The URL can be used to link to this page

Home My WebLink AboutAgreement A-25-625 with Northwest Capital Management.pdf I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Agreement No. 25-625 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated December 9, 2025 and is between 3 Northwest Capital Management, Inc., an Oregon, limited liability company, whose address is 1 4 Centerpointe Drive, Suite 115, Lake Oswego, OR 97035 ("Contractor"), and the County of Fresno, 5 a political subdivision of the State of California ("County"). 6 Recitals 7 WHEREAS, the County intends to maintain the "County of Fresno 457(b) Deferred 8 Compensation Plan" and the "County of Fresno 401(a) Defined Contribution Plan", hereinafter 9 referred to collectively as the "Plans", for its eligible employees in accordance with Sections 457 10 and 401 of the Internal Revenue Code for the purpose of providing certain benefits to its 11 employees, and; 12 WHEREAS, the Plans require consulting services, which include: maintaining the Plans' 13 investment policy statement, monitoring the Plans' investments, selecting investments for the 14 Plans, providing fiduciary support to the Deferred Compensation Management Council (the 15 "DCMC"), monitoring the performance of the Plans' service-providers, and assisting the DCMC 16 and County staff with procuring the Plans' service-providers; and 17 WHEREAS, the County issued RFP No. 25-105 for consulting services to the Plans and 18 Contractor submitted the most responsive bid; and 19 WHEREAS, County and Contractor wish to enter into an agreement where Contractor 20 provides services detailed in Exhibit A to this Agreement. 21 The parties therefore agree as follows: 22 Article 1 23 Contractor's Services 24 1.1 Scope of Services. The Contractor shall perform all the services provided in Exhibit 25 A to this Agreement, titled "Scope of Services." 26 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and able 27 to perform all of the services provided in this Agreement. 28 1 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 2 applicable federal, state, and local laws and regulations in the performance of its obligations under 3 this Agreement, including but not limited to workers compensation, labor, and confidentiality laws 4 and regulations. 5 1.4 Data Security. The Contractor will follow present practices as outlined in Exhibit E to 6 this Agreement, titled "Data Security." 7 Article 2 8 County's Responsibilities 9 2.1 The County shall authorize and direct the Plans' Record-keeper to provide Contractor 10 with the Plans' participant account and investment data, including but not limited to the following: 11 (A) The Plans' total assets and asset allocation data. 12 (B) The Plan's participation information. 13 (C)Access to the Plans' Plan Sponsor website for the purpose of viewing and 14 retrieving reports. Said access shall not include access to individual participant accounts. 15 (D) Other relevant Deferred Compensation Plan reports and data as required for 16 Contractor to provide consultation services. 17 Article 3 18 Compensation, Invoices, and Payments 19 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for the 20 performance of its services under this Agreement as described in Exhibit B to this Agreement, 21 titled "Compensation." 22 3.2 Maximum Compensation. 23 (A) For the period of January 1, 2026 to December 31, 2026, the maximum 24 compensation payable by the County to the Contractor shall not exceed Fifty Thousand 25 Dollars ($50,000.00). For the period of January 1, 2027 to December 31, 2027, the 26 maximum compensation payable by the County to the Contractor shall not exceed Fifty 27 Thousand Dollars ($50,000.00). For the period of January 1, 2028 to December 31, 2028, 28 the maximum compensation payable by the County to the Contractor shall not exceed 2 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 Fifty Thousand Dollars ($50,000.00). For the period of January 1, 2029 to December 31, 2 2029, the maximum compensation payable by the County to the Contractor shall not 3 exceed Fifty Thousand Dollars ($50,000.00). For the period of January 1, 2030 to 4 December 31, 2030, the maximum compensation payable by the County to the Contractor 5 shall not exceed Fifty Thousand Dollars ($50,000.00). 6 (B) The maximum compensation payable by the County to the Contractor to attend in- 7 person, on-site Deferred Compensation Management Council meetings, in addition to the 8 four (4) quarterly meetings per calendar year described in Section A4(2) of Exhibit A to 9 this Agreement, titled "Scope of Services," is Ten Thousand Dollars ($10,000.00). 10 (C) The maximum compensation payable by the County to the Contractor to perform 11 the services described in Section A8 of Exhibit A to this Agreement, titled "Scope of 12 Services" is Twenty-Five Thousand Dollars ($25,000.00). 13 3.3 Total Maximum Compensation. In no event shall the total maximum compensation 14 payable to the Contractor for services performed under this Agreement exceed Two Hundred 15 Eighty-Five Thousand Dollars ($285,000.00) for the full five (5) year term of this Agreement. The 16 Contractor acknowledges that the County is a local government entity, and does so with notice 17 that the County's powers are limited by the California Constitution and by State law, and with 18 notice that the Contractor may receive compensation under this Agreement only for services 19 performed according to the terms of this Agreement and while this Agreement is in effect, and 20 subject to the maximum amount payable under this section. The Contractor further acknowledges 21 that County employees have no authority to pay the Contractor except as expressly provided in 22 this Agreement. 23 3.4 Invoices. The Contractor shall submit quarterly invoices to the Director of Human 24 Resources, pursuant to Article 5, "Notices," below.The Contractor shall submit each invoice within 25 60 days after the quarter in which the Contractor performs services and in any case within 60 26 days after the end of the term or termination of this Agreement. 27 28 3 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 3.5 Payment. The County shall pay each correctly completed and timely submitted invoice 2 within 45 days after receipt. The County shall remit any payment to the Contractor's address 3 specified in the invoice. 4 3.6 Incidental Expenses. The Contractor is solely responsible for all of its costs and 5 expenses that are not specified as payable by the County under this Agreement. 6 Article 4 7 Term of Agreement 8 4.1 Term. This Agreement is effective on January 1, 2026 and terminates on December 9 31, 2030, except as provided in Article 6, "Termination and Suspension," below. 10 4.2 Extension. The term of this Agreement may not be extended. 11 Article 5 12 Notices 13 5.1 Contact Information. The persons and their addresses having authority to give and 14 receive notices provided for or permitted under this Agreement include the following: 15 For the County: For the Contractor: 16 Director of Human Resources Chief Legal Officer County of Fresno NWCM, Inc. 17 2220 Tulare Street, 14th Floor 1 Centerpointe Drive, Suite 115 18 Fresno, CA 93721 Lake Oswego, OR 97035 19 Email Address: HRBenefitsCcDFresnoCountyCA.gov Email Address: plandepartment@nwcm.com Fax: (559)455-4787 20 21 5.2 Change of Contact Information. Either party may change the information in section 22 5.1 by giving notice as provided in section 5.3. 