Alliance Lite2 Agreement

This Alliance Lite2 Agreement ("AllianceLite2 Agreement") is subject to and incorporates by reference the provisions of the Terms and Conditions For Online Cloud Services (the "Terms"). Capitalized terms not otherwise defined in this AllianceLite2 Agreement will have the meanings set forth in the Terms.

I. BACKGROUND

Customer uses the SaaS Services, through which it manages and deals with all or part of its cash flow operations, payments, collections and communication with banks. Customer wishes to have access to Kyriba's integrated offering based on Society for Worldwide Financial Telecommunication SCRL's ("SWIFT") Alliance Lite2 solution (the "Alliance Lite2 Services").

II. CUSTOMER'S REPRESENTATIONS AND WARRANTIES

Customer represents and warrants that it has read, understands and accepts the "Shared Infrastructure Programme - Terms and Conditions," "BIC Policy," and "SWIFT General Terms and Conditions" documents published by SWIFT (collectively, the "SWIFT Documentations"), SWIFT order form (the "Order Form") attached hereto as Appendix 1 and incorporated by reference, and SWIFT Policy for ASP Customers (the "Customer Policy") attached hereto as Appendix 2 and incorporated by reference. The SWIFT Documentations are available on the SWIFT website (www.swift.com). Customer further represents and warrants that (i) it is and remains a duly registered SWIFT user, (ii) it shall comply with all rules and obligations established by SWIFT that are applicable to registered SWIFT users, (iii) it shall use the AllianceLite2 Services in accordance with the SWIFT Documentations, as may be amended from time to time by SWIFT; (iv) it grants to Kyriba all necessary authority and capacity to represent Customer in connection with any communications or matters with SWIFT regarding the AllianceLite2 Services; and (v) it shall sign, complete and return to Kyriba copies of the Order Form and the Customer Policy.

The parties acknowledge and agree that the performance of this Alliance Lite2 Agreement is subject to the SWIFT Documentations, Order Form, and Customer Policy. The parties acknowledge that modifications to the technical parameters and the electronic mail services may be requested by SWIFT. The parties therefore undertake to work together in good faith and in a reasonable manner before any modification is implemented. Customer has obtained the approval from SWIFT to enter into this Alliance Lite2 Agreement.

III. CONTENT OF THE OFFER

The Alliance Lite2 Services include: Access to SWIFTNET (SWIFT's advanced IP-based messaging platform) for Corporate Network for purpose of transmitting supported bank messages via Kyriba's Alliance Lite 2 Gateway.

IV. FEES SETTING

KYRIBA shall bill to Customer fees that are invoiced to KYRIBA by SWIFT, which include:

• One-Time Setup fee, which shall be paid upfront after signature and will be set forth in the applicable Order Schedule
• Monthly Recurring fee, for use of the Alliance Lite2 Services as set forth in the applicable Order Schedule and the Alliance Lite2 Terms
• SWIFTNet Traffic Costs, based upon SWIFTNet transaction volume measured and calculated by SWIFT.

Customer acknowledges, understands and agrees that these rates are managed by SWIFT and are subject to change.

V. FORCE MAJEURE

Except with respect to payment obligations under this Alliance Lite2 Agreement, in no event shall any party be responsible or liable due to delays or failure in the supply of the Alliance Lite2 Services due to a force majeure event, under the definition normally retained in case law by the courts having jurisdiction, and in particular, due to any unavoidable event which is external to the parties, for example:

• failure in electricity supply,
• administrative or legislative interventions,
• technical, administrative or other contingencies regarding the transmission lines and networks,
• war or threats of war, terrorism, sabotage, riots, external strikes, fires, floods,
• Internet disturbances or delays or failures due to Internet access connections,
• any failure by SWIFT.

In such a case, each of the parties shall, as soon as possible, inform the other party of a Force Majeure Event and cooperate in good faith to propose a workaround.

