages and benefits owed to its employees. 5) The Company shall: a. maintain support for, and SageSure’s full access to, Legacy Claims on the Company’s claims management systems (including Majesco software and data) at the Company’s expense. b. continue to provide such support and access until all Legacy Claims are closed, all related information and data has been delivered to SageSure, and SageSure confirms in writing that it is able to manage such Claims on SageSure’s claims management system.
Execution Version 4 6) Notwithstanding anything to the contrary in this Agreement, the Company will continue to generate and file all reports and filings described in this Agreement with respect to Legacy Claims; provided, however, that after the Adjuster Transition, the former Company employees who join SageSure will continue to perform such reporting and filing functions consistent with their respective responsibilities immediately prior to the Effective Date and through access to the Company’s systems. d. Access to Data. Throughout the Term of this Agreement, the Company shall grant SageSure’s designated personnel direct access to all claims and policy data from the Company’s systems (including Majesco) as is reasonably necessary for the prompt and efficient performance of the Services by SageSure. e. The Company represents that this Agreement and Company’s engagement of SageSure under this Agreement have been duly authorized by all requisite action by Company, and constitute legal, valid and binding obligations of Company which are enforceable in accordance with their respective terms. No other actions are necessary on the part of Company to authorize Company’s execution and delivery of this Agreement. f. The Company’s conduct under this Agreement shall comply with all applicable laws, regulations and rules. 4. INDEPENDENT CONTRACTOR a. SageSure agrees that all Services rendered under this Agreement are those of an independent contractor. This Agreement does not create an agency relationship between SageSure and Company. Company shall have no obligation to provide any form of workers compensation insurance to SageSure, or its Adjusters, employees, or other personnel under state or federal laws. SageSure expressly disclaims and waives, for itself, its employees, and Adjusters any right or claim against Company for workers’ compensation, welfare, pension or retirement benefits or other forms of compensation or benefits (other than the fees payable to SageSure as set forth in Exhibit B and Exhibit C hereto) arising out of the Services performed hereunder. SageSure agrees to be fully responsible for and to pay when due all federal, state, and local taxes or contributions that SageSure is required by law to pay under Unemployment Insurance, Social Security, income tax and other laws by virtue of the performance of the Services. SageSure further agrees to fully comply with, and shall cause Adjusters to comply with, all statues, rules, regulations, and orders of any competent governmental authority applicable to the Services, including without limitation workers compensation laws and occupational safety and health laws, immigration laws, and anti-discrimination laws applicable to the Services. b. Except to the extent expressly authorized in writing by Company, SageSure understands and acknowledges that SageSure has no authority to bind Company to any agreement, contract, or settlement arrangement. 5. CONFIDENTIALITY AND INFORMATION SECURITY a. The parties may provide confidential information to one another, which may include (but is not limited to) proprietary information, technical data, trade secrets, know-how related to research, product plans, inventions, developments, services, software, prices, costs, discounts, databases, future plans, business affairs, process information, methodologies, analysis, customer lists, product design, information, copyrights, and other confidential information (collectively, “Confidential Information”) that are valuable, special and unique assets of the party disclosing the Confidential Information (the “Disclosing Party”). Confidential Information shall not
Execution Version 5 include information which: (a) is or becomes a part of the public domain through no act or omission of the Party receiving the information (the “Receiving Party”); (b) was in the Receiving Party’s lawful possession prior to the disclosure and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (c) is lawfully disclosed to the Receiving Party by a third-party without restriction on disclosure; (d) is independently developed by the Receiving Party without use of the Confidential Information; or (e) is disclosed by operation of law. b. The Receiving Party will take commercially reasonable measures to protect the Confidential Information and treat it as strictly confidential. The Receiving Party agrees that it will not at any time or in any manner, either directly or indirectly, use any information for its own benefit, or divulge, disclose, or communicate in any manner any Confidential Information to any third party without the prior written consent of the Disclosing Party, unless required to do so by law or by a court or other forum of competent jurisdiction. In the event the Receiving Party is required by law to disclose any Confidential Information, the Receiving Party agrees to notify the Disclosing Party to the extent permitted by law prior to making any disclosure and to cooperate fully with the Disclosing Party in protecting such Confidential Information. c. The parties to this Agreement shall comply with the terms set forth in the Information Security Agreement attached hereto as Exhibit D. d. The confidentiality and information security provisions of this Agreement shall remain in full force and effect after the termination of this Agreement. 