Exhibit 10.1

Confidential Treatment Requested

FOURTH AMENDMENT TO

TECHNOLOGY AND SERVICES AGREEMENT

This FOURTH AMENDMENT TO TECHNOLOGY AND SERVICES AGREEMENT (“Fourth Amendment”)
is made by and between FMR LLC (“FMR”) and Envestnet, Inc., formerly known as
Envestnet Asset Management Group, Inc., (“Envestnet”) as of December 31, 2011
(the “Fourth Amendment Effective Date”). Reference is made to a certain
Technology and Services Agreement dated as of March 31, 2008 by and between FMR
and Envestnet (the “Technology and Services Agreement”), as amended by (a) the
First Amendment to Technology and Services Agreement dated as of June 26, 2008
(the “First Amendment”); (b) the Second Amendment to Technology and Services
Agreement dated as of May 5, 2009 (the “Second Amendment”) and (c) the Third
Amendment to Technology and Services Agreement dated as of November 16, 2009
(the “Third Amendment”; the Third Amendment, together with the First Amendment,
Second Amendment and the Technology and Services Agreement, the “Agreement”).
Capitalized terms not otherwise defined in this Fourth Amendment shall have the
meanings ascribed to such terms in the Agreement.

WHEREAS, the Parties wish to amend certain terms to the Agreement in order
reflect the parties current understanding with respect to the Services and FMR’s
rights with respect to the Software and Documentation.

NOW, THEREFORE, in consideration of the premises and the mutual promises and
covenants contained herein, and for other good and valuable consideration, the
receipt and sufficiency of which are hereby acknowledged, the Parties, intending
to be legally bound, agree as follows:

 

1. Payment Allocation Schedule.

Exhibit F to the Agreement, as initially referenced in Section 1(a), is hereby
deleted in its entirety and replaced with the new Exhibit F attached to this
Fourth Amendment.

 

2. Hosting, Operational, Maintenance and Repair Standards.

Exhibit B to the Agreement, as initially referenced in Section 1(b), is hereby
deleted in its entirety and replaced with the new Exhibit B attached to this
Fourth Amendment.

 

3. Definition of Software.

The fifth and sixth sentences of the second paragraph of Section 2(a) (such
second paragraph commencing immediately following Section 2(a)(iv)) are hereby
deleted in their entirety and replaced with the following:

“The Software includes, but is not limited to, the business dashboard, the
manager console, the platform configurator, the training environment, the
investment manager database, the product database, the portfolio modeling &
analysis system, the trade order entry and tracking system, the private label
proposal generation system, the performance reporting system, the account
administration workflow system, the service request initiation/tracking system,
the portfolio accounting system, the billing system, financial planning tools,
trust planning or administration tools, the Software QA test suite, the data
aggregation, data management and data reconciliation systems and infrastructure
used to support these functions and Fidelity customizations including full
integration into Streetscape, WealthCentral, AdvisorChannel, the platform
commonly referred to as PI Rep Workstation and any successor platforms, and any
related functionality, regardless of the electronic means of communication used
for the delivery of such technology (such as the Internet, computer networks,
telephone or telecommunications networks, cable television systems, web-based
interactive TV, satellites, wireless devices and broadcast, or

 

1



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

other mode of broadcast or transmission now known or subsequently developed).
The Parties acknowledge that the foregoing list is an itemization of current,
future or possible developments and may not represent Envestnet’s current
Software and does not create an obligation on Envestnet to develop such
Software.

 

4. Security Requirements.

Exhibit E of the Agreement, as initially referenced in Section 2(h), is hereby
deleted in its entirety and replaced with the new Exhibit E attached to this
Fourth Amendment.

 

5. Updates, Enhancements and Maintenance.

(a) Section 2(d)(i) and (ii) are hereby deleted in their entirety and replaced
with the following:

“(i) Envestnet shall provide to Fidelity, in both Source Code and Object Code
form, all Software Updates and all Documentation Updates developed or acquired
by Envestnet during the Support Period, as defined in this Section. For purposes
of this Agreement, “Support Period” shall mean any period during which Fidelity,
in its sole election, (1) purchases Technology Services (as defined in Exhibit
A) for the corresponding fees described in Exhibit F; (2) provides internal
Hosting Services with respect to the Software and pays Envestnet the maintenance
fee (the “Maintenance Fee”), as more particularly described and defined in
Exhibit F; or (3) pays Envestnet the Maintenance Fee during such time as (A) the
parties continue to operate under the Existing Agreements or any successor
agreement and (B) (1) the parties have transitioned advisory responsibilities as
contemplated under Section 1(c) with respect to one or more Clients and
(2) Fidelity continues to make the then-applicable payments to Envestnet under
Exhibit F. At such time as Fidelity elects to pay the Maintenance Fee as
provided under Section 2(d)(i)(3), Envestnet’s obligation under this Section
shall be limited to the delivery of the Software Updates and corresponding
Documentation Updates to Fidelity, and Fidelity shall be responsible for
integrating such Software Updates with Fidelity’s version of the Software. If
Fidelity transitions responsibilities as contemplated under Section 1(c) and is
making payments of the Platform Service Fees to Envestnet under Exhibit F while
simultaneously operating under any of the Existing Agreements or any successor
agreement as provided under Section 2(d)(i)(3), the aggregate amount of the fees
paid for all Software Updates and all Documentation Updates shall not exceed the
amount of the then applicable Maintenance Fee. Envestnet shall deliver the
Software Updates and Documentation Updates available to Fidelity in accordance
with the release process described in Exhibit A and at the same time as such
Software Updates or Documentation Updates are implemented by Envestnet on or for
its own proprietary software platform or otherwise made available to any other
customer of Envestnet provided, however, at such time as Fidelity is providing
Hosting Services with respect to the Software, Fidelity shall be solely
responsible for the timing of making such Software Updates available to its
Clients.

(ii) During the Support Period, Envestnet shall correct all Software bugs and
systems errors reported to Envestnet by Fidelity in accordance with the
standards set forth in Exhibit B. Software Updates containing error corrections
or bug fixes shall be furnished to Fidelity in accordance with Exhibit B.”

 

2



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

(b) Section 2(d)(v) is hereby deleted in its entirety and replaced with the
following:

“(v) Technology Services shall be provided by Envestnet so long as Fidelity pays
to Envestnet the corresponding payments for such Technology Services as
described in Exhibit F. Envestnet’s maintenance and support obligations shall
continue even if Envestnet is not providing Platform Services to Fidelity, so
long as Envestnet is continuing to provide similar maintenance services to any
other customer, or is still running the Software in production mode, and
Fidelity has paid the applicable Maintenance Fee and wishes to continue to
receive such maintenance services.”

 

6. Exclusivity.

The first sentence of Section 2(e)(ii) is hereby deleted in its entirety and
replaced with the following:

“Envestnet agrees that [***], Envestnet shall not develop for [***] the firms
listed in Schedule 1, as amended by mutual agreement of the parties from time to
time [***], the services listed in Schedule 2, as amended by mutual agreement of
the parties from time to time. For purposes of this Agreement, Fidelity’s use of
Envestnet as a “major service provider” shall mean such time as (A) Fidelity is
paying Envestnet at least 75% of the Full Platform Fee, as specified in Exhibit
F, for all Platform Services excluding Sales Support services; or (B) Fidelity
operates as described in Section 2(d)(i)(3).”

 

7. Term and Termination.

Section 4(d) of the Agreement is hereby amended by inserting the following
clause immediately following the last sentence of the Section:

“If Fidelity so elects to postpone the expiration or termination of this
Agreement, upon Fidelity’s written request to Envestnet, Envestnet shall
cooperate with Fidelity during the applicable transition period in effecting the
orderly transfer of Platform Services to Fidelity or a third party designated by
Fidelity as contemplated by this Agreement. Such transition assistance shall
include, without limitation, at no additional charge to Fidelity, Envestnet
shall host up to four (4) Fidelity developers for up to ninety
(90) non-consecutive calendar days over a maximum period of two hundred and
seventy days (270) days at Envestnet’s offices in Sunnyvale, California, or such
other appropriate location as may be agreed upon by the parties, for an
additional Developer Hosting Period consistent with and otherwise in accordance
with the terms of Section 2(c)(i).”

 

8. Platform Services Fees.

The second paragraph of Section 5(a) is hereby deleted in its entirety and
replaced with the following:

“To the extent that there is no basis point fee schedule for a sub-category, the
Parties agree to set a basis point fee schedule for the sub-category based on
the same expense and profit margin methodology that was utilized by the Parties
in arriving at the Platform Service Fee structure set forth herein. During the
Term of this Agreement and provided any Fidelity Company is purchasing Platform
Services from Envestnet, Envestnet represents that it will not provide the
Platform Services to any of its other clients at prices or fees lower than fees
or with more favorable terms than provided for under this Agreement. Envestnet
further agrees that Fidelity will be treated as a “Most Favored Customer” in
terms of overall relationship pricing, such that the prices or fees will be the
lowest overall relationship pricing offered to clients by Envestnet purchasing
substantially the same set of Platform Services. The parties agree that, for the
purposes of

 

3



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

interpreting the foregoing, the parties shall consider, in good faith and by way
of example and not as a limitation of the relevant factors, volumes, business
mix, industry affiliations, and significant revenue differentials in determining
whether terms offered to a client are more favorable than those extended to
Fidelity at such time. If, during the Term of this Agreement, Envestnet offers
arrangements with more favorable prices or terms to any other customer for the
Platform Services, Envestnet shall, at the same time, extend such arrangement
(i.e., combining pricing and associated terms) to Fidelity and Fidelity may
elect to avail itself of such arrangement or retain the current pricing and
associated terms as provided for in this Agreement.”

 

9. Confidentiality.

Section 8(e) of the Agreement is hereby deleted in its entirety and replaced
with the following:

“Each Party acknowledges that as a financial institution, the other Party may be
subject to certain laws and regulations regarding the privacy and protection of
any Personal Information (as defined in Section 9 below), and that any receipt
or use of such Personal Information by either Party may also be subject to
compliance with such laws and regulations. Notwithstanding the provisions of
Sections 8(a) and 8(b) above, information that represents Personal Information
of a Client, any personnel of an Intermediary or any personnel of Fidelity shall
always be considered to be Confidential Information of Fidelity. If and to the
extent Envestnet receives, stores, maintains, processes or otherwise has access
to Personal Information related to a Client, an Intermediary or Fidelity,
regardless of whether such access is pursuant to or in conjunction with the
provision of services under the terms of this Agreement or the Existing
Agreements, Envestnet will (i) comply with all laws, rules and regulations
applicable to such activities, and (ii) implement and maintain appropriate
security measures to protect such Personal Information consistent with all
applicable laws, rules and regulations, including without limitation, the
“Standards for The Protection of Personal Information of Residents of the
Commonwealth” as issued by the Massachusetts Office of Consumer Affairs and
Business Regulation Standards. In addition, Envestnet will comply with all of
FMR’s standards, procedures, and guidelines for service providers that relate to
privacy, information protection, and data and systems security for which
Envestnet has been provided a copy of such standard, procedure or guideline
(collectively, the “FMR Service Provider Data Security Standards”). All costs
incurred by Envestnet associated with establishing and maintaining the
requirements set forth in Exhibit E or FMR Service Provider Data Security
Standards shall be the responsibility of Envestnet. However, in the event
Envestnet has to bear material additional costs to comply with any amendment to
the requirements set forth in Exhibit E or FMR Service Provider Data Security
Standards, the parties shall meet to discuss in good faith the situation. The
discussions will allow Fidelity to explain the amended requirement to Envestnet,
for Envestnet to raise any concerns Envestnet may have with complying with the
amended requirement and for the parties to discuss whether Fidelity should
reimburse Envestnet for all or a portion of such costs other than those to be
incurred in connection with any data security requirements mandated by
applicable law or regulation or generally adopted by the financial services
industry. If the parties agree that Fidelity shall reimburse Envestnet for all
or a portion of such costs, such agreement will be documented in a written
document (such as an amendment to this Agreement) signed by the parties.”

 

4



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

10. Miscellaneous.

This Fourth Amendment may be executed in two or more counterparts, each of which
shall be deemed an original but all of which together shall constitute one and
the same agreement. Except as specifically amended by this Fourth Amendment, the
Agreement shall continue unchanged and in full force and effect according to its
terms. This Fourth Amendment may not be altered, amended, or modified except by
a written instrument signed by an authorized representative of each Party.

[Remainder of this page intentionally left blank.]

 

5



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

IN WITNESS WHEREOF, the Parties hereto have caused this Fourth Amendment to be
duly executed and effective as of the Fourth Amendment Effective Date.