23 5.3 Method of Delivery. Each notice between the County and the Contractor provided for 24 or permitted under this Agreement must be in writing, state that it is a notice provided under this 25 Agreement, and be delivered either by personal service, by first-class United States mail, by an 26 overnight commercial courier service, by telephonic facsimile transmission, or by Portable 27 Document Format (PDF) document attached to an email. 28 (A) A notice delivered by personal service is effective upon service to the recipient. 4 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 (B) A notice delivered by first-class United States mail is effective three County 2 business days after deposit in the United States mail, postage prepaid, addressed to the recipient. 3 (C)A notice delivered by an overnight commercial courier service is effective one 4 County business day after deposit with the overnight commercial courier service, delivery fees 5 prepaid, with delivery instructions given for next day delivery, addressed to the recipient. 6 (D)A notice delivered by telephonic facsimile transmission or by PDF document 7 attached to an email is effective when transmission to the recipient is completed (but, if such 8 transmission is completed outside of County business hours, then such delivery is deemed to be 9 effective at the next beginning of a County business day), provided that the sender maintains a 10 machine record of the completed transmission. 11 5.4 Claims Presentation. For all claims arising from or related to this Agreement, nothing 12 in this Agreement establishes, waives, or modifies any claims presentation requirements or 13 procedures provided by law, including the Government Claims Act (Division 3.6 of Title 1 of the 14 Government Code, beginning with section 810). 15 Article 6 16 Termination and Suspension 17 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are 18 contingent on the approval of funds by the appropriating government agency. If sufficient funds 19 are not allocated, then the County, upon at least 30 days'advance written notice to the Contractor, 20 may: 21 (A) Modify the services provided by the Contractor under this Agreement; or 22 (B) Terminate this Agreement. 23 6.2 Termination for Breach. 24 (A) Upon determining that a breach (as defined in paragraph (C) below) has occurred, 25 the County may give written notice of the breach to the Contractor. The written notice may 26 suspend performance under this Agreement, and must provide at least 30 days for the Contractor 27 to cure the breach. 28 5 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 (B) If the Contractor fails to cure the breach to the County's satisfaction within the time 2 stated in the written notice, the County may terminate this Agreement immediately. 3 (C) For purposes of this section, a breach occurs when, in the determination of the 4 County, the Contractor has: 5 (1) Obtained or used funds illegally or improperly; 6 (2) Failed to comply with any part of this Agreement; 7 (3) Submitted a substantially incorrect or incomplete report to the County; or 8 (4) Improperly performed any of its obligations under this Agreement. 9 6.3 Termination without Cause. In circumstances other than those set forth above, the 10 County may terminate this Agreement by giving at least 30 days advance written notice to the 11 Contractor. 12 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 13 under this Article 6 is without penalty to or further obligation of the County. 14 6.5 County's Rights upon Termination. Upon termination for breach under this Article 15 6, the County may demand repayment by the Contractor of any monies disbursed to the 16 Contractor under this Agreement that, in the County's sole judgment, were not expended in 17 compliance with this Agreement. The Contractor shall promptly refund all such monies upon 18 demand. This section survives the termination of this Agreement. 19 Article 7 20 Independent Contractor 21 7.1 Status. In performing under this Agreement, the Contractor, including its officers, 22 agents, employees, and volunteers, is at all times acting and performing as an independent 23 contractor, in an independent capacity, and not as an officer, agent, servant, employee, joint 24 venturer, partner, or associate of the County. 25 7.2 Verifying Performance. The County has no right to control, supervise, or direct the 26 manner or method of the Contractor's performance under this Agreement, but the County may 27 verify that the Contractor is performing according to the terms of this Agreement. 28 6 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 7.3 Benefits. Because of its status as an independent contractor, the Contractor has no 2 right to employment rights or benefits available to County employees. The Contractor is solely 3 responsible for providing to its own employees all employee benefits required by law. The 4 Contractor shall save the County harmless from all matters relating to the payment of Contractor's 5 employees, including compliance with Social Security withholding and all related regulations. 6 7.4 Services to Others. The parties acknowledge that, during the term of this Agreement, 7 the Contractor may provide services to others unrelated to the County. 8 Article 8 9 Indemnity and Defense 10 8.1 Indemnity. The Contractor shall indemnify and hold harmless and defend the County 11 (including its officers, agents, employees, and volunteers) against all claims, demands, injuries, 12 damages, costs, expenses (including attorney fees and costs), fines, penalties, and liabilities of 13 any kind to the County, the Contractor, or any third party that arise from or relate to the 14 performance or failure to perform by the Contractor (or any of its officers, agents, subcontractors, 15 or employees) under this Agreement. The County may conduct or participate in its own defense 16 without affecting the Contractor's obligation to indemnify and hold harmless or defend the County. 17 8.2 Survival. This Article 8 survives the termination of this Agreement. 18 Article 9 19 Insurance 20 9.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this 21 Agreement. 22 Article 10 23 Inspections, Audits, and Public Records 24 10.1 Inspection of Documents. The Contractor shall make available to the County, and 25 the County may examine at any time during business hours and as often as the County deems 26 necessary, all of the Contractor's records and data with respect to the matters covered by this 27 Agreement, excluding attorney-client privileged communications. The Contractor shall, upon 28 7 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 request by the County, permit the County to audit and inspect all of such records and data to 2 ensure the Contractor's compliance with the terms of this Agreement. 3 10.2 State Audit Requirements. If the compensation to be paid by the County under this 4 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 5 California State Auditor, as provided in Government Code section 8546.7, for a period of three 6 years after final payment under this Agreement. This section survives the termination of this 7 Agreement. 8 10.3 Public Records. The County is not limited in any manner with respect to its public 9 disclosure of this Agreement or any record or data that the Contractor may provide to the County. 