EX-10.20

EX-10.20 6 d204847dex1020.htm EX-10.20 EX-10.20

Exhibit 10.20

CREDIT CARD SERVICES AGREEMENT

This Credit Card Services Agreement is made by and between Beneficial State Bank, a California state-chartered bank (“Bank”) and Aspiration Card Services, LLC, a Delaware corporation (“Company”). Bank and Company are hereinafter at times referred to singularly as a “Party” and collectively as the “Parties.” The Agreement is effective on the date the last Party signs the Agreement (the “Effective Date”).

RECITALS

WHEREAS, Bank is a member of the Card Association and is in the business of issuing Cards and establishing Settlement Accounts for the Settlement of Card transactions;

WHEREAS, Bank desires that Company provide services in support of the Program as further described in this Agreement; and

WHEREAS, Company desires to provide such services in support of the Program on the terms and conditions set forth in this Agreement.

AGREEMENT

NOW, THEREFORE, in consideration of the foregoing and the terms, conditions and mutual covenants and agreements herein contained, and for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Bank and Company mutually agree as follows:

1. Definitions. Capitalized terms used in the Agreement will have the meanings set forth in Schedule A, unless defined elsewhere in the Agreement.

2. General Terms. Following the Effective Date of this Agreement, the Parties agree to launch the Program on the terms and conditions otherwise provided for in this Agreement and as further described in Schedule B.

(a) General. Bank and Company hereby each acknowledge and agree that: (i) except as otherwise expressly provided in this Agreement and without modifying Company’s liability for the operation of its services as set forth in this Agreement, Bank shall have full control and continued oversight over the Program, including without limitation all policies, activities and decisions with respect to the Program; and (ii) the Bank Card Services offered under the Program pursuant to this Agreement are products of Bank. Company recognizes and acknowledges that, except as otherwise expressly provided in this Agreement, Bank shall retain decisional authority and control over the Program in all material respects, and that Company shall not implement any changes to any aspect of the Program except as expressly stated herein. Except as otherwise provided in this Agreement, Bank shall have the final determination as to any changes that may be required or advisable with respect to the Program. At all times and without reducing or otherwise modifying or limiting any terms of this Agreement, Bank shall (and shall have the right to) supervise, oversee, monitor and review Company’s (and Company’s Critical Subcontractor’s) performance of services hereunder and the results of the Program developed and implemented jointly with Company. Such activities may include the following: (i) Bank may review reports and

financials from the Program (including any problems, losses or complaints, and any changes or modifications that may be necessary to ensure the viability of the Program) provided to it in the form, format and frequency reasonably required by Bank; (ii) Company shall provide to Bank trainings provided to its employees and Company Subcontractors concerning compliance with Applicable Law, Compliance Policies and this Agreement; such training shall include, but is not limited to, training on Cards, products and services offered hereunder and relevant law that may apply to the marketing, solicitation, and customer service activities instituted on behalf of Bank hereunder; and (iii) Company will review and update the training material on an annual basis and will ensure that its employees, representatives, contractors, agents and Company Subcontractors receive annual training.

(b) Appointment of Company as Service Provider. Bank hereby appoints Company as Bank’s non-exclusive service provider for the sole and limited purposes of (i) developing and marketing Programs and Bank Card Services; (ii) providing Company Card Services; and (iii) performing any other services required by this Agreement or otherwise required to support the Program in compliance with Applicable Law and Compliance Policies.

(i) This Agreement sets forth the general terms and conditions applicable to the Program in effect during the Term. Company agrees to cooperate with Bank to provide the Bank Card Services under any Program contemplated hereunder. If, following a change to Applicable Law or a material change in the risk profile of the Program, Bank determines that the Program no longer complies with Applicable Law, Compliance Policies or safe and sound banking practices, Bank will notify Company and the Parties shall meet to discuss the required changes to the Program. Pursuant to Bank’s instruction, Company will make the required modifications to the Program by the date mutually agreed upon or any other date mandated by the relevant Regulatory Authority or Card Association in accordance with the change in Applicable Law. Nothing in this section shall be construed to limit the Parties’ obligations or termination rights under Section 27.

(ii) Company may propose amendments to the Program. Bank may accept or reject, provide feedback or request additional time to review such amendment proposals. Company shall be responsible for all reasonable out-of-pocket costs and expenses (including Bank’s attorney fees) that may be incurred by Bank in connection with any review requested by or changes suggested by Company and approved by Bank.

(iii) In the event Company desires to establish a new Program after the Effective Date, Company will submit a business case substantially in the form required by Bank (“Program Proposal”) to Bank for its approval, which Program Proposal will describe, among other things, the structure, operation and purpose of the Program, the proposed fees for the Program, the types of prospective Cardholders that will participate in the Program, the proposed Bank Card Services to be offered in connection with the Program, the end date of the Program (if any), other details sufficient to permit Bank to evaluate whether the Program Proposal complies with Applicable Law, Bank Policies, and the terms of this Agreement, and any other information and documentation requested by Bank. Company shall ensure that each Program Proposal (and products or services offered thereunder) is consistent and complies with Applicable Law,

Bank Policies, and the terms of this Agreement (“Program Criteria”). Bank will provide notice to Company of its acceptance or rejection of each such Program Proposal; such notice shall include any feedback Bank deems appropriate. To the extent permitted by Bank, Company shall revise such Program Proposal to conform to the Program Criteria and to address any comments or concerns raised by Bank during its review. Upon the determination by Bank, in its sole and absolute discretion, that a Program Proposal satisfies the Program Criteria and Bank’s risk and underwriting requirements and addresses the comments and concerns raised by its review, Bank shall approve a Program Proposal. Approval of any Program Proposal shall be in writing and provided by an authorized representative of Bank.

3. Marketing Materials; Card Production.

(a) Company shall, at its sole expense: (i) develop proposed Marketing Materials; and (ii) promote and market Cards and the Program to prospective customers and Cardholders through Marketing Activities approved by Bank using Marketing Materials. All Marketing Materials must be developed in accordance and comply with Applicable Law and Compliance Policies, and approved in advance by Bank in writing prior to distribution, and all Marketing Activities must be performed in compliance with Applicable Law, this Agreement and Compliance Policies and are subject to Bank’s review and approval. Bank may review Company’s compliance with the foregoing at any time, subject to the provisions of Section 26(e). Company desires that Bank reviews and either approves or rejects all Marketing Materials within one (1) Business Day of receipt. Notwithstanding, Bank shall use best efforts to review and approve or reject any new Marketing Materials and Marketing Activities within: (i) for direct mail Marketing Materials, three (3) Business Days after Bank’s receipt of such Marketing Materials; and (ii) for all other Marketing Materials or Marketing Activities, five (5) Business Days after Bank’s receipt of such Marketing Materials or Marketing Activities; provided, however, the Parties shall meet in good faith to determine appropriate timing requirements for Marketing Material review and approval by Bank on or about the ninetieth (90^th) day anniversary of the Effective Date. In the event Bank rejects any Marketing Materials or Marketing Activities, it shall provide an explanation of such rejection to Company. Notwithstanding any timeframes set forth in this Section 3(a), Bank may require additional time for review and approval if Bank determines, in its sole discretion, that Card Association review or approval is required or if it requires additional time for review. Bank shall notify Company of the need for Card Association review or approval and shall periodically inform Company of the status of the Card Association review or approval. Bank shall be identified on all Marketing Materials for Cards and the Program contemplated by this Agreement. Notwithstanding any timeframes set forth herein, Marketing Materials and Marketing Activities will be considered approved and authorized by Bank once such approval and authorization are clearly communicated by Bank in writing, provided that Bank does not subsequently revoke its approval pursuant to the terms of this Agreement. The Parties further agree to establish guidelines and parameters for Marketing Materials and Marketing Activities, and Company shall ensure that all Marketing Materials and Marketing Activities comport with such guidelines and parameters.

(b) Bank, a Regulatory Authority or a Card Association may require amendments to any Marketing Materials or Marketing Activities from time to time in order to comply with Applicable Law or for any other purpose. Company agrees that if Bank determines, in its sole discretion, that the Marketing Materials or Marketing Activities do not meet Bank’s directions, risk tolerance or Compliance Policies or that the Marketing Materials or Marketing

Activities are reasonably likely to violate or actually violate any Applicable Law or Compliance Policies or otherwise pose reputational, compliance, financial or safety or soundness risk to Bank, Cardholder, or Card Association, Bank may direct Company to suspend the Marketing Materials or Marketing Activities, as the case may be, for the Program until such time as Company can amend the Marketing Materials or Marketing Activities, as the case may be, to comply with Applicable Law or Compliance Policies or otherwise resolve any such risk, as determined by Bank. Unless such changes are required sooner by Applicable Law or a Regulatory Authority, upon Company’s receipt of written notice from Bank of any changes to the Marketing Materials or Marketing Activities or a determination that any Marketing Materials or Marketing Activities are no longer authorized, Company shall implement such change or determination as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Applicable Law or a Regulatory Authority) from Company’s receipt of notice of such change or determination. Company may object to such written direction by providing written notice to Bank within three (3) Business Days of receipt of such written direction setting forth its good faith reasons for such objection. Under such circumstances, the written direction shall be considered a Dispute and be resolved in accordance with the procedures set forth in Section 34(c)(i) of this Agreement. If the Parties are unable to reach an agreement to such Dispute within ten (10) Business Days after the initiation of the Dispute, Company shall comply with Bank’s instructions to cease use of or withdraw the Marketing Materials. Notwithstanding, Company will immediately withdraw and cease use of the Marketing Materials if Bank is required or mandated by any court of law or by any Regulatory Authority or Card Association to cease use of or to modify the Marketing Materials.

(c) Without limiting the terms of this Section 3, Company shall ensure it and its Company’s Subcontractors comply with all provisions herein and that it provides all Disclosure Materials to Cardholders, Applicants and any other Persons required by Applicable Law or Compliance Policies. “Disclosure Materials” means Bank Program Materials and Company Program Materials. Bank shall be responsible for the development of Bank Program Materials, and Company shall be responsible for the development of Company Program Materials and the production and distribution of Disclosure Materials, all in accordance with Applicable Law and Compliance Policies.

(d) After approval of Marketing Materials or Marketing Activities pursuant to the terms herein, and subject to the terms set forth herein, Company may use such forms of Marketing Materials and Marketing Activities, and need not seek further approval for use of such forms unless there is: (i) a Substantive Change in the Marketing Materials or Marketing Activities, or (ii) a new offering to be included in the Marketing Materials (each of the events in clauses (i) and (ii), a “Qualifying Change”). In the event of a Qualifying Change, Company shall submit such forms of Marketing Materials and Marketing Activities to Bank for review and approval.

(e) Changes to Disclosure Materials may be made upon the request of Company subject to the prior written consent of Bank, which consent shall not be unreasonably withheld; provided, however, that Bank may change the Disclosure Materials or determine that any Disclosure Materials are no longer authorized upon written notice to Company. Unless such changes are required sooner by Applicable Law or a Regulatory Authority, upon Company’s receipt of written notice from Bank of any changes to the Disclosure Materials or a determination that any Disclosure Materials are no longer authorized, Company shall implement such change or determination as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Applicable Law or a Regulatory Authority) from Company’s receipt of notice of such change or determination.

(f) Company shall, at its sole expense: (i) develop proposed Card designs (and shall ensure such designs do not violate the intellectual property rights of any third party); (ii) be responsible for the printing, producing, storing, maintaining, and embossing of Cards and any Card carriers, all in compliance with Applicable Law and in a manner that is PCI Compliant; and (iii) develop the Application to be used in connection with the Program and ensure such Application and any sign up and application process complies with Applicable Law. Bank shall review and approve any Card designs (such approval not to be withheld absent Bank’s reasonable determination of a violation of the Card Association Rules or Applicable Law or risk to Bank’s reputation or safety or soundness) in accordance with the terms of this Agreement. All Card designs shall identify Bank as the issuer of the Card and shall include such other names, marks and disclosures as may be required to conform with Applicable Law and Compliance Policies. Company shall perform periodic compliance reviews of the Company’s websites, customer facing interface, disclosures and customer statements, any application related to the Program, including the Application, and Company Program Materials, and such review shall include a review and verification of Company’s compliance with regulatory, disclosures and marketing requirements applicable to Company and any other requirements required to ensure such websites, customer facing interface, disclosures and customer statements, Company Program Materials and any application related to the Program, including the Application, comply with Applicable Law and Compliance Policies.

4. Extensions of Credit.

(a) Subject to the terms of this Agreement and Applicable Law, Bank agrees to issue Cards and make Accounts available in connection with the Program to qualifying Applicants residing in any state in the United States, its territories and the District of Columbia.

(b) Company shall apply the Credit Policy to all Applications and shall ensure only Applications that satisfy the terms of the Credit Policy are approved, subject to the terms hereof. Bank may update, amend or modify the Credit Policy in its sole discretion. Immediately upon Company’s receipt of such updated, amended or modified Credit Policy, Company shall apply such updated, amended or modified Credit Policy to all Applications and shall ensure only Applications that satisfy the terms of the Credit Policy are approved, subject to the terms hereof. Notwithstanding anything to the contrary, Bank is under no obligation to establish an Account for any Applicant who does not meet the requirements of the Credit Policy and Compliance Policies, Applicable Laws, Card Association Rules or if the Applicant is determined to have violated Applicable Law, poses a compliance, reputational or financial risk to Bank, any Person or Card Associations Company shall not approve any Application if Bank rejects or declines to establish an Account. Company shall (or shall cause its Company Critical Subcontractor to) provide to Bank regular reporting, in a form and timing required by Bank, demonstrating compliance with the Credit Policy, including the terms of this Section 4.

5. Program Materials and Credit Policy. Bank shall develop Bank Program Materials and Credit Policy. Company shall be responsible for the production and distribution of all Bank Program Materials. Prior to the formal launch of the Program, Bank shall provide Company with Compliance Policies, which Company shall comply with in marketing, servicing, approving and managing Accounts and providing services under this Agreement, as required by the terms of this Agreement. Company shall (i) develop the Application, any website or mobile application to manage the Card or Account and any rewards terms associated with the Card and any other Company Program Materials, which must be approved by Bank; and (ii) ensure such Application, website and/or mobile application, rewards terms and Company Program Materials comply with Applicable Law. The relationship with each Cardholder under the Cardholder Agreement shall be exclusively owned by Bank. The Parties acknowledge and agree that all Company prepared materials to be provided to any Person in connection with the Program and Cardholder form communications by Company shall be subject to Bank’s prior written approval and may not be used without such approval. For the avoidance of doubt, Company shall be responsible for ensuring all materials, documentations, disclosures, communications, and terms prepared by Company comply with Applicable Law and Compliance Policies. Company may not offer any collections products or accept fees for collections services using credit cards. Excluding administrative changes, any changes to Company documentations, disclosures, communications, or terms described above must be approved in advance by Bank. Company, at its sole expense, shall be responsible for printing and distributing to Cardholders, as directed by Bank, the following: (i) the Cardholder Agreement; (ii) Disclosure Materials, including any disclosures required by Applicable Law; (iii) any amendments to the Cardholder Agreement or disclosures that are requested by Company and approved by Bank; and (iv) any amendments to the Cardholder Agreement or disclosures that Bank determines are required by Applicable Law, Compliance Policies or Regulatory Authority.

6. Reserved.

7. Account Origination, Application Processing, Servicing.

(a) As a third-party agent, third party service provider or any such similar designation (“Third-Party Servicer”) for Bank under applicable Card Association Rules, Company shall solicit Applications from Applicants and shall perform Application Processing on behalf of Bank (including retrieving credit reports, subject to the Fair Credit Reporting Act and Regulation V) to determine whether the Applicant meets the eligibility criteria set forth in the Credit Policy. As Third-Party Servicer for Bank, Company shall respond to all inquiries from Applicants and from Bank regarding the Application Processing and/or Program. Company shall conduct Application Processing for each Applicant who requests an Account and shall approve on behalf of Bank only the requests of Applicants who meet the eligibility criteria set forth in the Credit Policy. Without limiting any other provision of this Agreement, in performing its obligations under this Section 7 and its other obligations under this Agreement, Company shall comply with Applicable Law, including but not limited to the Equal Credit Opportunity Act and Regulation B. In the event Company approves an Applicant’s Application that does not comply with the terms of the Credit Policy or this Agreement, Company shall be responsible for all Losses, credit risk, and Chargebacks associated with the Card or Account of such approved Applicant.

(b) Subject to the terms of this Agreement and limits set forth in Section 4 (Extensions of Credit), Bank shall issue Cards to and establish Accounts with Applicants who meet the eligibility criteria set forth in the Credit Policy and who accept the credit offer.

(c) Pursuant to procedures mutually agreed by the Parties, Company shall deliver adverse action notices and all other notices required by Applicable Law to Applicants who do not meet Credit Policy criteria or are otherwise denied an Account under the Program. All such notices shall be delivered in form, content and timing in compliance with Applicable Law. Company shall maintain and provide to Bank, upon Bank’s request, all adverse action notices and all other notices required by Applicable Law that are provided to any Person in connection with this Agreement.

(d) Company shall deliver to Applicants and Cardholders the Cardholder Agreements, Cards, Bank’s and Company’s privacy notices and any other Disclosure Materials required to be delivered to Applicants and shall obtain appropriate and legally binding signatures or other authorization from Applicants and any third party required by Bank to extend credit on an Account and issue a Card, and take all other actions necessary for Bank to extend credit on an Account and issue a Card, all in accordance with Applicable Law and the terms of this Agreement.