 

ENVESTNET, INC.     By:   /s/ Judson Bergman     Date:     Name:   Judson
Bergman       Title:   CEO       FMR LLC     By:   /s/ Michael Fox     Date:  
January 5, 2012 Name:   Michael Fox       Title:   Executive Vice President    
 

 

6



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Schedule 1

Competitors

 

1. [***                                          
                                         
                                         
                                              ]

 

2. [***                                          
                                         
                                         
                                              ]

 

3. [***                                          
                                         
                                         
                                              ]

 

4. [***                                          
                                         
                                         
                                              ]*

*the parties acknowledge that Envestnet is able to service the [***
                            ] of [***                    ].

 

5. [***                                          
                                         
                                         
                                              ]*

* the parties acknowledge that Envestnet services the [***
                            ] for [***                                 ].

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

7



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Schedule 2

Envestnet shall not develop [***                                          
                               ] substantially similar to that described herein
or in the Existing Agreements. For illustrative purposes only, and without in
any way limiting the provisions of this Schedule 2 or Section 2(e)(ii), [***
                                                         ]:

[***                                                                
                                         
                                         
                                                    
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 ]

At Envestnet’s request, Fidelity will in good faith consider exceptions to this
prohibition to providing services and/or products to Competitors, taking into
account the anticipated relative short-term and long-term effects on the
Parties.

Notwithstanding the foregoing, Envestnet shall not be deemed to be in breach of
Section 2(e)(ii) with respect to (1) any services or platforms provided to, or
developed or in development for, a Competitor pursuant to any agreement with
such Competitor executed prior to the effective date of the FBS Agreement, (2)
the implementation of code or Software acquired by Envestnet, or (3) the
provision of products and/or services to directly to Competitors’ customers
(e.g., broker/dealer correspondents or registered investment advisors),
including the creation of customizations for the integration of Envestnet’s
platform with such customer’s platform.

In addition, nothing in this Agreement shall prevent Envestnet from allowing a
Competitor to provide custody and brokerage services to clients, including
independent broker/dealers or registered investment advisors of Envestnet’s
other clients provided that such Competitor is not directly selling Envestnet
services to such clients.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

8



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

EXHIBIT B

EXHIBIT B: HOSTING, OPERATIONAL, MAINTENANCE AND REPAIR STANDARDS

This Hosting, Operational, Maintenance and Repair Standards Service Level
Agreement (“SLA”) sets forth certain procedural guidelines and expectations
regarding the provision of the Services. This document will provide information
on the roles and responsibilities of all of the parties involved, assuming
general expectations are available and working. The SLA is separated into two
general categories: (1) Hosting and Technology Service Levels; and
(2) Operational Service Levels. In the event of a conflict between this SLA and
the Agreement, the terms and conditions of the Agreement shall govern. All
material changes shall be mutually agreed to in writing by the parties.

The SLA shall apply to the Services regardless of whether the parties are
operating pursuant to the Existing Agreements, the Agreement or any successor
agreement. In the event a [***] (as defined in Section 1.B(4) below) is due
Fidelity and Envestnet is providing services primarily under the Existing
Agreements, the [***] may be applied against any amounts due to Envestnet
pursuant to the Existing Agreements or the Agreement, which allocation may be at
Fidelity’s election. If no such amounts are due, Fidelity may request payment of
the [***], which Envestnet agrees to pay within thirty (30) days of such
request.

 

1. HOSTING AND TECHNOLOGY SERVICE LEVELS

In calculating Envestnet’s conformance with the Hosting and Technology Service
Levels, Envestnet will be excused from meeting a Hosting and Technology Service
Level in circumstances that constitute a Force Majeure event.

 

A. GENERAL.

1. Envestnet shall host and operate the Software on Envestnet’s computer
hardware physically situated at a “Tier 4” co-location facility operated and
maintained by duly qualified co-location provider meeting commercially
reasonable standards for such facilities (the “Co-location Provider”), which
Co-location Provider is currently Centurylink, Inc. (f/k/a Qwest), located in
Illinois and Denver. Envestnet shall set up and maintain a sufficient number of
computer servers as is required for the Software to meet the performance
specifications and service levels set forth in this Exhibit.

2. Envestnet shall not subcontract, outsource or delegate to any third party any
aspect of Envestnet’s hosting, operation and maintenance of the Software
(including, without limitation, customer support for users of the Software).
Notwithstanding the foregoing, Envestnet may maintain its current co-location
arrangement, and Envestnet may not change Co-location Providers or the location
of its production environment, without, in each case, the prior written notice
of Fidelity.

 

B. OPERATIONAL STANDARDS AND SERVICE LEVELS.

1. Definitions.

(a) “Business Day” shall mean a day on which the New York Stock Exchange is
scheduled to be open for trading.

(b) “Non-Prime Hours” shall mean collectively (i) during a Business Day, the
time periods from 12:00 am Eastern Time to 7:59 am Eastern Time and from 8:01 pm
Eastern Time to 11:59 pm Eastern Time, and (ii) during any day that is not a
Business Day, the time period from 12:00 am Eastern Time to 11:59 pm Eastern
Time. Non-Prime Hours shall not include any downtime for scheduled maintenance
during the maintenance windows described in Section I below (Systems and
Application Maintenance Overview).

(c) “Prime Hours” shall mean the time period from 8:00 am Eastern Time to 8:00
pm Eastern Time during a Business Day.

 

9



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

2. System Availability.

The target availability for the Software is (i) 98.5% during Prime Hours and
(ii) 98.5% during Non-Prime Hours.

Availability will be monitored by Envestnet, the Co-location Provider or by
another comparable service mutually agreed upon by Envestnet and Fidelity. In
addition, if a transition of the Platform Services has occurred pursuant to
Section 1(c), Fidelity shall have the right to perform the monitoring of the
availability of the Software in lieu of such party or such other comparable
service performing such activity for such Platform Services, provided however
that no such monitoring which requires access behind Envestnet’s firewall shall
occur without Envestnet’s prior written consent. Availability shall be
calculated on a monthly basis (calendar month) for determining whether the
availability targets have been met.

Envestnet will monitor the single log-on transaction request from the
demarcation point at Envestnet to the log-on authorization that is passed back
to Fidelity. The demarcation point for calculating site availability is from the
Envestnet internal network interface at the production facility and includes all
production devices configured on the network. Site availability is not
calculated beyond this point.

3. Response Time.

(a) Average response time shall be calculated on a monthly basis (calendar
month) by Envestnet for determining whether the response time targets have been
met.

(b) Envestnet utilizes a third-party service (currently Keynote Systems, Inc),
to track and rate the download time performance of the Platform Services (the
“System Response Time”). The System Response Time per quarter will be [***] of
the KB40 Index on a quarterly average. The KB(40) Index is computed by measuring
and then averaging the performance of 40 leading websites spread across
different business sectors, to provide an indicator of "typical" Internet
performance for the business user. The foregoing does not include scheduled
maintenance periods.

(c) In addition, if a transition of the Platform Services has occurred pursuant
to Section 1(c) of the Agreement, Fidelity shall have the right to perform the
monitoring of the response time of the Software for such Platform Services in
lieu of Envestnet or a third party performing such activity, subject to
Envestnet’s approval of the methodology of such monitoring. If a transition of
the Platform Services has occurred pursuant to Section 1(c), the parties agree
that the System Response Time measurement shall follow the measurement set forth
below for the provision of such Platform Services:

 

Tasks* Inquiry and Update:

   System  Response
Time
Average Standard
per Month  

Presale process functions

     4 seconds   

Account maintenance functions

     4 seconds   

All HTML reports

     10 seconds   

All PDF reports

     20 seconds   

Model Maintenance Functions

     4 seconds   

Money Manager Profiles

     4 seconds   

 

* Exception during scheduled outages periods

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

10



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

4. Failure to Meet Targets.

(a) For the purposes of this SLA, a “Technology SLA Failure” shall have occurred
if any of the following occur with regard to the Software for any given calendar
month:

(i) the availability of the Software during Prime Hours is less than the target
availability; or

(ii) the average of (1) the availability of the Software during Prime Hours and
(2) the availability of the Software during Non-Prime Hours is less than 98.5%;
or

(iii) the average response time is greater than the target average response time
that has been mutually agreed upon by Envestnet and Fidelity.

On a monthly basis, Envestnet will capture business activity to determine
whether a Technology SLA Failure has occurred.

(b) [***                                         
                                         
                                         
                                                                      ] (as
further defined in a certain letter agreement by and between Fidelity and
Envestnet dated as of the Fourth Amendment Effective Date) assessed for the
month or months of the violation occurring in that quarter.

The total associated monthly percentage of the [***] pursuant to any Hosting and
Technology Service Levels and/or Operational SLA Failures for any individual
quarter is capped at [***] of the Admin Fee for that month.

The [***] pertaining to system availability is calculated as follows:

 

Activity

  

Monthly Metric

   [***]  

System Availability

  

98.5% – 98.0%

98.0% –  96.5%

96.5% – 95.0%

95.0% – 93.5%

Below 93.5%

    


 

 

 

 

[***]


[***]

[***]

[***]

[***]

  


  

  

  

  

System Response Time

   Within [***] of the KB40 Index      [***]   

For the purpose of determining System Availability, unavailability shall include
time that the Software is unavailable to Fidelity or Advisors due to errors that
make the site inoperable. For purposes of determining the [***], System
Availability is measured on a monthly basis.

System unavailability is calculated from the time the system becomes
functionally inoperable until such time that functionality has been restored.

(c) [***                                         
                                         
                                         
                                                                      ] the
parties agree as follows:

(i) [***                                         
                                   ] multiplied by the aggregate net Platform
Services Fee payments charged (or due to be charged) by Envestnet to Fidelity
pursuant to the Agreement (per the fee payment schedule described on Exhibit F
attached hereto) for such calendar quarter. For clarity, the free credit
percentages in this section apply only to the net Platform Services Fees payable
by Fidelity and not the software license component.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

11



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

(ii) Where an SLA Failure that occurred was the result of Envestnet failing to
meet either or both of the targets relating to the availability of the Software,
the [***                                         
                                         
                                                             ] (the “Calendar
Quarter Availability”). For the purposes of the calculation described in the
previous sentence, the availability of the Software for a particular month shall
be the lower of (a) the availability of the Software during Prime Hours for that
month, and (b) the average of (i) the availability of the Software during Prime
Hours for that month, and (ii) the availability of the Software during Non-Prime
Hours for that month. For example, if the availability of the Software during
Prime Hours for each of January, February and March is 97.5%, 92% and 94%
respectively, and the availability of the Software during Non-Prime Hours for
each of January, February and March is 99%, 88% and 96% respectively, then for
the purposes of calculating the [***], the system availability for each of
January, February and March shall be 97.5% (the availability during Prime Hours
for January), 90.0% (the average of the availability during Prime Hours and
Non-Prime Hours during February) and 94.0% (the availability during Prime Hours
for March).

 

Activity

  

Quarterly Metric

   [***]  

System Availability

  

98.5% – 98.0%

98.0% – 96.5%

96.5% – 95.0%

95.0% – 93.5%

Below 93.5%

    


 

 

 

 

[***]


[***]

[***]

[***]

[***]

  


  

  

  

  

[***                                                                
                                         
                                         
                                                    
                                         
                                         
                                         
                                         
                                                 
                                         
                                         
                                         
                                         
                                                 ]

For the purpose of determining System Availability, unavailability shall include
time that the Software is unavailable to Fidelity or Advisors due to errors that
make the site inoperable. For purposes of determining the [***], System
Availability is measured on a monthly basis and [***] are calculated on a
calendar quarter basis.

System unavailability is calculated from the time the system becomes
functionally inoperable until such time that functionality has been restored.

The [***] for the system response time shall be added to the [***] for the
system availability for the purposes of determining the overall Service Level
Credit Percentage to be used in calculating the [***] for a particular calendar
quarter.

Within fifteen (15) days after the end of each calendar quarter (or if Fidelity
is performing the monitoring of the availability and response time for the
Software, within fifteen (15) days of Envestnet’s receipt of the applicable
report(s) from Fidelity showing the availability and response time measurements
for each of the three calendar months of the previous calendar quarter),
Envestnet shall deliver to Fidelity a report showing the system availability
(calculated as described above) and system response time (calculated in
accordance with the procedures to be developed by the parties as described
above) for each of the three months within the previous calendar quarter and the
calculation of the applicable [***                                         
                                                                            
                                         
                                         
                                         
                                         
                                             
                                         
                                         
                                         
                                         
                                             
                                         
                                         
                                         
                                         
                                             
                                         
                                         
                                         
                                         
                                             ]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

12



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

C. MAINTENANCE AND REPAIR STANDARDS.

The following shall be provided by Envestnet at no additional charge to Fidelity
or any Advisor:

1. Envestnet shall maintain the Software such that any enhancements of the
features or functionality of the Software, or new features or functionality
added to the Software, are promptly incorporated into the Software. Fidelity may
elect to not have such enhancements or new features or functionality
incorporated into the Software.