10 The County's public disclosure of this Agreement or any record or data that the Contractor may 11 provide to the County may include but is not limited to the following: 12 (A) The County may voluntarily, or upon request by any member of the public or 13 governmental agency, disclose this Agreement to the public or such governmental agency. 14 (B) The County may voluntarily, or upon request by any member of the public or 15 governmental agency, disclose to the public or such governmental agency any record or data that 16 the Contractor may provide to the County, unless such disclosure is prohibited by court order. 17 (C) This Agreement, and any record or data that the Contractor may provide to the 18 County, is subject to public disclosure under the Ralph M. Brown Act (California Government 19 Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 20 (D) This Agreement, and any record or data that the Contractor may provide to the 21 County, is subject to public disclosure as a public record under the California Public Records Act 22 (California Government Code, Title 1, Division 10, beginning with section 7920.000) ("CPRA"). 23 (E) This Agreement, and any record or data that the Contractor may provide to the 24 County, is subject to public disclosure as information concerning the conduct of the people's 25 business of the State of California under California Constitution, Article 1, section 3, subdivision 26 (b). 27 (F) Any marking of confidentiality or restricted access upon or otherwise made with 28 respect to any record or data that the Contractor may provide to the County shall be disregarded 8 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 and have no effect on the County's right or duty to disclose to the public or governmental agency 2 any such record or data. 3 10.4 Public Records Act Requests. If the County receives a written or oral request under 4 the CPRA to publicly disclose any record that is in the Contractor's possession or control, and 5 which the County has a right, under any provision of this Agreement or applicable law, to possess 6 or control, then the County may demand, in writing, that the Contractor deliver to the County, for 7 purposes of public disclosure, the requested records that may be in the possession or control of 8 the Contractor. Within five business days after the County's demand, the Contractor shall (a) 9 deliver to the County all of the requested records that are in the Contractor's possession or control, 10 together with a written statement that the Contractor, after conducting a diligent search, has 11 produced all requested records that are in the Contractor's possession or control, or (b) provide 12 to the County a written statement that the Contractor, after conducting a diligent search, does not 13 possess or control any of the requested records. The Contractor shall cooperate with the County 14 with respect to any County demand for such records. If the Contractor wishes to assert that any 15 specific record or data is exempt from disclosure under the CPRA or other applicable law, it must 16 deliver the record or data to the County and assert the exemption by citation to specific legal 17 authority within the written statement that it provides to the County under this section. The 18 Contractor's assertion of any exemption from disclosure is not binding on the County, but the 19 County will give at least 10 days' advance written notice to the Contractor before disclosing any 20 record subject to the Contractor's assertion of exemption from disclosure. The Contractor shall 21 indemnify the County for any court-ordered award of costs or attorney's fees under the CPRA that 22 results from the Contractor's delay, claim of exemption, failure to produce any such records, or 23 failure to cooperate with the County with respect to any County demand for any such records. 24 Article 11 25 Disclosure of Self-Dealing Transactions 26 11.1 Applicability. This Article 11 applies if the Contractor is operating as a corporation, or 27 changes its status to operate as a corporation. 28 9 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 11.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 2 self-dealing transaction, he or she shall disclose the transaction by completing and signing a "Self- 3 Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to the 4 County before commencing the transaction or immediately after. 5 11.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 6 a party and in which one or more of its directors, as an individual, has a material financial interest. 7 Article 12 8 General Terms 9 12.1 Modification. Except as provided in Article 6, "Termination and Suspension," this 10 Agreement may not be modified, and no waiver is effective, except by written agreement signed 11 by both parties. The Contractor acknowledges that County employees have no authority to modify 12 this Agreement except as expressly provided in this Agreement. 13 12.2 Non-Assignment. Neither party may assign its rights or delegate its obligations under 14 this Agreement without the prior written consent of the other party. 15 12.3 Governing Law. The laws of the State of California govern all matters arising from or 16 related to this Agreement. 17 12.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno County, 18 California. Contractor consents to California jurisdiction for actions arising from or related to this 19 Agreement, and, subject to the Government Claims Act, all such actions must be brought and 20 maintained in Fresno County. 21 12.5 Construction. The final form of this Agreement is the result of the parties' combined 22 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be ambiguous, 23 that ambiguity shall not be resolved by construing the terms of this Agreement against either party. 24 12.6 Days. Unless otherwise specified, "days" means calendar days. 25 12.7 Headings. The headings and section titles in this Agreement are for convenience only 26 and are not part of this Agreement. 27 12.8 Severability. If anything in this Agreement is found by a court of competent jurisdiction 28 to be unlawful or otherwise unenforceable, the balance of this Agreement remains in effect, and 10 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 the parties shall make best efforts to replace the unlawful or unenforceable part of this Agreement 2 with lawful and enforceable terms intended to accomplish the parties' original intent. 3 12.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall 4 not unlawfully discriminate against any employee or applicant for employment, or recipient of 5 services, because of race, religious creed, color, national origin, ancestry, physical disability, 6 mental disability, medical condition, genetic information, marital status, sex, gender, gender 7 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 8 all applicable State of California and federal statutes and regulation. 9 12.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 10 of the Contractor under this Agreement on any one or more occasions is not a waiver of 11 performance of any continuing or other obligation of the Contractor and does not prohibit 12 enforcement by the County of any obligation on any other occasion. 13 12.