(e) Company shall be responsible for providing all Company Card Services in accordance with Applicable Law, Compliance Policies and the terms of this Agreement and service-level standards agreed to between Bank and Company and in a manner that is PCI Compliant and, to the extent Section 16 (Data Security) is not in conflict with Applicable Law, consistent with the data security standards set forth in Section 16 (Data Security) of this Agreement, and shall maintain all Records related to Accounts in accordance with Applicable Law and the terms of this Agreement. Company shall ensure it performs all activities described under the Company Program Materials and any other activities it undertakes on behalf of Bank, including any services or obligations it undertakes on behalf of Bank under the Cardholder Agreement, and such performance by Company shall comply with Applicable Law and the terms of this Agreement, Cardholder Agreement (as applicable) and Company Program Materials (as applicable). The Parties shall mutually agree upon procedures for resolving Cardholder payments incorrectly received by a Party. Bank and Company will cooperate to develop procedures regarding the referral of Cardholders who contact a Party concerning a claim, complaint, dispute or request for information regarding the other Party. Bank will refer to Company any Cardholder or Applicant who contacts Bank concerning any Company Card Service or the Program for customer support; all complaints, disputes or Chargebacks received by Company must be forwarded to Bank by Company promptly but in no event later than one (1) Business Day following its receipt. Company shall be responsible for resolving any customer support issues, complaints or questions of a Cardholder or Applicant related to the Program (“Cardholder Complaint”) promptly and in compliance with Applicable Law, Compliance Policies and the terms of this Agreement. Bank shall resolve transaction disputes and Chargebacks, and Company shall timely provide Bank with all assistance required by Bank to resolve a dispute or Chargeback. Company agrees to promptly advise Bank of the results of any investigation relating to a Cardholder Complaint and provide, upon request, an audit trail of information pertinent to the matter (such information to include, but not be limited to, a copy of the Cardholder Complaint, any response provided to a Cardholder or Applicant related to the Cardholder Complaint and any other correspondence from such Cardholder or Applicant), all within any timeframes required by Applicable Law and Compliance Policies. The audit trail of information shall be sufficiently detailed to allow Bank to fully respond to a Regulatory Authority if such Regulatory Authority inquiries about a Cardholder Complaint or to otherwise allow Bank to ensure Company resolved the Cardholder Complaint in compliance with Applicable Law and Compliance Policies. Each

Party (the “Requesting Party”) agrees to promptly provide the other Party with information unavailable to such other Party which is in such other Party’s possession or control that is necessary to allow the Requesting Party to fully respond to a Cardholder Complaint or to a Regulatory Authority if such Regulatory Authority inquires about a Cardholder Complaint, provided, in the case of Company, Company is PCI Compliant. Company shall catalog and maintain copies of all Cardholder Complaints, and responses thereto for the period required by Applicable Law or such longer period as specified by Bank in a written notice to Company. Company shall provide Bank with a monthly summary of all Cardholder Complaints in the form and manner determined by or acceptable to Bank. Bank (i) shall have access at all times to pending and closed Cardholder Complaints and responses, and (ii) in Bank’s sole discretion, may audit a reasonable number of such Cardholder Complaints.

(f) Bank will collect and apply payments on Accounts in compliance with Applicable Law and the Cardholder Agreement; provided, however, Company shall obtain all necessary payment authorizations from Cardholders in accordance with Applicable Law. Payments will be made by Cardholders on Accounts by methods made available to Cardholders, as set forth in the Cardholder Agreement.

(g) Company shall perform its obligations described in this Section 7 (Account Origination, Application Processing, Servicing) and Company Card Services, and deliver any other customer communications to Applicants as necessary to carry on the Program in accordance with Applicable Law, all at Company’s own cost.

(h) In performing its obligations under this Section 7, Company will act as Bank’s Third-Party Servicer pursuant to applicable Card Association Rules. As soon as practicable after the Effective Date, Company will provide materials to Bank and Bank will apply for Card Association’s approval of Company to act as Bank’s Third-Party Servicer. Company will not commence any activities relating to the marketing or soliciting of consumers for Cards until it has received the Card Association’s approval to act as a Third-Party Servicer of Bank, and until Bank provides written approval to Company to begin any Card-related marketing or processing activities. Thereafter, Company agrees to maintain its status as Third-Party Servicer of Bank consistent with and to otherwise comply with Card Association Rules and in a manner that is consistent with the data security standards set forth in Section 16 (Data Security) of this Agreement. Upon receiving any notice from the Card Association or Bank that it is not in full compliance with Card Association Rules, Company shall cure any such non-compliance within thirty (30) days (or earlier if required by Applicable Law); provided, however, Bank in its sole discretion may allow this time period to be extended if Company has commenced such cure and is continuing to pursue such cure in good faith using commercially reasonable efforts. Company shall be liable for any Losses incurred or payable by Bank associated with Company’s failure to fully comply with Card Association Rules.

8. Card Services, Transaction Processing, Settlement.

(a) Company will perform all Company Card Services for the Program, and Bank will be responsible for all Bank Card Services for the Program. Each of Company and Bank shall be responsible for ensuring that all of its respective activities and services contemplated under this Agreement are consistent and compliant with Applicable Law.

(b) Bank, at its sole expense, shall provide for Processing Services.

(c) Bank shall be the issuer of all Cards hereunder. Subject to the terms of this Agreement, Bank shall sponsor and maintain a BIN/ICA for the Cards and will issue Cards marketed and promoted by Company pursuant to this Agreement.

(d) Bank shall be responsible for providing actual Settlement with the Card Association in accordance with Card Association Rules, and for payment of any Settlement Amount.

9. Fees. In consideration of performing their respective obligations in connection with the Program, the Parties will receive the amounts provided in Schedule C.

10. Suspicious Activities and Disclosures. Company, either directly or through a Company Subcontractor, shall promptly report to Bank any and all information necessary for or reasonably required by Bank to investigate, make a determination and be able to file a suspicious activity report (“SAR”) with the Financial Crimes Enforcement Network, and shall promptly notify Bank of any activity in connection with an application for a Card that suggests or indicates potential money laundering or other potential criminal activity, does not appear to have a valid business purpose, is not consistent with the activities expected of an Applicant or that appears to be or is fraudulent or suspicious, as contemplated by the BSA. The Parties acknowledge that the contents of a SAR and the fact that Bank has filed a SAR are strictly confidential under Applicable Law. Company further agrees to promptly provide to Bank, either directly or through a Company Subcontractor, any information it may deem necessary to resolve any complaints of fraudulent Account activity.

11. Applicable Law and Compliance Requirements.

(a) Applicable Law Requirements. Bank shall comply with all Applicable Law to the extent relating to its obligations under this Agreement. Bank, as a principal member of the Card Associations, shall support the sponsorship and registration of Company as a marketing agent or service provider of Bank with each Card Association, as applicable; provided, however, Company is eligible to be registered with each Card Association, as applicable, in accordance with Card Association Rules. Company shall comply with all Applicable Law, including all rules, orders and decrees of any Regulatory Authority with jurisdiction over Bank (even if such Regulatory Authority does not have or would not have authority over Company), and Compliance Policies.

(b) BSA/AML/OFAC Assistance. Company, either directly or through a Company Subcontractor, shall collect and promptly provide to Bank all information reasonably requested by Bank in order for Bank to satisfy its Bank Secrecy Act, anti-money laundering and Office of Foreign Assets Control (“OFAC”) compliance obligations. Company shall ensure its services and products, including its rewards program, comply with all anti-money laundering and OFAC requirements.

(c) Compliance Management System. Within ninety (90) days of the Effective Date, Company shall develop, administer and maintain a Compliance Management System that shall be approved in writing by Bank. As part of the Compliance Management System, Company shall provide to Bank quarterly compliance reports, in a form mutually agreed upon by the Parties, containing information reasonably required by Bank to ensure the Program’s compliance with Applicable Law. Within one hundred and twenty (120) days of the Effective Date and once every year thereafter, within one hundred and twenty (120) days of each anniversary date of the initial third-party review, Company shall have completed, at Company’s expense, an independent third-party review concerning Company’s compliance with Applicable Law related to the Program and Company’s compliance obligations under this Agreement. Company shall provide Bank with an advance written notice notifying Bank of the identity of its independent third-party reviewer Company has elected to use and the scope of such review. Upon such notice, and after Bank’s review, Bank shall have the right, in its reasonable discretion, to reject the use of the identified independent third-party reviewer or the scope of the review, in which case, Company shall work with Bank in reasonable and good faith effort to determine an acceptable third-party auditor and an acceptable scope of review. However, if Company has conducted an independent third-party audit review as contemplated herein in relation to another program sponsored by another financial institution, Bank will accept such audit report so long as it is sufficient in scope, including auditing Company’s compliance with the terms of this Agreement. Such review shall include but not necessarily be limited to: (i) transactional testing; (ii) risk assessment; (iii) a review of the Company’s compliance with Applicable Law; and (iv) a comprehensive review of Company’s Compliance Management System. Upon completion of said review, Company shall provide the Bank a copy of the third party’s report and address any violations of the foregoing as well as management responses and recommendations for changes provided, however, that Company agrees that it may not share the report with any other Person without such Person agreeing in writing to maintain the confidentiality of such report prior to disclosure. Company agrees to address any violations or recommendations promptly with the development and implementation of a corrective action plan by Company’s management, such corrective action plan to be approved by Bank. Company shall (and shall ensure each Company Critical Subcontractor will) provide all necessary cooperation and assistance to Bank in connection with Bank’s annual review of Company compliance program, which review shall be conducted for the purpose of determining if Company is operating in compliance with the Applicable Law and Compliance Policies regarding marketing, solicitation, customer service, and other activities of Company related to Bank’s authorized banking products or services provided to Cardholders pursuant to this Agreement.

(d) Supplemental Review. Subject to Section 11(c), unless otherwise agreed or stated in this Agreement, at the reasonable request of Bank, Company shall also engage at Company’s expense, an independent third party for the purposes of reviewing or validating actions taken in response to specific compliance issues or customer remediation related to the Program. Upon completion of said review, Company shall provide to Bank a copy of the third party’s report and promptly address any additional violations or recommendations; provided, however, that Company agrees that it may not share the report with any other Person without such Person agreeing in writing to maintain the confidentiality of such report prior to disclosure.

(e) Compliance Policies. Company agrees to maintain and enforce all Compliance Policies throughout the Term and ensure that such Compliance Policies accurately reflect obligations under Applicable Law and comply in all respects with Applicable Laws. Company shall review and, as necessary, update the Compliance Policies on at least an annual basis. All Compliance Policies shall be provided to Bank and Bank shall have the right to make reasonable changes to these policies to comply with any changes in Applicable Law, requests of a Regulatory Authority or reasonable requests to comply with best practices and changes will be made as mutually agreed upon by the Parties.

(f) Risk Assessment. Company shall conduct an annual risk assessment of its services provided under or contemplated by this Agreement. This risk assessment shall consider inherent risk, strength of controls and residual risk in areas concerning operations, regulatory compliance, and Company Subcontractors.

(g) Reporting. Company shall provide to Bank the monthly compliance monitoring reports and other reports or information in form and substance reasonably agreeable to Bank.

(h) Subject to and without limiting any other provision of or rights under this Agreement, if Company fails to provide to Bank any reports hereunder, then within five (5) Business Days of receipt of notice from Bank to Company of such failure, Company shall provide Bank with a letter from Company senior management that explains such failure and the corrective actions to remedy such failure. For the avoidance of doubt, the provisioning of such letter shall not restrict or otherwise limit Bank from exercising any right or remedy available to Bank under this Agreement and/or by law.

(i) OFAC Compliance. Company and each Company Subcontractor shall comply with all OFAC regulations, including, but not limited to: (i) ensuring that all Cardholders are screened as required by Applicable Law and Compliance Policies through a screening system implemented to comply with Applicable Law, OFAC regulations and Compliance Policies; and (ii) complying with all OFAC and Bank directives regarding the prohibition or rejection of unlicensed trade and financial transactions with OFAC specified countries, entities and individuals. Company shall (and shall cause each Company Critical Subcontractor to) comply with Compliance Policies provided to Company by Bank. Bank may provide Company updated copies of the Compliance Policies from time to time. Unless changes are required sooner by Applicable Law or a Regulatory Authority, upon Company’s receipt of written notice from Bank of any changes to the Compliance Policies, Company shall implement such change as soon as commercially practicable but in no event later than thirty (30) days (or earlier if required by Bank to ensure compliance with Applicable Law, as determined by Bank, or guidance provided by a Regulatory Authority) from Company’s receipt of notice of such change; provided, however, Bank may extend this period in its sole discretion.

(j) Escheatment Compliance. Company shall be responsible for managing and complying with any escheatment or unclaimed property requirements applicable to the Program, and Company shall maintain all necessary information and Records, including Account records and Account activity. Company shall promptly provide any information requested by Bank to fulfill its obligations under Applicable Law. At Company’s expense, Bank may assist in the remittance of, or oversee the remittance of, such unclaimed funds to the appropriate jurisdiction in compliance with Company’s instructions with respect to amounts. Company shall be solely liable for any costs and fines related to any challenge by any Regulatory Authority with respect to escheatment or unclaimed property laws or related to Company’s instructions, regardless of whether such cost is incurred by, or such fines are assessed to, Bank or Company; unless such challenge is directly related to Bank’s failure to remit to the appropriate jurisdiction any unclaimed funds, except where Bank’s failure to remit the funds was caused by Company’s failure to timely, completely or accurately submit instructions to Bank.

12. Notice of Actions; Regulatory Communications.

(a) In the event that Party receives criticism in a report of examination or in a related document or specific oral communication from, or is subject to formal or informal supervisory action by, or enters into an agreement with any Regulatory Authority or any Card Association with respect to any matter whatsoever relating to (including omissions from) the Program or this Agreement (any such event, a “Criticism”), Party shall advise the other Party in writing of the Criticism received (no later than five (5) Business Days after the receipt of the Criticism by Company) and share the relevant portions of any written documentation (or provide a detailed written summary of any oral communications) received from the relevant Regulatory Authority or Card Association, unless prohibited by Applicable Law, as applicable. Notwithstanding, Bank shall be under no obligation to share any criticism received from its Regulatory Authority where such criticism was delivered as part of such Regulatory Authority’s examination or audit of Bank.

(b) Company shall provide, to the extent not specifically prohibited by Applicable Law or the applicable Regulatory Authority, Bank with notice and copies of any material communication to or from any Regulatory Authority or any official thereof, including, without limitation, any member of Congress, official of the executive branch of the United States Government, state legislator or federal or state agency, regarding this Agreement or any aspect of the Program (or provide a detailed written summary of any oral communications) (each, a “Regulatory Communication”) within five (5) Business Days of such communication. For any Regulatory Communication for which a response is required from Company, the Parties shall coordinate and cooperate on such response and Bank shall have final approval authority over any response to its Regulatory Authority(ies). Company shall obtain the prior approval of Bank of any response to a Regulatory Communication related to this Agreement or the Program, with such approval not to be unreasonably withheld, conditioned or delayed. Notwithstanding anything to the contrary, Bank may respond to any Regulatory Communication from its Regulatory Authority(ies) without the consent or approval of Company.

(c) Company shall provide Bank prompt notice and copies of all subpoenas, levies, garnishments or other legal requests received by Company that concern the Program or this Agreement, whether from a Regulatory Authority, private attorney, court or otherwise (“Legal Documents”). Bank, at its election, may prepare and file, in consultation with Company, the necessary response to any Legal Documents, and Company shall reimburse Bank for all reasonable costs associated with its preparation and filing of a response.

(d) Each Party shall provide the other Party with notice and copies of any complaint regarding the Program received by the Party from any Card Association or the Better Business Bureau and any other material third party complaint received by senior management of such party related to the Program (each, a “Third Party Complaint”) within five (5) Business Days of receipt of such Third Party Complaint; provided, however, Bank shall be under no obligation to share any Third Party Complaint received from its Regulatory Authority. Company

shall promptly investigate each Third Party Complaint and any similar complaints received by Bank that are forwarded to Company and propose an appropriate response, all at the Company’s expense. Company and Bank shall jointly approve the final responses for all Third Party Complaints. Company shall not be responsible for Bank’s expenses related to responding to a Third Party Complaint except for up to $5,000 of Bank’s reasonable out-of-pocket or third party expenses or with Company’s prior written approval.

(e) Each Party shall promptly notify the other Party of any action, suit, litigation, proceeding, facts and circumstances, and of all tax deficiencies and other proceedings before governmental bodies or officials affecting such Party, and the threat of reasonable prospect of same, which (i) might give rise to any indemnification obligation under this Agreement, or (ii) might materially and adversely affect such Party’s ability to perform its obligations under this Agreement, unless the Party is prohibited by Applicable Law, Regulatory Authority or by court order or mandate not to provide such notification or disclosure.

13. Representations, Warranties and Covenants.

(a) Bank hereby represents, warrants and covenants to Company that:

(i) Bank is a state bank, duly organized, validly existing under the laws of the State of California and Bank has full corporate power and authority to execute, deliver, and perform its obligations under this Agreement; the execution, delivery and performance of this Agreement has been duly authorized, and is not in conflict with and does not violate the terms of the charter or bylaws of Bank and will not result in a breach of or constitute a default under, or require any consent under, any indenture, loan or agreement to which Bank is a party;

(ii) Bank has the full power and authority to make the extensions of credit contemplated by this Agreement in accordance with their terms to Cardholders in United States, its territories and the District of Columbia;

(iii) Bank is and will continue throughout the Term to be a duly registered principal member in good standing of each Card Association and, as such, has full authority under the by-laws and other membership and operating rules of such Card Association to issue the Cards, use and display (and permit Company to use and display in accordance with this Agreement and the rules of the Card Association) each Card Association’s trademarks and otherwise perform its obligations under this Agreement;

(iv) All approvals, authorizations, licenses, registrations, consents, and other actions, notices, and filings that may be required in connection with the execution, delivery, and performance of this Agreement by Bank, have been obtained (other than those required to be made to or received from Cardholders and Applicants);

(v) This Agreement constitutes a legal, valid, and binding obligation of Bank, enforceable against Bank in accordance with its terms, except: (1) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, receivership, conservatorship or other similar laws now or hereafter in effect, including the rights and obligations of receivers and conservators under 12 U.S.C. §§ 1821 (d) and (e), which may affect the enforcement of creditors’ rights in general, and (2) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity);

(vi) There are no proceedings or investigations pending or, to the best knowledge of Bank, threatened against Bank: (1) asserting the invalidity of this Agreement, (2) seeking to prevent the consummation of any of the transactions contemplated by Bank pursuant to this Agreement, (3) seeking any determination or ruling that, in the reasonable judgment of Bank, would materially and adversely affect the performance by Bank of its obligations under this Agreement, (4) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement; or (5) that would have a materially adverse financial effect on Bank or its operations if resolved adversely to it;

(vii) Bank is not Insolvent;

(b) Company hereby represents, warrants and covenants to Bank that:

(i) Company is duly organized and validly existing in good standing under the laws of the state in which it is formed and operates, and has full corporate power and authority to execute, deliver, and perform its obligations under this Agreement; the execution, delivery, and performance of this Agreement has been duly authorized, and is not in conflict with and does not violate the terms of the certificate of incorporation or bylaws of Company, and will not result in a breach of or constitute a default under or require any consent under any indenture, loan, or agreement to which Company is a party except such consents as Company shall have received on or prior to the date hereof;

(ii) All approvals, authorizations, consents, and other actions by, notices to, and filings required to be obtained for the execution, delivery, and performance of this Agreement by Company have been obtained;

(iii) Company has obtained, and is in compliance with, all licenses, permits, memberships, consents, agreements, and authorizations required to perform its obligations under this Agreement;

(iv) The Intellectual Property licensed to Bank by Company pursuant to the terms of this Agreement, as well as Bank’s use of any Intellectual Property provided to it by Company, as such use is contemplated by this Agreement, does not and will not violate or infringe upon, or constitute an infringement or misappropriation of, any Intellectual Property of any Person or entity and Company has the right to grant such licenses and permit such uses as contemplated by this Agreements;