2. Envestnet shall not make any change to the Software that would require, or is
reasonably likely to require, any change to Fidelity’s Streetscape application
or any other software or system used by Fidelity without, in each case,
obtaining the prior written consent of Fidelity and coordinating the
implementation of such change to the Software with Fidelity.

3. Envestnet shall maintain the Software to conform to all applicable
legislative and regulatory requirements.

4. Envestnet shall ensure that the Software supports the following browsers on
the following platforms:

(a) the then-current version of Microsoft Internet Explorer and each of the two
(2) preceding versions; and

(b) the then-current version of any other generally available browser that is
compliant with W3C standards applicable to web browsers, and each of the two
(2) preceding versions (provided that such version is also compliant with such
W3C standards).

5. During the hours of 7:00 A.M. Central time to 7:00 P.M. Central time each
Business Day, Envestnet shall make available to Fidelity service
representatives, located at Envestnet’s Chicago offices, to handle Fidelity’s
requests for support and service, such as:

(a) receiving reports of problems with the Software; and

(b) coordinating Fidelity’s access to Envestnet’s application and website
support specialists for assistance in problem determination and error correction
activities.

6. Envestnet shall provide Fidelity with the contact information for designated
personnel of Envestnet who will handle Fidelity’s report of problems with the
Software during hours outside of the time period specified in Section 4 above.
Such contact information will include (i) where appropriate, pager numbers
and/or cell phone numbers of the designated personnel, and (ii) an escalation
process which Fidelity can use in the event the designated contact does not
respond to Fidelity telephone calls and/or messages via pager.

7. Envestnet will respond to Fidelity’s report of problems with Software in
accordance with the time periods set forth below. In each case, Fidelity shall
have the right to specify the Severity level condition based upon its assessment
of the current and/or potential impact to Fidelity’s business. No further
severity level analysis is required by Envestnet.

 

Business

Impact

  

Definition

   Initial
Response
Time    Incident
Updates(*)   

Envestnet’s Work Schedule

Severity 1


(Critical)

   Business is severely impacted or there has been a critical work stoppage
created by the problem.    10 Minutes    Every hour    7X24 until temporary
repair or workaround is in place

Severity 2


(Major)

   Business is impacted but not a mission critical function - the problem
affects the overall functionality, but the key elements are functioning properly
with possible workarounds.    10 Minutes    Every 2
hours    7X24 until temporary repair or workaround is in place

Severity 3


(Moderate)

   Business is not significantly impacted. There is full functionality but a
defect does exist which should eventually be corrected.    30 Minutes   
Once a day    Normal Business Hours

 

(*) Envestnet shall report back to Fidelity’s designated contact on the current
status of the reported problem in accordance with the specified frequency.

 

13



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

8. Envestnet will provide Fidelity with an initial incident report (in writing
or via email) within one Business Day of a reported Critical or Major incident.
Envestnet will provide Fidelity with a completed incident report (in writing or
via email) within one Business Day after resolution of a Critical and Major
incident.

 

D. HOSTING OVERVIEW.

Envestnet contracts with a “Co-location Provider,” defined as Tier 4 third-party
provider of server space, power, light, air conditioning, and physical security.

Envestnet currently has selected Centurylink as its primary Co-location Provider
and hosting partner. Centurylink was selected based upon their ability to
provide enterprise level services. The primary production environment used to
deploy the Software is located in the Chicago area Centurylink facility.

Centurylink provides 7x24 manned security operations at their facilities. They
require card key access as well as biometric verification before admittance to
the facility.

 

E. DATA COMMUNICATIONS AND ENTERPRISE NETWORK MONITORING.

Data communications infrastructure is provided by our Co-location Provider. The
Co-location Provider has, and will maintain, dedicated, redundant
telecommunications infrastructure in the event there is failure on one of the
provider circuits.

 

F. ENTERPRISE MONITORING OVERVIEW.

Enterprise Network Monitoring is provided by our Co-location Provider. The
Co-location Provider monitors the health and condition of servers and the
applications running on those servers is monitored and email/pager alerts of
abnormal conditions are sent to Envestnet staff.

In addition, other software tools may also be employed by Envestnet to monitor
and pro-actively alert staff to potential problems that could affect
availability of services and site performance.

 

G. EXTERNAL/INDEPENDENT MONITORING OVERVIEW.

Envestnet uses external monitoring services provided by Keynote Systems
(http://www.keynote.com) to monitor certain performance and availability
characteristics of the Software. Envestnet and Keynote Systems, Inc. validate
and ensure site connectivity and a favorable end-user experience for users of
the Software. This Keynote service provides discrete site measurement and
aggregated comparisons to other sites using the same service. Envestnet shall
provide Fidelity with copies of all reports relating to the availability and
response time of the Software that Keynote Systems provides to Envestnet.

 

H. DATA BACKUP AND RECOVERY OVERVIEW.

The preservation of client information is built on two guiding principles: data
protection with copies of information distributed in multiple locations, and
high-availability through redundancy.

The production environment for the Software uses fault-tolerant computer systems
and RAID 5 and Raid 10 storage systems to minimize interruptions due to hardware
failures.

 

14



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Envestnet provides redundancy at the primary facility using [***] as well as
multiple load balanced web and application servers. For disaster recovery
purposes, [***]The server hardware configured is mirrored in the offsite
location as well.

These environments are tested routinely by Envestnet during extended hardware
and systems maintenance windows by moving production off-hours between the
discrete computer system environments.

Envestnet maintains its own DNS servers on multiple, different network segments
allowing flexibility in directing the production environments between different
logical or physical locations.

Data in the production environment is protected by multiple backups using
multiple methods to ensure data integrity.

In addition to the site-to-site data replication between primary and secondary
data centers, Envestnet performs full, complete onsite data backups nights in
the primary location. Additionally, electronic vaulting in near real-time is
performed on an ongoing basis of all data and is sent electronically to [***],
an offsite facility, and each copy of the complete data is kept for various
retention periods, the longest being seven years.

In summary, Envestnet provides multiple systems environments in multiple
locations. Data backup is achieved by data synchronization in multiple systems
environment, by disk-to-disk backup and finally by electronic vaulting to a 3rd
party service provider.

 

I. SYSTEMS AND APPLICATION MAINTENANCE OVERVIEW.

Standard Maintenance: in order to facilitate changes, enhancements or
improvements to the hardware, systems and application environment, Envestnet
allocates the following scheduled times: (i) a nightly window beginning at 8:00
pm Eastern time through 3:00 am Eastern Time where a patches may be applied
during a short interval of a few minutes; and (ii) a quarterly scheduled
maintenance window beginning at 3:00 pm Eastern time on Saturday through 9:00 am
Eastern time on the immediately following Sunday. Note: these maintenance
windows are not always used, but Envestnet Asset Management reserves these times
for scheduled maintenance.

Envestnet will notify Fidelity at least one week in advance of any quarterly
scheduled maintenance activities within such maintenance windows. Envestnet will
not notify users of the Software of planned outages for quarterly scheduled
maintenance. During any period in which the Software is not available due to
maintenance activities, Envestnet shall take such steps as are necessary so that
when a Streetscape user attempts to access the Software, such user will see a
screen indicating the Software is not available. If a transition of the Platform
Services has occurred pursuant to Section 1(c), the text and design of such
message shall be subject to Fidelity’s review and approval for such Platform
Services. In addition, Envestnet will to the extent possible use the same or
similar message in the event the Software is unavailable due to any other
reason.

If a transition of the Platform Services has occurred pursuant to Section 1(c),
the parties agree that, at Fidelity’s election, the Systems and Application
Maintenance Overview Section shall follow the measurement originally outlined in
Exhibit B of the Technology and Services Agreement for the provision of Platform
Services.

 

J. ESCALATION PROCESS.

Envestnet’s Client Services Group (“CSG”) in Chicago maintains a staff of highly
skilled individuals who are equipped with tools to answer questions regarding
all aspects of the operation of the Software.

In matters where additional resources are required to resolve client issues,
Client Services Representatives use service tracking software tools to manage
requests for action by other departments within Envestnet’s organization.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

15



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Client Services Representatives will escalate an issue to the manager of the
appropriate departments and will utilize the Client Services Manager to resolve
any issue under the timelines and terms below.

Severity 1 and 2 situations that cannot be resolved by Envestnet’s Level 1
customer support will be escalated to Envestnet’s Level 2 customer support
within fifteen (15) minutes, or be immediately escalated to Level 2 customer
support if requested by Fidelity. If resolution has not been achieved by the
initial Incident Updates scheduled for Severity 1 (1 hour) and Severity 2 (2
hours) issues, these situations will be escalated to Envestnet’s Level 3
customer support to coordinate continued resolution efforts and reporting back
to Fidelity. For situations other than Severity 1, 2 or 3 incidents, Envestnet’s
standard policy is to provide same-day response to all client inquiries whenever
possible.

Standard Escalation Process:

Level I: Client Service Representative

Level II: Client Services Manager

Level III: Senior Management of Envestnet

 

16



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

2. OPERATIONAL SERVICE LEVELS

In calculating Envestnet’s conformance with the Operational Service Levels,
Envestnet will be excused from meeting the Operational Service Level Agreement
in instances where: (1) any other party has caused delays by submitting
information outside of the agreed-upon timeframes; (2) performance within the
stated standard is rendered impossible due to failure to perform by a third
party (including account being NIGO) except in the case of third party sub
advisors and other service providers introduced by Envestnet; (3) circumstances
or events arise that constitute Force Majeure or (4) a Disaster Recovery event
has occurred.

 

A. MODEL AND ACCOUNT ADMINISTRATION

Operating Standards

 

Functions

  

Parties

  

Time / Metric

  

Description

1.1 ACCOUNT ANALYSIS

   EAM Ops   

[***] by


12:30 pm


CST

  

Account (cash & security) Analysis:

 

1.1.1 Cash and/or Securities received or disbursed in an account that is above
or below the model cash variance is reviewed on a daily basis prior to 12:30 pm
CST.

 

•     Low Cash Accounts: Accounts with cash that is equal to or below 0.5%;
additional funds may be raised to bring cash allocation back to target.

 

•     Excess Cash Drift Exceptions: Accounts with a cash drift that is 3% or
more above the model cash target are reviewed. (Cash target = 2%, High Cash at
5%). Excess funds are invested to model.

 

Footnotes:

 

MF and Multi-MF accounts, SMA, MF Wrap, MMA, and UMA are monitored for cash
drift that is 3% or more above the model cash target.

 

•     Not In Model Positions: Accounts with securities not part of the current
model allocation are liquidated and proceeds are bought into the model.

 

•     Drift Exceptions: Investments outside drift parameters are not actively
monitored or traded for the specifics of eliminating drift exposure. This means
that Envestnet does not monitor and rebalance an individual account when a model
position is out of drift due to normal market fluctuation or activity.

 

•     Account Level Activity: Deposits, Withdrawals – The trade generator will
factor position drift in recommendations when executing trades to raise cash for
distribution or for investing new money to the model. In addition, deposits or
withdrawals over 15% of current market value will trigger a “True Rebalance”
which generates trades across all model positions and does not consider
minimizing trades.

Definition: A daily review of the cash and security inflows and outflows
transacted on the Envestnet Platform (the “UMP”) with the purpose of maintaining
adequate cash targets in each product type and according to parameter
exceptions.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

17



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Operating Standards

 

Functions

  

Parties

  

Time / Metric

  

Description

1.2 MODEL REBALANCES    ENV OPS    [***] by
12:00 pm CST   

1.2.1 Received by ENV by 12:00 pm CST will be executed same day. Instructions
received after 12:00 pm CST will be evaluated and executed if approved on a best
efforts basis but no later than market close the following Business Day.

 

Frequency and Communication:

 

Model changes will be made by the third party manager and, by 12:00 pm CST, they
will notify ENV Ops of upcoming changes via managermodels@envestnet.com prior to
updating models on the platform in order for the appropriate groups to prepare
and schedule the changes.

 

Trading During Delayed Rebalance Period:

 

•     New accounts will be invested to updated model

 

•     Existing account receiving new funding of cash or securities will be
invested (account analysis). Rebalance Engine may recommend trades to bring
account in line with changes made to the model

 

•     Accounts with a Service Request will be processed. Rebalance Engine may
recommend trades to bring account in line with the changes made to the model.

 

•     Accounts traded during the Model Execution delay period, may again be
traded once the Model Rebalance Instructions are executed.