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 14 between the Contractor and the County with respect to the subject matter of this Agreement, and 15 it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 16 publications, and understandings of any nature unless those things are expressly included in this 17 Agreement. If there is any inconsistency between the terms of this Agreement without its exhibits 18 and the terms of the exhibits, then the inconsistency will be resolved by giving precedence first to 19 the terms of this Agreement without its exhibits, and then to the terms of the exhibits. 20 12.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to create 21 any rights or obligations for any person or entity except for the parties. 22 12.13 Authorized Signature. The Contractor represents and warrants to the County that: 23 (A) The Contractor is duly authorized and empowered to sign and perform its 24 obligations under this Agreement. 25 (B) The individual signing this Agreement on behalf of the Contractor is duly authorized 26 to do so and his or her signature on this Agreement legally binds the Contractor to the terms of 27 this Agreement. 28 11 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 1 12.14 Electronic Signatures. The parties agree that this Agreement may be executed by 2 electronic signature as provided in this section. 3 (A) An "electronic signature" means any symbol or process intended by an individual 4 signing this Agreement to represent their signature, including but not limited to (1) a digital 5 signature; (2)a faxed version of an original handwritten signature; or(3)an electronically scanned 6 and transmitted (for example by PDF document) version of an original handwritten signature. 7 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 8 equivalent to a valid original handwritten signature of the person signing this Agreement for all 9 purposes, including but not limited to evidentiary proof in any administrative orjudicial proceeding, 10 and (2) has the same force and effect as the valid original handwritten signature of that person. 11 (C) The provisions of this section satisfy the requirements of Civil Code section 1633.5, 12 subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, Part 2, Title 2.5, 13 beginning with section 1633.1). 14 (D) Each party using a digital signature represents that it has undertaken and satisfied 15 the requirements of Government Code section 16.5, subdivision (a), paragraphs (1) through (5), 16 and agrees that each other party may rely upon that representation. 17 (E) This Agreement is not conditioned upon the parties conducting the transactions 18 under it by electronic means and either party may sign this Agreement with an original handwritten 19 signature. 20 12.15 Counterparts. This Agreement may be signed in counterparts, each of which is an 21 original, and all of which together constitute this Agreement. 22 [SIGNATURE PAGE FOLLOWS] 23 24 25 26 27 28 12 ii Docusign Envelope ID:BCD4865A-OAFE-4282-8836-C2F574F95955 1 The parties are signing this Agreement on the date stated in the introductory clause. 2 NORTHWEST CAPITAL MANAGEMENT, COUNTY OF FRESNO 3 INC. 4 Signed by: 5 . `n Name: Julie Pine Ernest Buddy MencWs, Chairman of the Board 6 Title: Chief Legal & Administrative Officer & of Supervisors of the County of Fresno Corporate Secretary 7 Attest: 1 Centerpointe Drive, Suite 115 Bernice E. Seidel 8 Lake Oswego, OR 97035 Clerk of the Board of Supervisors County of Fresno, State of California 9 10 By: Deput 11 For accounting use only: 12 Org No.: 89250200 13 Account No.: 7295 14 Fund No.: 1060 15 Subclass No.: 10000 16 17 18 19 20 21 22 23 24 25 26 27 28 13 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit A 1 Scope of Services 2 The Contractor shall provide to the County and the Plans all services described in this Exhibit A. 3 Al. Investment Policy Statement. 4 (1) Develop and regularly assess the appropriateness of investment benchmarks, 5 data points, and content in the Investment Policy Statement (IPS). 6 A2. Investment Monitoring. 7 (1) Prepare quarterly investment due diligence reports on the performance of 8 investments, including the Stable Value Fund, against IPS benchmarks, with an executive 9 summary for each fund. 10 (2) Provide an overview of market conditions and performance, including, but not 11 limited to the following markets: domestic and international stocks, bonds, and cash equivalents. 12 (3) Provide investment performance analysis with performance attribution due to 13 changes in firm organization, key personnel, fund management process/style, investment 14 guidelines, etc. 15 (4) Advise the DCMC and staff on industry trends, new investment products, and 16 methods of offering investment products. 17 A3. Investment Selection. 18 (1) Make recommendations to the DCMC regarding investments that warrant 19 placement on the Watch List due to underperformance, manager changes, etc. 20 (2) Conduct fund searches and recommend replacement and/or new options in 21 compliance with the IPS. 22 (3) Work with record-keeper to ensure that DCMC-approved investment lineup 23 changes are implemented as soon as administratively practicable. 24 A4. Quarterly Reporting and DCMC Meeting Attendance. 25 (1) Provide quarterly reports to staff for review in advance of Brown Act notice 26 deadlines. 27 (2) Attend quarterly DCMC meetings (and special DCMC meetings, if necessary), to 28 present reports and make recommendations. A-1 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit A 1 A5. Fiduciary Support and Plan Governance. 2 (1) Accept fiduciary responsibility for services performed, pursuant to ERISA §3(21). 3 (2) Provide regular fiduciary training and guidance for DCMC members, including, but 4 not limited to fiduciary duties & responsibilities, industry developments, and best practices. 5 (3) Assist in developing or updating plan governance documents, such as plan 6 documents, bylaws, etc. 7 (4) Assist the Plans' in complying with applicable IRS regulations, California law, and 8 ERISA provisions by notifying the DCMC and staff of changes in laws, regulations, and industry 9 best practices. 10 A6. Participant Enrollment, Contribution, and Education Objectives. 11 (1) Assist in the development and implementation of participant enrollment, 12 contribution, investment allocation, and education objectives, including communication strategy 13 and materials. 14 (2) Prepare a report for the DCMC, no less than annually, evaluating the progress of 15 participant enrollment, contribution, investment allocation, and education objectives. 16 (3) Recommend third-party providers of education services, tools, software, etc. 17 AT Vendor Performance Monitoring. 18 (1) Assist the DCMC and staff with enforcing the terms of the record-keeping services 19 agreement, including, but not limited to: determining whether record-keeping services, vendor 20 staff performance, and participant education services meet or exceed the terms of the agreement 21 and addressing service and/or performance problems directly with the record-keeper. 22 (2) Assist the DCMC and staff with enforcing the terms of third-party service 23 agreements for participant education or other services. 24 A8. Vendor Procurement. 25 (1) In advance of the RFP process, prepare an industry benchmark report for record- 26 keeping pricing and services. 27 (2) Create an RFP for 457b deferred compensation plan record-keeping services. 