(v) Company has provided to Bank in writing a list of Company’s Critical Subcontractors used in support of the Program. Company will inform Bank in writing prior to any use of another Company Critical Subcontractor. Company will not make use of such Company’s Critical Subcontractor until Bank has notified Company in writing that Bank has approved the Company’s Critical Subcontractor or that such approval is not necessary;

(vi) This Agreement constitutes a legal, valid, and binding obligation of Company, enforceable against Company in accordance with its terms, except: (1) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, or other similar laws now or hereafter in effect, which may affect the enforcement of creditors’ rights in general, and (2) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity);

(vii) There are no proceedings or investigations pending or, to the best knowledge of Company, threatened against Company: (1) asserting the invalidity of this Agreement, (2) seeking to prevent the consummation of any of the transactions contemplated by Company pursuant to this Agreement, (3) seeking any determination or ruling that, in the reasonable judgment of Company, would materially and adversely affect the performance by Company of its obligations under this Agreement, (4) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement, or (5) that would have a materially adverse financial effect on Company or its operations if resolved adversely to it;

(viii) Company is not Insolvent;

(ix) Company has at all times during the Term of this Agreement or any extension: (1) shareholders’ equity of not less than $2 million; (2) the financial capacity to perform its obligations under this Agreement, (3) cash on hand in excess of what is needed in order for Company to meet all debt-related covenants to any third party; and (4) three months of expected payments to Bank and all Company’s creditors (the “Company Financial Requirements”);

(x) Each time that Company submits a report of information regarding the Program or the services provided by Company to Bank, Company represents and warrants that such report is, to the best of Company’s knowledge, true, accurate and complete in all material respects as of the date of such report;

(xi) Company has delivered to Bank complete and correct copies of its balance sheets and related statements of income and cash flow and such other items that Bank has requested in connection with its due diligence review of Company (the “Due Diligence Materials”). All Due Diligence Materials furnished to Bank were (at the time provided to Bank) accurate and complete in all material respects and complete insofar as completeness may be necessary to give Bank a true and accurate knowledge of the subject matter. Company’s financial statements, subject to any limitation stated therein, which have been furnished to Bank, fairly present the financial condition of Company, and have been prepared in accordance with (1) the books and records of Company; (2) generally accepted accounting principles as in effect in the United States at the time of preparation; and (3) all pronouncements of the Financial Accounting Standards Board;

(xii) Except as otherwise disclosed to Bank, neither Company nor, to the actual knowledge of Company’s executive officers, any Principal of Company, has been subject to the following as of the date of this Agreement: (1) any criminal conviction (except minor traffic offenses and other petty offenses), (2) Federal or state tax lien, (3) administrative or enforcement proceedings commenced by the Securities and Exchange Commission, any state securities authority, Federal Trade Commission, or any Regulatory Authority, or (4) restraining order, decree, injunction, or judgment entered in any proceeding or lawsuit alleging fraud or deceptive practice on the part of Company or any Principal thereof. Company agrees to notify Bank within two (2) Business Days upon the occurrence of any event contemplated by this Section 13(b)(xii);

(xiii) In the event Company provides any Intellectual Property to Bank, Company has the legal right to such Intellectual Property and the right to permit Bank to use such Intellectual Property, and such use shall not violate any intellectual property rights of any third party;

(xiv) Company has established and is maintaining (1) a Security Program which is sufficient to satisfy the requirements set forth herein and Applicable Law, and (2) disaster recovery, business resumption and contingency plans appropriate for the nature and scope of the activities of and the obligations to be performed by Company hereunder which are sufficient to satisfy the requirements set forth herein and Applicable Law; which will enable Company to continue to comply with such requirements during the Term. Company has, within the last twelve (12) months, tested such Security Program and disaster recovery, business resumption and contingency plans, has determined they are sufficient and will enable Company to continue to comply with the requirements herein during the Term. On or prior to the date hereof, Company has delivered to Bank a certificate of a responsible senior officer of Company certifying that delivered test results were true and correct in all material respects as of the date of such certificate;

(xv) Company shall remain in compliance at all times (subject to any applicable cure periods) with all Company Financial Requirements and covenants to which it is subject in all agreements under which it borrows funds from third party creditors; and

(xvi) To the extent Company receives “Cardholder Data,” as defined by PCI-DSS, Company is and shall remain PCI Compliant, and Company is and shall remain in compliance at all times with Applicable Law, including any and all Applicable Law applicable to Bank and orders by Bank’s Regulatory Authority to the extent Company is acting as Bank’s Third-Party Servicer.

(c) The representations and warranties of the Parties contained in Sections 13(a) and 13(b) are made continuously throughout the Term of this Agreement. In the event that any investigation or proceeding of the nature described in Section 13(b)(vii) is instituted or threatened against Company, Company shall promptly notify Bank of the pending or threatened investigation or proceeding, unless otherwise prohibited by Applicable Law or a Regulatory Authority.

14. Additional Covenants of Company.

(a) Company shall comply with all Compliance Policies, Card Association Rules and Applicable Law to the extent relating to this Agreement, Bank, Program, or the rights, duties and obligations of Company hereunder (whether acting on their own behalf or as a service provider of Bank) and its Subcontractors, when acting on behalf of Company or the transactions and services contemplated by to Agreement, and shall comply with any state and federal licensing requirements, if applicable, and any state consumer protection, privacy or other laws applicable to the services contemplated herein, Company or the Programs.

(b) Company has and will maintain all staffing, operational, and financial resources that are necessary or appropriate to perform its obligations under this Agreement. Company shall promptly give written notice to Bank of any material adverse change in the business, properties, assets, operations or condition, financial or otherwise, of Company or, to the knowledge of Company, of any Company’s Critical Subcontractor, or any significant staffing changes that would affect Company’s ability to fulfill its obligations under this Agreement. Company shall provide notice to Bank at least thirty (30) days in advance of any change in the physical address of Company or Company’s Critical Subcontractor.

(c) Company shall deliver to Bank (i) as soon as available but in any event not later than one hundred and twenty (120) days following the end of each fiscal year of Company, a copy of the annual audited financial report of Company and its consolidated subsidiaries for such year, including a consolidated balance sheet and consolidated statement of income and consolidated statement of cash flows and all notes and schedules thereto as of the end of such period, certified by the independent public accountants of Company and accompanied by an opinion of such independent public accountants to the effect that such financial statements fairly present, in all material respects, the financial position and results of operations of Company and its subsidiaries on a consolidated basis in accordance with generally accepted accounting principles as in effect from time to time and as consistently applied, and (ii) as soon as available but in any event not later than forty-five (45) days following the end of each fiscal quarter of Company, an unaudited consolidated balance sheet of Company and its consolidated subsidiaries as of the end of such fiscal quarter and an unaudited consolidated statement of income and consolidated statement of cash flows of Company and its consolidated subsidiaries for such period, all in reasonable detail and duly certified (subject to normal year-end audit adjustments and the absence of footnotes) by the chief financial officer (or person performing similar functions) of Company as having been prepared in accordance with generally accepted accounting principles as in effect from time to time and as consistently applied. In the event such financial statements reveal that the financial condition of Company, as determined in the discretion of Bank, results in a higher risk to Bank or otherwise does not meet the standards of Bank, Regulatory Authorities or any Card Association, then Company shall deliver such additional information relating to the financial condition, business or operations of Company as Bank, Regulatory Authorities or such Card Association shall from time to time reasonably request.

15. Cardholder Information. The purpose of this Section 15 and Section 16 below is to ensure that this Agreement conforms to applicable privacy laws, including the Gramm-Leach-Bliley Act, California’s Consumer Privacy Act of 2018 and Privacy Rights and Enforcement Act of 2020 and the Card Association Rules and otherwise sets forth the Parties’ agreement with respect to the use and disclosure of Cardholder Information. All use and disclosure of Cardholder Information under this Agreement shall be subject to the provisions of this Section 15 and Section 16.

(a) As between the Parties, the Cardholder Information shall be owned exclusively by Bank and shall be considered Confidential Information of Bank. The Cardholder Information shall at all times be subject to the privacy policy of Bank then in effect (such Bank’s privacy policy, the “Privacy Policy”). Bank shall develop, and Company shall provide Cardholders with, the Privacy Policy, and Company shall ensure its activities comply with the Privacy Policy. Notwithstanding anything to the contrary, Bank acknowledges that Company may collect information from or about Cardholders in connection with Company’s services (excluding the services provided under this Agreement as a service provider of Bank), even if such information overlaps with Cardholder Information, and Company may use and disclose such information in accordance with its privacy policy disclosed to Cardholders and Applicable Law.

(b) Bank agrees that it shall provide Company with any Cardholder Information necessary to provide any rewards program approved by Bank under Schedule B, subject to Company obtaining written consent to share such information with Company from Cardholder and such consent complies with Applicable Law. Company may use such Cardholder Information only to the extent approved by Cardholder in its consent.

(c) Each Party agrees it shall not use, nor permit any of its Subcontractors, to use, any Cardholder Information other than as necessary to perform its obligations hereunder, enforce it rights under this Agreement or as permitted under Applicable Law and the Privacy Policy. Bank hereby grants Company a non-exclusive, non-transferrable, worldwide right and license to use Cardholder Information to exercise its rights and perform its obligations under this Agreement.

(d) Except as prohibited by Applicable Law or the Bank’s Privacy Policy, Company may disclose Cardholder Information in its possession in compliance with Applicable Law solely: (i) to any Card Association or other entity to which disclosure is necessary in connection with the processing of a Card transaction; (ii) to its Company’s Subcontractors in connection with a permitted use of such Cardholder Information under this Section 15, provided that Company’s Subcontractor agrees in writing to maintain all such Cardholder Information strictly confidential in perpetuity and not to use or disclose such information to any Person other than Company or Bank, except as required by Applicable Law or any Regulatory Authority (after giving Bank or Company, as applicable, prior notice and an opportunity to defend against such disclosure); provided, further, that each of Company’s Subcontractors maintain a Security Program in accordance with the terms of Section 15 and complies with Interagency Guidelines Establishing Standards for Safeguarding Customer Information, and is obligated to notify Company of any Security Breach; (iii) to its employees, consultants, attorneys and accountants with a need to know such Cardholder Information in connection with a permitted use of such Cardholder Information under this Section 15; provided that (1) any such Person is bound by confidentiality, breach notice and limitation on use terms substantially similar to this Section 15 as a condition of employment or of access to Cardholder Information or by professional obligations imposing comparable terms; and (2) such Party shall be responsible for the compliance by each such Person with the confidentiality, breach notice and limitation on use terms of this Section 15; or (iv) to any Regulatory Authority with authority over Company or Bank.

(e) Upon the termination or expiration of this Agreement and any applicable wind-down or transition period, Company shall return (or destroy if directed by Bank) all Cardholder Information in the possession of Company or in the possession of any representative, contractor or third party of Company. Each Party acknowledges that the other Party may use, store, analyze and disclose the Aggregated De-identified Data (i) for its own internal, statistical and trend analysis, (ii) to develop, improve and promote its products and services, (iii) to create and distribute data, reports and other materials, including materials regarding access and use of the Program; and (iv) for any other purpose permitted by Applicable Law and the Party’s privacy

policy. For clarity, nothing in this section gives Company the right to publicly identify Bank as the source of any Aggregated De-identified Data without Bank’s prior written approval. Any Cardholder Information maintained in an electronic format shall be returned to Bank in an industry standard and secure format or, at the option of Bank, deleted and removed from all computers, electronic databases and other media in accordance with Applicable Law. Compliance by Company with this section shall be certified in writing by an appropriate officer of Company within thirty (30) of the end of the Term, which certification shall include a statement that no Cardholder Information has been retained.

(f) Without limiting any other provision of this Agreement, if Company is required to disclose Cardholder Information in response to legal process or a Regulatory Authority, Company shall immediately notify Bank and, upon request, cooperate with Bank in connection with obtaining a protective order, unless otherwise prohibited. Company shall furnish only that portion of the Cardholder Information, which it is legally required to disclose, and shall use commercially reasonable efforts to ensure that confidential treatment will be accorded such Cardholder Information.

(g) Company will only store Cardholder Information, Confidential Information and Records at its data center locations within the United States.

(h) Other Relationships with Cardholders.

(i) Subject to Applicable Law and Bank’s Privacy Policy and consistent with this Agreement, Company, at its own expense, shall have the right to solicit Applicants and/or Cardholders with offers of other goods, products and services from Company and others, including Bank-approved ancillary credit card products and services, and to use Applicant and/or Cardholder Information for purposes permitted by Applicable Law, Bank’s Privacy Policy and this Agreement. Company shall notify Bank of its intent to make any such offers and shall obtain the prior written approval of Bank, which may be withheld for any reason. Nothing in this Agreement shall in any way limit of prevent Company from making general solicitations for goods or services to the general public or other groups of consumers which may include one or more Applicants or Cardholders in the ordinary course of business; provided that Company does not (i) target such solicitations to specific Applicants and/or Cardholders, or (ii) use or permit a third party to use any list of Applicants and/or Cardholders in connection with such solicitations, unless Company has an independent relationship with such Applicants or Cardholders and has obtained all consents to perform activities contemplated by (i) and (ii) in accordance with Applicable Law.

(ii) Without limitation, Bank may at all times make solicitations for goods and services to the general public, which may include one or more Applicants or Cardholders; provided that Bank does not (i) target such solicitations to specific Applicants and/or Cardholders, or (ii) use or permit a third party to use any list of Applicants and/or Cardholders in connection with such solicitations; and Bank shall not be obligated to redact the names of Applicants and/or Cardholders from marketing lists acquired from third parties (e.g., magazine subscription lists) that Bank uses for solicitations. Bank and its Affiliates may at all times and without restriction: offer credit, debit, prepaid and other electronic payment services or sponsor other companies who are offering credit, debit, prepaid or other electronic payment services.

(iii) Nothing contained in this Section 15 shall apply to, limit or prohibit the use in any manner of any information owned, collected or held by Company to the extent such information has been obtained by Company through an independent relationship with the Cardholder and governed by the Company’s privacy policy, including the provision of services ancillary to the Program such as a rewards program associated with the Program, or as otherwise mutually agreed to by the Parties. Company shall maintain records demonstrating that it collected such information pursuant to its independent relationship with Cardholder, and Bank may review such records in connection with any audit under Section 26. For the avoidance of doubt, records demonstrating a Cardholder’s consent to Company’s user agreements and privacy policies shall be sufficient to demonstrate Company’s collection of information pursuant to its independent relationship with such Cardholder; provided, the privacy policies authorize Company to collect such information in connection with a service or product provided by Company; provided, further, Company is not acting as a service provider of Bank in its provisioning of such service or product to, and in its collection of such information from, a Cardholder.

16. Data Security.

(a) Company shall establish and maintain appropriate administrative, technical and physical safeguards designed to (i) protect the security, confidentiality and integrity of the Cardholder Information and any associated Records; (ii) protect against any anticipated threats or hazards to the security or integrity of Cardholder Information and any associated Records and systems maintaining Cardholder Information; (iii) protect against unauthorized access to or use of Cardholder Information or associated Records; and (iv) ensure the proper disposal of Cardholder Information and any associated Records (collectively, the “Security Program”). At all times during the Term, (x) Company shall use at least the same degree of care in protecting the Cardholder Information against unauthorized disclosure as it accords to its other confidential customer information, but in no event less than a standard of care applicable to well-managed, regulated financial institutions, (y) Company shall, and shall require each of Company’s Critical Subcontractors to, protect the privacy of all Cardholder Information to at least the same extent that Bank must maintain that confidentiality under Applicable Law, and (z) the Security Program shall be PCI Compliant and in compliance with all information and data security requirements promulgated by the Applicable Law, including Gramm-Leach-Bliley Act and Interagency Guidelines Establishing Information Security Standards, and Compliance Policies and Card Association as applicable to card issuers (as set forth in the Card Association Rules), as each of same may be revised from time to time. Company shall protect the privacy of all Cardholder Information to at least the same extent that Bank must maintain that confidentiality under Applicable Law and shall be and remain PCI Compliant. Any material change to the Security Program by Company shall be approved in advance by Bank.

(b) Bank shall provide to Company annually a data security questionnaire, which shall be completed by Company and returned to Bank within thirty (30) days of receipt from Bank.

(c) Company shall cause, and shall cause each of Company’s Critical Subcontractors (at Bank’s request), to provide to Bank on an annual basis the Independent Service Auditor’s Report – SOC 2 Type II, as defined in the American Institute of Certified Public Accountants (AICPA’s) Statement on Standards for Attestation Engagements (“SSAE”) No. 18,

Reporting on Controls at a Service Organization. The first such SOC 2 Type II report shall be provided no later than February 28, 2022. Company shall (and shall cause each of Company’s Critical Subcontractors to) also provide Bank with copies of all other reports on compliance, quarterly and annual status forms and other reports filed by Company with any Card Association in accordance with the Card Association Rules, if applicable.

(d) The Security Program(s) shall be reviewed and tested at least annually (or more frequently, if reasonably requested by Bank) by an independent third party approved by the Bank, in order to demonstrate compliance with all Applicable Law, Card Association Rules and Compliance Policies, and an internal audit and quality assurance program. As part of any annual test, Company shall conduct an independent IT audit on those parts of its systems that process Cardholder Information, which shall include at a minimum an internal vulnerability scan and an external penetration test and will provide a copy of the report to Bank. The schedule of such audits and quality reviews shall be provided to Bank at least annually and results from each such audit or review shall be promptly provided to Bank in writing in accordance with the schedule or upon the request of Bank.

(e) At all times during the Term and for so long as this Agreement remains in effect, Company shall prepare and maintain disaster recovery, business resumption, and contingency plans appropriate for the nature and scope of the activities of and the obligations to be performed by Company hereunder. Company shall ensure that such plans are sufficient to enable Company to promptly resume, without giving effect to the force majeure provisions of Section 42 hereof, the performance of its obligations hereunder in the event of a natural disaster, destruction of facilities or operations, utility or communication failures or similar interruption in operations and shall ensure that all material records, including, but not limited to, Cardholder Information, are backed up in a manner sufficient to survive any disaster or business interruption. These plans shall ensure that, without giving effect to the force majeure provisions of Section 42 hereof, such resumption takes place no later than forty-eight (48) hours after the interruption. Company shall make available to Bank copies of all such disaster recovery, business resumption, and contingency plans and shall make available to Bank copies of any changes thereto. Company shall periodically, and no less than annually, test such disaster recovery, business resumption, and contingency plans as may be appropriate and prudent in light of the nature and scope of the activities and operations of Company and its obligations hereunder. Company shall further facilitate and cooperate with any requests by Bank to participate in, monitor or audit the annual testing process of Company under this Section 16. A complete report of the results of such annual testing shall be promptly provided to Bank.