6. PAYMENT a. Company shall pay for SageSure’s Services in accordance with the Fee Schedules in Exhibit B and Exhibit C. Such compensation shall be consistent with New York Department of Financial Services Regulation 30, 11 NYCRR 105 through 109 (“Regulation 30”). b. Company shall issue payment to SageSure for Services performed under this Agreement on not less than a monthly basis. SageSure shall maintain records sufficient to substantiate SageSure’s charges hereunder. 7. INSURANCE a. SageSure, at its own expense, shall maintain in force at all times during the Term of this Agreement the following insurance issued by an insurance company or companies with at least an “A” rating by A.M. Best Company: 1) Worker’s Compensation Insurance coverage that complies with applicable statutory limits and Employer’s Liability coverage with limits of at least $1,000,000 each occurrence and $2,000,000 aggregate for any employee that provides Services under this Agreement; 2) Commercial General Liability Insurance coverage with limits of no less than $1,000,000 each occurrence and $2,000,000 aggregate covering SageSure and any employee providing Services under this Agreement; 3) Business Auto Liability Insurance (including Automobile Non-Ownership Liability) coverage with a combined single limit of not less than $1,000,000 each occurrence and $1,000,000 aggregate, if applicable, covering SageSure and any employee providing Services under this Agreement; 4) Professional Liability (Errors & Omissions) Insurance coverage with limits of no less than
Execution Version 6 $1,000,000 each occurrence and $1,000,000 aggregate covering SageSure and any employee providing Services under this Agreement; and 5) Umbrella or Excess Liability Insurance in an amount not less than $5,000,000 each occurrence and $5,000,000 aggregate. 6) Cybersecurity Insurance coverage with minimum limits of $5,000,000 for breach response, data and network liability, regulatory defense and fines, and data recovery, and with a retroactive date of not less than 365 days from the effective date of this agreement. 8. INDEMNIFICATION a. Company will indemnify and hold SageSure harmless from and against all claims, losses, damages, liabilities, judgments, or settlements (including bad faith), including reasonable costs, expenses, and attorney’s fees arising out of this Agreement that are caused by Company’s act, error or omission, except to the extent SageSure has caused or contributed to or compounded such act, error, or omission. b. SageSure will indemnify and hold Company harmless from and against all claims, losses, damages, liabilities, judgments, or settlements (including bad faith), including reasonable costs, expenses, and attorney’s fees arising out of this Agreement that are caused by SageSure’s act, error or omission, except to the extent Company has caused or contributed to or compounded such act, error, or omission. c. SageSure will indemnify and hold Company harmless from and against all claims, losses, damages, liabilities, judgments, or settlements (including bad faith), including reasonable costs, expenses, and attorney’s fees arising out of acts errors or omissions of any third party engaged by SageSure to provide Services, including their failure to maintain appropriate licenses or certificates. d. The terms of this Section 8 shall survive termination of this Agreement. 9. ASSIGNMENT Neither party may assign this Agreement directly or indirectly, in whole or in part, to any other person or entity without prior written approval by the other party: provided, that Administrator may assign this Agreement to a properly licensed affiliate upon written notice to Company. 10. TERM AND TERMINATION a. Unless terminated earlier, the initial term of this Agreement shall be one (1) year beginning on the Effective Date, and this Agreement will renew automatically for successive one-year terms (the initial term and each successive one-year term individually and collectively, the “Term”). Either party may terminate this Agreement by giving notice of its intent not to renew at least sixty (60) days prior to the end of the then current Term. The parties may mutually agree to terminate this Agreement at any time. b. Notwithstanding anything in this Agreement to the contrary, this Agreement will automatically terminate in the event that the Company becomes a controlled insurer within the same holding company system as SageSure for purposes of New York Insurance Law Section 1505. c. Termination upon Breach. At any time, either party may terminate this Agreement upon the occurrence of a material breach by the other party by providing written notice of such breach to the other party; however, if the material breach is:
Execution Version 7 1) Related to a monetary provision or obligation, the breaching party will have thirty (30) days after receipt of written notice of the breach from the other party within which to cure such monetary breach; 2) Related to a non-monetary provision or obligation, the breaching party will have sixty (60) days after the receipt of written notice of the breach from the other party within which to cure such non-monetary breach, and to provide written notice of same to the other party. 