28 (3) Create a list of qualified vendors with contact information which the County may A-2 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit A 1 use to distribute the RFP. 2 (4) Evaluate proposals and provide recommendation of finalists with a summary 3 comparison report. 4 (5) Assist with contract negotiation. 5 (6) Oversee all aspects of a record-keeper transition (if necessary) including: 6 a. Attend regular conference calls with County and selected record-keeper 7 b. Enforce progress of established timeline. 8 C. Review and make recommendations regarding participant communication 9 and education materials developed by the selected record-keeper. 10 d. As required, assist the DCMC and County staff in meeting with or making 11 presentations to various Plan stakeholder groups regarding the new record-keeper and the 12 transition process. 13 e. Oversee the migration of the current investment options, investment 14 managers and record-keeping services to the selected service provider. 15 16 17 18 19 20 21 22 23 24 25 26 27 28 A-3 I Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit B 1 Compensation 2 The Contractor will be compensated for performance of its services under this Agreement 3 as provided in this Exhibit B. The Contractor is not entitled to any compensation except as 4 expressly provided in this Exhibit B. 5 B1. Quarterly fee of Twelve Thousand Five Hundred Dollars ($12,500.00)(i.e., Fifty Thousand 6 Dollars ($50,000.00) annualized). 7 B2. In any quarter where the County agrees, in writing, for the Contractor to virtually attend 8 the quarterly Deferred Compensation Management Council meeting, the quarterly fee referenced 9 in Section B1, above, of this Exhibit B will be reduced to Ten Thousand Dollars ($10,000.00). The 10 minimum annual fee payable by the County to the Contractor for the Contractor's virtual 11 attendance at four (4) quarterly Deferred Compensation Management Council meetings will be 12 Forty Thousand Dollars ($40,000.00). 13 B3. A fee of Twenty-Five Thousand Dollars ($25,000.00) for providing the services described 14 in Section A8 of Exhibit A, to this Agreement, titled "Scope of Services," upon request, in writing, 15 by the County to the Contractor. 16 B4. A fee of Two Thousand Five Hundred Dollars ($2,500.00) per meeting for the Contractor's 17 attendance in-person and on-site at each Deferred Compensation Management Council meeting 18 scheduled in addition to the four (4) quarterly Deferred Compensation Management Council 19 meetings scheduled per calendar year, described in Section A4(2) of Exhibit A to this Agreement, 20 titled "Scope of Services," upon request, in writing, by the County to the Contractor. 21 22 23 24 25 26 27 28 B-1 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit C Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a contractor's board of directors ("County Contractor'), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self- dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name,job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the County Contractor has the transaction; and b. The nature of the material financial interest in the County Contractor transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). C-1 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit C (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: C-2 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit D Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability.Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Professional Liability. Professional liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence and an annual aggregate of Three Million Dollars ($3,000,000). If this is a claims-made policy, then (1) the retroactive date must be prior to the date on which services began under this Agreement; (2) the Contractor shall maintain the policy and provide to the County annual evidence of insurance for not less than five years after completion of services under this Agreement; and (3) if the policy is canceled or not renewed, and not replaced with another claims-made policy with a retroactive date prior to the date on which services begin under this Agreement, then the Contractor shall purchase extended reporting coverage on its claims-made policy for a minimum of five years after completion of services under this Agreement. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to— (i) Security Breach, which may (ii) data breach; include Disclosure of Personal (iii) breach of any of the Contractor's Information to an Unauthorized obligations under Exhibit E of this Third Party; Agreement; D-1 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit D (iv) system failure; (xiii) cyber extortion; (v) data recovery; (xiv) extortion related to the Contractor's (vi) failure to timely disclose data obligations under this Agreement breach or Security Breach; regarding electronic information, including Personal Information; (vii) failure to comply with privacy (xv) fraudulent instruction; policy; (viii) payment card liabilities and costs; (xvi) funds transfer fraud; (ix) infringement of intellectual (xvii) telephone fraud; property, including but not limited (xviii)network security; to infringement of copyright, (xix) data breach response costs, including trademark, and trade dress; Security Breach response costs; (x) invasion of privacy, including release (xx) regulatory fines and penalties related of private information; to the Contractor's obligations under (xi) information theft; this Agreement regarding electronic (xii) damage to or destruction or alteration information, including Personal of electronic information; Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or iRRiskManagement a�tresnocountyca.qu , and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. D-2 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit D (iv) The professional liability insurance certificate, if it is a claims-made policy, must also state the retroactive date of the policy, which must be prior to the date on which services began under this Agreement. (v) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (vi) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. D-3 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit D (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. D-4 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security 1. Definitions Capitalized terms used in this Exhibit E have the meanings set forth in this section 1. (A) "Authorized Employees" means the Contractor's employees who have access to Personal Information. (B) "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit E. (C) "Director" means the County's Director of Internal Services/Chief Information Officer or his or her designee. (D) "Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. (E) "Person" means any natural person, corporation, partnership, limited liability company, firm, or association. (F) "Personal Information" means any and all information, including any data, provided, or to which access is provided, to the Contractor by or upon the authorization of the County, under this Agreement, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or (iii) is personal information within the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (G)"Privacy Practices Complaint" means a complaint received by the County relating to the Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit E. (H) "Security Safeguards" means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor (or any Authorized Persons) that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in section 3(C) of this Exhibit E. E-1 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security (1) "Security Breach" means (i) any act or omission that compromises either the security, confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or (ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information. (J) "Use" or any derivative of that word means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. 