(f) Upon fifteen (15) Business Days’ notice (unless shorter time period is required to meet any deadline set by a Regulatory Authority or Card Association), Company agrees to make its internal practices, books, and records, including policies, procedures and Cardholder Information, relating to the use and disclosure of Cardholder Information available during normal business hours to Bank, or at the request of Bank to the Card Association or their respective designees, in a time and manner designated by Bank or the Card Association for purposes of determining Bank’s or Company’s compliance with the terms of this Section 16 (Data Security). Bank may at its discretion, conduct an on-site security audit and review of Company’s security procedures and systems. Any such review or audit by Bank shall occur upon a minimum of fifteen (15) Business Days’ advance notice (unless shorter time period is required to meet any deadline

set by a Regulatory Authority or Card Association) and during Company’s normal business hours. Bank shall only be permitted to review or audit books and records and security procedures and systems that are related to the Program. Without limiting any other provision of this Agreement, the Parties agree that this Section 16 (Data Security) may be amended by Bank from time to time upon notice to Company as is necessary for the Parties to comply with Applicable Law as they relate to Company’s performance hereunder.

(g) Security Breach. Each Party agrees that in the event there is a breach of security of such Party or any of the Party’s Subcontractors resulting in unauthorized disclosure of Cardholder Information or other proprietary information of the other Party, such Party will notify the other Party of such breach and the nature of such breach immediately but in no event later than forty-eight (48) hours and will promptly report to the corrective action taken to respond to the breach and shall take all steps at its own expense to immediately limit, stop or otherwise remedy such misappropriation, disclosure or use, including, but not limited to, notification and cooperation and compliance with Regulatory Authority; provided, Company may not notify a Regulatory Authority of Bank without Bank’s prior written consent. Each Party shall take action(s) requested by the other Party or a Card Association, if any, to mitigate such unauthorized disclosure and shall provide any required notifications to Cardholders in the event of unauthorized access to their non-public personal information, subject to Bank’s prior approval. Company agrees to ensure that any of Company’s Critical Subcontractors to whom it provides Cardholder Information received from, or created or received by Company on behalf of Bank, agrees to the same restrictions and conditions that apply through Sections 15 and 16 to Company with respect to such Cardholder Information. Each Party shall be liable to the other Party for any damages, awards, judgments, settlement amounts, fines, penalties, losses, costs and expenses (including reasonable legal fees and expenses, the costs of Cardholders notifications and costs of investigation) and other liabilities incurred by such other Party as a result of a Security Breach of such Party or any of such Party’s Subcontractors. Company acknowledges and agrees that in the event of a Security Breach as described herein, Bank may engage an assessor to determine the extent of the Security Breach. Company shall give the assessor access to Company’s facilities, records and personnel, as requested by the assessor, and shall be responsible for all costs, expenses and fees of the assessor. Company shall provide to Bank, upon receipt, any and all reports or documents prepared by or received from the assessor.

(h) In the event of an inconsistency or conflict between any terms of this Agreement other than Section 15 and the terms of this Section 16 (Data Security), this Section 16 (Data Security) shall control any issues surrounding the PCI-DSS or Cardholder Information. Any such inconsistency or conflict shall be resolved in favor of a meaning that permits a Party to comply with Card Association Rules and Applicable Law.

17. Indemnification.

(a) Company covenants and agrees to indemnify and hold harmless Bank and its parents, subsidiaries, Affiliates and their respective officers, directors, members, employees, representatives, shareholders, agents (excluding Company and Company Contractors), attorneys and permitted assigns (collectively, the “Bank Indemnitee Parties”), from and against any damages, awards, judgments, settlement amounts, fines, penalties, losses, costs and expenses (including reasonable legal fees and expenses and costs of investigation) and other liabilities

(collectively, the “Losses”) arising out of any third party lawsuit, action, claim, demand, administrative action, arbitration or other legal proceeding brought or asserted against any Bank Indemnitee Parties as a result of or in connection with: (i) any untrue or inaccurate representation or warranty made by Company or any Company Contractor under, in connection with or pursuant to this Agreement, or any failure on the part of Company or any Company Contractor to perform or comply with any covenant or obligation required to be performed or complied with by Company under or pursuant to this Agreement, including any failure to perform any obligations of Bank which Company has undertaken on behalf of Bank or pursuant to the terms of this Agreement; (ii) any violation of or noncompliance with Applicable Law or Compliance Policies by Company or any of its contractors (including any Company Subcontractor), agents or representatives (all such contractors, agents and representatives, including any Company Subcontractor, individually, “Company Contractor” and collectively, the “Company Contractors”); (iii) claims related to Company services provided under or contemplated by this Agreement or any acts or omissions of Company; (iv) any misrepresentation or false or misleading statement made by Company or any Company Contractor to any Person, Regulatory Authority or legislative body relating to Bank, a Card, the Program, this Agreement or the terms or conditions hereof; (v) an act of fraud, embezzlement or criminal activity by Company or Company Contractor; (vi) a Security Breach to Company or Company Contractors; or (vii) the gross negligence or willful misconduct of Company or Company Contractors in connection with Company’s performance of its obligations under this Agreement; provided, however, that in no event shall any Bank Indemnitee Parties be entitled to be indemnified for any Losses pursuant to this clause (a) to the extent that such Losses arise out of (A) an act of fraud, embezzlement or criminal activity by such Bank Indemnitee Parties; or (B) the gross negligence or willful misconduct of Bank Indemnitee Parties, or (C) the failure of such Bank Indemnitee Parties to comply with, or to perform its obligations under, this Agreement and such failure results in the Losses.

(b) Bank covenants and agrees to indemnify and hold harmless Company and its parents, subsidiaries and Affiliates and their respective officers, directors, members, employees, representatives, shareholders, agents, attorneys and permitted assigns (collectively, the “Company Indemnitees”), from and against any Losses arising out of any lawsuit, action, claim, demand, administrative action, arbitration or other legal proceeding brought or asserted against any Company Indemnitee as a result of or in connection with: (i) any untrue or inaccurate representation or warranty made by Bank under, in connection with or pursuant to this Agreement, or any failure on the part of Bank or any of its contractors, agents or representatives (other than Company or any of its Company Contractors or assigns) to perform or comply with any covenant or obligation required to be performed or complied with by Bank under or pursuant to this Agreement; (ii) any violation of or noncompliance with Applicable Law by Bank or any of its contractors, agents or representatives (other than Company or any of its Company Contractors or assigns); (iii) the gross negligence or willful misconduct of Bank or its, agents or representatives (other than Company or any of its Company Contractors or assigns) in connection with Bank’s performance of its obligations under this Agreement; (iv) any misrepresentation or false or misleading statement made by Bank to any Person, Regulatory Authority or legislative body relating to the Bank, a Card, the Program, this Agreement or the terms or conditions hereof; (v) an act of fraud, embezzlement or criminal activity by Bank; or (vi) a Security Breach to Bank; provided, however, that in no event shall any Company Indemnitee be entitled to be indemnified for any Losses pursuant to this clause (b) to the extent that such Losses arise out of (A) an act of fraud, embezzlement or criminal activity by such Company Indemnitees, (B) the gross negligence, willful misconduct or bad faith by such Company Indemnitees, or (C) the failure of such Company Indemnitees to comply with, or to perform its obligations under, this Agreement and such failure results in the Losses.

(c) Company Indemnitees and Bank Indemnitee Parties are sometimes referred to herein as the “Indemnified Parties”, and Company or Bank, as indemnitor hereunder, is sometimes referred to herein as the “Indemnifying Party”. Any Indemnified Party seeking indemnification hereunder shall promptly notify the Indemnifying Party, in writing, of any notice of the assertion by any third party of any claim or of the commencement by any third party of any legal or regulatory proceeding, arbitration or action, or if the Indemnified Party determines the existence of any such claim or the commencement by any third party of any such legal or regulatory proceeding, arbitration or action, whether or not the same shall have been asserted or initiated, in any case with respect to which the Indemnifying Party is or may be obligated to provide indemnification (an “Indemnifiable Claim”), specifying in reasonable detail the nature of the Losses, and, if known, the amount, or an estimate of the amount, of the Losses, provided that failure to promptly give such notice shall only limit the liability of the Indemnifying Party to the extent of the actual prejudice, if any, suffered by such Indemnifying Party as a result of such failure. The Indemnified Party shall provide to the Indemnifying Party as promptly as practicable thereafter information and documentation reasonably requested by such Indemnifying Party to defend against the claim asserted.

(d) The Indemnifying Party shall have thirty (30) days after receipt of any notification of an Indemnifiable Claim (a “Claim Notice”) to undertake, conduct and control, through counsel of its own choosing, and at its own expense, the settlement or defense thereof and the Indemnified Party shall cooperate with the Indemnifying Party in connection therewith if such cooperation is so requested and the request is reasonable; provided that the Indemnifying Party shall hold the Indemnified Party harmless from all its reasonable out-of-pocket expenses, including reasonable attorneys’ fees incurred in connection with the Indemnified Party’s cooperation. If the Indemnifying Party assumes responsibility for the settlement or defense of any such claim, (i) the Indemnifying Party shall permit the Indemnified Party to participate in such settlement or defense through counsel chosen by the Indemnified Party (subject to the consent of the Indemnifying Party, which consent shall not be unreasonably withheld); provided that, other than in the event of a conflict of interest requiring the retention of separate counsel, the fees and expenses of such counsel shall not be borne by the Indemnifying Party; and (ii) the Indemnifying Party shall not settle any Indemnifiable Claim without the Indemnified Party’s consent, which involves anything other than the payment of money, including any admission by the Indemnified Party. So long as the Indemnifying Party is vigorously contesting any such Indemnifiable Claim in good faith, the Indemnified Party shall not pay or settle such claim without the Indemnifying Party’s consent.

(e) If the Indemnifying Party does not notify the Indemnified Party within thirty (30) days after receipt of the Claim Notice that it elects to undertake the defense of the Indemnifiable Claim described therein, or if the Indemnifying Party fails to contest vigorously any such Indemnifiable Claim, the Indemnified Party shall have the right, upon notice to the Indemnifying Party, to contest, settle or compromise the Indemnifiable Claim in the exercise of its reasonable discretion; provided that the Indemnified Party shall notify the Indemnifying Party of any compromise or settlement of any such Indemnifiable Claim. No action taken by the Indemnified Party pursuant to this Section 17(e) shall deprive the Indemnified Party of its rights to indemnification pursuant to this Section 17 (Indemnification).

18. Limitation of Liability and Disclaimers.

(a) No Special Damages. No Party shall be liable to any other Party for any special, indirect, incidental, consequential, punitive or exemplary damages, including, but not limited to, lost profits, even if such Party has knowledge of the possibility of such damages; provided, however, that the limitations set forth in this Section shall not apply to or in any way limit the obligations of a Party to indemnify another Party for third party claims which are otherwise covered by the indemnity obligations under this Agreement.

(b) Subject to Sections 18(a) and (c) and excluding Company’s obligation to pay any and all fees set forth in Schedule C and any expenses under Section 22 (Expenses), each Party’s aggregate liability, arising from this Agreement, whether in contract or tort, will not exceed one million dollars ($1,000,000).

(c) Notwithstanding anything to the contrary in Sections 18(a) or 18(b), each Party’s aggregate liability will be unlimited with respect to (i) its violation or breach of Sections 16 (Data Security) or 20 (Confidentiality); (ii) any third party claim of infringement upon or violation or misappropriation of any Intellectual Property of any Person related to or caused by such Party’s Intellectual Property or any license granted to the other Party by such Party under this Agreement; or (iii) its indemnification obligation under this Agreement.

(d) The remedies specified in this Agreement are cumulative and in addition to any remedies available at law or in equity.

(e) Except for the express warranties contained in this Agreement, the Parties specifically disclaim all warranties of any kind, express or implied, arising out of or related to this Agreement, including without limitation, any warranty of marketability, fitness for a particular purpose or non-infringement, each of which is hereby excluded by agreement of the Parties.

19. Term and Termination.

(a) This Agreement shall take effect on the Effective Date and continue until the fifth (5th) anniversary of the Effective Date (the “Initial Term”) and shall renew automatically for successive additional terms of one (1) year each (each, a “Renewal Term”), unless Company notifies Bank of non-renewal at least one hundred and eighty (180) days prior to the end of the Initial Term or any Renewal Term or Bank notifies Company of non-renewal at least one hundred and eighty (180) days prior to the end of the Initial Term or any Renewal Term (Initial Term and Renewal Term, with any wind-down or transition period contemplated by this Agreement, collectively, the “Term”).

(b) Termination of Agreement.

(i) Except as otherwise provided in this Agreement, if either Party materially breaches a material term of this Agreement, the non-breaching Party may terminate this Agreement by giving notice, as provided in Section 44 (Notice), to the breaching Party. This notice will: (1) describe the material breach; and (2) state the Party’s intention to terminate this Agreement. If the breaching Party does not cure or substantially cure its material breach within twenty (20) Business Days (or a shorter period if required by Applicable Law) after receipt of notice as described in this Section 19 (the “Cure Period”), then the non-breaching Party may immediately terminate this Agreement by giving notice at any time following the end of such Cure Period. Neither Party will be held in breach for failure to perform under this Agreement if such failure is due to compliance with Applicable Law.

(ii) Either Party may terminate this Agreement if the other Party (A) voluntarily or involuntary (and such involuntary petition or proceeding is not dismissed within sixty (60) days) commences (or is the subject of, as the case may be) any proceeding or files any petition seeking relief under Title 11 of the United States Code or any other federal, state or foreign bankruptcy, insolvency, liquidation or similar law, (B) applies for or consents to the appointment of a receiver, trustee, custodian, sequestrator or similar official for such other Party or for a substantial part of its property or assets, (C) makes a general assignment for the benefit of creditors, (D) commences the winding up or liquidation of its business or affairs, or (E) takes corporate action for the purpose of effecting any of the foregoing.

(iii) Either Party may terminate this Agreement as permitted by Section 27 (Agreement Subject to Applicable Laws) or 42 (Force Majeure) by giving notice to the other Party as provided in Section 44 (Notice) to the other Party.

(iv) Either Party may terminate this Agreement in the event the other Party, its employees, agents, or representatives commit an act of fraud or willful misconduct that has a material adverse effect on the Program.

(v) Either Party may terminate this Agreement by giving notice as provided in Section 44 (Notice) to the other Party if the other Party commits a material breach of this Agreement on three (3) or more separate occasions within twelve (12) consecutive months.

(vi) Either Party may terminate this Agreement by giving notice as provided in Section 44 (Notice) to the other Party following direction from any Regulatory Authority or Card Association to cease or materially limit performance of the rights or obligations under this Agreement.

(vii) On or after the third anniversary of the Effective Date, either Party may elect to renegotiate the fees set forth in Schedule C or terms of the Program; provided, however that there are at least one hundred and fifty-five (155) days or more remaining in the then calendar year. Within fifteen (15) days of receipt by either Party of the notice of election, the Parties will meet and consider in good faith any modifications, changes or additions to the fees set forth in Schedule C or the Program. If the Parties are unable to reach agreement regarding modifications, changes or additions to the Program or the fees set forth in Schedule C within fifteen (15) Business Days after the Parties initially meet, either Party may terminate this Agreement upon one hundred and eighty (180) days’ prior written notice to the other Party.

(c) Notwithstanding and in addition to the provisions of Section 19(b), Bank shall have the right, at any time and for any reason, to suspend or terminate a Card or an Account under the Program in its sole discretion, subject to Applicable Law.

(d) Notwithstanding and in addition to the provisions of Section 19 (Term and Termination) hereof, Bank shall have the right, upon the giving of at least sixty (60) days prior written notice to Company, to suspend the Program (or any component or element of the Program) or suspend the issuance of Cards under the Program if (i) the activity(ies) of Company or Company Contractor, or any aspect of any Program, has resulted or is reasonably likely to result in a violation of Applicable Law; (ii) the activity(ies) of Company or Company Contractor, or any aspect of any Program, has resulted or is reasonably likely to result in a material risk to the reputation or safety and soundness of Bank or Card Association; or (iii) Bank has received Cardholder Complaints in excess of an amount determined by Bank, in good faith consultation with Company (such amount to be determined no sooner than ninety (90) days of the Effective Date). Prior to any suspension, the Parties agree to first engage in good faith discussions to address and remediate any risks identified in (i), (ii) or (iii) herein.

(e) Transition and Wind Down.

(i) Subject to the terms herein, in the event of the termination this Agreement, the Parties will cooperate to transition or wind down the Program in accordance with Applicable Law pursuant to this Section 19(e). Each Party acknowledges that the goals of any transition or wind-down are to benefit the Cardholders by minimizing any possible burdens or confusion and to protect and enhance the names and reputations of the Parties, each of whom have invested their names and reputations in the Program and Cards issued hereunder. Upon the expiration or termination of this Agreement for any reason, the Parties agree to cooperate in good faith to transition or wind down the Program in a commercially reasonable way within one hundred twenty (120) days from the date of termination of this Agreement, unless otherwise agreed to in writing by the Parties (the “Transition Period”), to provide for a smooth and orderly wind-down. Such cooperation will include continued acceptance of Cards presented for payment until such Cards are wound down or transferred. Notwithstanding anything to the contrary, Bank is under no obligation to transition or wind down any Program if prohibited by a Regulatory Authority or Card Association and Bank’s obligations hereunder are conditioned on Company curing any of its breach(es) of the terms of this Agreement. The Bank is not required to provide any services under this Agreement or support any Program beyond the Transition Period.

(ii) In the event that Company terminates any Program or this Agreement, Company shall have the right to cause the affected Program and all associated Cardholder accounts to be transferred to a successor qualified financial institution at its sole cost, unless Bank is prohibited from assisting or doing so by a Regulatory Authority or Card Association. Written notice of Company’s decision to exercise this option shall be given within thirty (30) days of the date of the notice giving rise to termination hereunder. No later than thirty (30) days after exercising its option hereunder, Company will provide to Bank in writing a proposed transition plan detailing a proposed timeline which shall designate a schedule of dates as of which the Program will be transferred and an allocation of associated cost among the Parties. Bank and Company shall meet promptly thereafter to review such proposed plan and to determine a mutually acceptable transition plan (a “Transition Plan”). Such Transition Plan shall include a

detailed outline of the Parties’ intentions in connection with the transfer of the Program and Accounts, including timeframes for continuation of the Program during the period of transition (not to exceed one hundred and twenty (120) days), and target dates for transition milestones, such as entering into agreements with a successor financial institution, development of the transition procedures for the transfer of the Program and any other information reasonably requested by Bank or the successor financial institution. In the event that Company elects to transition the Program pursuant to a Transition Plan, Bank shall, subject to entering to an agreement with successor bank reasonably satisfactory to Bank (including assumption of all rights and liabilities by successor bank and indemnification of Bank), use commercially reasonable efforts to: (1) assign all of Bank’s rights, duties and obligations with respect to the Program to such successor bank designated by Company; (2) make any and all regulatory filings required by Applicable Law to effect the transition of its undertakings in connection with this Agreement to such successor bank (at Company’s cost); and (3) take all other commercially reasonable actions and execute such other documents and do such other things as necessary to transfer the Program(s) and related BIN/ICAs to such successor bank. Company shall be responsible for all costs associated with its election to transfer the Program to a successor bank. Notwithstanding the foregoing, in the event that Company exercises its option to terminate under Sections 19(b)(i), 19(b)(iv), or 19(b)(v), Bank shall be responsible for its costs associated with the transfer of the Program to a successor bank.