 

I. MODEL DRIFT

 

  A. MUTUAL FUND WRAPS (MFW):

For MFW, drift can be set on each model position. The platform default for drift
on new positions is 3%. The money manager has the option to update the drift
value on each model position by clicking on “Change Drift” under the “Model
Actions” hyperlink.

The drift value is an absolute value and the drift parameter is calculated as
“position target” +\- “drift”. For example, if a position’s target is 5% and
drift is set at 2%, then the drift parameter is calculated as 3% - 7% or 5% +\-
2%. A position will be allowed to move within 3% and 7% without being considered
as “out of drift”. The drift parameter is an important component of each
rebalancing operation on an account. The Rebalancer will first consider
positions that are outside of drift parameter when recommending trades.

Example of a Raise Cash request: the Rebalancer will trigger a “sell only”
rebalance. When considering positions to sell, the Rebalancer will first
consider the most over-weighted and outside of drift parameter position to sell.
If this one trade is not sufficient to raise enough cash, then the second most
out of weight position will be considered and so on. Trades generated will also
be calculated so that the position will remain within drift parameter after the
trade. Therefore, depending on model set up and amount of cash needed, the
Rebalancer may generate only one trade and bring the position to the lower end
of the drift parameter.

Wider drift values mean that fewer trades will be executed when the Rebalancer
needs to raise or invest cash. However, tight drifts mean more trades for each
rebalancing operation; tight drifts mean that more positions are likely to be
outside of drift parameter and be considered to trade.

It is important to consider drift when setting up the model. Drift values that
are larger than a position’s target mean that the lower end of the drift
parameter is 0% (e.g.: target of 2% with a drift of 5%; drift parameter is 0% -
7%). A 0% lower end of the drift parameter means to the Rebalancer that it’s
acceptable to not hold this ticker. Therefore, if the Rebalancer is raising
cash, it may do so with one trade by fully liquidating this one position.

 

  B. SEPARATELY MANAGED ACCOUNTS (SMA):

For Separate Account models, drift is a hard coded value on the platform. It is
a relative value and is “33% of the position’s target with a maximum of 3%”.

Examples:

 

  a) Position target is 3%, drift is +\- 1% (3% * 33% = 1%). Drift parameter for
this position is then 2% - 4%.

Position target is 20%, drift is +\- 3% (20% * 33% = 6.6% but maximum drift
value is 3%). The drift parameter for this position is then 17% - 23%.

 

II. UNIFIED MANAGED ACCOUNTS \ MULTI-MANAGER ACCOUNTS (UMA/MMA):

 

  A. Drift on UMA and MMA sleeves vary depending on the type of sleeve used.

For SMA sleeves: drift rules for this sleeve’s model positions is the same as
the Separate Account sleeve: 33% of the model position’s target with a maximum
of 3%.

For MF \ETF sleeves: drift rules for these tickers will be what is set at the
UMA or MMA overlay level. Just like in the case of the MF Wrap (FSP) models, the
drift is an absolute value.

 

  B. For MFW sleeves: The drift rules within the FSP model are being used.

 

III. REBALANCING \ MODEL CHANGE TRADE INSTRUCTIONS

 

  A. REBALANCING CLOSE TO TARGET

To achieve a rebalance as close to target as possible, the following actions are
required:

By using the lowest possible drift value of 0.5% on each model position, the
Rebalancer will generate a trade for all model positions to bring them closer to
target. With the tight drift value, all accounts will most likely hold these
model positions outside of drift parameter and, thus, will require the
Rebalancer to consider all model positions to trade.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

18



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

B. SERVICE REQUEST PROCESSING

Operating Standards

 

Functions

  

Parties

  

Time / Metrics

  

Description

2.1 SERVICE REQUESTS:

 

No special instructions or restrictions

   ENV Ops    [***] received by 12:00pm CST   

2.1.1 Service Request (SR):

 

ENV will begin same day processing for SRs received into Envestnet’s queue by
12:00pm CST. For SR’s received after 12:00pm CST, processing will be on a best
efforts basis but will begin no later than 12:00pm CST the following Business
Day.

Footnotes:

 

1. SLA does not apply to an SR that includes special instructions. Special
Instruction: a specific instruction to accomplish a requested outcome.

2. Any SR set up incorrectly can be rejected back to advisor.

 

Service Request

  

SR Submitted By

  

Service Level

  

Metrics

  

Additional Details

2.2    OPEN REGISTRATION

(w/o Master Account; Model Traded Account)

   12:00 pm CST    [***]    [***]    2.2.1 Service Level measured from the time
the Upload SIS task is completed, the time the Monitor Funding task is
completed, and funding is visibly present on the platform to the time the
investment task is completed.

OPEN REGISTRATION

(w/o Master Account; Externally Traded Account)

   12:00 pm CST    [***]    [***]    2.2.2 Service Level measured from the time
the Upload SIS task is completed, the time the Monitor Funding task is
completed, and funding is visibly present on the platform to the time the
external investment task is completed. OPEN REGISTRATION
(with Master)    12:00 pm CST    [***]    [***]   

2.2.3 For all types of subaccounts: Service level measured from the time the
Upload SIS task is completed, the time the Monitor Funding task is completed,
and funding is visibly present on the platform to the time the Journal In tasks
are made ready.

 

Envestnet shops securities deposited to each of the underlying portfolio
managers to determine which will be kept and which will be sold. Settlement
included.

 

Includes time to shop additional securities to separate account managers and
liquidate (presumes liquid securities) non-model securities.

 

   12:00 pm CST    [***]    [***]   

2.2.4 For model traded subaccounts: Service level measured from the time the
Journal In tasks are completed and the journal is visibly done on the platform
to the day the corresponding investment task is completed.

 

   12:00 pm CST    [***]    [***]    2.2.5 For external traded subaccounts:
Service level measured from the time the Journal In tasks are completed and the
journal is visibly done on the platform to the day the corresponding external
investment task is completed.

Open Registration: New Account investment. This SR is generated automatically
within the proposal “Promote to IGO” process.

Footnotes:

 

3. Open Registration SR is auto approved (brand value).

4. Accounts funded with ONLY cash between the defined release parameters will
auto-release. Accounts funded outside of auto-release parameters OR which
included funding other than cash must be manually released to invest by the Home
Office.

5. All new accounts that are funded with transferred-in securities may be
staged, which means sells are done at least one day prior to buys to ensure true
pricing is achieved.

6. Funding securities are assumed to be liquid. Should illiquid securities
exist, SLA is not applicable. Fixed Income managers may take longer and, as a
result, the SLA will not apply.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

19



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Service Request

  

SR Submitted By

  

Service Level

  

Metrics

  

Additional Details

2.3    RAISE CASH

(On Model Traded Account)

   12:00 pm CST    [***]    [***]    2.3.1 Service Level measured from the time
of submission of the service request to the day the model trading task is
completed. Model trading tasks are Raise Cash or Sell Mutual Funds.

RAISE CASH

(On Externally Traded Account)

   12:00 pm CST    [***]    [***]    2.3.2 Service Level measured from the time
of submission of the service request to the day the external trading task is
completed.

Raise Cash: This request will raise cash on a registration.

Footnotes:

 

1. Cash raised and not withdrawn will remain held until further instruction is
given from advisor to release back to model.

2. Raise Cash requests for Fixed Income accounts may take longer if a market is
not readily available. Fixed Income recommended trades are at the discretion of
the money manager. In the event a manager is unable to raise cash within 3
Business Days, a note is added to the Service Request alerting the advisor and
home office of delay.

3.

In the event that a bond position appears in a type 7 position status at
Fidelity as evident to Envestnet in the nightly transmission of the positions’
file, Envestnet make however many bonds are shown in type 7 ineligible for
selling by Envestnet or the 3rd party money manager.

 

Service Request

  

SR Submitted By

  

Service Level

  

Metrics

  

Additional Details

2.4    SETUP SW

• MONTHLY

• QUARTERLY

• YEARLY

   12:00 pm CST    [***]    [***]   

2.4.1 The periodic raise cash instructions are generated 15 calendar days prior
to the specified day of the request.

 

Since the system creates the SR to raise cash 15 calendar days before the
distribution date, create the Setup 2 Business Days before that.

2.5 EXECUTE SW

(On Model Traded Account)

   n/a    [***]    [***]    2.5.1 The B/D has the ability to select specific
days of the month/quarter/year in which the systematic withdrawal will take
place.

2.5 EXECUTE SW

(On Externally Traded Account)

   n/a    [***]    [***]    2.5.2 The B/D has the ability to select specific
days of the month/quarter/year in which the systematic withdrawal will take
place. 2.6 END SW    12:00 pm CST    [***]    [***]    2.6.1 Once completed, no
future Exec SW will be created.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

20



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Systematic Withdrawals: This request will generate recurring
monthly/quarterly/yearly raise cash instructions on a registration. The
instructions will be generated 15 days prior to the specified day of each
month/quarter/year.

Footnote:

 

1. If a Setup SWP SR is not submitted prior to 13 calendar days before the first
specified SWP date, the advisor or BD will need to submit a Raise Cash Service
Request to address the most immediate SWP cycle if needed.

 

Service Request

  

SR Submitted By

  

Service Level

  

Metrics

  

Additional Details

2.7 RE-REGISTRATION SIS

(w/ Model Traded Account Number Change; Performance and History will not be
Moved to New Account)

   12:00 pm CST    [***]    [***]   

2.7.1 Service Level measured from the time all Add Account tasks are completed
and the Upload SIS task has been completed to the time the Journal In tasks are
made ready.

 

Journal In tasks are to be used to journal directly from the closing account’s
portfolio to the new account’s same portfolio. The master account should be
bypassed entirely.

 

   12:00 pm CST    [***]    [***]   

2.7.2 For model traded subaccounts: Service Level measured from the time the
Journal In tasks are completed to the time the account Start Account task is
completed.

 

Journal In tasks are to be used to journal directly from the closing account’s
portfolio to the new account’s same portfolio. The master account should be
bypassed entirely.

 

Copying account performance and cost basis information will add up to 3 Business
Days to the service request.

 

2.7 RE-REGISTRATION SIS

(w/ Externally Traded Account Number Change; Performance and History will not be
Moved to New Account)

   12:00 pm CST    [***]    [***]   

2.7.3 Service Level measured from the time all Add Account tasks are completed
and the Upload SIS task has been completed to the time the Journal In tasks are
made ready.

 

Journal In tasks are to be used to journal directly from the closing account’s
portfolio to the new account’s same portfolio. The master account should be
bypassed entirely.

 

   12:00 pm CST    [***]    [***]   

2.7.4 For externally traded subaccounts: Service Level measured from the time
the Journal In tasks are completed to the time the account external investment
task is completed.

 

Journal In tasks are to be used to journal directly from the closing account’s
portfolio to the new account’s same portfolio. The master account should be
bypassed entirely.

 

Copying account performance and cost basis information will add up to 3 Business
Days to the service request.

 

2.7 RE-REGISTRATION SIS

(with Model Traded Account, No Account Number Change)

   12:00 pm CST    [***]    [***]   

2.7.5 Accommodation requires some manual processing by ENV.

 

Journal In tasks are present but unnecessary since the account number is not
changing. To be completed immediately with no further action required.

 

2.7 RE-REGISTRATION SIS

(with Externally Traded Account, No Account Number Change)

   12:00 pm CST    [***]    [***]   

2.7.6 Accommodation requires some manual processing by ENV.

 

Journal In tasks are present but unnecessary since the account number is not
changing. To be completed immediately with no further action required.

Note: A Re-registration request may not require trades in the account once the
registration is established; trades are at the discretion of the portfolio
trader.

Re-Registration: This request supports the change in registration ownership. It
terminates the existing account(s), SWIP’s and ownership information and adds
new account(s) and ownership information. It will not perform any buying and/or
selling of security transactions. Such trading request must be processed through
a separate Service Request.

Footnotes:

 

1. *Advisor has the option to choose whether he/she wants to do a “copy account”
which copies over the performance and cost basis information from the old
account to the new account at the registration level. If a “copyact” is
required, the process may take longer and will not be held accountable to the
stated SLA.

2. Copy account is an irreversible action.

3. Re-Registration can only be used when there are no other changes outside of
registration and/or billing.

4. Old/closing model-traded accounts are placed on trade hold as soon as the new
account numbers are added to the platform via the Add Account tasks.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

21



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Service Request

   SR Submitted By    Service Level    Metrics   

Additional Details

2.8 REBALANCE REGISTRATION

(For an instruction to Raise Cash in Model Traded Account)

   12:00 pm CST    [***]    [***]    2.8.1 Service Level measured from the time
of submission of the service request to the day the model trading task is
completed.