3) In the event of failure to cure, such termination will be effective as of the end of the calendar month following the applicable cure period. Company shall have the right to suspend the authority of SageSure and utilize alternative claims adjusting services during the cure period if Company believes: (i) that it is at risk of harm by continuing to utilize SageSure, or (ii) that it would be unlawful for Company to continue utilizing SageSure. d. Termination for Cause by Company. Notwithstanding the foregoing, Company may immediately, unless otherwise indicated below, terminate this Agreement, or suspend Services, in whole or in part, for cause, by providing written notice to SageSure. As used in this subsection, “Cause” will include the following: 1) SageSure becomes insolvent, institutes, or acquiesces in the institution of any bankruptcy, financial reorganization, or liquidation proceeding or any such proceeding instituted against SageSure or its parent corporation (SageSure will immediately notify Company of same); 2) SageSure engages in acts or omissions constituting abandonment, fraud, insolvency, misappropriation of funds, material misrepresentation, or gross and willful conduct; or 3) SageSure’s necessary license(s) is cancelled, suspended, revoked, or is declined renewal by any regulatory body within the Territory (as defined in Exhibit A) where SageSure renders the Services hereunder, if, after sixty (60) days, SageSure fails to remedy such loss of license (SageSure will immediately notify Company of same). e. Termination without Cause by Company. In connection with the termination of the PAA, the Company may terminate this Agreement at any time with 90 days written notice to SageSure. f. Termination by SageSure. Notwithstanding the foregoing, SageSure may immediately, unless otherwise indicated below, terminate this Agreement in whole or in part, for cause, by providing written notice to Company. As used in this subsection, “Cause” will mean the following: 1) Company becomes insolvent, is declared insolvent, if a receiver is appointed to wind up the Company’s affairs, or the Company or its parent corporation enters any liquidation proceeding (Company will immediately notify SageSure of same); 2) Company engages in acts or omissions constituting abandonment, fraud, insolvency, misappropriation of funds, material misrepresentation, or gross and willful conduct; or 3) Company’s necessary license(s) is cancelled, suspended, revoked, or is declined renewal by any regulatory body within the Territory where SageSure renders the services hereunder, if, after one hundred-twenty (120) days, Company fails to remedy such loss of license (Company will immediately notify SageSure of same). g. SageSure shall maintain all reports and records required under this Agreement and all files (including Claim files) and documents from which the data used to generate such reports and records were obtained, for at least seven (7) years after the expiration dates of the policies that generate Claims subject to this Agreement, seven (7) years after the date the Claim file was closed, or the minimum period required by law, whichever is longer. During this time, SageSure shall make the reports, records, files, documents and data available for inspection,
Execution Version 9 If to SageSure: SageSure Capital Holdings, Inc. 101 Hudson Street, Suite 2700 Jersey City, NJ 07302 Email: b. Governing Authority. All issues concerning this Agreement will be governed by and construed in accordance with the laws of the State of New York, without giving effect to any choice of law or conflict of law provision or rule that would cause the application of the law of any jurisdiction other than the State of New York. c. Entire Agreement; Amendment; Waiver. This Agreement and any Exhibits hereto constitute the entire agreement of the parties to this Agreement with respect to its subject matter and may not be amended or changed except in a writing signed by the parties to this Agreement that specifies the effective date of the amendment or change. The failure of any party to this Agreement at any time or times to require the performance of any provision of this Agreement will in no manner affect the right to enforce the same and no waiver by any party to this Agreement of any provision or breach of any provision of this Agreement in any one or more instances will be deemed or construed either as a further or continuing waiver of any such provision or breach, or as a waiver of any other provision or breach of this Agreement. d. Negotiated Agreement. This Agreement has been negotiated by the parties and neither party may use the fact that any draft was prepared by the other party to have an effect on the construction or interpretation of this Agreement or any of its terms. e. Headings. The headings preceding the text of the articles, paragraphs, sections and sub- sections of this Agreement are intended and inserted solely for the convenience of reference and do not affect the meaning, construction or effect of this Agreement. f. No Third-Party Beneficiaries. This Agreement is only for the benefit of Company and SageSure and does not confer any right, benefit, or privilege upon any other person or entity. g. Counterparts. This Agreement may be executed in several counterparts, each of which will be deemed an original but all of which will constitute one and the same instrument. h. Required Contract Provisions. If any statute, regulation or other law governing the business of the Company and SageSure requires certain contract provisions to be included in this Agreement, those required contract provisions are deemed to be included in this Agreement. i. Expenses. Except as set forth herein, each party shall be solely responsible for its own expenses. Any shared expenses of the Company and SageSure shall be allocated consistent with Regulation 30. j. Books and Records. Company’s books and records are defined to include all books and records developed or maintained under or related to this Agreement. All books and records of Company are and shall remain the property of Company and are subject to the control of Company. k. Company Funds. All funds and invested assets of Company are the exclusive property of Company, held for the benefit of Company, and are subject to the control of Company. Any funds of Company’s held by SageSure are to be held in a fiduciary capacity.