(iii) In the event that this Agreement is terminated and Company does not exercise its option under Section 19(e)(ii) above or Bank is otherwise not obligated to transfer the Program to a successor bank pursuant to the terms of this Agreement, the Parties will cooperate to provide a smooth and orderly wind-down of the Program. Such wind-down shall include the following: (1) as soon as reasonably practicable, commencing with the giving of notice of non-renewal or termination or at such other time as the Parties may otherwise mutually agree, Company or Bank, as applicable, will provide to the other Party in writing a proposed wind-down plan detailing a proposed timeline which shall designate a schedule of dates as of which the Program will be wound down and an allocation of associated cost among the Parties. Bank and Company shall meet promptly thereafter to review such proposed plan and to determine a mutually acceptable wind-down plan (a “Wind-Down Plan”); provided, however, that if Bank and Company fail to reach mutual agreement on a wind-down plan within thirty (30) days, Bank shall establish a wind-down plan that is appropriate for the Program and that is, to the extent practicable, substantially similar to other wind-down plans used by Bank for other programs similar to the Program hereunder, in which case such wind-down plan so established by Bank shall constitute the Wind-Down Plan hereunder as to the Program and shall be deemed to be approved by Company, and Company shall comply with the terms thereof; and (2) unless otherwise contemplated by the Wind-Down Plan, Bank and Company shall continue to be bound by and perform and comply with the terms of this Agreement and perform all of their obligations hereunder during the wind-down period (regardless of whether the Term has expired or been terminated) until such time as all Cards expire or are canceled pursuant to and consistent with the Cardholder Agreements or, to the extent permitted by Applicable Law, until such earlier time as mutually agreed upon by Bank and Company.

(iv) Subject to the terms herein, during any wind-down or transition period, each Party agrees to continue to provide all services set forth under this Agreement to the affected Cardholders in accordance with the terms of this Agreement.

(v) Except as required by Applicable Law (including applicable securities laws and the rules promulgated thereunder), in no event will any Party make any public statement or customer communication regarding the termination or wind-down of this Agreement without the express prior written approval of both Bank and Company, which approval shall not be unreasonably withheld or delayed. Notwithstanding the foregoing, Bank agrees that Company may communicate the termination or expiration of this Agreement with any party with which Company has contracted to provide any marketing or other service in support of the Program.

(f) Effect of Termination.

(i) The termination of this agreement shall not terminate, affect, or impair any rights, obligations or liabilities of any Party that accrue prior to termination or with respect to the Program occurring or arising prior to termination, or which, under this Agreement, continue after termination. Following termination or expiration of this Agreement, each Party will (1) return all property belonging to the other Party which is in its possession or control at the time of termination or expiration; and (2) discontinue using the other Party’s trademarks.

(ii) Provisions of this Agreement that, by their nature, should survive termination of this Agreement shall survive termination (including, but not limited to, Sections 1 (Definitions), 13(a) and (b) (Representations, Warranties and Covenants), 15 (Cardholder Information), 16 (Data Security), 17 (Indemnification), 18 (Limitation of Liability and Disclaimers), 19 (Term and Termination), 20 (Confidentiality), 21(e) (Proprietary Materials), 22 (Expenses), 33 (Relationship of Parties), 34 (Governing Law; Waiver of Jury Trial; Dispute Resolution and Arbitration), 35 (Severability), 36 (Assignment), 37 (Third Party Beneficiaries), 38 (Amendment and Waiver), 39 (Entire Agreement), 40 (Counterparts), 41 (Interpretation), 43 (Headings) and 44 (Notices)).

20. Confidentiality.

(a) Each Party agrees that Confidential Information of the other Party shall be used by each Party solely in the performance of its obligations and exercise of its rights pursuant to this Agreement. Except as set forth in this Section 20, neither Party (the “Restricted Party”) shall disclose Confidential Information of the other Party (the “Disclosing Party”) to third parties; provided, however, that the Restricted Party may disclose Confidential Information of the Disclosing Party (i) to the Restricted Party’s Affiliates, agents, representatives or the Restricted Party’s Subcontractors for the sole purpose of fulfilling the Restricted Party’s obligations under this Agreement (as long as the Restricted Party exercises best efforts to prohibit any further disclosure by its Affiliates, agents, representatives or the Restricted Party’s Subcontractors) and only on a “need to know” basis; (ii) to the Restricted Party’s auditors, accountants and other professional advisors; and (iii) to any other third party as mutually agreed by the Parties, in each case, only if Disclosing Party is bound to maintain the confidentiality of Confidential Information in accordance with the terms of this Agreement. Each Restricted Party may disclose Confidential Information to the extent such Confidential Information is required to be disclosed by Applicable Law, including in the course of an examination by a Regulatory Authority; provided that (1) except in connection with disclosure in the ordinary course of an examination by a Regulatory Authority, the Party subject to such Applicable Law shall notify the Disclosing Party of any such use or requirement prior to disclosure of any Confidential Information obtained from the Disclosing Party in order to afford the Disclosing Party an opportunity to seek a protective order to prevent or limit disclosure of the Confidential Information to third parties; and (2) the Party subject to such Applicable Law shall disclose Confidential Information of the Disclosing Party only to the extent required by such Applicable Law.

(b) Restricted Party agrees that any unauthorized use or disclosure of Confidential Information of the Disclosing Party might cause immediate and irreparable harm to the Disclosing Party for which money damages might not constitute an adequate remedy. In that event, the Restricted Party agrees that injunctive relief may be warranted in addition to any other remedies the Disclosing Party may have. In addition, the Restricted Party shall promptly (but in no event more than forty-eight (48) hours after discovery of same) advise the Disclosing Party by telephone and in writing via facsimile of any security breach that may have compromised any Confidential Information, and of any unauthorized misappropriation, disclosure or use by any Person of the Confidential Information of the Disclosing Party which may come to its attention and shall take all steps at its own expense reasonably requested by the Disclosing Party to limit, stop or otherwise remedy such misappropriation, disclosure or use, including, but not limited to, notification to and cooperation and compliance with any Regulatory Authority.

(c) Upon written request or upon the termination or expiration of this Agreement, each Party shall return to the other Party all Confidential Information of the other Party in its possession or control that is in written form, including by way of example, but not limited to, reports, plans, and manuals, and delete any digitally or optically stored versions of Confidential Information of the other Party; provided, however, that each Party may maintain and retain in its possession all such Confidential Information in standard archival or computer back-up systems or pursuant to the normal document or e-mail retention practices of the Restricted Party or any of its Affiliates, agents, representatives or Restricted Party’s Subcontractors (so long as the retention practices are compliant with Applicable Law and consistent with the terms of this Agreement) or each Party may maintain such Confidential Information in its possession as required to be maintained under Applicable Law relating to the retention of records for the period of time required thereunder.

(d) Each Party shall require its respective Subcontractors having access to Confidential Information to agree in writing to be bound by the provisions of this Section 20 prior to disclosure of any Confidential Information to such Party’s Subcontractors. Such Party shall keep and maintain such protective agreements and shall promptly provide the other Party with copies thereof upon request. Such permissible disclosure shall not relieve the Disclosing Party of liability for such disclosure.

(e) The Parties acknowledge that any breach of the covenants or obligations set forth in this Section may cause the other Party irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the non-breaching Party is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance, and any other relief that may be available from any court, in addition to any other remedy to which the non-breaching Party may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available at law or in equity, subject to any express exclusions or limitations in this Agreement to the contrary.

21. Proprietary Materials.

(a) Bank Marks. Bank hereby grants to Company a non-exclusive, non-transferable, revocable limited license to use and reproduce the name, logo and specified trademarks of Bank (“Bank Marks”), which Bank has made available to Company, solely in connection with its performance of its obligations under this Agreement, provided that any such use shall require the prior written approval of Bank. If such approval is granted, Company may utilize such Bank Marks. This use terminates upon termination of this Agreement and any agreed upon wind down period (if applicable) or if approval is revoked by Bank in writing.

(b) Company Marks. Company grants to Bank a non-exclusive, non-transferable, revocable limited license to use and reproduce the name, logo and specified trademarks of Company (“Company Marks”), which Company has made available to Bank, solely in connection with the Program or to perform its obligations under this Agreement, provided that any such use shall require the prior written approval of Company, such approval not to be unreasonably withheld or delayed. If such approval is granted, Bank may utilize such Company Marks. This use terminates upon termination of this Agreement and any agreed upon wind down period (if applicable) or if approval is revoked by Company in writing.

(c) Intellectual Property Rights of Others. Each Party will obtain or will at all times maintain appropriate licenses with respect to any Intellectual Property it uses or otherwise licenses hereunder or in connection with this Agreement. Each Party represents and warrants that any Intellectual Property it may provide to the other Party does not violate the Intellectual Property rights of any third party.

(d) Bank Intellectual Property. Subject to the terms and conditions of this Agreement, Company is hereby granted a non-exclusive, limited, non-transferable, freely revocable license to Bank’s Intellectual Property provided to Company by Bank in connection with this Agreement for the sole purpose of performing Company’s obligations under this Agreement. Company acknowledges and agrees that Bank shall retain all right, title, and interest in and to all Intellectual Property of Bank that is developed, established or otherwise created by Bank in connection with the Program. Nothing in this Agreement shall be construed as granting Company a license to use in any way the Intellectual Property of Bank, except as provided in Section 21 or to the extent Bank may make use of its Intellectual Property in connection with the services to be provided hereunder. Company shall not take any action that interferes with the Intellectual Property of Bank or attempt to copyright or patent any part of the Intellectual Property of Bank or attempt to register any trademark, service mark, trade name, or company name which is identical or confusingly similar to Bank Marks, and Company shall comply with all Bank instructions related to the use of the Intellectual Property of Bank.

(e) Company Intellectual Property. Subject to the terms and conditions of this Agreement, Bank is hereby granted a non-exclusive, limited, non-transferable, freely revocable license to Company’s Intellectual Property provided to Bank by Company in connection with this Agreement for the sole purpose of performing Bank’s obligations under this Agreement. Bank acknowledges and agrees that Company shall retain all right, title, and interest in and to all Intellectual Property of Company that is developed, established or otherwise created by Company in connection with the Program. Nothing in this Agreement shall be construed as granting Bank a

license to use in any way the Intellectual Property of Company, except as provided in Section 21 or to the extent Company may make use of its Intellectual Property in connection with the services to be provided hereunder. Bank shall not take any action that interferes with the Intellectual Property of Company or attempt to copyright or patent any part of the Intellectual Property of Company or attempt to register any trademark, service mark, trade name, or company name which is identical or confusingly similar to Company Marks.

22. Expenses.

(a) General. Except as otherwise provided in this Agreement, the Parties shall pay their own expenses (including, without limitation, the fees and expenses of their own agents, representatives, counsel, and accountants) incidental to the preparation and performance of this Agreement. Each Party shall further be responsible for payment of any federal, state, or local taxes or assessments associated with the performance of its obligations under this Agreement and for compliance with all filing, registration and other requirements with regard thereto. Company shall be responsible for any reasonable out-of-pocket costs incurred by Bank from the Card Association related to the Program, including any cost of registration of Company or any of its Subcontractors with the Card Association.

(b) Allocation of Costs for Program. Except as otherwise provided in this Agreement, any and all reasonable out-of-pocket costs and expenses related to or concerning Company Card Services, any other legal and audit expenses, fees or fines related to or resulting from Company’s breach of this Agreement and any fees or costs specified in Schedule C to be paid by Company shall be paid by Company. Legal fees assessed under this provision shall be capped at $25,000 absent prior approval of the Company. Company shall also have the right to engage any auditor or third party, other than an attorney, enlisted to provide services to the Bank under this provision.

(c) Costs and Expenses Paid by Bank. Except as otherwise provided in this Agreement, Bank shall be solely responsible for all fines, penalties and other amounts assessed by any Regulatory Authority or Card Association due to Bank’s or its agents’, representatives’, contractors’ or service providers’ (other than Company and/or any Company Contractor) negligence or willful misconduct or breach of this Agreement. It is understood that approval, acquiescence or failure by Bank or its agents, representatives, contractors or service providers to reject any proposal, action, or activity by Company or any Company Contractor shall not relieve Company of any obligation under this Agreement.

(d) Costs and Expenses Paid by Company. In addition to any expenses specifically set forth elsewhere in this Agreement, Company shall be solely responsible for the following:

(i) Subject to (c), all fines, penalties, reimbursements, and other amounts assessed by any Regulatory Authority or Card Association due to Company’s actions or omissions or the actions or omissions of any third party retained by Company;

(ii) All reasonable third-party expenses associated with completing required due diligence and annual reviews on Company or its service providers from third party outsourced vendor relationships contemplated in this Agreement;

(iii) To the extent applicable, the applicable pricing as at such time the Bank shall propose per transaction requested by a Cardholder (other than customary transactions using the Card, such as purchases) (e.g., rush delivery of Cards, enrollment in any rewards or insurance programs);

(iv) Any costs related to requests by Company related to the Program (e.g., customization of Cards, custom cardstock, customized statements, letters and/or disclosures, etc.) and any costs associated with the production, distribution, customization or issuance of a Card in excess of $5 and any postage costs associated with distribution of a Card. In the event a Cardholder is issued a digital or virtual Card, as well as a physical Card, the costs of both such Cards in excess of $5, including postage costs, shall be Company’s responsibility;

(v) Any and all Company Expenses;

(vi) Any costs resulting from Company’s negligent action or omission or willful misconduct that cause an error or omission by Bank; and

(vii) Company shall be responsible for all costs associated with rewards programs associated with a Card and its application programming interfaces (APIs) used to interface with Bank’s system and/or the system of Bank’s processor. Bank will invoice Company for all amounts associated with the APIs that are billed to it, without markup.

23. Company Employees, Agents and Company Subcontractors.

(a) Company shall require and ensure its employees, sales representatives, sales offices agents and Company’s Subcontractors comply with the terms of this Agreement applicable to Company, as well as Compliance Policies and Applicable Law. Company shall actively and diligently monitor its employees, sales representatives, sales offices, agents, Company Subcontractors to ensure compliance with this Agreement, Compliance Policies and Applicable Law. Company shall provide appropriate training for its officers, employees, agents and representatives with respect to duties of Company and such officers, employees, agents and representatives under this Agreement and under Applicable Law. Such training shall, at a minimum, comply with Compliance Policies, including Bank’s training program requirements. Bank shall have the right to (i) periodically review and audit Manager’s training program to ensure Manager’s compliance with Bank’s training program; and (ii) require changes to the training program to manage any risks identified by Bank.

(b) Company may from time to time in its discretion retain the services of one or more Company Subcontractors. Any agreement with a Company Critical Subcontractor is subject to the Bank’s approval. Notwithstanding anything herein, Company shall remain liable for any services performed by any Company Subcontractor, and remain primarily liable to Bank for any acts or omissions of any Subcontractor. Bank’s approval of Company Critical Subcontractor may be withheld for any reason and is subject to satisfactory completion of Bank’s due diligence requirements (as determined by Bank). Company shall comply with the standards established by

Bank for purposes of approving and conducting a due diligence review of any Company Critical Subcontractor. Bank reserves the right to amend such standards at any time by written notice to Company. A list of Company’s Critical Subcontractors reviewed and approved by Bank as of the Effective Date is attached hereto as Schedule B. Company shall obtain or require each of Company’s Critical Subcontractor to provide to Bank all information regarding such Company Critical Subcontractor reasonably requested by Bank. Company shall be responsible for obtaining a written agreement with each Company Subcontractor, and such written agreements shall be available to Bank for review upon Bank’s request. Bank may in its sole discretion deny approval of a Company’s Subcontractor, or rescind its approval of a Company’s Subcontractor by providing written notice to Company of such rescission in the event that such Company Subcontractor’s actions or failure to act has resulted or could result in (i) a breach of the obligations of a Company’s Subcontractor to Company or of Company to Bank; (ii) a reputational, compliance or financial risk to Bank or a threat to the safety and soundness of Bank; (iii) a material adverse impact to Cardholders, Applicants or any other Person; (iv) a material risk of a Security Breach; or (v) a violation of Applicable Law or Compliance Policies, including third party oversight, by Bank or Company. Within a reasonable period of time, not to exceed sixty (60) days or sooner if required by Regulatory Authority or Card Association or to avoid a violation of Applicable Law, upon any such rescission, Company shall no longer utilize such Company Subcontractor in connection with the Program.

(c) Company shall notify Bank in writing of any changes in a Company’s Critical Subcontractor at least thirty (30) days prior to entering into a contractual relationship with a new Company Critical Subcontractor and at least sixty (60) days prior to terminating any contractual relationship with any existing Company Critical Subcontractor; provided that where Company exercises a right to immediately terminate a contractual relationship with an existing Critical Subcontractor, Company shall immediately notify Bank prior to any such termination. Company shall immediately notify Bank in writing of any material changes in the scope or terms of any written agreement with any Company Critical Subcontractor. Company shall ensure any Company Critical Subcontractor participating in the Program complies with the terms and criteria of this Agreement, as such terms may be applicable to Company or Company Card Services provided by Company’s Critical Subcontractor. Company shall be responsible for all fees and expenses of each Company Subcontractor, including any fees or expenses incurred by Bank in conducting due diligence of the Company Subcontractor, and shall remain liable for any actions and/or omissions of any Company Subcontractor regardless of any approval provided by Bank.

(d) Company shall be responsible for ensuring that each Company Critical Subcontractor (i) holds, transmits and utilizes all Cardholder Information in accordance with the terms of this Agreement (as such terms are applicable to Company), Applicable Law and Compliance Policies; (ii) does not transmit or otherwise convey any Cardholder Information to any Person other than Company or Bank, without the prior written approval of Bank; and (iii) only transmits or otherwise conveys Cardholder Information to facilitate the settlement of a transaction requested by a Cardholder in connection with an Account, unless otherwise permitted by this Agreement.