2.8 REBALANCE REGISTRATION

(For an instruction to Raise Cash in Externally Traded Account)

   12:00 pm CST    [***]    [***]    2.8.2 Service Level measured from the time
of submission of the service request to the day the external trading task is
completed.

2.8 REBALANCE REGISTRATION

(for an instruction to Invest Cash in Model Traded Account)

   12:00 pm CST    [***]    [***]    2.8.3 Service level measured from the time
the Journal In tasks are completed and the journal is visibly done on the
platform to the day the corresponding deposit investment task is completed.

2.8 REBALANCE REGISTRATION

(for an instruction to Invest Cash in Externally Traded Account)

   12:00 pm CST    [***]    [***]    2.8.4 Service level measured from the time
the Journal In tasks are completed and the journal is visibly done on the
platform to the day the corresponding deposit external investment task is
completed.

Rebalance Registration: This request allows an advisor to instruct the platform
to rebalance allocations amongst multiple accounts within a registration.

Note: The rebalance operation raises cash from investments that are over their
target allocation, and invests the cash in investments that are below target so
that the goal is strictly aligned to the original investment selection.

Footnotes:

 

1. Raise Cash requests for Fixed Income accounts may take longer if a market is
not readily available. In the event a manager is unable to raise cash within 3
Business Days, a note is added to the Service Request alerting the advisor and
home office of delay. Copy account is an irreversible action.

2. Recommended trades are at the discretion of the Money Manager product only.

3. This request is only applicable for goals that have multiple accounts.

 

Service Request

   SR Submitted By    Service Level    Metrics   

Additional Details

2.9 HARVEST G/L

(On Model Traded Account)

   12:00 pm CST    [***]    [***]    2.9.1 Service Level measured from the time
of submission of the service request to the day the model trading task is
completed. Service level does not include settlement.

2.9 HARVEST G/L

(On Externally Traded Account)

   12:00 pm CST    [***]    [***]    2.9.2 Service Level measured from the time
of submission of the service request to the day the external trading task is
completed. Service level does not include settlement.

Harvest Gains or Losses: This request allows an advisor to specify instruction
for long-term or short-term gains/losses on accounts within the taxable
registration. Execution of a tax harvest instruction involves selling
appropriate securities, and then buying these securities back. Positions that
are sold at a loss will be bought back after a 30 day wash period.

Footnotes:

 

1. Requests to sell specific securities cannot be accommodated. SR’s with notes
to sell specific securities will be rejected back to the advisor with a
rejection note summarizing: Request cannot be processed due to special
instruction, please contact your Home Office for further details.

2. Harvest Gains/losses is not intended to be used in conjunction with a request
to raise cash. Requests to do so are an exception process and prior consent is
required before processing due to the additional manual steps involved.

 

  •  

These exceptions are considered on a case by case basis and may not be possible
during high volume periods.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

22



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Service Request

   SR Submitted By    Service Level    Metrics   

Additional Details

3.0 INVEST CONTRIBUTION

100% Cash Deposit Into Master

   12:00 pm CST    [***]    [***]    3.0.1 For all types of subaccounts: Service
level measured from the time the deposit is visible on the platform to the day
the journal instructions into subaccounts are issued on the platform.    12:00
pm CST    [***]    [***]    3.0.2 For model traded subaccounts: Service level
measured from the time the Journal In tasks are completed and the journal is
visibly done on the platform to the day the corresponding deposit investment
task is completed.    12:00 pm CST    [***]    [***]    3.0.3 For external
traded subaccounts: Service level measured from the time the Journal In tasks
are completed and the journal is visibly done on the platform to the day the
corresponding deposit external investment task is completed.

3.0 INVEST CONTRIBUTION

Securities present in Deposit Into Master

   12:00 pm CST    [***]    [***]   

3.0.4 For all types of subaccounts: Service level measured from the time the
deposit is visible on the platform to the day the journal instructions into
subaccounts are issued on the platform.

 

Envestnet shops securities deposited to each of the underlying portfolio
managers to determine which will be kept and which will be sold. Settlement
included.

 

Includes time to shop additional securities to Separate Acct Managers &
liquidate (presumes liquid securities) non-model securities.

   12:00 pm CST    [***]    [***]    3.0.5 For model traded subaccounts: Service
level measured from the time the Journal In tasks are completed and the journal
is visibly done on the platform to the day the corresponding deposit investment
task is completed.    12:00 pm CST    [***]    [***]    3.0.6 For external
traded subaccounts: Service level measured from the time the Journal In tasks
are completed and the journal is visibly done on the platform to the day the
corresponding deposit investment task is completed.

Invest Contribution: This request will invest new contributions across a
registration with a master account. The operation will distribute the cash to
better align each investment with its target allocation. If there is additional
funding that goes directly to a manager and not the master, Envestnet is not
responsible for verifying if the funding is in good order. That money will
automatically be available to the portfolio manager as s/he sees fit.

 

1. Funding securities are assumed to be liquid. Should illiquid securities exist
SLA is not applicable.

2. Envestnet creates the Invest Contribution Service Request on the platform no
sooner than when the deposit is visible on the platform. This request is created
for deposits that are not coming from subaccounts (deposits from subaccounts are
considered to be moving out of the registration, so no need to create an SR to
move the money back into the subaccounts).

3. Envestnet will calculate the values for journal instructions and the B/D will
be responsible for executing the journal instructions.

4. For investments made directly in a managed account See Excess Cash Drift
Exception and Not in Model Positions service level expectation outlined under
Account Analysis.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

23



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Service Request

   SR Submitted By    Service Level    Metrics   

Additional Details

3.1 CHANGE SIS    12:00 pm CST    [***]    [***]    3.1.1 Service Level is
measured as to when the Upload SIS task is completed, the Monitor Contribution
task is completed if present, and new account numbers are added or known to be
recycling to the time processing begins.    12:00 pm CST    [***]    [***]   
3.1.2 If shopping is required as a part of the request, time start and complete
shopping.    12:00 pm CST    [***]    [***]    3.1.3 If liquidation is required
as a part of the request, time to start and complete liquidation, including
settlement. Assumes securities are liquid. If illiquid, SLA does not apply.   
12:00 pm CST    [***]    [***]    3.1.4 If a new model traded account is being
established, time to open new account once Journal tasks are completed.    12:00
pm CST    [***]    [***]    3.1.5 If a new externally traded account is being
established, time to open new account once Journal tasks are completed.

Change SIS: This request is used when a fee is to be changed, when the target
allocations for an investment are to be changed, manager selection is changed, a
new investment is being added to the registration, or an existing investment is
being removed from the registration. This request will create a new proposal for
the registration with the current investment selections, and allow you to modify
the investment using the proposal tool. Once you have made all the necessary
changes, create a new SIS for the registration and then submit the request.

Footnotes:

 

1. If a new account number (new investment) is being added to a registration, BD
Operations also owns the “Add Account” and “Monitor Download” tasks. If the same
account number is being recycled, BD Operations will add notes to the ‘Add
Account’ task indicating so (i.e. “Please reuse account number”). If notes are
clearly present at the Add Account tasks to identify which account numbers are
being recycled, ENV may own the Add Account task associated with those accounts.

2. Complex Change SIS requests may be delayed if ENV requires additional follow
up to confirm instructions to ensure the Change is executed without error.

3. All SLA levels stated above assume the request is in good order.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

24



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Service Request

   SR Submitted By    Service Level    Metrics   

Additional Details

3.2 TERMINATE W/ LIQUIDATION

(On Model Traded Account)

   12:00 pm CST    [***]    [***]    3.2.1 Service Level measured from the time
of submission of the service request to the day the model trading task is
completed. Model trading task is Liquidate. Service level does not include
settlement.

3.2 TERMINATE W/ LIQUIDATION

(On Externally Traded Account)

   12:00 pm CST    [***]    [***]   

Extra day given to APL traded SLA due to the fact that managers are notified of
account closure and trade hold is added that same day, but no liquidations occur
until the next day in the event managers have already placed block orders on the
day they are notified.

 

3.2.2 Service Level measured from the time of submission of the service request
to the day the external trading task is completed. Service level does not
include settlement.

3.2 TERMINATE W/ IN-KIND TRANSFER    12:00 pm CST    [***]    [***]    3.2.3
Service Level measured from the time of submission of the service request to the
day the account is closed on the platform via the Close Account task.

Terminate/Liquidate: This request will terminate the investment management of
all accounts in the registration/goal. If any account(s) in the
registration/goal need to be liquidated, please select the liquidation option
for those accounts before submitting SR.

Note: Liquidate requests for Fixed Income accounts may take longer if a market
is not readily available, and in these cases, the SLA will not apply.

 

3.3 Review/Hold by Firm

(where applicable)

   n/a    [***]    [***]   

3.3.1 Re-activate remaining ready tasks or take action based on the b/d
response.

 

This is valid only if the reason for which the review hold was added is
resolved.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

25



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

C. OPERATIONS PROCESSES

Operating Standards

 

Service Function

   Service Level    Metrics   

Additional Details

4.0 Trade Error Analysis    [***]    [***]   

1.       Upon notification by Fidelity, or upon discovery by Envestnet of any
trade error or omission of a trade, Envestnet will place the affected account(s)
on trade hold and report via email to Envestnet Compliance and the Envestnet
Trade Error team.

 

2.       Upon notification by Fidelity, or upon discovery by Envestnet of any
trade error or omission of a trade, Envestnet shall submit corrections or
trades as soon as reasonably possible in order to reduce additional market risk
caused by the error or omission.

 

3.       Envestnet will take 2 Business Days to draft an “as-of” analysis.
Analysis will only be provided by ENV for trade errors that require “as-of”
trading analysis, where evaluation of the client’s best interest is analyzed.
Analysis for all other trade corrections will not be provided. If Envestnet is
responsible for the error, the corrections will be done in Envestnet account. If
Envestnet is not responsible for the error, the corrections will be done in
Fidelity/Advisor error account depending on the firm who is at fault and mutual
agreement between Envestnet and the firm found to be at fault. Envestnet will
inform Fidelity via email of any delays beyond the 2nd Business Day after
discovery of trade error.

 

Any subsequent trade corrections caused by Envestnet, due to error in analysis
or trade correction instructions provided to Fidelity must be corrected within 2
Business Days of being reported to, or discovered by Envestnet.

4.1 Site Reconciliation    [***]ET    [***]   

4.1.1 Complete reconciliation of accounts accessible in all areas of the
platform available to MAS&MAR clients

 

4.1.2 In all cases, Envestnet will notify Fidelity Technical Support and
Fidelity MAS&MAR Support areas via email per escalation procedures previously
agreed upon by Envestnet and NF

 

4.1.3 On any account where valuation and positions have not been completely
reconciled with the custodial data, trades should not be accepted on the
platform until reconciliation is complete.

 

4.1.4 Recon metrics do not apply if custodian files are delayed or incomplete.

4.2 QPR Production    [***]business


days after
quarter end

   [***]   

Quarterly statements must be accessible on the MAS&MAR site and sent to print
vendors by the 15th Business Day after quarter end.

 

The 98% does not include any QPR’s that were missed for the following reasons,
which are outside of Envestnet’s control:

 

•     Invalid data from custodian

 

•     Advisor/back office updates to addresses, configuration (brand values),
benchmarks, reporting groups, etc. made after the quarter ends.

 

•     Missing 3rd party feeds

 

•     Missing market commentary. It must be received by Envestnet by the third
Business Day following the end of the quarter

 

•     Accounts missing fee schedule

 

•     Accounts opened with market value zero on the start date

 

•     Account with market value of zero

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

26



--------------------------------------------------------------------------------

Operating Standards

 

Service Function

   Service Level    Metrics   

Additional Details

4.3 Billing    [***]calendar
days after the
quarter end

(or the
following
Business Day if
that day falls on
a non Business
Day)

 

* Next Business
Day -
Resolution on
escalated
Billing error
affecting
multiple clients

   [***]

 

[***]

  

Envestnet calculates fees and then transmits a billing file containing account
level billing data in order for fees to be automatically deducted from the
accounts by the custodian. This will be done by the 15th calendar day of the
month, or the following Business Day if that day falls on a non Business Day.

 

If Envestnet encounters any transmission or upload delays, ENV will escalate the
issue Fidelity Tech Support immediately.

 

Fees will be uploaded to the platform on the 15th calendar day of the month and
accessible in advisor and home office billing reports.

 

It is expected that total client fees as well as the components of the client
fee will be accurate on 100% of the accounts in the quarterly on-cycle and
monthly off-cycle billing within an acceptable variance of up to 5%.

 

* ENV will notify the IWS MAR & Fidelity MAS&MAR Support immediately upon
discovery of a fee calculation or billing errors and provided expected
turnaround time for resolution. Full resolution is expected to be complete
within 1 Business Day with regular periodic updates at the end of this period
with expected time for resolution so client’s expectation can be properly
established.