2. Standard of Care (A) The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information only as permitted in this Agreement. (B) The Contractor acknowledges that Personal Information is deemed to be confidential information of, or owned by, the County (or persons from whom the County receives or has received Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Personal Information remains in the County (or persons from whom the County receives or has received Personal Information) regardless of the Contractor's, or any Authorized Person's, Use of that Personal Information. (C) The Contractor agrees and covenants in favor of the County that the Contractor shall: (i) keep and maintain all Personal Information in strict confidence, using such degree of care under this section 2 as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for the purposes for which the Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit E; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent. (D) Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall (i) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory E-2 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security authorities, or in relation to any legal proceeding, and (ii) promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that the County may have sufficient time to obtain a court order or take any other action the County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. (E) The Contractor shall remain liable to the County for the actions and omissions of any Unauthorized Third Party concerning its Use of such Personal Information as if they were the Contractor's own actions and omissions. 3. Information Security (A) The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and will at all times comply with all applicable federal, state, and local, privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song- Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit or other payment cardholder information, the Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (B) The Contractor covenants, represents and warrants to the County that, as of the effective date of this Agreement, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (C)Without limiting the Contractor's obligations under section 3(A) of this Exhibit E, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Personal Information, (a) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating E-3 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security systems, and software applications with information storage capability; (b) employing adequate controls and data security measures, both internally and externally, to protect (1) the Personal Information from potential loss or misappropriation, or unauthorized Use, and (2) the County's operations from disruption and abuse; (c) having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature always enabled, all of which is subject to express prior written consent of the Director; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher(a) stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or (b)transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); (v) strictly segregating Personal Information from all other information of the Contractor, including any Authorized Person, or anyone with whom the Contractor or any Authorized Person deals so that Personal Information is not commingled with any other types of information; (vi) having a patch management process including installation of all operating system and software vendor security patches; (vii) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (viii) providing appropriate privacy and information security training to Authorized Employees. (D) During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit E. The Contractor shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (E) The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently, Personal Information received from the County, and the County shall have immediate, real time access, at all times, to such backups via a secure, remote access connection provided by the Contractor, through the Internet. (F) The Contractor shall provide the County with the name and contact information for each Authorized Employee (including such Authorized Employee's work shift, and at least one alternate Authorized Employee for each Authorized Employee during such work shift) E-4 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security who shall serve as the County's primary security contact with the Contractor and shall be available to assist the County twenty-four (24) hours per day, seven (7) days per week as a contact in resolving the Contractor's and any Authorized Persons' obligations associated with a Security Breach or a Privacy Practices Complaint. (G)The Contractor shall not knowingly include or authorize any Trojan Horse, back door, time bomb, drop dead device, worm, virus, or other code of any kind that may disable, erase, display any unauthorized message within, or otherwise impair any County computing system, with or without the intent to cause harm. 4. Security Breach Procedures (A) Immediately upon the Contractor's awareness or reasonable belief of a Security Breach, the Contractor shall (i) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-1710 / OIS@fresnocountyca.gov (which telephone number and email address the County may update by providing notice to the Contractor), and (ii) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (B) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to section 4(A) of this Exhibit E, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor's other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, or deemed reasonably necessary by the County, and the Contractor shall provide a written report of the investigation and reporting required to the Director within 30 days after the Contractor's discovery of the Security Breach. (C) County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of that notification, the Contractor shall promptly address such Privacy Practices Complaint, E-5 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security including taking any corrective action under this Exhibit E, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason for that determination. (D) The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred in relation to any litigation or other action described in section 4(E) of this Exhibit E. (E) The Contractor agrees to cooperate, at its sole expense, with the County in any litigation or other action to protect the County's rights relating to Personal Information, including the rights of persons from whom the County receives Personal Information. 