Execution Version 10 l. Severability. If any term of this Agreement is determined to be illegal or unenforceable in any jurisdiction, such illegality or unenforceability will not affect any other term of this Agreement or render such term illegal or unenforceable in any other jurisdiction. Upon determination that any term is illegal or unenforceable, the parties shall negotiate in good faith to modify this Agreement so as to effect the original intent of the parties as closely as possible in a mutually acceptable manner that allows the transactions contemplated by the Agreement to be consummated as originally contemplated to the greatest extent possible. [Signature page follows]
Execution Version 12 CLAIMS SERVICES AGREEMENT EXHIBIT A AUTHORITY AND SERVICE LEVEL AGREEMENT 1. GENERAL UNDERSTANDING Subject to the terms of this Agreement, SageSure will perform, on behalf of the Company, the level of duties described below while providing claims administration services on Property and Casualty risks underwritten and bound by Company. Territory: New York Loss Types: First Party Property Damage Third Party Bodily Injury and Property Damage Initial Reserving: First Party: System or user generated Bodily Injury Liability: System or user generated Third Party Property Damage Liability: System or user generated Reserving Authority: Actual estimated value of the loss Settlement Authority: First Party: Bodily Injury Liability: Third Party Property Damage Liability: 2. SERVICES The Company hereby retains SageSure to perform the following services (collectively, the “Services”) on behalf of the Company. a. SageSure shall prepare and deliver first notice of loss (“FNOL”) to Company as follows: 1) SageSure will provide call-center services on behalf of Company in receiving calls, emails, mail, and any other policyholder related communications related to FNOL; 2) SageSure will develop and maintain all technology needed to receive and adjudicate New Claims for Company. This includes: i. FNOL technology for receiving notice of loss both online (self-service) and over the phone, to be used by customer service representatives; and ii. Integration of the FNOL technology with SageSure’s Claims Management System (as defined below). b. For New Claims, SageSure: 1) will develop and maintain a claims management system (the “Claims Management System”) which will generate and/or store information for all Company claims and will also be used to request/initiate and record all claim related activity and payments; 2) will maintain configurations and user access within the Claims Management System including to manage/automate the assignments of claims, provision access to new users, and manage user access levels;
Execution Version 13 3) will provide and maintain payment-related services related to Company’s claim payments, and will work with a third-party to develop processes and applications that allow for a variety of electronic payment options; additionally, SageSure will integrate the Claims Management System with third-party application(s) to support electronic and other payment processes and reconciliation; and claim payments will be made directly to/from Company’s bank accounts; 4) will provide to Company monthly operational and analytical reports and data related to SageSure’s handling of New Claims pursuant to this Agreement no later than fifteen (15) calendar days after the end of each month; and 5) will ensure that back-up processes or systems are available as appropriate in the event of business disruption to the above-mentioned technologies. 6) For the avoidance of doubt, following the Adjuster Transition, the processes described in this subsection (b) for Legacy Claims will be performed by SageSure through direct access to the Company’s claims management system. c. SageSure will provide oversight and control processes, including, but not limited to: 1) Building system controls for identifying or referring claims for review by Company or others at Company’s direction; 2) Maintaining reports to monitor for trends and evaluating underlying causes and/or issues; 3) Monitoring claim results and referring potential questions, issues, or trends to Company; and 4) Identifying and addressing technical or operational issues or gaps in processes as requested by Company. d. Claims Adjusting 1) SageSure will contact and provide status to the insured/claimant in a timely manner, compliant with all applicable laws and regulations. 2) SageSure will use the Claims Management System to document key activities for each claim, including contact, inspection, status updates, letters, and estimate review. 3) SageSure will comply with all regulatory requirements and document such in the Claims Management System. 4) SageSure will adhere to contractual policy language in determining policy coverage and adjusting claims. e. Coverage Letters and Policy Interpretation 1) In any instance where a reservation of rights or coverage denial is challenged in writing by an insured, claimant, or such individual’s representative, SageSure will review the
Execution Version 14 reservation of rights or coverage denial with the Company in advance of the reissuance of a reservation of rights, coverage denial or other response to such challenge. 2) If SageSure identifies or receives notice of any facts that in SageSure’s professional judgment necessitate the exercise of or potentially trigger Company’s rights, under the policy or applicable law, to cancel or rescind such policy due to an insured’s breach of the Policy, fraud or misrepresentation in relation to the application for or a claim under the Policy, SageSure shall promptly notify Company of such facts, cooperate with Company during its evaluation of the matter and comply with Company’s instructions for handling the account thereafter. 3) SageSure shall notify and receive written approval from Company prior to retaining counsel for purposes of obtaining a coverage opinion or legal advice, or instituting legal action, in relation to: i. The interpretation of policy language as it applies to any Claim; or ii. The analysis of facts that are subject to e.1, above, and legal and contractual rights, duties and obligations arising out of such facts. f. Loss Reserves 1) Company reserves for incurred losses on a case-by-case basis. Initial Stat Reserves are generated at time of FNOL for each loss type established in the Initial Loss Reserve Development tables. 2) All Stat Reserves are reviewed (for change) and adjusted (as needed) when information is received that changes the potential value of the claim. Reasoning for reserve changes will be documented in the Claims Management System. g. Loss Notification (Communication) 1) Adjusters will promptly notify Company of all claims involving the following loss characteristics: i. Combined gross loss and expense of $100,000; ii. Policy limit demands or settlements; iii. Lawsuits; iv. Allegations of E&O, bad faith, punitive or other extra-contractual damages; v. Scheduled mediations, trials and employee depositions (date, time, location, attendees); vi. Department of Insurance and other regulatory body complaints or inquiries; vii. Potential Agency E&O; and viii. Fatalities (insured and/or third-party claimants).