 

27



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

D. SERVICE SUPPORT

SERVICE LEVEL: ICS SUPPORT GROUP & Advisory Services Group

 

Applicable Hours    M-F 8:00 AM - 4:00 PM CST (On days during which NYSE is
open) Service Provided to:    Fidelity Inquiries via Phone?    Yes Phone Number
   See below for additional information Inquiries via E-Mail?    Yes >
denverICS@envestnet.com

SERVICE METRIC

 

5.0 Phone Service Level Metric   

For issues that cannot be resolved during the initial phone call:

 

•     Fidelity will receive an update email, at least daily, as agreed upon
between the parties.

 

•     Upon resolution, Fidelity will receive an email as agreed upon between the
parties.

 

For escalations or urgent issues:

 

•     Fidelity will clearly notify ICS that the situation is escalated or urgent
during initial contact.

 

•     If solution is not arrived at during initial contact, ICS will set
appropriate expectations for next steps and follow-up.

 

•     Fidelity should receive status updates regularly (at least every[***]).

 

•     Upon resolution, ICS will call Fidelity to discuss solution and next
steps.

5.1 Email Service Level Metrics   

•     Fidelity will receive a follow up to emailed inquiries[***].

 

•     For escalated or urgent requests, Fidelity will receive a follow up [***]

 

•   Fidelity must make it clear that the email is either escalated or urgent).

 

•     The e-mail will either resolve the issue or provide an update as to what
is being done and who is being contacted to have the issue resolved.

 

•     Fidelity will receive subsequent updates via email as the status of the
request or research is updated.

 

•     Fidelity will receive final notification when the issue has been resolved
or research completed.

5.2 Client Issues Meeting   

•     Fidelity will provide the expectation for weekly, monthly, or quarterly
calls. Envestnet Institutional Client Service support team will provide a
representative and will be responsible for tracking calls.

5.3 Advisor (IWS & NF)Services Group: Phone and Email Service Level Metrics
(Envestnet will put in to effect these SLA Metrics no later than 18 months after
the execution date of this agreement)   

•     [***]% of calls from Advisors picked up [***]

 

•     [***]% of all email inquiries from Advisors responded to [***]if received
prior to [***]CST;

 

•   If no resolution on topic, expectation must be set for resolution time

 

•     Client Problem Resolution (i.e. Billing) – Resolve via email or phone call
response within 24 hours; If not resolved, follow up with status as agreed upon
based on the expected resolution time of the request.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

28



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

MAS&MAR - DEPLOYMENT SLAs

For the purpose of Section 2 of this SLA, a Business Day consists of 8 hours and
starts at 9am Eastern Time (ET). Processing time for tasks is measured only
during business hours.

The “Expected Resolution Time” starts upon receipt by Envestnet of any necessary
information from either Advisor/Correspondent or Fidelity “In Good Order” and
completion of task is measured at the point that the information is loaded by
Envestnet correctly.

Expected Resolution Time does not include time for the B/D and/or RIA to do
their tasks.

Envestnet and Fidelity agree to periodically review and assess these SLA’s on at
least an annual basis. SLA’s are subject to change as a result of such reviews.

 

Request Type

  

Expected Resolution Time
(Total Turnaround)

  

From Task

  

To Task (completion of task)

  

Metrics

  

Additional Details

Pricing Configuration    [***]    Upon completing the pricing grids, the
Fidelity Deployment Manager will send them to Envestnet    Upon receipt of the
grids, EAM Deployment Manager will work with billing to hard code the platform
appropriately.    [***]%    Upon completion of the pricing grids being loaded to
the platform, the EAM DM will proactively confirm with the Fidelity DM. Forms
Decision Tree    [***]    Upon receiving the completed forms decision tree from
the end-client, the Fidelity Deployment Manager will send it over to Envestnet
with the applicable forms.    Upon receipt of the forms decision tree, the EAM
Deployment Manager will work to hard code the platform appropriately.    [***]%
   Upon completion of the forms being loaded to the platform, the EAM DM will
proactively confirm with the Fidelity DM. NOTE: The Forms Decision Tree SLA
above will not apply to those instances where the tree and forms are
substantially or totally custom. The time required to load and test forms in
that scenario must be established on a case-by-case basis. Configurable Options
/ Brand Values    [***]    Upon receiving the completed configurable options
spreadsheet from the end-client, the Fidelity Deployment Manager will send it
over to Envestnet with the applicable forms.    Upon receipt of the configurable
options spreadsheet, the EAM Deployment Manager will work to hard code the
platform appropriately.    [***]%    Upon completion of the platform being
configured, the EAM DM will proactively confirm with the Fidelity DM.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

29



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

E. OPERATIONAL SLA FAILURES

An “Operational SLA Failure” shall have occurred if Envestnet fails to attain
one or more of the service metric (“SLA Criteria”) with respect to any of the
Operational SLAs with respect to any operational tasks (the “SLA Activities”, as
defined further below) set forth in Section 2 of this SLA for any given[***]. On
a[***]basis, Envestnet will capture business activity to determine whether an
Operational SLA Failure has occurred. In the Envestnet SLA Quarterly Management
Report, the following will be tracked[***]: SLA Activities (below list), SLA
Criteria, number of activities attempted, number of activities that failed to
meet the SLA Criteria,

If a [***] activity does not meet the SLA’s Criteria, then that SLA Activities’
associated [***]percentage of the [***] will be assessed for the [***] of the
violation occurring in that quarter.
[***                                         
                                                            ].

If a transition of the Platform Services has occurred pursuant to Section 1(c),
the parties agree that the “Metric” listed for the Operational SLAs will remain
the same as stated herein and the [***] for an Operational SLA Failure will be
the percentage set forth below under “[***]” and applied to an “Assumed Admin
Fee.” For purposes of this calculation, the Assumed Admin Fee shall mean the
Admin Fee that would have been paid to Fidelity had the asset levels been
serviced under the Existing Agreements.

Provided however:

 

  a. The total associated [***] percentage of the [***] pursuant to any Hosting
and Technology Service Levels and/or Operational SLA Failures for any individual
quarter is capped at [***]% for that-[***].

 

Activity    Metric    [***]

Account Analysis

   [***]    [***]

Model Rebalances

   [***]    [***]

Service Requests

•     Open Registration

•     Raise Cash

•     Re-Registration SIS

•     Rebalance Registration

•     Harvest Gains / Loss

•     Invest Contribution

•     Change SIS

•     Termination

   [***]    [***]

Trade Error Analysis

   [***]    [***]

Site Reconciliation

   [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

30



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

QPR Production

   [***]    [***]

Billing

•     Next Business day

   [***]    [***]

Service Support

•     Phone Service Level

•     Email Service level

•     Client Issues Meeting

•     Advisor (IWS & NF)Services Group: Phone and Email Service Level

   [***]    [***] Pricing Configuration    [***]    [***] Forms Decision Tree   
[***]    [***] Configurable Options / Brand Values    [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

31



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Institutional Client Service Support Team:

 

 

Contact Name

  

Title

  

Phone Number

  

Email

National Financial Services Operations Team:

 

 

Contact Name

  

Title

  

Phone Number

  

Email

 

32



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

EXHIBIT E

SECURITY REQUIREMENTS SCHEDULE

1. Introduction. This Security Requirements Schedule (this “Schedule”)
establishes the basic requirements for Envestnet’s information security, as
needed to ensure the confidentiality, availability and integrity of Fidelity
Confidential Information. Envestnet shall comply with these requirements
throughout Envestnet’s performance of Platform Services under this Agreement or
the provision of services pursuant to the Existing Agreements.

2. Terminology. As used in this Schedule, each of the following terms (whether
used with initial upper case or in all lower case) shall have the corresponding
meaning set forth below. Each other capitalized term used herein but not defined
herein shall have the meaning ascribed to it in this Agreement.

2.1. Contractor means a subcontractor, independent contractor, service provider
or agent of Envestnet that stores, processes, handles or has access to any
Fidelity Confidential Information (regardless of whether such subcontractor,
independent contractor, service provider or agent is located within or outside
of the United States).

2.2. Fidelity Sensitive Information means any Fidelity Confidential Information
that is Personal Information, health care information, financial information or
investment holdings information.

2.3. Encryption means the reversible transformation of data from the original
(plaintext) to a obfuscated format (ciphertext) as a mechanism for protecting
the information’s confidentiality, integrity and/or authenticity. Encryption
requires an encryption algorithm and one or more encryption keys.

2.4. Store means to store, archive, back-up and/or perform any similar
activities.

3. Security Reviews. Envestnet shall provide Fidelity the right to review
Envestnet’s security controls annually for the entire period that Envestnet
processes, stores or otherwise has access to Fidelity Confidential Information.
Envestnet will use commercially reasonable efforts to promptly (but in no event
later than sixty (60) days after receiving Fidelity’s request to schedule and
perform such review) schedule such review for a mutually agreeable date.
Envestnet shall provide Fidelity with access to Envestnet’s policies, procedures
and other relevant documentation and to Envestnet’s Personnel as reasonably
necessary to facilitate such reviews. During such review, Envestnet shall
provide Fidelity with access to independent audit reports (relevant to the
products and/or services being provided to Fidelity and/or the activities
conducted by Envestnet pursuant to this Agreement) that have been performed on
Envestnet, such as an SSAE 16 Type II (SAS 70 Type II) audit or SysTrust
certification. If any issues are found during Fidelity’s review of Envestnet’s
security controls, Envestnet and Fidelity shall met and mutually agree on a
remediation plan with Fidelity within thirty (30) days following the completion
of such review. Envestnet shall remediate each such issue in a timely manner in
accordance with a remediation schedule agreed to by the parties.

4. Specific Security Requirements.

4.1. Security Policy. Envestnet shall maintain a comprehensive set of written
security policies and procedures which cover, at a minimum:

(i) Envestnet’s commitment to information security;

(ii) information classification, labeling, and handling, and such policies and
procedures related to information handling must describe the permissible methods
for information transmission, storage, and destruction and such methods must be
no less protective than those set forth in the Fidelity Supplier Information
Protection Guidelines set forth below;

 

33



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

(iii) acceptable use of Envestnet’s assets, including computing systems,
networks, and messaging;

(iv) information security incident management, including data breach
notification and collection of evidence procedures;

(v) authentication rules for the format, content and usage of passwords for end
users, administrators, and systems;

(vi) access controls, including periodic reviews of access rights;

(vii) logging and monitoring of Envestnet’s production environment, including
logging and monitoring of physical and logical access to Envestnet’s networks
and systems that process or store Fidelity Confidential Information;

(viii) disciplinary measures for Personnel who fail to comply with such policies
and procedures; and

(ix) the topics described in the remainder of this Section 4 in a manner
consistent with the applicable requirements for such topics as set forth in this
Section 4.

4.2. Responsibility for Envestnet’s Information Security Program. Envestnet
shall maintain an information security responsibility, with staff designated to
maintain Envestnet’s information security program and to perform information
security and information risk management.

4.3. Audits, Review and Monitoring of Envestnet’s Information Security Program.
Envestnet shall cause an independent third party to conduct an audit of
Envestnet’s information security policies, practices and controls. Such audit
shall be an SSAE 16 Type II audit, ISO 27001 certification, or other audit
comparable to either of the foregoing, and shall be conducted at least once each
year. Such audit shall include a review of logical and physical security
controls and shall cover all locations and processes used by Envestnet in
support of Envestnet’s business relationship(s) with Fidelity and Fidelity
Affiliates (including providing products and/or services to Fidelity and
Fidelity Affiliates). Upon request by Fidelity, Envestnet will provide Fidelity
with documentation describing the audit processes and overall results. In
addition, Envestnet shall regularly monitor and review Envestnet’s information
security program to ensure safeguards are appropriate to limit risks to Fidelity
Confidential Information.

4.4. Asset and Information Management. Envestnet shall:

(i) maintain an inventory of all Fidelity Confidential Information that
Envestnet processes or stores;

(ii) maintain an inventory of physical computing and software assets Envestnet
uses in the performance of its activities under this Agreement; and

(iii) follow the Fidelity Supplier Information Protection Guidelines (set forth
below) when handling, processing and storing Fidelity Confidential Information.