(e) Company shall include in any agreement with a Company Critical Subcontractor provisions that require such Critical Subcontractor to comply with any terms and conditions set forth in this Agreement that are applicable to Company or Company’s Critical Subcontractors and to pass through any and all obligations and liabilities to a Company Critical Subcontractor that are applicable to the services such Company Critical Subcontractor are performing on behalf of Company and/or are otherwise applicable to Company. Company will ensure each agreement Company has with a Company Critical Subcontractor includes terms that permit Bank, Regulatory Authority and/or Card Association (A) to audit a Company’s Critical Subcontractor and the services as such services relate to the Program (such audit rights to be no more restrictive than the audit rights set forth herein in connection with Company); (B) to terminate such agreement Company has with a Company Critical Subcontractor if the Company Critical Subcontractor violates any Applicable Laws or Compliance Policies or possess a financial, compliance or reputational risk to Bank or any third party; or (C) to terminate such agreement Company has with a Company Critical Subcontractor if the services, activities or omissions of the Company Critical Subcontractor may or actually result in a reputational, financial or compliance risk to the Card Association or Bank, as determined by Bank, or otherwise adversely impact the safety and soundness of the Bank. Company shall deliver evaluations and reports, and such other information as shall be reasonably requested by Bank to enable Bank to evaluate Company’s oversight of Company Critical Subcontractors and Company’s Critical Subcontractors’ compliance with the term and conditions of its agreement with Company related to the services to be provided in connection with or under this Agreement. Any Agreement that Company has with a Company Critical Subcontractor, other than those listed on Schedule B to this Agreement, are subject to Bank’s prior approval and any costs and expenses incurred by Bank in connection with its review of such agreements shall be promptly reimbursed by Company. Company shall not include in any Company Critical Subcontractor Agreement (y) any term or condition that may result in any liability for Bank; or (z) any term that would cause any agreement between Company and a Company Critical Subcontractor to flow down to Bank or otherwise obligate Bank to perform or withhold performance, unless agreed to by Bank in an instrument specifying the terms and signed by an officer of Bank.

24. Relationship Managers. The Parties shall each appoint, no later than the Effective Date, a relationship manager with responsibilities for the day-to-day management and administration of this Agreement and to work closely with the relationship manager of the other Party regarding Agreement-related issues. Each Party shall be entitled to remove its relationship manager and appoint a substitute relationship manager at any time during the Term of this Agreement upon prior written notice to the other Party.

25. Authority of Regulatory Authority. Company acknowledges and agrees to the following: (a) any Regulatory Authority has and shall have the statutory authority to examine Company with respect to the activities performed by Company as an agent of Bank; (b) Bank and Company, in its capacity as Bank’s agent, are both subject to control and supervision by the appropriate Regulatory Authority, which control and supervision includes, but is not limited to, the ability to require that Bank obtain such Regulatory Authority’s approval (or non-objection) before entering into a contractual arrangement with Company and the right of the Regulatory Authority to approve specific contractual language, if Bank determines, in its discretion, that the approval of such Regulatory Authority is required or prudent; (c) the Regulatory Authority may require both Bank and Company, in its capacity as Bank’s authorized agent to (and, if required, the Parties shall) submit periodic reports to the Regulatory Authority; (d) the Regulatory Authority may require the Parties to (and, if required, the Parties shall) modify the terms of this Agreement or terminate Bank’s relationship with Company at any time; and (e) the Regulatory Authority may institute any other requirements or conditions that the Regulatory Authority deems appropriate for a particular purpose in connection with this Agreement and the rights and responsibilities set forth herein, in which case the Parties agree to comply with such requirements or conditions.

26. Audit/Inspection.

(a) Company agrees that Bank and/or its authorized representatives and agents (collectively the “Auditing Party”) shall have the right, no more than one (1) time per calendar year, and upon reasonable prior notice, no less than ten (10) Business Days, or at any other time (i) required by Applicable Law or by a Regulatory Authority or Card Association or (ii) if Bank has a reasonable belief that Company is violating or may violate the terms of this Agreement or Applicable Law, to inspect, audit, and examine all of Company’s facilities, records, personnel, books, accounts, data, reports, papers and computer records relating to the activities contemplated by this Agreement, including, but not limited to, financial records and reports, Records, the Security Program, audit reports, summaries of test results or equivalent measures taken by Company is in compliance with this Agreement, Applicable Law and Compliance Policies. Any such inspection shall be conducted during normal business hours. Company shall make all facilities, records, personnel, books, accounts, data, reports, papers, and computer records available to the Auditing Party for the purpose of conducting such inspections and audits, and the Auditing Party shall have the right to make copies and abstracts from Company’s books, accounts, data, reports, papers, and computer records directly pertaining to the subject matter of this Agreement. Notwithstanding, Bank may audit Company’s compliance with and application of the Credit Policy at any time by providing ten (10) Business Days’ prior written notice to Company. If Company believes provisioning of access to or to disclose information would violate Applicable Law or would violate or result in a loss or impairment of any attorney-client or work product privilege, the Parties shall meet and cooperate in good faith to produce information requested by Bank. In the event the Parties are unable to agree on information to be produced, the Parties will resolve any related Dispute in accordance with Section 34(c). Notwithstanding anything to the contrary, if a Regulatory Authority requests, whether or not through Bank, information, Company shall provide such information to Bank and Regulatory Authority.

(b) Company agrees (and shall cause each Company Critical Subcontractor) to cooperate with any examination, inquiry, audit, information request, site visit or the like, which may be required by any Regulatory Authority or Card Association with audit examination or supervisory authority over Bank, to the fullest extent requested by such Regulatory Authority, Card Association or Bank. Company shall also (and shall cause each Company Critical Subcontractor to) provide to Bank any information which may be required by Bank or any Regulatory Authority or Card Association in connection with such Regulatory Authority’s or Card Association’s audit or review of Bank or any Program and shall cooperate with such Regulatory Authority or Card Association in connection with any audit or review of Bank or any Program. Company shall also (and shall cause each Company Critical Subcontractor to) provide such other information as Bank, Regulatory Authorities or Card Association may from time to time reasonably request with respect to the financial condition of Company and each Company Critical Subcontractor and such other information as Bank may from time to time reasonably request with respect to third parties who have contracted with Company relating to or in connection with this Agreement.

(c) Company shall prepare a written response to Bank (a “Response to Audit Letter”) to all criticisms, recommendations, deficiencies, and violations of Applicable Law identified in reviews conducted by Bank, Regulatory Authority or Card Association (“Audit Findings”). The Response to Audit Letter shall be delivered to Bank within ten (10) Business Days of Company’s receipt of such Audit Findings, unless directed otherwise by a Regulatory Authority or Card Association. The Response to Audit Letter shall include, at a minimum, a detailed discussion of the following: (i) the planned corrective action to address the Audit Findings (“Audit Corrective Action Plan”); (ii) employee(s) of Company tasked to remedy the Audit Findings; (iii) remedial actions proposed (provided no such action shall be taken without express written approval from Bank); (iv) steps to be taken to prevent any recurrence of the Audit Findings; (v) a specific timeframe, not to exceed forty (40) Business Days, unless otherwise approved by Bank in advance, to implement the Audit Corrective Action Plan (“Corrective Action Plan Deadline”); (vi) documentation evidencing that the Audit Corrective Action Plan has been implemented; (vii) if additional time is needed to implement the Audit Corrective Action Plan or deviations from the Audit Corrective Action Plan are necessary, a written request shall be submitted to Bank detailing the extenuating circumstances that necessitate an extension of the Corrective Action Plan Deadline and such extension request shall be subject to the reasonable approval of Bank; and (viii) identification of any Audit Findings disputed by Company or where corrective action is not possible or necessary, supported by a detailed explanation of Manager’s position.

(d) Notwithstanding anything to the contrary, within one hundred and twenty (120) days of the Effective Date and thereafter on an annual basis, Company will submit to and complete a compliance audit of its operations to ensure compliance with consumer, privacy, cybersecurity and financial requirements and shall submit to and complete a financial reporting audit (collectively, “Compliance Audit”). The Compliance Audit shall be conducted by third party auditor mutually agreed to by the Program Manger and Bank, and shall be conducted in compliance with Applicable Laws to Bank, including, but not limited to, Sarbanes Oxley Act. Program Manger shall furnish within a reasonable time copies of SSAE-18 reports upon request from third party auditor in connection with the Compliance Audit. Program Manger shall be responsible for all expenses related to a Compliance Audit.

(e) The Bank may review the Marketing Materials and Marketing Activities as provided for in Section 3. Bank may request up to two (2) periodic reviews of the Marketing Materials and Marketing Activities then being used by Company in each calendar year; provided, however, that Bank may request additional reviews of the Marketing Materials and Marketing Activities if required or instructed by a Regulatory Authority or Card Association or if Bank determines, in its sole discretion, that Company is in, or is likely in, breach of any provision of this Agreement, Compliance Policies or Applicable Law. Company will be responsible for Bank’s reasonable costs out-of-pocket and expenses from any review under this Section 26 that is required or instructed by law, Regulatory Authority or Card Association. Any other Bank review will be at Bank’s expense.

27. Agreement Subject to Applicable Laws. Subject to Section 19 (Term and Termination), if (a) either Party has been advised by legal counsel of a change in Applicable Laws or any judicial decision of a court having jurisdiction over such Party or any interpretation of a Regulatory Authority that, in the view of such legal counsel, would have a materially adverse effect on the Program, the rights or obligations of such Party under this Agreement or the financial condition of such Party; (b) either Party shall receive a lawful written request of any Regulatory Authority having jurisdiction over such Party, including any letter or directive of any kind from any such Regulatory Authority, that prohibits or restricts such Party from carrying out its obligations under this Agreement; (c) either Party has been advised by legal counsel that there is a material risk that such Party’s or the other Party’s continued performance under this Agreement would violate Applicable Laws; (d) any Regulatory Authority shall have determined and notified either Party that the arrangement between the Parties contemplated by this Agreement constitutes an unsafe or unsound banking practice or is in violation of Applicable Law; or (e) a Regulatory Authority has commenced an investigation or action against a Party which the other Party, in its reasonable judgment, determines that it threatens such Party’s ability to perform its obligations under this Agreement, then, in each case, the Parties shall meet and consider in good faith any modifications, changes or additions to the Program or this Agreement that may be necessary to eliminate such result. Notwithstanding any other provision of this Agreement, if the Parties are unable to reach agreement regarding modifications, changes or additions to the Program or this Agreement within fifteen (15) Business Days after the Parties initially meet, either Party may terminate the impacted Program or this Agreement (provided, (a), (b), (c), (d) or (e) above impact or relate to a majority of the Programs) upon thirty (30) days prior written notice to the other Party and without payment of a termination fee or other penalty. A Party shall be able to suspend performance of its obligations under this Agreement, or require the other Party to suspend its performance of its obligations under this Agreement, if (i) any event described in clause (b) above occurs and (ii) such Party reasonably determines that continued performance hereunder may result in a fine, penalty or other sanction being imposed by the applicable Regulatory Authority, or in material civil liability, unless with regards to civil liability, the other Party agrees to indemnify the Party. For the avoidance of doubt, nothing in this Section 27 shall obligate a Party to disclose, share, or discuss any information to the extent prohibited by Applicable Law or a Regulatory Authority.

28. Reserve Account. Prior to the Effective Date of this Agreement, Bank shall establish a non-interest bearing deposit account (the “Reserve Account”) at Bank from which fund transfers may be initiated by Bank.

(a) The Reserve Account shall be a segregated deposit account that shall hold only the funds provided by Company to Bank as collateral. At all times, it shall be Company’s responsibility to maintain funds in the Reserve Account equal to $50,000 (the “Reserve Balance”). In the event that the actual balance in the Reserve Account is at any time less than the Reserve Balance, Company shall within two (2) Business Days make a payment into the Reserve Account in an amount equal to the difference between the Reserve Balance and the actual balance in such account. In the event the actual balance in the Reserve Account shall be less than the Reserve Balance and Company shall fail to pay the difference within two (2) Business Days as specified in the immediately preceding sentence, the Bank may charge Company interest on the amount of the deficiency at a rate equal to the Wall Street Journal Prime Rate plus one percent (1%) per annum. In the event the actual balance in the Reserve Account shall be less than the Reserve Balance and the deficiency shall not be cured within three (3) Business Days after notice from Bank to Company, then the Bank shall have the right to terminate the Program and this Agreement.

(b) Security Interest. To secure Company’s obligations under this Agreement, Company hereby grants Bank a security interest in the Reserve Account and the funds therein or proceeds thereof, and agrees to take such steps as Bank may reasonably require to perfect or protect such first priority security interest. Bank shall have all of the rights and remedies of a secured party under Applicable Laws with respect to the Reserve Account and the funds therein or proceeds thereof; and shall be entitled to exercise those rights and remedies in its discretion. Company agrees that it will maintain the lien against the Reserve Account in favor of Bank such that no other party has a greater seniority or priority than the interest of Bank.

(c) Withdrawals. Bank shall cause funds to be transferred from the Reserve Account to fund any amounts due to Bank under this Agreement.

(d) Termination of Reserve Account. Bank shall release any funds remaining in the Reserve Account within sixty (60) days after the latest to occur of: (i) expiration or termination of this Agreement; and (ii) the date when obligations of Company under this Agreement have been satisfied in full by Company.

(e) If any Regulatory Authority with jurisdiction over Bank notifies Bank that the Reserve Balance is inadequate to cover the risks associated with the Program, Bank shall provide notice to Company of the Regulatory Authority’s finding and of the amount that Bank or such Regulatory Authority determines will be a sufficient reserve (the “New Reserve Balance”). Company shall have thirty (30) days to increase the balance in the Reserve Account to the New Reserve Balance, and the New Reserve Balance shall then become the Reserve Balance.

29. Purchase Option. In the event Company desires to manage additional aspects of the Program currently managed by Bank, including, but not limited to, Processing Services, Company shall provide Bank a written request detailing the aspects of the Program it desires to assume or manage on behalf of Bank. The Parties shall meet and consider in good faith such request, any fees and expenses and any required modifications, changes or additions to the Program or this Agreement. Without limiting any rights of the Bank and for the avoidance of doubt, Bank may deny any such request if it concludes that engaging Company for any described services may increase the financial, compliance, operational, regulatory or legal, or reputational risk to Bank or Card Association. Company may also request to purchase receivables related to the Program. The Parties shall meet and consider in good faith such request to purchase receivables related to the Program and the terms of any such purchase. Any purchase of receivables will be contingent on Company entering into a credit card receivables sale agreement with Bank in a form satisfactory to Bank.

30. Insurance.

(a) Company shall maintain, throughout the Term, an appropriate insurance policy in the name of Company, the limit of which shall be no less than one million dollars ($1,000,000) per occurrence and two million dollars ($2,000,000) aggregate, for each of the following categories: (i) a comprehensive general liability policy, including, but not limited to, contractual liability, bodily injury, death and/or property damage; (ii) a comprehensive crime policy, including employee dishonesty/fidelity coverage, with respect to the work or operations done in connection with this Agreement; (iii) a comprehensive errors and omissions and professional liability policy; (iv) a workers’ compensation policy in at least the minimum amounts required by any applicable statute or regulation; and (v) an umbrella/excess liability policy.

(b) In addition to the insurance requirements set forth above, in the event Company stores, transmits or processes Cardholder Information, Company shall maintain, throughout the term of this Agreement, an appropriate data security insurance policy in the name of Company and naming Bank as a loss payee, the limit of which shall be, in the case of Company, no less than five million dollars ($5,000,000) per occurrence and ten million dollars ($10,000,000) aggregate, providing coverage for cybersecurity and coverage in the event of loss of confidential data by Company (or any Company Subcontractor), including: (i) theft, dissemination and/or unauthorized disclosure or use of Confidential Information and/or Cardholder Information (including, but not limited to, account information, social security numbers, and confidential corporation information). Such insurance shall also include coverage for credit monitoring, notification expenses and other related costs associated with mitigating a data security or privacy breach; and (ii) introduction of a computer virus into, or otherwise causing damage to, a computer, computer system, network or similar computer-related property and the data, software and programs used thereon.

(c) Each policy required by Section 30(a) and 30(b) must: (i) be written by insurance carriers that have an A.M. Best rating of “A” or better or are otherwise acceptable to Bank; (ii) provide that such policy may not be terminated or materially modified without thirty (30) days prior written notice to both Bank and Company; and (iii) not include any exclusions that would adversely affect coverage regarding any of the obligations of Company hereunder. Upon reasonable request by Bank, Company shall obtain and maintain such other insurance as may be maintained by Persons engaged in the same or similar business and similarly situated as Company.

(d) Company shall provide a copy of each policy (including such endorsement) and any certificates of insurance evidencing the existence of such policy or any other documentation related to the requirements of this Section 30 reasonably requested by Bank. Company shall promptly provide notice to Bank in the event Company receives any notice of nonrenewal or cancellation, lapse, termination or reduction in any insurance coverage required to be maintained pursuant to this Section 30.

31. Referrals. Neither Party has agreed to pay any fee or commission to any agent, broker, finder, or other Person for, or on account of, such Person’s services rendered in connection with this Agreement that would give rise to any valid claim against the other Party for any commission, finder’s fee or like payment.

32. Cooperation. Each Party hereto agrees to cooperate fully with the other Party hereto in furnishing any information or performing any action reasonably requested by such Party that is needed by the requesting Party to perform its obligations under this Agreement or to comply with Applicable Law or any request from a Regulatory Authority or Card Association.

33. Relationship of Parties. Bank and Company agree they are independent contractors to each other in performing their respective obligations hereunder. Nothing in this Agreement or in the working relationship being established and developed hereunder shall be deemed, nor shall it cause, Bank and Company to be treated as partners, joint venturers, or otherwise as joint associates for profit. Notwithstanding the foregoing, to the extent required by Applicable Law, Bank’s appointment of Company as Bank’s authorized representative will establish an agency relationship, limited strictly to the rights, duties and obligations as set forth herein.

34. Governing Law; Waiver of Jury Trial; Dispute Resolution and Arbitration.

(a) This Agreement shall be interpreted and construed in accordance with the laws of the State of California, without giving effect to the rules, policies, or principles thereof with respect to conflicts of laws. Each Party hereby submits to the jurisdiction of the courts of California, and (subject to Bank’s reservation of preemption rights herein).

(b) TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PARTIES HEREBY EXPRESSLY WAIVE ANY RIGHT TO TRIAL BY JURY OF ANY CLAIM, DEMAND, ACTION OR CAUSE OF ACTION ARISING HEREUNDER.

(i) Cooperation to Resolve Disputes. The Parties shall cooperate and attempt in good faith to resolve any dispute, controversy, or claim arising out of or relating to this Agreement or the construction, interpretation, performance, breach, termination, enforceability or validity thereof (a “Dispute”) promptly by negotiating between persons who have authority to settle the Dispute and who are at a higher level of management than the persons with direct responsibility for administration and performance of the provisions or obligations of this Agreement that are the subject of the Dispute.