VI. SUSPENSION OF THE SERVICE IN EXCEPTIONAL CASES

In order to maintain the security and integrity of the systems, Customer agrees that KYRIBA may, in exceptional cases, suspend performance of the Alliance Lite2 Services upon notice to Customer to the extent such notice is commercially feasible. By "exceptional cases", the parties refer, in particular but not limited to, discontinuation by SWIFT of Alliance Lite2 solution, bankruptcy, moratorium, receivership, liquidation of any kind of composition between the debtor and creditor, or any circumstances likely to affect substantially one party's ability to carry out its obligations under this Alliance Lite2 Agreement, loss of Kyriba of its SWIFT Partner status, loss by Kyriba of its application certification in accordance with the SWIFT Certified Application Programme, and acts of piracy or illegal, fraudulent or malicious acts.

Should performance of the Alliance Lite2 Services remain suspended 30 calendar days after notification of such suspension, this Alliance Lite2 Agreement may be terminated by the affected party by way of a recorded delivery letter, with acknowledgement of receipt, sent by the affected party to the other party.

VII. SETTLEMENT OF INCIDENTS

Should any failure be noticed in the technical functioning, each of the parties undertakes to inform the other as soon as possible, to facilitate research into its causes, and to work with the other party in order to remedy the issue.

VIII. INTEGRALITY OF THE AGREEMENT AND APPENDIXES

This Alliance Lite2 Agreement, including Appendixes 1 through 2, and the Terms constitute the parties' full and exclusive agreement with respect to the subject matter hereof. Any amendment shall only be made upon a written instrument duly signed by the parties, unless otherwise provided in the appendixes.

Appendix 1 – Alliance Lite2 Order Form

Important: Your order is subject to the acceptance of your separate application as a new SWIFT User in accordance with SWIFT General Membership Rules.

Company information

Order and Service Subscription

Preferred Implementation date (DD-MM-YYYY): ……………………………………
Swift Quotation reference: ………………………………………… (to be filled by Kyriba)

Select the SWIFT messaging service(s) that you want to subscribe to:

• ☒ FIN    ☒ FileAct
• ☒ FileAct
• ☐ SCORE (SWIFT Standardized Corporate Environment) – ☐ MA-CUG

Recommendation letter is mandatory if your company is not listed.

Implementation team contact information

By completing and signing this form, the Company identified above acknowledges and agrees that:

• The selected messaging services are used in accordance with SWIFT General Terms and Conditions
• SWIFT processes any personal data provided in connection with this form in accordance with the SWIFT Personal Data Protection Policy (available on www.swift.com > About SWIFT > Legal > Compliance > Data Protection Policies).
• SWIFT will process any personal data you provide according to the SWIFT Privacy Statement.
• The provision and use of Alliance Lite2 (live service) are governed by SWIFT General Terms and Conditions and the related service description (available on www.swift.com).

Customer Signature

The undersigned declares to have full capacity and authority to execute this form for and on behalf of the company identified above.

Appendix 2 – Policy for End Users – Lite2 for Business Applications

AL2 agreement v7AUG18

Introduction

SWIFT is active in the field of secure messaging services, and offers various services and products supporting communications between its customers worldwide.

The Cloud Application Provider supplies a cloud application to its customers (hereafter referred to as 'End Users') and has opted to include SWIFT messaging services in that offer.

SWIFT has developed a new cloud-based service: Alliance Lite2 for Cloud Applications (abbreviated hereafter 'Lite2 for Cloud Applications') – that provides easy, secure and low cost access to SWIFT messaging for the End Users. Those End Users would apply to become SWIFT users.

Purpose of the document

This document sets out SWIFT's policy with respect to a SWIFT user that wants to use SWIFT's messaging service via a Cloud Application Provider ('Application Provider'). To that end, SWIFT users will rely on the Application Provider using the 'Lite2 for Cloud Applications' solution.

The Policy for End Users forms an integral part of the contractual arrangements between SWIFT and its users. It must be read along with any other specific terms and conditions relating to the provision of other relevant SWIFT services and products, as specified elsewhere in the relevant SWIFT contractual documentation.