Execution Version 15 2) In addition, in compliance with applicable law, SageSure shall notify Company about claims as follows: i. All claims shall be reported to Company in a timely manner. ii. A copy of the claim file shall be sent by SageSure to Company at Company’s request or as soon as SageSure determines that the claim involves any of the following characteristics: 1. has the potential to exceed one percent of the insurer’s surplus to policyholders, as reported in its last filed annual statement, or exceeds the limit set by the Company, whichever is less; 2. involves a coverage dispute; 3. may exceed SageSure’s Settlement Authority (as set forth in Section 1 of this Exhibit A); 4. has been open for more than six (6) months; or 5. is closed by payment of one percent of the Company’s surplus to policyholders, as reported in its last filed annual statement, or an amount set by the Company, whichever is less. iii. If the claim files are maintained in electronic format, SageSure agrees upon the Company’s request to transmit any file(s) requested in a reasonably timely manner. h. Complaints 1) SageSure will review all complaints for a timely response. 2) SageSure will notify the Company of all Service Requests, Civil Remedy Notices, and other complaints filed with an insurance regulator against the Company (“Regulatory Complaints”). The parties shall cooperate to prepare draft responses for approval, filing timely responses, and maintain appropriate complaint logs containing required information. SageSure shall maintain a log of all complaints subject to this Paragraph in the format and manner required by the applicable state DOI or other regulatory authority, and provide the complaint log to the Company no less frequently than quarterly. i. Approved Business Partners 1) When it becomes necessary to retain industry vendors and experts (i.e., field adjusters, appraisers, storage facilities, engineers, lawyers and others) to assist with claims investigations and related activities, only SageSure approved firms are to be employed for these purposes (“Approved Business Partners”). 2) A list of Approved Business Partners will be maintained by SageSure and available for viewing by the Company upon request. 3) Approved Business Partners shall adhere to the same requirements of confidentiality, information security, records, and cooperation as SageSure. j. Statutory Compliance
Execution Version 16 1) Adjusters and claims management personnel will comply with all applicable statutes, rules, regulations, fair claims practices and code of ethics that govern their profession in the various states in which SageSure is providing the Services. 2) SageSure will ensure that its sub-contractors will comply with all applicable statutes, rules, regulations, fair claims practices and code of ethics that govern their profession, and Company guidelines, for and within the Territory. 3) By evidence of the signatures to this Agreement, SageSure and the Company acknowledge the understanding of an agreement to each party’s service level expectations, the duties and tasks required to achieve such expectations, and measurements which describe success in delivering the services stated in this Exhibit A: Authority and Service Level Agreement. 4) SageSure shall permit Company to conduct an on-site review of SageSure’s Claims processing operations at least once every six (6) months or as reasonably requested by the Company. SageSure shall comply with all requests from regulators for access to records.
Execution Version 17 CLAIMS SERVICES AGREEMENT EXHIBIT B FEE SCHEDULE FOR CLAIMS ADMINISTRATION SERVICES 1. FEE SCHEDULE As consideration for the provision of the Services described in Exhibit A: Service Level Agreement: a. Company shall pay SageSure fees in the amount of of Company’s Gross Earned Premiums for Administrator Produced Policies, and of Company’s Gross Earned Premiums for all other policies. Gross Earned Premiums shall be calculated in accordance with Statutory Accounting Principles. As used in this Agreement, “Administrator Produced Policies” means new policies produced by Administrator pursuant to the PAA, including Legacy Policies renewed onto the New Insurance Product. “Legacy Policies” and “New Insurance Product” shall have the meanings ascribed to those terms in the PAA. b. Company shall pay SageSure CAT administration fees on relevant claims as set forth below: Event Type Per-Claim Fee PCS-declared event that is not a named storm (PCS is Property Claim Services, division of Verisk Analytics) Named Storm, category 1-3 at landfall as defined by the National Hurricane Center (NHC) Named Storm, category 4-5 at landfall as defined by the NHC c. In addition to the per-claim fee, Company shall pay SageSure the fees set forth on Exhibit C for services described therein related to field inspection and field adjusting. 2. BILLING AND PAYMENT SageSure shall prepare and submit monthly invoices to Company covering the total amount owed to SageSure under Section 1 in this Exhibit B for Services provided during the preceding month pursuant to this Agreement within thirty (30) days after the end of business each calendar month. Such invoices for Fees under Section 1(a) of this Exhibit B will be due and payable by Company to SageSure on not less than a monthly basis. Per-Claim Fees under Section 1(b), and field inspection and adjusting fees under Section 1(c), will be paid on a per-claim basis as ALAE from the claim file. 3. INCURRED COSTS
Execution Version 18 “Allocated Loss Adjustment Expenses” (ALAE) are the responsibility of the Company, and not deducted or paid from the fee for claims administration services. ALAE will be paid within the Claims Management System. ALAE includes but is not limited to the following: 1. Investigation expenses, including but not limited to third party adjusters, desk adjustment, field inspection, virtual inspections, aerial imagery, automated review fees, engineering, legal, subrogation, salvage, SIU investigation, and expert expenses. 2. Per-Claim Fees described in Section 1(b) of this Exhibit B. 3. Field inspection and adjusting fees described in Section 1(c) of this Exhibit B. 4. Extraordinary expenses incurred by SageSure at the request and with the approval of the Company that are not otherwise the responsibility of the SageSure under this Agreement.