4.5. Physical and Environmental Security. Envestnet shall:

(i) restrict entry to Envestnet’s area(s) where Fidelity Confidential
Information is stored, accessed, or processed solely to Envestnet’s personnel
authorized for such access;

(ii) implement reasonable best practices for infrastructure systems, including
fire extinguishing, cooling, and power, emergency systems, and employee safety;

 

34



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

(iii) provide physical entry controls for all areas where Fidelity Confidential
Information is stored, accessed, or processed that are commensurate with the
sensitivity of the Fidelity Confidential Information; each of Envestnet’s
personnel accessing these areas must employ one or more unique, individually
identifiable entry controls (such as card keys) that provide an audit trail of
each entry; and all visitors who enter these areas must be logged and escorted
by one of Envestnet’s personnel who are authorized to access such area; and

(iv) regularly monitor areas where Fidelity Confidential Information is handled,
stored and/or processed, such as with cameras, guards, and/or entry logs.

4.6. Employee-related Matters. Envestnet shall:

(i) Perform credit and criminal background checks on all new Envestnet personnel
(including Contractors) that has access to Fidelity Confidential Information,
except to the extent limited or prohibited by applicable laws; such background
checks must be performed prior to allowing such individual to access Fidelity
Confidential Information; and Envestnet shall not allow any individual who does
not have a satisfactory background check to access Fidelity Confidential
Information;

(ii) train its new personnel (including Contractors) on the acceptable use and
handling of Envestnet’s confidential information and confidential information of
other companies that has been entrusted to Envestnet (such as Fidelity
Confidential Information);

(iii) provide annual security education refreshers for its personnel (including
Contractors) and maintain a record of personnel that completed such education;
and

(iv) implement a formal user registration and de-registration procedure for
granting and revoking access to Envestnet’s information systems and services;
and upon termination of any of Envestnet’s personnel (including Contractors),
Envestnet shall revoke such individual’s access to Fidelity Confidential
Information [***                                         
                                            ] following termination of such
individual.

4.7. Communications and Operations. Envestnet shall:

(i) perform regular backups sufficient to restore services to Fidelity within
the agreed upon recovery times (or, if no specific recovery times have been
agreed to by the parties, within a commercially reasonable period of time);

(ii) encrypt all backup media containing Fidelity Confidential Information in
accordance with the Fidelity Supplier Information Protection Guidelines set
forth below;

(III) NOT DO (OR ALLOW ANY CONTRACTOR TO DO) ANY OF THE FOLLOWING WITHOUT, IN
EACH CASE, OBTAINING THE PRIOR WRITTEN CONSENT OF FIDELITY: (A) STORE OR
REPLICATE ANY FIDELITY CONFIDENTIAL INFORMATION OUTSIDE OF ENVESTNET’S PREMISES
(FIDELITY ACKNOWLEDGES THAT ENVESTNET UTILIZES THE ARCHIVING STORAGE PROVIDER,
IRON MOUNTAIN, INC. AND CENTURYLINK, INC. (F/K/A QWEST) AS A HOSTING FACILITY),
(B) TRANSMIT, TRANSFER OR PROVIDE ANY FIDELITY CONFIDENTIAL INFORMATION TO ANY
THIRD PARTY, OR (C) PROVIDE ANY THIRD PARTY WITH ACCESS TO ANY FIDELITY
CONFIDENTIAL INFORMATION;

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

35



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

(iv) Notwithstanding the preceding clause (iii), in no event shall Envestnet do
(or allow any Contractor to do) any of the following: (a) store or replicate any
Fidelity Confidential Information outside of the United States, (b) transmit,
transfer or provide any Fidelity Confidential Information to any third party
(including any Contractor) located outside of the United States, or (c) provide
any third party (including any Contractor) located outside of the United States
with access to any Fidelity Confidential Information. Fidelity acknowledges that
Envestnet utilizes a business location in Bhadra Tower, Cotton Hill Road,
Vazhuthacaud, Trivandrum, Kerala 695014 India (the “India Location”), which is
owned and operated by Envestnet’s wholly owned subsidiary (the “India
Subsidiary”), to provide the Platform Services. Without limiting the
applicability or general scope of the provisions of this Schedule, Envestnet
states that it has implemented and regularly evaluates the effectiveness of
security precautions at the India Location to ensure the confidentiality,
availability and integrity of Fidelity Confidential Information, including the
control of materials and information that can be removed from the India Location
by Personnel. [***                                                              
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        
                                         
                                         
                                         
                                         
                                        ]. Envestnet shall promptly notify
Fidelity if the Services are provided from the Secondary India Location. None of
the restrictions set forth in this clause (iv) may be waived or consented to by
Fidelity in any manner other than in the form of a written amendment to this
Agreement that is set signed by an authorized signatory for Envestnet and
Fidelity;

(v) if any activities described in the previous clauses (iii) and (iv) are
approved by Fidelity, maintain an inventory of the third parties and/or
locations outside of Envestnet’s premises that store or replicate any Fidelity
Confidential Information, the third parties that receive or receive access to
Fidelity Confidential Information, the purpose for storing, replicating,
providing or providing access to such Fidelity Confidential Information, the
manner in which such Fidelity Confidential Information was transmitted or
otherwise provided to such third party, the transmission and
encryption/protection method or protocol (where applicable) used in transmitting
or otherwise providing such Fidelity Confidential Information, a description of
the Fidelity Confidential Information that was transmitted or otherwise provided
to such third party, the name of the Fidelity employee that approved such
arrangement and the date such approval was obtained;

(vi) when erasing or destroying Fidelity Confidential Information, employ data
destruction procedures that meet or exceed the Department of Defense Standard
for Secure Data Sanitization (DOD 5220.22M);

(vii) follow the Fidelity Supplier Information Protection Guidelines set forth
below, including those pertaining to encryption, when transmitting or
transporting Fidelity Confidential Information;

(viii) use hard drive encryption for all laptops on which any Fidelity
Confidential Information is stored or that are used by Envestnet’s personnel to
access any Fidelity Confidential Information, and such encryption shall be in
accordance with the Fidelity Supplier Information Protection Guidelines set
forth below;

(ix) maintain up to date malware detection and prevention on Envestnet’s servers
and/or end user platforms, including virtual machine implementations, that
transmit, access, process or store Fidelity Confidential Information;

(x) maintain a hardened Internet perimeter and secure infrastructure using
firewalls, antivirus, anti-malware, intrusion prevention/detection systems, and
other protection technologies as is commercially reasonable;

(xi) implement regular patch management and system maintenance for all of
Envestnet’s systems including virtual machine implementations, that transmit,
access, process or store Fidelity Confidential Information;

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

36



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

(xii) for production environments that make use of virtualized infrastructure to
transmit, process or store Fidelity Confidential Information, implement and
maintain security measures consistent with the then-current version of the
United States Department of Commerce’s National Institute of Standards and
Technology Special Publication 800-125 “Guide to Security for Full
Virtualization Technologies” document, including, without limitation, the
following security measures:

 

  (a) [***                                                                     
                                         
                                                                    ];

 

  (b) [***                                                                     
                                         
                                                                    ];

 

  (c) Management policies and procedures for securely handling virtual images
and snapshots; such policies and procedures shall address at a minimum, the
creation, transmission, storage, integrity of images, and associated access
controls; and

 

  (d) [***                                                                     
                                         
                                                                        
                                         
                                         
                                         
                                                                  
                                         
                                         
                                         
                                                      ]; and

(xiii) upon request, provide details on how Fidelity’s Confidential Information
is segregated and protected from Envestnet’s other client data, if deployed in a
multi-tenant or multi-customer environment.

4.8. Access Control. Envestnet shall:

(i) enforce best practices for user authentication; if passwords are used to
authenticate individuals or automated processes accessing Fidelity Confidential
Information, such passwords will comply with the current best practices for
password usage, creation, storage, and protection. (Refer to the Fidelity
Supplier Information Protection Guidelines below).

(ii) ensure that user IDs are unique to individuals and are not shared;

(iii) assign access rights based upon the sensitivity of Fidelity Confidential
Information, the individual’s job requirements, and the individual’s “need to
know” for the specific Fidelity Confidential Information;

(iv) review the access rights of Envestnet’s personnel (including Contractors)
at least annually to ensure need-to-know restrictions are kept current;

(v) regularly review reports of user entry into Envestnet’s facilities housing
Fidelity Confidential Information; and

(vi) not leave Fidelity Confidential Information unattended on desktops,
printers or elsewhere in an unsecure manner in Envestnet’s facilities.

4.9. Application Development; Vulnerability Scans and Penetration Tests.
Envestnet shall:

(i) implement a secure development methodology that incorporates security
throughout the development lifecycle;

(ii) develop and enforce secure coding standards;

(iii) perform secure code reviews using automated scanning tools for all
externally-facing applications and for any software developed by Envestnet (or a
Contractor) and delivered to Fidelity;

(iv) commencing as of the first calendar quarter of 2012, perform vulnerability
scans at least once each quarter for all externally-facing applications that
receive, access, process or store Fidelity Confidential Information; upon
request by Fidelity, Envestnet shall confirm in writing that Envestnet has
successfully performed such vulnerability scans and provide Fidelity with the
results; Fidelity shall have the right to perform vulnerability scans of these
applications in

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

37



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Fidelity’s escrow environment at least once each quarter at Fidelity’s expense;
and Envestnet shall correct all material issues discovered in the course of the
vulnerability scans conducted by or on behalf of Envestnet or Fidelity within
thirty (30) days or, if such issue(s) can not be corrected within such thirty
(30) day period, within a period of time mutually agreed to by Envestnet and
Fidelity; and

(v) perform penetration tests at least once each year for all externally-facing
applications that receive, access, process or store Fidelity Sensitive
Information; such penetration tests shall be conducted by a reputable
independent third-party; upon request by Fidelity, Envestnet shall confirm in
writing that Envestnet has successfully performed such penetration tests; and
Envestnet shall correct all material issues discovered in the course of such
penetration tests conducted by or on behalf of Envestnet within thirty (30) days
or, if such issue(s) can not be corrected within such thirty (30) day period,
within a period of time mutually agreed to by Envestnet and Fidelity.

4.10. Contractors. Envestnet shall:

(i) take reasonable steps to select and maintain Contractors that are capable of
maintaining security measures to protect Fidelity Confidential Information in
accordance with applicable laws and regulations and in a manner no less
protective than the requirements set forth in this Agreement, including this
Schedule; and maintain with each such Contractor a written contract requiring
such Contractor, by contract, to implement and maintain such security measures;

(ii) not provide to any Contractor, or allow any Contractor to access, process,
store, view or otherwise interact with, any Fidelity Confidential Information
without obtaining the prior written consent of Fidelity;

(iii) not use, in connection with this Fidelity Confidential Information, any
software or service provided by a third party where such software or service
(a) is deployed by such third party acting as an application service provider
(or similar), (b) is a “software as a service” offering (or similar), or
(c) involves the use of “cloud computing” or “cloud services” (or similar)
without obtaining the prior written consent of Fidelity;

(iv) be responsible to Fidelity for all acts and omissions of any Contractor,
including any failure by a Contractor to comply with the provisions of this
Agreement, including this Schedule;

(v) perform an annual security review of each Contractor; such security review
shall include a review of the Contractor’s physical and logical controls, and
information security policies and practices. In addition, Envestnet shall
cooperate in obtaining the agreement of each Contractor to allow Fidelity to
perform a security review of the Contractor’s facilities, physical and logical
controls, and information security policies and practices; and

(vi) upon request by Fidelity, Envestnet shall obtain from each Contractor (or
if Fidelity's request is limited to specific Contractors, each of those specific
Contractors) the right for Fidelity to receive a copy of, or otherwise have the
ability to review, the report(s) resulting from each audit or review of such
Contractor's information security policies, practices and controls that was
conducted by an independent third party (e.g. SSAE 16 Type II audit, SAS 70 Type
II audit, ISO 27001 certification or similar),as available, within the then most
recent three years and that is relevant to the security policies, practices and
controls employed by such Contractor to protect Fidelity Confidential
Information. The parties acknowledge that there may be a circumstance that
Envestnet is unable to obtain the foregoing consent of Contractor to certain
reports and Envestnet agrees to work with Fidelity in good faith to provide
Fidelity with the necessary security assurances.

 

38



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

5. Information Security Incident Management. Envestnet shall:

(i) establish, test, and maintain an information security incident response
process that includes, among other things, processes for evidence preservation,
informing and working with law enforcement agencies, government agencies and
similar parties as appropriate, and performing forensic analyses;

(ii) notify Fidelity of any information security incident involving Fidelity
Confidential Information, including any security incident at or involving a
Contractor’s systems, hardware, equipment, devices or premises computers or
otherwise involving a Contractor’s personnel; Envestnet shall provide
notification of any such incident promptly, but in no event later than seven
(7) days (or if such incident involves Fidelity Sensitive Information, in no
event later than two (2) days) following the date Envestnet first becomes aware
of such incident; and

(iii) for each such incident, provide Fidelity with a final written notification
no later than five (5) days following Envestnet’s closure of such incident, that
includes detailed information regarding the root cause of such incident, actions
taken, and plans to prevent a similar event from occurring in the future.