Audience

This document is intended for the following audience:

• SWIFT users that want to understand the policy that governs the use of an Application Provider.
• Application Providers on Lite2.

This Policy will be available under SWIFT.com and may be amended from time to time by SWIFT.

SWIFT-defined terms

In the context of SWIFT documentation, certain terms have a specific meaning. These terms are called SWIFT-defined terms (for example, customer, user, or SWIFT services and products). The definitions of SWIFT-defined terms appear in the SWIFT Glossary.

Related documentation

• Partners Terms and Conditions
• SWIFT General Terms and Conditions
• SWIFT Corporate Rules
• SWIFT By-laws
• SWIFT Personal Data Protection Policy

The Lite2 for Cloud Applications Solution

1.1 Overview

High level of security and resilience

As a general principle, the Lite2 for Cloud Applications Programme is designed to maintain a high level of security and resilience around the provision of SWIFT's messaging services in the event that SWIFT users decide to use an Application Provider.

In that respect, this Programme includes legal and financial eligibility criteria as well as a SWIFT certification of the Application. Details on the eligibility criteria and certification process can be found under the Partner Programme on SWIFT.com or upon request to SWIFT.

1.2 General Principles

Definition of an Application Provider

An Application Provider is an organisation that has been admitted under the SWIFT Partner Programme and related documentation as authorised to provide messaging services on the SWIFT network through the Lite2 for Cloud Applications solution.

Benefiting from security features

The Application Provider is not entitled to use for its own benefit the security features allocated to its End Users, except when performing testing on an isolated test bed environment and with the End User's consent.

1.3 End User's Roles and Responsibilities

Responsibility to connect through the Application Provider

End Users that decide to connect through an application service provider shall do it under their own responsibility. SWIFT disclaims any liability for the acts, faults, or omissions of the Application Provider.

SWIFT encourages all users considering to use the Application to undertake all due diligence that they believe is necessary.

An End User that leaves, or changes its Application must inform promptly SWIFT with, to the extent possible, at least three months advance notice of its intention to do so. If an End User decides to use several Application Providers, it will have to order separate BICs to be associated with the respective Application Providers.

Removal of an Application Provider

In the exceptional case that SWIFT would remove an Application Provider from its Lite2 for Cloud Applications Programme, SWIFT will use all commercially reasonable efforts to notify the impacted SWIFT users at least three months in advance (or, in an emergency, as much advance notice as possible) of the removal of its Application Provider from the Lite2 for Cloud Applications Programme. Such a removal does not affect the End User's right to continue to use Alliance Lite2 to send messages directly with SWIFT, i.e. without going through the Application. In due time, the invoice for the SWIFT related fees will then be sent to the End User directly instead of the Application Provider.

Removal of an End User by an Application Provider

End Users understand and agree that their Application Provider may terminate their appointment to service them, by, to the extent possible, notifying the terminated End User and SWIFT at least three months in advance.

Other End User responsibilities

The Application Provider will in principle represent its End Users towards SWIFT. The Application Provider acknowledges and agrees to keep its End Users informed of all acts, orders, and subscriptions performed for them or on their behalf, and advises them of the terms and conditions applicable to them as a result thereof. However, SWIFT remains the direct contact towards its End Users for any matter related to SWIFT usership/membership.

An End User must ensure that the scope of rights that it grants to its Application Provider in respect of SWIFT Alliance Lite 2 and related services and products is aligned with SWIFT applicable documentation. Also an End User that decides to use the Application must ensure that its selected Application Provider is bound by no less stringent obligations than those incumbent upon the End User under its contractual arrangements with SWIFT.

An End User remains responsible to SWIFT for due performance and observance by its Application Provider of those of its obligations it may decide to sub-contract to it. In particular, a failure by the Application Provider selected by its End User to comply with these obligations may result in the suspension or the termination of the End User's access to and use of the SWIFT services and products through such Application Provider.