Execution Version 19 CLAIMS SERVICES AGREEMENT EXHIBIT C FEE SCHEDULE FOR FIELD INSPECTIONS AND ADJUSTING 1. SCOPE SageSure may determine that a field adjuster should be assigned to conduct field inspections or other adjusting activities for a claim within the scope of this Agreement. SageSure may assign either a third-party field adjuster or a staff field adjuster to perform these services. Costs associated to field-adjusting services will be charged as ALAE in the Claim Handling System and will be assessed as follows: a. If a third-party field adjuster is used, then the costs of their services will be charged as invoiced. b. If a staff field adjuster is used, the following charges will apply: SageSure-Staff Field Adjusting Services Each assignment includes: insured contact, an inspection, estimate, diagrams, labeled photographs & narrative report that aligns with the documented SageSure estimating guidelines Assignments that are complex or are outside the bounds, as reasonably determined by SageSure, of the following fee schedule will be charged using the T&E hourly fee noted below. Any projected T&E expense that exceeds $2,500 will require carrier approval before work is commenced. Inspection Fees Dollar Amount Non-Cat Appraisal CAT Appraisal Additional Services Service Rate Notes Mileage Fee IRS Rate over 50 miles $0.63 per mile Cancellation Fee Fee applied if inspection completed but no estimate written Re-inspection Fee difference Minimum 0 If new adjuster assigned, minimum Rope & Harness: up to 2 story As invoiced expected fee Flood Inspection Fee In addition to schedule Hourly Rate - T&E As incurred and documented
Execution Version 20 CLAIMS SERVICES AGREEMENT EXHIBIT D INFORMATION SECURITY AGREEMENT Attached.
Information Security Agreement 1) Definitions. Capitalized terms used herein shall have the meanings set forth in this Section 1. “Agreement” means the agreement to which this Information Security Agreement is attached. “Authorized Employees” means employees of each Party who have a need to know or otherwise access Personal Information to enable the Parties to perform their obligations under the Agreement. “Authorized Persons” means (i) Authorized Employees; and (ii) each Party’s contractors, agents, or third parties, who have a need to know or otherwise access Personal Information to enable the Parties to perform their obligations under the Agreement, and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Information in accordance with the terms and conditions of this Information Security Agreement. “Highly Sensitive Personal Information” means an (i) individual's government-issued identification number (including Social Security number, driver's license number, or state-issued identification number); (ii) financial account number, credit card number, debit card number, or credit report information, with or without any required security code, access code, personal identification number, or password that would permit access to an individual's financial account; (iii) biometric, genetic, health, medical, or medical insurance data; (iv) geolocation data; or (v) information regarding their racial or ethnic origin, religious beliefs, sex life or sexual orientation, union membership, or citizenship or immigration status. “Party” refers to each party (collectively, the “Parties”) to the Agreement. “Personal Information” means information provided to a Party (the “Receiving Party”) by or at the direction of the other Party (the “Disclosing Party”), information which is created or obtained by a Party (the “Receiving Party”) on behalf of the other Party (the “Disclosing Party”), or information to which access was provided to a Party (the “Receiving Party”) by or at the direction of the other Party (the “Disclosing Party”), in the course of the Parties’ performance under the Agreement that: (i) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, email addresses, and other unique identifiers); or (ii) can be used to identify or authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, user identification and account access credentials or passwords, financial account numbers, credit report information, student information, biometric, health, genetic, medical, or medical insurance data, answers to security questions, an individual's internet activity or similar interaction history, inferences drawn from other personal information to create consumer profiles, geolocation data, an individual's commercial, employment, or education history, and other personal characteristics and identifiers), in case of both subclauses (i) and (ii), including, without limitation, all Highly Sensitive Personal Information. A Party’s business contact information is not by itself deemed to be Personal Information. “Security Breach” means (i) any act or omission that compromises either the security, confidentiality, availability, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by a Party (or any Authorized Persons) that relate to the protection of the security, confidentiality, availability, or integrity of Personal Information, or (ii) receipt of a complaint in relation to a Party’s privacy and data security practices