(ii) Arbitration. Any Dispute which cannot otherwise be resolved as provided in subsection (i) above shall be resolved by binding arbitration conducted in accordance with the Procedures for Large, Complex Commercial Disputes commercial arbitration rules of the American Arbitration Association, including full discovery as allowed by the AAA rules, and judgment upon the award rendered by the arbitral tribunal may be entered in any court having jurisdiction thereof. For Disputes amounting to less than $1,000,000, the arbitration tribunal shall consist of a single arbitrator mutually agreed upon by the Parties, or in the absence of such agreement within thirty (30) days from the first referral of the Dispute to the American Arbitration Association, designated by the American Arbitration Association. For Disputes amounting to $1,000,000 or more, a panel of three arbitrators shall be selected to hear the Dispute. In such case, each Party shall select one arbitrator who shall be independent and unaffiliated with such Party, and the two arbitrators shall then select the third arbitrator. If the two arbitrators are unable to agree upon the third arbitrator, the American Arbitration Association shall select the third arbitrator. The place of arbitration shall be San Francisco, California, unless the Parties shall have agreed to another location within fifteen (15) days from the first referral of the Dispute to the American Arbitration Association. The arbitral award shall be final and binding. The Parties waive any right to appeal the arbitral award, to the extent a right to appeal may be lawfully waived. Each Party retains the right to seek judicial assistance: (1) to compel arbitration, (2) to obtain interim measures of protection prior to or pending arbitration, (3) to seek injunctive relief in the courts of any jurisdiction as may be necessary and appropriate to protect the unauthorized disclosure of its proprietary or Confidential Information, and (4) to enforce any decision of the arbitrator, including the final award. In no event shall either Party be entitled to punitive, exemplary or similar damages.

(iii) Confidentiality of Proceedings. The arbitration proceedings contemplated by this subsection shall be as confidential and private as permitted by Applicable Law. To that end, the Parties shall not disclose the existence, content or results of any proceedings conducted in accordance with this subsection, and materials submitted in connection with such proceedings shall not be admissible in any other proceeding, provided, however, that this confidentiality provision shall not prevent a petition to vacate or enforce an arbitral award, and shall not bar disclosures required by any laws or regulations.

35. Severability. In the event that any part of this Agreement is deemed by a court, Regulatory Authority, Card Association or other public or private tribunal of competent jurisdiction to be invalid or unenforceable, such provision shall be deemed to have been omitted from this Agreement. The remainder of this Agreement shall remain in full force and effect, and shall be modified to any extent necessary to give such force and effect to the remaining provisions, but only to such extent.

36. Assignment. This Agreement and the rights and obligations created under it shall be binding upon and inure solely to the benefit of the Parties and their respective successors and permitted assigns. Except as provided in Section 19(e), Company not shall assign or transfer any interest under this Agreement (including a transfer by a Change in Control) without the prior written consent of Bank, such consent not to be unreasonably withheld, except that prior written consent shall not be required for a SPAC Transaction.

37. Third Party Beneficiaries. The rights and obligations hereunder shall bind and inure to the benefit of the Parties and their successors and permitted assigns. For the avoidance of doubt, no Subcontractor of either Party is a third-party beneficiary of, or has any rights under, this Agreement.

38. Amendment and Waiver. This Agreement may be amended only by a written instrument signed by each of the Parties. The failure of a Party to require the performance of any Term of this Agreement or the waiver by a Party of any default under this Agreement shall not prevent a subsequent invalidity, illegality or unenforceability, without affecting in any way the remaining portions hereof in such jurisdiction or rendering such provision or any other provision of this Agreement invalid, illegal, or unenforceable in any other jurisdiction.

39. Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter thereof, and supersede any prior or contemporaneous negotiations or oral or written agreements with regard to the same subject matter, except for that certain Indemnification Letter Agreement, dated May 11, 2021, entered into by and between the Parties.

40. Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. This Agreement may be executed and accepted by facsimile or portable data file (PDF) signature and any such signature shall be of the same force and effect as an original signature.

41. Interpretation. The Parties acknowledge that each Party and its counsel have reviewed and revised this Agreement and that the normal rule of construction to the effect that any ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement or any amendments thereto, and the same shall be construed neither for nor against either Party, but shall be given a reasonable interpretation in accordance with the plain meaning of its terms and the intent of the Parties. References in this Agreement to any Section are to such Section of this Agreement. The words “include,” “includes” or “including” mean without limitation by reason of enumeration.

42. Force Majeure. If any Party shall be unable to carry out the whole or any part of its obligations under this Agreement by reason of a Force Majeure Event, then the performance of the obligations under this Agreement of such Party as they are affected by such cause shall be excused during the continuance of the inability so caused, except that should such inability not be remedied within thirty (30) days after the date of such cause, the Party not so affected may at any time after the expiration of such thirty (30) day period, during the continuance of such inability, terminate this Agreement on giving written notice to the other Party. No Party shall be relieved of its obligations hereunder if its failure of performance is due to removable or remediable causes which such Party fails to remove or remedy using commercially reasonable efforts within a reasonable time period. Either Party rendered unable to fulfill any of its obligations under this Agreement by reason of a Force Majeure Event shall give prompt notice of such fact to the other Party, followed by written confirmation of notice, and shall exercise due diligence to remove such inability with all reasonable dispatch.

43. Headings. Captions and headings in this Agreement are for convenience only and are not to be deemed part of this Agreement and shall not affect the meaning or interpretation of any provision of this Agreement.

44. Notices. All notices and other communications that are required or may be given in connection with this Agreement shall be in writing and shall be deemed received (a) on the day delivered, if delivered by hand; (b) on the day transmitted, if transmitted by facsimile or e-mail with receipt confirmed; or (c) three (3) Business Days after the date of mailing to the other Party, if mailed first-class postage prepaid, at the address set forth on the cover page to this Agreement (page 1 hereof), or such other address as either Party shall specify in a notice to the other. Notices under this Agreement shall be delivered pursuant to this Section 44 and addressed as set forth below:


To Bank:		To Company:

Beneficial State Bank 1438 Webster Street, #100 Oakland, CA 94612		Aspiration Card Services, LLC 4551 Glencoe Avenue, SUITE 300 Marina del Rey, CA 90292

Attn: Richard Harvey, General Counsel		Attn: Mike Shuckerow, CLO

Email: rharvey@beneficialstate.com and cc-operations@beneficialstate.com		Email: mshuckerow@aspiration.com and compliance@aspiration.com

[SIGNATURE PAGE FOLLOWS]

IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed by their duly authorized officers as of the date first written above.


COMPANY:

Aspiration Card Services, LLC

By:
Name:		Andrei Cherny
Title:		Principle and Authorized Person

BANK:

BENEFICIAL STATE BANK

By:
Name:		Jennifer Finger
Title:		EVP, Strategy & Development

SCHEDULE A

DEFINITIONS

“Account” means a revolving, open-end credit card account provided by Bank to Cardholders established pursuant to this Agreement, and the features and terms of which are further described in this Agreement.

“Affiliate” means, with respect to a Party, a Person, whether a legal entity or an individual, who directly or indirectly controls, is controlled by or is under common control with the Party. For the purpose of this definition, the term “control” (including with correlative meanings, the terms controlling, controlled by and under common control with) means the power to direct the management or policies of such Person, directly or indirectly, through the ownership of twenty-five percent (25%) or more of a class of voting securities of such Person.

“Aggregated De-identified Data” means Cardholder Information and/or any other information about a Person aggregated by Company with other data and anonymized such that the resulting data does not contain any information identifiable or attributable to Bank or any Person and is otherwise incapable of being associated with or linked to a Person by any Person.

“Agreement” means this Credit Card Services Agreement and all schedules, exhibits, policies and/or procedures attached hereto or referenced herein.

“Applicable Law” means all federal, foreign, provincial, state, and local laws, statutes, regulations, rules, executive orders, supervisory requirements or guidance, directives, interpretive letters and other official releases of any Regulatory Authority, judicial or administrative interpretations, Card Association Rules, including PCI DSS, and any rules or requirements established by a Regulatory Authority, including, without limitation, the Truth in Lending Act and Regulation Z, the Equal Credit Opportunity Act and Regulation B, fair lending laws, the Servicemembers Civil Relief Act and Military Lending Act, and the Fair Credit Reporting Act, in each case as amended, consolidated, supplemented or replaced from time to time, that are related, or otherwise applicable, to this Agreement, Bank, Bank Card Services, the Program and/or the services to be provided by a Party hereunder.

“Applicant” means a person who submits an Application or other request for an Account or bank Card Services.

“Application” means the action or document by which a Person requests and applies for an Account or Bank Card Services from Bank.

“Application Processing” means those services which are necessary to establish an Account in accordance with Applicable Law. Such services shall include but are not be limited to: application of the Credit Policy to incoming Applications, application of the Compliance Policies, Office of Foreign Assets Control screening, know your customer and anti-money laundering services, customer service described in Company Card Services, collections, transaction authorization, statement preparation and issuance, regulatory compliance, security and fraud control, and activity reporting.

“Approval” or “approval” means Bank’s approval or consent; provided, however, that the fact that Bank has provided such approval or consent shall not mean or otherwise be construed to mean that: (i) Bank agrees that the item or information for which approval or consent is being sought complies with any Applicable Law; (ii) Bank has assumed Company’s or any other Person’s obligations to comply with all Applicable Law arising from or related to any requested or required approval or consent; or (iii) any approval or consent impairs in any way Bank’s rights or remedies under this Agreement, including indemnification rights, associated with the failure of Company to comply with all Applicable Laws or the terms and conditions of this Agreement. Without limiting the foregoing, any approval provided by Bank under this Agreement is solely for exercising oversight over the Program and Company and no approval constitutes a waiver of any provision of this Agreement or a warranty as to compliance of the matters or materials being approved with Applicable Law, Bank Policies or Compliance Policies or as to the accuracy and completeness of such matters or materials. Bank shall be entitled to rely on any information provided by Company in connection with any approval request.

“Bank Card Services” means any service other than Company Card Services that Bank shall perform under this Agreement or otherwise set forth in Schedule D.

“Bank Program Materials” means the Cardholder Agreement, as well as any disclosures, documents, terms and agreements related to the Card or Account provided to Company by Bank from time to time that are to be provided to an Applicant or Cardholder at the written instruction of Bank.

“BIN/ICA” means any unique bank identification numbers or similar identification numbers established by Bank for Programs in accordance with Card Association Rules

“Business Day” means any day, other than (a) a Saturday or Sunday, (b) a federal banking holiday or (c) a day on which banking institutions in the State of Tennessee are authorized or obligated by law or executive order to be closed.

“Card” means a credit card, code or other access device issued for an Account by Bank in connection with the Program under authority from a Card Associations.

“Card Association” means Mastercard, VISA and/or any other card network association enabled on Cards issued pursuant to the Program that is capable of transmitting items and Settlement thereof.

“Card Association Rules” means the rules, bylaws, standards, protocols, operating regulations, guidelines, or procedures; and any amendment, interpretation, or modification of any such rule, bylaw, standard, protocol, operating regulation, guideline, or procedure promulgated by a Card Association that govern the provision of any services provided hereunder on such Card Association, including, without limitation, PCI DSS.

“Cardholder” means an individual-, residing in the U.S. or one of its territories, at or over the age of 18 (or legal age to enter into a debt arrangement), or eligible business entity, who applies for, receives and activates an Account with Bank under the Program, and/or any Person who is liable, jointly or severally, for amounts owing with respect to an Account.

“Cardholder Agreement” means a credit agreement between Bank and a Cardholder with terms and conditions that apply to the Cardholder’s Account, including all disclosures required by Applicable Law.

“Cardholder Information” means all information, whether personally identifiable or in aggregate, that is submitted and/or obtained by a Party about a Person in connection with the Program or Bank Card Services or an application for an Account (whether or not completed), including demographic data, and transaction data. Cardholder Information includes “nonpublic personal information” and “personally identifiable financial information” as defined by the Gramm-Leach-Bliley Act or its promulgating regulation, “personal information” as defined by the California Consumer Privacy Act of 2018 and the California Privacy Rights and Enforcement Act of 2020, information that is defined by Applicable Law as protected personal information, Cardholder Data (as defined by PCI-DSS) and transaction data.

“Change in Control” means any of (a) the sale or transfer of all or substantially all the assets of a Party to a Person who is not an Affiliate of such Party; (b) as to Company, (i) the acquisition by a Person or group of Persons of more than twenty-five percent (25%) of the voting securities or voting interests in Company; (ii) the acquisition or accumulation by any Person or group of Persons of the power, direct or indirect, to elect a majority of a Company’s board of directors or similar governing body or to direct or cause the direction of the management and policies of Company, whether by contract or otherwise; or (iii) the merger or consolidation of Company with or into another Person who is not an Affiliate of the Company, or the merger or consolidation of another Person who is not an Affiliate of Company with or into Company, in either case with the effect that, following such merger or consolidation, more than twenty-five percent (25%) of the voting power of all securities or interests of the surviving entity are not owned, directly or indirectly, by Persons who directly or indirectly owned twenty-five percent (25%) or more of the voting power of all securities or interests of Company immediately prior to such transaction; and (c) as to Bank, any transfer of ownership or control, including the transfer or issuance of any voting securities of any type (whether debt or equity), that would constitute a change of control under the Change in Bank Control Act.

“Chargeback” means a transaction using an Account that is subsequently reversed pursuant to Card Association Rules.

“Confidential Information” means the terms and conditions of this Agreement and any proprietary information or non-public information of a Party, including without limitation a Party’s trade secrets, technical data, pricing, know-how or business information, proprietary marketing plans and objectives, and, with respect to the Confidential Information of a Party, any proprietary custom model used by such Party in connection with the Program, and all deliverables, materials, software, flowcharts, ideas, concepts, designs, and reports or other analyses which relate thereto, including any modifications, enhancements or derivative works thereof, that is furnished to the other Party in connection with this Agreement. Each Party agrees that the existence of this Agreement constitutes Confidential Information of both Parties, pricing and other business terms offered to the other Party constitutes Confidential Information of both Parties, and the Parties agree that Cardholder Information (but not Aggregated De-Identified Data) constitutes Confidential Information of Bank. Except for Cardholder Information, Confidential Information shall not include information which (i) is in or comes into the public domain without breach of this

Agreement by the Restricted Party; (ii) was in the possession of the Restricted Party prior to receipt from the disclosing Party and was not acquired by the Restricted Party from the disclosing Party under an obligation of confidentiality or nonuse; (iii) is acquired by the Restricted Party from a third party not under an obligation of confidentiality or nonuse to the disclosing Party; or (iv) is independently developed by the Restricted Party without use of any Confidential Information of the disclosing Party.

“Company Card Services” means the services of Company that are offered in connection with the Program, Applicant or Cardholder, including the mobile application, Application Processing, Ancillary Services, and any services of Company set forth in this Agreement, including Schedule E, or provided in connection with this Agreement.

“Company Expenses” means the following expenses for which Company shall be solely responsible for: (a) advertising and other expenses associated with the marketing of Cards to potential Cardholders and Applicants; (b) all fines and penalties assessed by any Regulatory Authority or Card Association (other than Bank) due to Company’s or Company’s Subcontractor’s breach of this Agreement; (c) all taxes and insurance obligations arising under this Agreement arising out of or in connection with the performance of its duties and obligations; (d) all expenses associated with Company’s retention, oversight and supervision of any Company Subcontractors, and all expenses associated with Processing Services; (e) Card Association fees, including registration and other fees assessed to Bank annually, including, but not limited to, fees related to Company’s registration as a marketing agent or service provider of Bank, and registration of any independent service organization; (f) all reasonable out-of-pocket expenses associated with Bank’s due diligence review of any third party vendor or contractor relationship contemplated with Company; (g) any other expenses, fees and costs set forth in Schedule C; and (h) all expenses associated with Company’s performance of its obligations under this Agreement, including the Company Card Services.

“Company Program Materials” means Marketing Materials, Account opening disclosures and Application, rewards terms and conditions, any disclosures required to address UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) concerns related to Company’s products or services, including the rewards program, any documents, materials or disclosures prepared by Company in connection with the Program, and any other documents, materials or disclosures required to operate or administer the Program, Card and/or Account in compliance with the terms of this Agreement and Applicable Law, excluding any Bank Program Materials.

“Compliance Management System” shall mean the process(es) by which Company, under the direction of its board of directors and management, (i) learns about its compliance responsibilities with respect to applicable consumer protection laws and regulations; (ii) assesses applicability and risk for Company as to these compliance requirements; (iii) provides training to Company employees to understand these compliance responsibilities; (iv) reviews and audits Company operations in light of the same; (v) incorporates these requirements into Company’s business processes; and (vi) takes corrective action as necessary.

“Compliance Policies” means the policies developed by Company, subject to Bank approval, adopted to ensure compliance of the Program with Applicable Law, any other policies and procedures governing the Program, and any other written policies or procedures, provided or approved by Bank in connection with this Agreement, including the Bank’s Credit Policy. The following are examples of the regulations and/or subjects that such Compliance Policies shall address: Business Resumption/Contingency Planning & Testing, Change Management; Complaint Management; Compliance Management; E-Sign; Fair Debt Collection Practices; Fair and Accurate Credit Transactions Act (FACTA)/ID Red Flags; Gramm-Leach-Bliley Act (GLBA) Security; Unfair, Deceptive and Abusive Acts and Practices (UDAAP); Reg B-Equal Credit Opportunity Act and Fair Lending; Reg P-GLBA Privacy; Reg Z-Truth in Lending Act (TILA); Reg V-Fair Credit Reporting Act (FCRA), Reg E-Electronic Fund Transfer Act; Right to Financial Privacy; Servicemembers Civil Relief Act; Military Lending Act; and Telephone Consumer Protection Act (TCPA). The Compliance Policies shall also include the vendor management policy.

“Credit Policy” means the minimum requirements of income, residency, employment history, credit history, and/or other such considerations provided to Company by Bank from time to time and used in connection with the Program to approve or deny an Application and to authorize the establishment of an Account or an extension of credit thereunder.

“Critical Subcontractor” means any Subcontractor which (a) processes, transmits, stores or otherwise has access to any Cardholder Information or other financial transaction data regarding any Cardholder or any other Person, (b) which otherwise communicates in any manner with Cardholders or prospective Cardholders or has access to Company’s or processor’s systems, (c) any other third party agent classified by the Card Association Rules in a manner that requires the third party to be registered or otherwise sponsored by Bank with a Card Association in order to provide the services for which Company has engaged such third party; (d) provides functions or conducts other activities that threatens to or would likely cause Bank to face significant risk if the third party fails to meet expectations; (e) require significant Bank investment in resources to implement the third-party relationship and manage the risk; (f) would likely have a material impact on Bank operations if Bank has to find an alternate third party or if the outsourced activity has to be brought in-house; (g) would likely have an adverse impact on Bank’s reputation if it fails to perform services it is required to perform on behalf of Company; or (h) otherwise designated as a Critical Subcontractor by Bank in its sole and reasonable discretion.

“Force Majeure Event” means an unanticipated event that is not reasonably within the control of the affected Party or such Party’s Subcontractors (including, but not limited to, acts of God, acts of governmental authorities, pandemics or epidemics (as declared by any governmental body with jurisdiction over the affected Party) strikes, war, terrorist attacks, riot and any other causes of such nature), and which by exercise of reasonable due diligence, such affected Party or that Party’s Subcontractors could not reasonably have been expected to avoid, overcome or obtain, or cause to be obtained, a commercially reasonable substitute therefore.