In particular, the End Users have the following responsibilities:

• Control how the Application Provider manages access to, and the use of, the SWIFT messaging services and, in particular, ensure that all security features allocated to the End User to secure its access and use of the SWIFT messaging services are securely operated and kept safe to prevent any unauthorised access to or use of the SWIFT messaging services.
• Ensure that the Application Provider maintains and documents an acceptable level of security standards for message confidentiality, integrity, and systems availability.
• Ensure that the Application Provider is bound by no less stringent obligations of confidence than those applicable to it as a SWIFT user in respect of information related to SWIFT services or, more generally, SWIFT operation.
• Select and use an Application Provider which has a certified Application at all times.
• Ensure all traffic that is intended to go to the SWIFT messaging services is processed by the Application Provider accordingly.

An End User's responsibility for all messages sent and received

To avoid any doubt, End Users as identified on SWIFT through their own BIC remain fully responsible for all messages sent or received by them through an Application Provider. In particular, SWIFT users recognize that the delivery of a message to the SWIFT Alliance Lite 2 operated by an Application Provider is considered to be a delivery of that message to them.

Use of an Application Provider does not affect the responsibility of the End User for all messages emanating from the End User and identified by the BIC8 of the End User.

End Users also acknowledge that the types of SWIFT messages that can be sent through an Application Provider are limited and depend on the certified Application. The list of authorised SWIFT message types are made available to the End Users by SWIFT or the Application Provider upon request.

The End Users have also the option to send messages on Alliance Lite2 directly to SWIFT when not using the certified Application.

End Users acknowledge that should they send or receive any SWIFT messages, whether of a type authorized in connection with the certified Application or otherwise, the Application Provider will have access to such messages, except to the extent SWIFT has agreed with End User to implement (and has implemented) customised set-ups and/or configurations with respect to the messages in question.

Confidential information

Users agree that SWIFT may share their confidential information with their Application Provider and that the Application Provider can also share such information with SWIFT, for the execution of its contractual obligations and for legitimate purposes, such as provisioning, support, operational, or reporting purposes or in order to market any SWIFT products or services that could meet the needs of the End Users.

1.4 Application Provider Requirements

1.4.1 Requirements Relevant to Users

Registering with SWIFT

Any organisation willing to operate as an Application Provider within the scope of the SWIFT Lite2 for Cloud Applications Programme, and meeting the respective eligibility criteria must first register with SWIFT.

All registered Application Providers, including those that are also SWIFT End Users, must comply with the Partner Programme – Terms and Conditions (as a Registered Provider) and the additional Application Provider operational requirements.

Service level agreement implementation

The Application Provider must provide the End Users with a service level agreement based on the Lite2 for Cloud Applications Programme (operational requirements issued and amended by SWIFT from time to time).

While, in principle, the Application Provider will be the prime contact for its End Users on the use of SWIFT and is expected to be able to deal with questions or issues raised by its End Users in connection with their use of the selected SWIFT services and products, a SWIFT user may still contact SWIFT directly and SWIFT may still have direct communication with them, as appropriate, on SWIFT usership/membership and on the other SWIFT services and products.

As indicated above, with respect to the predefined set of SWIFT products and services, the Application Provider will be the main channel of communication to the End User but the Application Provider acknowledges that in exceptional circumstances, SWIFT can still communicate directly with its SWIFT users.

Centralized Billing

For those End Users of an Application Provider that has agreed with SWIFT that Application Provider will provide Centralized Billing whereby Application Provider will be invoiced, and make payment, for SWIFT services and products used by its End Users, the following paragraph applies:

For a predefined set of SWIFT products and services that will be offered by the Application Provider to its End Users and ordered by the Application Provider on behalf of its End Users, SWIFT will invoice the Application Provider, and the Application Provider will pay all fees and charges due for the use of these SWIFT services and products by the End Users. In such case, the Application Provider will act as an intermediary in the sense of article 28 of the EU VAT directive. If the Application Provider does not pay all such fees and charges in a timely manner, then SWIFT is entitled to suspend or terminate the provision of SWIFT services and products to the End Users concerned.

End User Confirmation

We confirm our agreement with the 'Policy for End Users':