(or any Authorized Persons) or a breach or alleged breach of this Information Security Agreement relating to such privacy and data security practices. Without limiting the foregoing, a compromise shall include any unauthorized access to or disclosure or acquisition of Personal Information. 2) Standard of Care. a) The Parties acknowledge and agree that, in the course of performance of the Agreement, the Parties may create, receive, or have access to Personal Information. Each Party shall comply with the terms and conditions set forth in this Information Security Agreement in its creation, collection, receipt, transmission, storage, disposal, use, and disclosure of such Personal Information and be responsible for any unauthorized creation, collection, receipt, transmission, access, storage, disposal, use, or disclosure of Personal Information under its control or in its possession by all Authorized Persons. Each Party shall be responsible for, and remain liable to, the other Party for the actions and omissions of its Authorized Persons that are not Authorized Employees concerning the treatment of Personal Information as if they were the Party’s own actions and omissions. Each Party’s Personal Information is deemed to be Confidential Information of that Party and is not Confidential Information of the other Party. In the event of a conflict or inconsistency between this Section 2, on one hand, and the Agreement or this Information Security Agreement, on the other hand, the terms and conditions set forth in this Section 2 shall govern and control. b) In recognition of the foregoing, each Receiving Party agrees and covenants that it shall: i) keep and maintain all Personal Information in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use, or disclosure; ii) not create, collect, receive, access, or use Personal Information in violation of law; iii) use and disclose Personal Information solely and exclusively for the purposes for which the Personal Information, or access to it, is provided pursuant to the terms and conditions of this Information Security Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Information for the Receiving Party’s own purposes or for the benefit of anyone other than the Disclosing Party, in each case, without the Disclosing Party’s prior written consent; and iv) not, directly or indirectly, disclose Personal Information to any person other than its Authorized Persons, including any subcontractors, agents, its own service providers or auditors (each, an “Unauthorized Third Party”), without the Disclosing Party’s prior written consent, unless and to the extent required by Government Authorities or as otherwise, to the extent expressly required, by applicable law, in which case, the Receiving Party shall (A) notify the Disclosing Party before such disclosure or as soon thereafter as reasonably possible; (B) be responsible for and remain liable to the Disclosing Party for the actions and omissions of such Unauthorized Third Party concerning the treatment of such Personal Information as if they were the Receiving Party’s own actions and omissions; and (C) require the Unauthorized Third Party that has access to Personal Information to execute a written agreement agreeing to comply with the terms and conditions of this Information Security Agreement relating to the treatment of Personal Information.
3) Information Security. a) Each Party represents and warrants that its creation, collection, receipt, access, use, storage, disposal, and disclosure of Personal Information does and will comply with all applicable federal, state, and foreign privacy and data protection laws, as well as all other applicable regulations and directives. b) Each Party shall implement and maintain a written information security program including appropriate policies, procedures, and risk assessments that are reviewed at least annually. c) Without limiting either Party’s obligations under Section 3(a), each Party shall implement administrative, physical, and technical safeguards to protect Personal Information from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Personal Information is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Information Security Agreement. If, in the course of performance under the Agreement, either Party has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information, such Party shall at all times remain in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at such Party’s sole cost and expense. d) At a minimum, each Party’s safeguards for the protection of Personal Information shall include: (i) limiting access of Personal Information to Authorized Persons; (ii) securing business facilities, data centers, paper files, servers, backup systems, and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, application, database, and platform security; (iv) securing information transmission, storage, and disposal; (v) implementing authentication and access controls within media, applications, operating systems, and equipment, including the use of multifactor authentication for access to any Personal Information; (vi) encrypting Personal Information stored on any [mobile] media; (vii) encrypting Personal Information when transmitted; (viii) strictly segregating Personal Information from information of the other Party or any third-party so that Personal Information is not commingled with any other types of information; (ix) conducting risk assessments, penetration testing, and vulnerability scans and promptly implementing, at the Party’s sole cost and expense, a corrective action plan to correct any issues that are reported as a result of the testing; (x) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law; and (xi) providing appropriate privacy and information security training to the Party’s employees. e) During the term of each Authorized Employee's employment by a Party, the Party shall at all times cause such Authorized Employees to abide strictly by the Party’s obligations under this Information Security Agreement and its standard policies and procedures, a copy of which have