“Insolvent” means the failure to pay debts in the ordinary course of business, the inability to pay its debts as they come due or the condition whereby the sum of an entity’s debts is greater than the sum of its assets.

“Intellectual Property” means (i) inventions, improvements, patents (including all reissues, continuations, continuations-in-part, revisions, extensions, and reexaminations thereof) and patent applications, (ii) trademarks, service marks, trade names and trade dress, together with the goodwill associated therewith, (iii) works of authorship and copyrights, including copyrights in computer software, databases and television programming and all rights related thereto, (iv) confidential and proprietary information, including trade secrets and know how, (v) processes, methods, procedures and materials, (vi) data, databases and information, (vii) software, tools and machine-readable texts and files, (viii) literary work or other work of authorship, including documentation, reports, drawings, charts, graphics, and other written documentation, together with all copyrights and moral rights, (ix) all other proprietary rights, and (x) all registrations and applications for registration and other intellectual property rights in or appurtenant to the foregoing items described in clauses (i) through (ix) above.

“Launch Date” means the date the first Card is offered to a Cardholder.

“Marketing Activities” means all advertising or marketing media of any kind or nature, in whole or in part, including without limitation, catalogs, email solicitation messages, published advertising (such as newspaper and magazine advertisements), SMS text messaging, Internet media, blogs, tweet posts, banner ads, RSS feeds, telemarketing scripts, television or radio advertisements, frequently asked questions, promoting, advertising and/or marketing the Program or Bank Card Services.

“Marketing Materials” means any marketing messages, collateral, documents or communications intended to market the Program or Bank Card Services or generate Applications for the origination of Accounts from a targeted population delivered through various Marketing Activities.

“PCI Compliant” means compliant with PCI-DSS to ensure the proper handling and protection of payment accounts and transaction information which is stored, processed or transmitted. For this purpose, the term PCI Compliant includes but is not limited to Company’s obligation to have an annual on-site PCI Data Security Assessment completed by a Qualified Security Assessor (“QSA”) and a report on compliance that must be signed by the QSA and sent securely to Card Association.

“PCI-DSS” means the Payment Card Industry Data Security Standards administered by the PCI Standards Council that are in effect as of the Effective Date of this Agreement and as they may be amended from time to time.

“Person” means any legal person, including any individual, corporation, limited liability company, partnership, joint venture, association, joint-stock company, trust, unincorporated organization, governmental entity, or other entity of similar nature.

“Portal” means the online platform used by Company through which Bank may view and access all information related to the Company Card Services, Marketing Materials and Marketing Activities, and may perform any other services or view other information as set forth in this Agreement or required by Bank from time to time.

“Principal” means any Person directly or indirectly owning ten percent (10%) or more of Company, and any executive officer or director of Company. “Processing Services” means the processing of credit transactions in accordance with Applicable Law and Card Associations Rules.

“Program” means the system of services approved by Bank, including the Cards to be offered by Bank to Cardholders pursuant to the terms of this Agreement, as further described in Schedule B of this Agreement, which is incorporated herein and may be amended from time to time by written agreement.

“Records” means any agreement that Company collects at any time or provides to any Person related to the Program, Applications, any notices to any Person in connection with the Program, credit files, credit bureau reports, copies of adverse action notices, payment records, records, or other documentation (including computer tapes, magnetic or electronic files, and information in any other format) related to the Accounts and/or the Program or any other records, agreements, documents, communications, or files related rewards program offered in connection with an Account or the Program.

“Regulatory Authority” means any federal, state or local regulatory agency or other governmental agency or authority having jurisdiction over Bank or Company, including, but not limited to, the Board of Governors of Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, Federal Trade Commission, the Financial Crimes Enforcement Network, and the California Department of Financial Protection and Innovation.

“Security Breach” means (i) any act or omission that compromises either the security, confidentiality or integrity of data or the physical, technical, administrative or organizational safeguards put in place by a Party or a third-party service provider, including a Party’s Subcontractor, that relate to the protection of the security, confidentiality or integrity of data relating to the Program, or (ii) receipt of a complaint in relation to the privacy and data security practices of a Party or a third-party service provider, including a Party’s Subcontractor, of a breach or alleged breach of this Agreement relating to such privacy and data security practices. Without limiting the foregoing, a Security Breach shall include any unauthorized access to, unauthorized disclosure of or unauthorized acquisition of Cardholder Information.

“Settlement” means the movement of funds between Bank, other financial institutions and the Card Associations to settle all transactions initiated by use of any Card or Account by or on behalf of a Cardholder, including purchases, merchant charges, Chargebacks, cash advances, and any other transactions.

“SPAC” means a newly formed special purpose acquisition entity, which (i) has been formed with the purpose of raising capital, (ii) has completed an initial public offering resulting in the equity interests of such entity being listed on a United States national securities exchange, and (iii) does not conduct any material business or maintain any material assets other than Cash.

“SPAC Transaction” means an acquisition, merger or other business combination pursuant to between Company and a SPAC, provided that (i) the surviving entity shall be the Company, (ii) the Company’s shareholders retain at least 60% of the ownership interest in surviving entity, (iii) the transaction shall result in the Company being listed on a United States national securities exchange, (iv) the Company shall have provided ten (10) Business Days prior written notice of the transaction to Bank, and (v) Bank shall have received copies of the material documents entered into to effect the SPAC Transaction, as the other Bank may reasonably request.

“Subcontractor” means any Person with which any Party has a direct contractual relationship whereby such entity fulfills some, any or all of a Party’s obligations under this Agreement.

“Substantive Change” means a material change to the Marketing Activities, a change to the categories of the Marketing Materials; a non-administrative or non-ministerial change to the content of any Marketing Materials; any changes or amendments to Marketing Activities or Marketing Materials required by Applicable Law; or requirements or changes identified by Bank in good faith as necessary due to safety and soundness, financial, compliance or reputational concerns.

SCHEDULE B

PROGRAM DESCRIPTION

Program Overview:

Subject to the terms of this Agreement, Applicants may be issued a Card with one or more Company Marks included on the face of the Cards, as approved by the applicable Card Association, as appropriate.

Subject to the terms of the Cardholder Agreement, Bank may make available a Card with an interest rate to be determined at the time of credit underwriting based on statistically valid determinants of credit risk derived during the credit underwriting process. All credit decisions, including but not limited to the initial approval of Accounts, the establishment of credit lines and the closing of Accounts, shall be within the exclusive discretion of Bank.

As the grantor of credit, Bank assumes all credit risks (unless otherwise set forth in this Agreement) and reserves the right to modify pricing, consistent with its underwriting criteria, including the Credit Policy, prevailing economic and market forces, the Cardholder Agreement and the laws and regulations which apply.

The Cardholder Agreement, which governs the terms of credit extension and which is provided to Cardholders at the time of issuance of a Card, will reflect the terms provided by Bank.

The Program may not be offered to any Person until: (i) Company satisfies Bank’s due diligence and oversight requirements; and (ii) Bank approves all materials to be provided to a Person in connection with the Program, including Company Program Materials, any rewards terms and conditions associated with a Card and any other materials for which approval is required under the terms of this Agreement.

Service Levels:

The Parties shall provide all services contemplated by this Agreement with promptness and diligence and in a professional and workmanlike manner (unless some other time frame or manner is set forth herein, in which case such other time frame or manner shall apply) (“SLAs”). Either Party may, but shall not be required to, periodically review and measure the other Party’s overall performance against the SLAs related to the Program to ensure consistency with the goals and objectives of this Agreement, and the Parties shall reasonably cooperate to update such SLAs as necessary.

Subcontractors:

Bank agrees that currently approved the following Company Subcontractors for the Program: LexisNexis, a division of RELX Inc., First Mile Group, Inc., doing business as Alloy, Socure Inc., iovation Inc., and Onfido Ltd. Company may utilize services or products offered by Subcontractors of the Bank, including Experian Information Solutions, Inc. and its affiliates (collectively, “Experian”) and Fidelity Information Services, LLC or its affiliates (each of which is a “Covered Subcontractor”). In the event Company utilizes the services or products offered by a Covered

Subcontractor, Company agrees that it shall be liable to Bank for any Losses incurred by Bank in connection with its use of such services or products and shall indemnify and hold harmless Bank Indemnitee Parties from and against any Losses arising from or related to (i) Company’s or Company Contractor’s use of the services or products offered by a Covered Subcontractor, or (ii) any action or omission of Company or Company Contractor that directly causes Bank to breach any agreement with a Covered Subcontractor (“Covered Subcontractor Agreement”). Company agrees that it shall comply with the terms of any Covered Subcontractor Agreement related to a product or service used by Company as if it were party to such Covered Subcontractor Agreement as counterparty to the Covered Subcontractor. Pursuant to that certain Pricing Addendum by and between Bank and Experian, Bank shall purchase from Experian, and not from another consumer reporting agency, at least 80% of the services set forth in the Pricing Addendum for the Program. Company hereby agrees that it shall take no action that shall cause Bank to breach such requirement.

Rewards:

In the event Company desires to establish a rewards program in connection with any Card or the Program, Company will submit the terms of the reward program substantially in the form required by Bank (“Rewards Program Proposal”) to Bank for its approval, which Rewards Program Proposal will describe, among other things, the structure, operation and purpose of the rewards program, details sufficient to permit Bank to evaluate whether the Rewards Program Proposal complies with Applicable Law, Bank Policies, and the terms of this Agreement, and any other information and documentation requested by Bank. Company shall ensure that each Rewards Program Proposal (and products or services offered thereunder) is consistent and complies with Applicable Law, Bank Policies, and the terms of this Agreement (“Rewards Program Criteria”). Bank will provide notice to Company of its acceptance or rejection of each such Rewards Program Proposal; such notice shall include any feedback Bank deems appropriate. To the extent permitted by Bank, Company shall revise such Rewards Program Proposal to conform to the Rewards Program Criteria and to address any comments or concerns raised by Bank during its review. Upon the determination by Bank, in its sole and absolute discretion, that a Rewards Program Proposal satisfies the Rewards Program Criteria and Bank’s risk and underwriting requirements and addresses the comments and concerns raised by its review, Bank shall approve the Rewards Program Proposal. The prospective rewards program described in a Rewards Program Proposal approved pursuant to the terms hereof during the Term will be deemed an exhibit to this Schedule B and will be added to Schedule B as an exhibit and form part of this Agreement without the necessity of amending this Agreement. Company shall obtain all authorizations required by Applicable Law and Bank to enroll a Cardholder in any rewards program, and shall provide each Cardholder the ability to terminate participation in the rewards program, which may, in turn, terminate such Cardholder’s Account and the Cardholder Agreement. As applicable, Company shall clearly disclose to Cardholder and Applicant that termination of such Cardholder’s or Applicant’s participation in the rewards program shall automatically terminate the Cardholder Agreement and the participation in the Program. Company shall provide to Bank all terms, conditions and disclosures required to offer the rewards program in compliance with Applicable Law and terms of this Agreement for review and approval by Bank (the “Rewards Program Terms”). Bank may include the Rewards Program Terms in the Cardholder Agreement, and Rewards Program Terms shall be considered Company Program Materials regardless of the inclusion of Rewards Program Terms in the Cardholder Agreement. Company shall be liable for

any Losses related to Rewards Program Terms and shall indemnify and hold harmless Bank Indemnitee Parties from and against any Losses arising from or related to the rewards program or the Rewards Program Terms, including any Chargebacks or credit losses associated with any transaction related to the rewards program or Rewards Program Terms. Notwithstanding anything to the contrary, Company shall offer as part of the Program or in connection with any Card all rewards that are required by the applicable Card Association.

SCHEDULE C

FEES

Company will offer financial support for the Program in the form of a non-refundable payment to Bank of $400,000 to be paid on Effective Date.

The Parties have agreed upon economic projections of the Program (the “Projections”). The Projection include the proforma model provided by Bank on or prior to the Effective Date of this Agreement. Company will pay to Bank an amount equal to the difference between the forecasted achievements set forth in the Projections for each the second year and third year of the Initial Term of this Agreement and the actual corresponding amounts for each such year (such amount to be computed at the end of year two and year three of the Initial Term and paid at the end of each such year); provided, however, the payment will not exceed $500,000 for any year (and $1,000,000 in aggregate).

The following fees will be paid by Bank to Company: (i) 71% of interchange earned by Bank (payments to be made quarterly) (“Interchange Fee”) in connection with the Accounts established under the Program, and (ii) a one-time $50 payment for each Account that is used for aggregate purchase transactions of $500 within 150 days of account opening (payments to be made on a quarterly basis) (“Bounty Fee” and collectively with the Interchange Fee, the “Fee”).

Company shall be responsible for the following costs and fees and shall promptly reimburse Bank for such costs and fees in the event Bank is assessed such costs or fees:


One Time Set Up Fee
Securelock Processing		$16,500
Code connect API related to securelock		$10,000
Equipment Mobile Gateway Endpoint fee		$20,000
API Services set up		$15,000
Private network set up for Aspiration		$5,250
Digital Issuance		250

Monthly Fee
These fees are to be paid by Company on a monthly basis:
Securelock Processing		$500.55
Private network set up for Aspiration		$400.00
Digital Issuance		$100.00

In addition to the above, Company agrees to pay (or promptly reimburse the Bank, as applicable) for the following (which may be a one time or recurring fee):

The difference between the cost of FIS’s VIP customer service and regular customer service Cost of all Web Hooks

Cost of reporting tool “Ethos” to manage Company’s rewards program

SCHEDULE D

BANK CARD SERVICES

1.	Oversight of and review of all aspects of the Program.

2.	Settlement services.

3.	Performance of obligations set forth in the Agreement.

4.	Originate Accounts and fund advances under Accounts that meet the Credit Policy established by Bank.

5.	Assume credit risk for any originated Accounts, subject to any sale of the receivables associated with such Accounts.

6.	Oversee and supervise Company marketing, promoting, administering and servicing of the Program.

7.	Maintain legal organization in good standing and maintain all necessary licenses to enable it to act as credit issuer.

8.	Subject to obligations of Company to provide requested information (either directly or through a Company Subcontractor), Bank shall perform all KYC, and Bank shall be responsible for all other Bank Secrecy Act and OFAC obligations applicable to it.

9.	CAMs and other services Bank has agreed in writing to undertake.

SCHEDULE E

COMPANY CARD SERVICES

The following is a general description of Company Card Services to be provided by Company. In the event of an inconsistency between the descriptions of Company Card Services to be provided under this Agreement and the specific descriptions contained in any other documentation provided by Company (other than an inconsistency consisting solely of a greater degree of detail in such documentation than in this Agreement), the provisions of this Agreement shall control. No material change to Company Card Services shall be effective without Bank’s prior written consent. Company shall (and shall cause its Company Subcontractor to) provide all services contemplated by this Agreement with promptness and diligence and in a professional and workmanlike manner (unless some other time frame or manner is set forth herein, in which case such other time frame or manner shall apply). Company and Bank shall periodically review and measure overall performance against service level standards set forth in the preceding sentence to ensure consistency with the goals and objectives of this Agreement, and the Parties shall reasonably cooperate to update such service level standards set forth in the preceding sentence as necessary. Company shall:

1.	Create the Card design (which must be first approved by Bank and must include Bank Marks, approved in accordance with Section 21).

2.	Assist in the development of the Cardholder Agreement to the extent requested by Bank and distribute the Cardholder Agreement and Disclosure Materials (which must be provided by Bank).

3.	Deliver any notices provided by Bank to Applicants and/or Cardholders, which shall include adverse action notices, as set forth in this Agreement.

4.	Marketing Materials and Marketing Activities (which must be first approved by Bank), including marketing and advertising the Program and conducting marketing campaigns approved by Bank to generate demand for balance transfers and Cards, as requested by Bank from time to time.

5.	Develop and distribute Application (which must be first approved by Bank).

6.	Accept Applications and immediately provide to Bank all Application information.

7.	Assist bank in the issuance of Cards, in accordance with Bank approved policies.

8.	Distribute Program information and provide necessary regulatory and customer disclosures.

9.	Administer customer service. First level customer service to be provided by Company. Company will develop a customer experience process to be approved by Bank and will implement such process.

10.

Administer rewards program, as approved by Bank, and be liable for all rewards and costs for the rewards program. For the avoidance of doubt, should the Company choose to make use of FIS rewards platform, it will be responsible for all costs associated with rewards programs and its application programming interface (API) required to interface with Bank’s and FIS systems.

11.	Keep current and accurate records relating to the Program, including Records, and Company shall provide to Bank such records.

12.	Provide Ancillary Services, as further described herein.

13.	Performance of obligations set forth in the Agreement.

14.	Provide Card Association’s guide to benefits to Applicants and Cardholders via its website.

15.

Provide Bank with access to the Portal to enable Bank to adequately oversee the Program. Company shall also make all information related to Company Card Services, Marketing Materials and Marketing Activities and any other information requested by Bank available to Bank for review and access through the Portal. Company shall ensure Bank’s access to the Portal, at all times during the Term.

Company, at its sole expense, shall also provide the following additional services to support the Program (the “Ancillary Services”), either directly or through a Company Critical Subcontractor approved by Bank: (i) providing Disclosure Materials, as further described in the Agreement; (ii) submitting Applications to Bank for approval; (iii) providing information to processor to establish the Accounts; (iv) collecting and maintaining Cardholder identification; (v) conducting initial (as well as throughout the Term) review of all Cardholder accounts to ensure compliance with OFAC directives; (vi) authorizing Card activation following the initial OFAC compliance review; (vii) Card creation, production and shipment, including: (1) Card design; (2) purchase and safekeeping of plastic stock; (3) embossing and encoding of Cards; (4) printing of Card carriers; (5) mailing or other delivery of Cards; and (6) preparation and mailing of PIN mailers; (viii) preparation and mailing of all other documents required or otherwise to be sent to Cardholders; (ix) providing monthly and other periodic Account statements; (x) all other Program-related mailings to Cardholders including shipping costs and postage; and (xi) any other services as agreed upon by Bank and Company from time to time.

Customer Service. Company shall: (i) establish and maintain an internet website that performs customer service functions as directed by Bank; and (ii) administer and maintain a dedicated toll free phone number, which number shall be printed on the Cards, for providing live telephonic customer service during normal business hours on each Business Day and interactive voice response telephonic customer service at all times. Company shall perform monthly quality monitoring of the customer service functions in accordance with Compliance Policies. To ensure the integrity of the Program, Bank may, or may retain a third party to, periodically elect in its sole discretion to conduct random call sampling and/or mystery calls (“Call Monitoring”). Call Monitoring is intended to assess the abilities of live agents on a quality scorecard, including their range of knowledge and their skills (including “soft skills”) used to govern the approach to delivering accurate information and reliable services with effective communication. If Bank or its designated auditor conducts Call Monitoring, Bank may request from Company a minimum of ten (10) randomly selected recordings of calls from Cardholders to live agents, which minimum may be increased in Bank’s sole discretion.