6. Business Continuity Management. Envestnet shall:

(i) establish and maintain a comprehensive business continuity plan (“BCP”) that
covers the restoration of both technology and business operations in the event
of an unplanned event; the planning process for the BCP will include risk
analysis, business impact analysis, recovery strategies for different scenarios
to include geographic/regional events, pandemics, and natural disasters (e.g.,
tornado, hurricane, flooding, fire, power outage); and the BCP shall cover,
among other things, Envestnet’s operations associated with its activities under
this Agreement;

(ii) test its BCP at least annually and provide Fidelity with an annual
attestation that Envestnet successfully conducted a test of its BCP (such
attestation shall include the scope, location(s), and date(s) of the test(s));
and

(iii) allow Fidelity to review Envestnet’s BCP and the results of Envestnet’s
tests of its BCP conducted within the then most recent three (3) years.

7. Compliance. Envestnet shall:

(i) comply with the Fidelity Supplier Information Protection Guidelines set
forth below;

(ii) establish and maintain mutually agreed upon policies and practices for
records retention and data destruction applicable to the Fidelity Confidential
Information and any other information produced in the course of or otherwise
related to Envestnet’s activities under this Agreement;

(iii) establish a code of ethics and require employees to review and acknowledge
it annually (except if and to the extent prohibited by law); and

(iv) if interacting directly with individuals, develop, implement and operate in
accordance with a privacy policy (which among other things, describes the types
of information collected, how the information is used, stored and shared, any
options for an individual to “opt out” of any usage or sharing, and how an
individual may access his or her information) and disseminate or otherwise make
such privacy policy available to such individuals.

8. Follow-up Risk Management Actions. If Fidelity has previously performed a
security review of Envestnet and/or one or more of its facilities (or those of
its Contractors, as applicable), and as a result of such security review, items
of concern were identified by Fidelity, Envestnet shall (a) if it has not
already done so, cooperate with Fidelity to promptly develop a risk management
plan to remediate such items of concern, and (b) implement the actions specified
in the risk management plan no later than the corresponding date set forth in
such risk management plan.

 

39



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

The risk management plan for the most recent security review is set forth below,
or, if the plan below is blank, shall be set forth in another document prepared
and agreed to by the parties.

RISK MANAGEMENT PLAN

 

Level of Concern

  

Action Plan

  

Date

HIGH                   MEDIUM                         LOW                  

9. Identity Theft. If Envestnet processes, handles or has access to Personal
Information, Envestnet shall promptly notify Fidelity if, during the course of
Envestnet’s activities under this Agreement, Envestnet’s employees become aware
of any potential identity theft related to the individual(s) to which such
Personal Information relates.

[remainder of page intentionally left blank]

 

40



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Fidelity Supplier Information Protection Guidelines

Fidelity Information Classification and Handling Matrix

Without limiting Envestnet’s obligations as set forth in this Agreement,
including this Schedule, the table below summarizes certain specific
requirements applicable when transmitting (or transferring), storing or
destroying Fidelity Confidential Information, including Fidelity Sensitive
Information.

 

Information Classification

  

Examples

  

Transmission

  

Storage

  

Destruction

Fidelity Confidential Information other than Fidelity Sensitive Information   

Business strategies and plans;

Audit reports;

Pre-release marketing information;

Fidelity proprietary software;

Technical specifications or architectures

  

Electronic: Encrypt when transmitted over public networks or transferred outside
of Envestnet’s premises on portable media or devices or other electronic media;

 

Print: Send via courier (including overnight delivery service) or registered
mail with tracking number.

   Limit access to authorized personnel only; perform quarterly access rights
reviews. Encryption when in storage preferred.   

Electronic: Use DOD 5220.22M or equivalent procedures.

Print: Shred

Fidelity Sensitive Information   

Personal Information (including name, email, phone, mailing address, SSN, or
account number)

Personal financial information)

Personal health information

   Same as above    Limit access to authorized personnel only; perform bi-annual
access rights reviews. Encryption in storage required.*    Same as above

[***                                                                   
                                         
                                         
                                                         
                                         
                                         
                                         
                                         
                                             
                                         
                                         
                                         
                                         
                                             
                                         
                                         
                                         
                                         
                                             
                                         
                                         
                                         
                                         
                                             ]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

41



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Encryption

Set forth below are Fidelity’s current preferred encryption algorithms and
current additional acceptable encryption algorithms. Envestnet shall use one of
the preferred encryption algorithms when encrypting Fidelity Confidential
Information unless it is not reasonably feasible to do so, in which case
Envestnet shall use one of the additional acceptable encryption algorithms when
encrypting Fidelity Confidential Information.

 

Preferred Encryption Algorithms

Purpose

  

Algorithms

  

Minimum Key
Length (Bits)

Key Exchange

  

[***]

[***]

   [***]

Data Protection

  

[***]

[***]

   [***]

Hash

   [***]    [***]

HMAC

   [***]    [***]

Digital Signature

  

[***]

[***]

   [***]

Additional Acceptable Encryption Algorithms

 

Purpose

  

Algorithms

  

Minimum Key Length (Bits)

Data Protection

  

[***]

[***]

[***]

[***]

[***]

[***]

   [***]

Hash

  

[***]

[***]

   [***]

HMAC

  

[***]

[***]

   [***]

Digital Signature

  

[***][***][***]

[***][***]

[***]

   [***]

Password-based Authentication Guidelines

All passwords administered or controlled by Envestnet (or a Contractor) shall
meet the following guidelines:

 

Area

  

Guideline

Minimum password length    [***]characters Password complexity    [***], not be
easily associated with an individual or process, not found in a dictionary and
not represent a pattern. It is strongly recommended that passwords contain [***]
Maximum password lifetime    At most [***]days Minimum password history   
[***]day Protection in transit    Mandatory. Passwords must be encrypted in
transit. Protection in storage    Mandatory. Passwords must be hashed using an
approved hash algorithm (see table above).

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

42



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

EXHIBIT F

EXHIBIT F: PAYMENT ALLOCATION SCHEDULE

1. Payment Allocation Schedule: Shown below is the payment schedule (Table F-1)
and payment allocation schedule (Table F-2) for the Platform Services Fees, by
investment product type.

2. Component Services: Fidelity shall be entitled to receive any of the
component services so long as Envestnet continues to receive the fees described
under the corresponding column of the payment allocation schedule in Table F-2.

3. Maintenance Fee:

MAINTENANCE FEE

 

Year

   Maintenance Fee  

Year 1 (January 1, 2012 to December 31, 2012)

   $ [***]   

Year 2 (January 1, 2013 to December 31, 2013)

   $ [***]   

Year 3 (January 1, 2014 to December 31, 2014)

   $ [***]   

Year 4 (January 1, 2015 to December 31, 2015)

   $ [***]   

Year 5 (January 1, 2016 to March 31, 2017)

   $ [***]   

The Maintenance Fee shall be payable on a quarterly basis within thirty
(30) days of the quarter end. In the event Fidelity elects to extend the Support
Period beyond the fifth year, the applicable Maintenance Fee for the sixth year
shall be $[***], as adjusted by the US Bureau of Labor and Statistics CPI-U
(urban cities all services) starting as a reference point of January 1, 2016.
The Maintenance Fee for each successive year shall be subject to a similar
adjustment on annual basis based upon the then prior year’s Maintenance Fee. A
historic version of this CPI-U index can be found at:
ftp://ftp.bls.gov/pub/special.requests/cpi/cpiai.txt.

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

43



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Pricing rates below reflect the best available rate of either existing F1
schedule minus fifteen percent or Exhibit K (MAS/MAR excluding administrative
fee) minus fifteen percent.

The following Table F-1 represents “Full Platform Fee” for the respective
Program Services.

Table F-1

 

Program/Product

   First $500K    Next $500K    Next $1MM    Next $3MM    Over $5MM    Seat
License    ($)/Per
Account    Ann.
Min.Fees

Separately Managed Accounts (SMA) / - Bundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Fixed Income SMA/Mutual Fund Choice

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

SAS Bundle 1: Equity and Balanced SMA

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

SAS Bundle 1: Fixed Income SMA/Mutual Fund Choice

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

SAS Bundle 2: Equity and Balanced SMA

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

SAS Bundle 2: Fixed Income SMA/Mutual Fund Choice

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

SMA Research

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Alternative Solutions

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Advisor-Directed UMA

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Multi-Manager Accounts Program

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

PMC MMA Portfolios II

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

44



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Program/Product

   First $500K    Next $500K    Next $1MM    Next $3MM    Over $5MM    Seat
License    ($)/Per
Account    Ann.
Min.Fees

Russell Separate Account Manager Mixes

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Strategic Advisors Mutual Fund Portfolios

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Third Party Strategist Program - Bundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Third Party Strategist Program - Unbundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet/Sigma MFW

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet PMC Strategic ETF

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet PMC Tactical ETF (Core Portfolios)

   [***                       ]    [***]    [***]    [***]

Envestnet PMC Tactical ETF (Total Return Portfolios)

   [***                       ]    [***]    [***]    [***]

PMC Select Strategic and Dynamic Portfolios (PMC Mutual Funds)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

PMC Dynamic ETF Portfolios

   [***]                [***]    [***]    [***]

Proprietary Model Management - Home Office/Sponsor-Traded Bundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

45



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Program/Product

   First $500K    Next $500K    Next $1MM    Next $3MM    Over $5MM    Seat
License    ($)/Per
Account    Ann.
Min.Fees

Proprietary Model Management - Home Office/Sponsor-Traded Unbundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Proprietary Model Management - Envestnet-Traded Models - Bundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Proprietary Model Management -Envestnet-Traded Models – Unbundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Advisor as Portfolio Manager – Bundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Advisor as Portfolio Manager – Unbundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Model Management Tools Only – License Fee

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

PMC Tax Sensitive Overlay (aka Ongoing Tax Management)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

PMC Tax Management Services (aka Tax Transition)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Socially Responsible Investments (SRI)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Time Segmented Distribution (TSD)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Retirement Outcome Advisor (ROA)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Annuities Services

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

46



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Program/Product

   First $500K    Next $500K    Next $1MM    Next $3MM    Over $5MM    Seat
License    ($)/Per
Account    Ann.
Min.Fees

Reporting & Billing Comp. Only - Asset Based

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Reporting & Billing Comp. Only - Account Based

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Reporting & Full Billing Admin. – Asset Based

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

Reporting & Full Billing Admin. – Account Based

   [***]    [***]    [***]    [***]    [***]    [***]    [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

47



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Table F-2

 

Investment Product Type

   Technology    Hosting    Due
Diligence    Platform &
Account
Services    Trade
Admin    Sales/
Wholesaling    Client
Support

Separately Managed Accounts (SMA) / - Bundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Fixed Income SMA/Mutual Fund Choice

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

SAS Bundle 1 & 2: Equity and Balanced SMA

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

SAS Bundle 1 & 2: Fixed Income SMA/Mutual Fund Choice

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

SMA Research

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Alternative Solutions (MFC as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

UMA/MMA Programs

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Strategic Advisors Mutual Fund Portfolios

(FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Third Party Strategist Program – Bundled & Unbundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet/Sigma MFW (FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet PMC Strategic ETF (FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet PMC Tactical ETF (Core Portfolios)

(FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Envestnet PMC Tactical ETF (Total Return Portfolios) (FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

PMC Select Strategic and Dynamic Portfolios (PMC Mutual Funds)

(FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

48



--------------------------------------------------------------------------------

Confidential Treatment Requested

 

Investment Product Type

   Technology    Hosting    Due
Diligence    Platform &
Account
Services    Trade
Admin    Sales/
Wholesaling    Client
Support

PMC Dynamic ETF Portfolios

(FSP as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Proprietary Model Management—Home Office/Sponsor-Traded Bundled & Unbundled

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Proprietary Model Management—Envestnet-Traded Models – Bundled & Unbundled

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Advisor as Portfolio Manager – Bundled & Unbundled

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

PMC Tax Sensitive Overlay (aka Ongoing Tax Management) and PMC Tax Management
Services (aka Tax Transition) (APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Socially Responsible Investments (SRI)

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Time Segmented Distribution (TSD) and Retirement Outcome Advisor (ROA)

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Annuities Services

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Reporting & Billing Comp. Only—Asset Based

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Reporting & Full Billing Admin. – Asset Based

(APM as proxy)

   [***]    [***]    [***]    [***]    [***]    [***]    [***]

Technology Fee (for all product types when Envestnet does not provide Hosting
Services)

   [***]                  

 

[***] Certain information has been omitted and filed separately with the
Commission. Confidential treatment has been requested with respect to the
omitted portions.

 

49