5. Oversight of Security Compliance a. The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. b. Upon the County's written request, to confirm the Contractor's compliance with this Exhibit E, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or, upon the County's election, a third party on the County's behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor's physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County's behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit E. c. The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Exhibit E. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the E-6 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security Contractor and such Authorized Persons, or amending any written agreements to provide same. 6. Return or Destruction of Personal Information. Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to, promptly return to the County all Personal Information, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Personal Information, and certify in writing to the County that such Personal Information have been returned to the County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Personal Information, as provided in this Exhibit E, such certification shall state the date, time, and manner (including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Personal Information and copies of Personal Information. If return or disposal of such Personal Information or copies of Personal Information is not lawful for the Contractor, including if certain Personal Information must be maintained by the Contractor for retention periods specified under the Securities and Exchange Commission's rules and regulations of the Investment Advisors Act of 1940, the Contractor shall notify the County accordingly, specifying the reason, and continue to extend the protections of this Exhibit E to all such Personal Information and copies of Personal Information, until the Contractor is authorized by applicable law or regulatory requirement to promptly return or securely destroy such Personal Information and copies of Personal Information, in which case the Contractor shall return or securely destroy such Personal Information and copies of Personal Information under this Section 6. The Contractor shall not retain any copy of any Personal Information after returning or disposing of Personal Information as required by this section 6. The Contractor's obligations under this section 6 survive the termination of this Agreement and apply to all Personal Information that the Contractor retains if return or disposal is not lawful for the Contractor, including if the Contractor is required to maintain certain Personal Information for retention periods specified under the Security and Exchanges Commission's rules and regulations of the Investment Advisors Act of 1940,and to all Personal Information that the Contractor may later discover. 7. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit E may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. 8. Indemnity. The Contractor shall defend, indemnify and hold harmless the County, its officers, employees, and agents, (each, a "County Indemnitee")from and against any and all infringement of intellectual property including, but not limited to infringement of copyright, trademark, and trade dress, invasion of privacy, information theft, and extortion, unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any E-7 Docusign Envelope ID: BCD4865A-OAFE-4282-8836-C2F574F95955 Exhibit E Data Security corruption of or damage to, Personal Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, fines and penalties (including regulatory fines and penalties), costs or expenses of whatever kind, including attorneys' fees and costs, the cost of enforcing any right to indemnification or defense under this Exhibit E and the cost of pursuing any insurance providers, arising out of or resulting from any third party claim or action against any County Indemnitee in relation to the Contractor's, its officers, employees, or agents, or any Authorized Employee's or Authorized Person's, performance or failure to perform under this Exhibit E or arising out of or resulting from the Contractor's failure to comply with any of its obligations under this section 8. The provisions of this section 8 do not apply to the acts or omissions of the County. The provisions of this section 8 are cumulative to any other obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnitee under this Agreement. The provisions of this section 8 shall survive the termination of this Agreement. 9. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit E shall survive the termination of this Agreement. 10. No Third Party Beneficiary. Nothing express or implied in the provisions of in this Exhibit E is intended to confer, nor shall anything in this Exhibit E confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 11. No County Warranty. The County does not make any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor (or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. E-8 d docusign. Certificate Of Completion Envelope Id: BCD4865A-OAFE-4282-8836-C2F574F95955 Status:Completed Subject: Please sign:CLEAN_Final Agreement with NWCM_2025.11.21 Source Envelope: Document Pages:31 Signatures: 1 Envelope Originator: Certificate Pages:5 Initials:0 Christina Heller AutoNav: Enabled 14600 Branch Street Envelopeld Stamping: Enabled Omaha, NE 68154 Time Zone:(UTC-06:00)Central Time(US&Canada) cheller@carsongroup.com I Address:20.81.168.101 Record Tracking Status:Original Holder:Christina Heller Location: DocuSign 11/21/2025 4:19:32 PM cheller@carsongroup.com Signer Events Signature Timestamp Signed by: Julie Pine I Sent: 11/21/20254:22:25 PM jpine@carsongroup.com IA�A1,, PhAl, Viewed: 11/21/2025 4:35:23 PM Chief Legal Officer essoece7'e7cB4Dz Signed: 11/21/2025 4:35:27 PM Carson Group Holdings, LLC Security Level: Email,Account Authentication Signature Adoption: Pre-selected Style (None) Using IP Address: 104.55.78.76 Signed using mobile Electronic Record and Signature Disclosure: Accepted: 11/21/2025 4:35:23 PM ID:b09ddbd9-a34b-4b9e-81d8-10c03017b012 In Person Signer Events Signature Timestamp Editor Delivery Events Status Timestamp Agent Delivery Events Status Timestamp Intermediary Delivery Events Status Timestamp Certified Delivery Events Status Timestamp Carbon Copy Events Status Timestamp Brent Petty COPIED Sent: 11/21/2025 4:35:29 PM brentp@nwcm.com Managing Director NORTHWEST CAPITAL MANAGEMENT, INC. Security Level: Email,Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via Docusign Valerie Haley COPIED Sent: 11/21/2025 4:35:29 PM valerieh@nwcm.com Viewed: 11/21/2025 4:36:15 PM Security Level: Email,Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via Docusign Jamie Carroll COPIED Sent: 11/21/2025 4:35:30 PM jcarroll@carsonwealth.com Security Level: Email,Account Authentication (None) Carbon Copy Events Status Timestamp Electronic Record and Signature Disclosure: Not Offered via Docusign Witness Events Signature Timestamp Notary Events Signature Timestamp Envelope Summary Events Status Timestamps Envelope Sent Hashed/Encrypted 11/21/2025 4:22:26 PM Certified Delivered Security Checked 11/21/2025 4:35:23 PM Signing Complete Security Checked 11/21/2025 4:35:27 PM Completed Security Checked 11/21/2025 4:35:30 PM Payment Events Status Timestamps Electronic Record and Signature