been provided to the other Party upon request. Each Party further agrees that it shall maintain a disciplinary process to address any unauthorized access, use, or disclosure of Personal Information by any of its officers, partners, principals, employees, agents, or contractors. 4) Security Breach Procedures. a) Each Party shall: i) provide the other Party with the name and contact information for one or more of the Party’s employees/security operations or other service desk who/which shall serve as the other Party’s primary security contact and shall be available to assist the other Party twenty- four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with a Security Breach; ii) notify the other Party of a Security Breach as soon as practicable, but no later than twenty- four (24) hours after the Party becomes aware of it; and iii) notify the other Party of any Security Breaches by emailing the other Party at an address provided by the other Party, with a copy by email to the Party’s primary business contact within the other Party. b) Immediately following notification of a Security Breach, the Parties shall coordinate with each other to investigate the Security Breach. The Parties agree to fully cooperate with each other in the handling of the matter, including, without limitation: (i) assisting with any investigation; (ii) providing physical access to the facilities and operations affected; (iii) facilitating interviews with employees and others involved in the matter; and (iv) making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the other Party. c) The Party responsible for the Security Breach shall (i) at its own expense use best efforts to immediately contain and remedy any Security Breach and prevent any further Security Breach, including, but not limited to taking any and all action necessary to comply with applicable privacy rights, laws, regulations, and standards, and (ii) reimburse the other Party for all actual reasonable costs incurred by the other Party in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation pursuant to Section 4(d). d) Each Party agrees that it shall not inform any third party of a Security Breach without first obtaining the other Party’s prior written consent, other than to inform a complainant that the matter has been forwarded to the Party’s legal counsel. Further, the Receiving Party agrees that the Disclosing Party shall have the sole right to determine: (i) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by law or regulation, or otherwise in Disclosing Party’s discretion; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation. e) The Parties agree to maintain and preserve all documents, records, and other data related to any Security Breach for the longest of the following (the “Applicable Retention Period”): (i) five (5) years; (ii) any applicable retention period required by the Agreement or any other contract
between the Parties; or (iii) the length of time required by applicable law or regulation. Prior to destruction or disposal of such documents, records or other data, each Party shall provide no less than 90 days prior written notice to the other Party specifying in reasonable detail the documents, records, or other data to be destroyed or disposed and the other Party may request that the documents, records, or other data to be destroyed or disposed be delivered to that Party at requesting Party’s sole expense. Notwithstanding the foregoing, if any litigation, claim, negotiation, audit, or other action involving the documents, records, and other data has been started before the expiration of the applicable retention period, the documents, records, and other data shall be retained until completion of the action and resolution of all issues which arise from it, or until the end of the Applicable Retention Period, whichever is later, and until any outstanding litigation, audit, or claim has been fully resolved. f) Each Party agrees to fully cooperate at its own expense with the other Party in any litigation, investigation, or other action resulting from a Security Breach, if deemed reasonably necessary by the other Party to protect its rights relating to the use, disclosure, protection, and maintenance of Personal Information. g) In the event of any Security Breach, the Parties shall promptly use their best efforts to prevent a recurrence of any such Security Breach. 5) Return or Destruction of Personal Information. At any time during the term of the Agreement, at the Disclosing Party’s request or upon the termination or expiration of the Agreement for any reason, the Receiving Party shall, and shall instruct all Authorized Persons to, promptly return to the Disclosing Party all copies, whether in written, electronic, or other form or media, of Personal Information in its possession or the possession of such Authorized Persons, or securely dispose of all such copies, and certify in writing to the Disclosing Party that such Personal Information has been returned to the Disclosing Party or disposed of securely. The Receiving Party shall comply with all reasonable directions provided by the Disclosing Party with respect to the return or disposal of Personal Information. 6) Equitable Relief. Each Party acknowledges that any breach of its covenants or obligations set forth herein, or the other Party’s standard policies and procedures, may cause the other Party irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the other Party is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance, and any other relief that may be available from any court, in addition to any other remedy to which the other Party may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available at law or in equity, subject to any express exclusions or limitations in the Agreement to the contrary. 7) Material Breach. A Party’s failure to comply with any of the provisions of this Information Security Agreement is a material breach of the Agreement. In such event, the non-breaching Party may terminate the Agreement effective immediately upon written notice to the breaching Party without further liability or obligation to the breaching Party. 8) Indemnification. Each Party (the “Indemnitor”) shall defend, indemnify, and hold harmless the other Party and the other Party’s subsidiaries, affiliates, and its respective officers, directors, employees, agents, successors, and permitted assigns (each, an “Indemnitee”) from and against any and all
losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys' fees, the cost of enforcing any right to indemnification hereunder, and the cost of pursuing any insurance providers, arising out of or resulting from any third-party claim against any Indemnitee arising out of or resulting from Indemnitor’s failure to comply with any of its obligations under this Information Security Agreement.