Disclosure Electronic Record and Signature Disclosure created on: 1/26/2024 10:51:57 AM Parties agreed to:Julie Pine CONSENT TO ELECTRONIC RECEIPT OF ELECTRONIC DOCUMENTS AND SIGNATURES CWM, LLC ("we" or "us") or("Custodian")may be required to provide to you certain written notices or disclosures as part of the forms and agreements associated with doing business with us or Custodian. We are independent of and not owned, affiliated with or supervised by the Custodian. If the form or agreement presented is our document, such as a disclosure brochure or investment advisory agreement, then this Consent is between you and us. If the form or agreement presented is a Custodian document, such as an account application agreement, then this Consent is between you and the Custodian. We are your agent who chooses which electronic documents to send you for review and electronic signature. This is the case whether those documents are our forms or Custodian forms. You agree to immediately notify us if you receive any electronic document or information that appears to be in error or not intended for you. Described below are the terms and conditions for providing to you such notices and disclosures electronically for your signature through DocuSign, Inc. Please read the information below carefully and thoroughly, and if you can access this information electronically to your satisfaction and agree to these terms and conditions, please confirm your agreement by clicking the 'I agree'button at the bottom of this document. If you want to use electronic documents and signatures, then you must consent and agree to the terms and conditions relating to the system and process that we and the Custodian will use, as set forth below. By checking the "I agree" button below, you will be giving your informed consent and agreement to use the electronic documents and signature system described below to electronically receive, review, and electronically sign paperless documents sent to you in electronic envelopes. You will be agreeing to be bound by any documents you electronically sign the same as if you had received a paper copy of the document and signed it by hand with an ink pen. Getting paper copies At any time, you may request from us a paper copy of any record provided or made available electronically to you from us or Custodian by contacting us. We may always, in our sole discretion,provide you with any document on paper, even if you have authorized electronic delivery. Withdrawing your consent We and the Custodian will ask you for this Consent each time you are given an envelope of electronic documents. Once you give your Consent for an envelope, you cannot withdraw it for that envelope. You can, however, choose not to give your consent in the future when you are presented with subsequent envelopes. If you do this, you will be unable to proceed electronically, and you may be required to use paper documents and signatures. If you give your Consent for an envelope, although you may not withdraw it, you can still choose not to electronically sign any or all electronic documents in that envelope. Once you electronically sign a particular document, you cannot withdraw the Consent and Agreement for that document,but you can choose to not electronically sign any other documents included in the same envelope. In addition, before you complete an electronic signature of a document, you may cancel and exit the electronic signing process before clicking the 'Confirm Signing' (or other similarly titled button) and closing your browser. How to Update Your Email Address Please contact us directly if you need to update your email address where we should send notices and disclosures electronically to you. Minimum required hardware and software Operating Systems: Windows 7, Mac OS X, Mac iOS 11 Browsers for SENDERS: Internet Explorer I I Browsers for SIGNERS: Internet Explorer 11, Google Chrome 65, Safari 11, Firefox Standard 59, Firefox Extended 52 Email: Access to a valid email account Screen Resolution: 800 x 600 minimum 1024 x 768 recommended Enabled Security Settings: Allow per session cookies Users accessing the internet behind a Proxy Server must enable HTTP 1.1 settings via proxy connection These minimum requirements are subject to change. If these requirements change, you will be asked to re-accept the disclosure. Pre-release (e.g. beta) versions of operating systems and browsers are not supported. Your use of the DocuSign system is subject to DocuSign's Terms of Use available at www.docusign.com/company/terms-of-use. We, the Custodian, and DocuSign are not affiliated with each other. Neither we nor the Custodian is responsible for the DocuSign system, and each disclaims any representations and all warranties regarding the DocuSign system. Your use of the DocuSign system is entirely your choice and solely your responsibility. Security and Privacy Information In accessing electronic documents and electronically signing them, you should use a computer operating system that has a firewall (software that is designed to prevent unauthorized access to your computer by blocking suspicious people or websites) and that it is turned on and up-to-date. You should also make sure that your computer has anti-virus software that it is turned on and that your subscription is current. Emails sending you links to envelopes with electronic documents for electronic signature are not encrypted (unless the email expressly says that it is encrypted); but the contents of the envelopes are protected. For security and confidentiality,unencrypted emails will not include your name, full account number, or any other personal identifier. Be aware, however, that some email addresses may use part or all of your name. If you use a work email address, your employer or other employees may have access to your email. As with any form of communication, there is a risk of misdelivery or interception. DocuSign has agreed with us to safeguard the security and privacy of all confidential customer information. DocuSign's privacy policy applies to your use of the DocuSign system. In addition, our privacy policy applies to information we receive from you as part of the electronic signature process. Links or references to where you can view ours and Custodian's respective privacy policies may be contained in the email notifying you of the documents on which your electronic signature is requested or the documents themselves. You may also contact us to be directed to our and/or Custodian's privacy policy. Acknowledging your access and consent to receive and sign documents electronically By checking the 'I Agree'box, I confirm that: • I can access and read this Electronic CONSENT TO ELECTRONIC RECEIPT OF ELECTRONIC DOCUMENTS AND SIGNATURES document; and • I can print on paper the disclosure or save or send the disclosure to a place where I can print it, for future reference and access; and • I will not contest the validity or enforceability of any electronic document I receive or electronically sign because the document and my signature are in electronic form; and • Until or unless I notify my Advisor as described above, I consent to sign exclusively through electronic means and to receive exclusively through electronic means all notices, disclosures, authorizations, acknowledgements, and other documents that are required to be provided or made available to me.