Marketing and Servicing Agreement, dated as of September 18, 2020, by and between Celtic Bank Corporation and Affirm, Inc

EXHIBIT A – DEFINITIONS

EXHIBIT B – BANK RESPONSIBILITIES

EXHIBIT C – AFFIRM RESPONSIBILITIES

EXHIBIT D - MARKETING AND SERVICING FEES

EXHIBIT E – OFAC HIT PROCEDURE

EXHIBIT F – DATA REQUIREMENTS

EXHIBIT G – SERVICE LEVEL AGREEMENTS

EXHIBIT H – SERVICING POLICY

EXHIBIT I – MODEL RISK MANAGEMENT PROGRAM REQUIREMENTS

EXHIBIT J – THIRD-PARTY SERVICE PROVIDER STANDARD OPERATING PROCEDURE

EXHIBIT K – ADVERTISING AND MARKETING POLICY

EXHIBIT L – CREDIT POLICY

THIS MARKETING AND SERVICING AGREEMENT (this “Agreement”), dated as of September 18, 2020 (“Effective Date”), is made by and between Celtic Bank Corporation, a Utah chartered bank (“Bank”), and Affirm, Inc., a Delaware corporation (“Affirm”).

WHEREAS, Bank is a federally insured Utah-chartered industrial bank that offers credit cards, loans, financing and other credit products to consumers;

WHEREAS, Affirm is in the business of marketing and servicing consumer loans and other consumer financial products;

WHEREAS, Affirm and its Affiliates have developed a loan application processing system (the “Platform”) which is capable of processing applications for consumer loans in accordance with Bank’s credit criteria;

WHEREAS, Bank desires to use the Platform to promote the availability of credit, encourage the submission of applications through the Platform for such credit and facilitate the making of loans by Bank in accordance with Bank’s credit criteria to qualifying consumers; and

WHEREAS, Bank desires for Affirm to market Loans to consumers, identify potential Borrowers that meet Bank’s credit criteria, manage the Program and service the Loans on behalf of Bank; and

WHEREAS, Bank will from time to time sell certain of the loans arising from the Program pursuant to the Loan Sale Agreement, dated as of September 18, 2020 (the “Loan Sale Agreement”), between Bank and Affirm.

NOW, THEREFORE, in consideration of the foregoing and the terms, conditions, and mutual covenants and agreements contained herein and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, Bank and Affirm mutually agree as follows:

1.    Definitions and Rules of Construction.

1.1    Definitions. Whenever capitalized and used in this Agreement, such words and phrases, unless otherwise specified, shall have the meanings set forth in Exhibit A of this Agreement.

1.2    Rules of Construction.

(a)    Any of the terms defined herein may, unless the context otherwise requires, be used in the singular or the plural, depending on the reference. Words used herein, regardless of the number and gender used, shall be deemed and construed to include any other number, singular or plural, and any other gender, masculine, feminine or neuter, as the context requires.

(b)    The use herein of the word “include” or “including,” when following any general statement, term or matter, shall not be construed to limit such statement, term or matter to the specific items or matters set forth immediately following such word or to similar items or matters, whether or not limiting language (such as “without limitation” or “but not limited to” or words of similar import) is used with reference thereto, but rather shall be deemed to refer to all other items or matters that fall within the broadest possible scope of such general statement, term or matter.

(c)    The word “or” is not exclusive.

(d)    Unless the context requires otherwise (i) any definition of or reference to any agreement, instrument or other document herein shall be construed as referring to such agreement,

instrument or other document as from time to time amended, restated, supplemented or otherwise modified (subject to any restrictions on such amendments, restatements, supplements or modifications set forth herein), (ii) any definition of or reference to any statute, rule or regulation shall be construed as referring thereto as from time to time amended, supplemented or otherwise modified (including by succession of comparable successor laws), (iii) any reference herein to any Person shall be construed to include such Person’s successors and assigns (subject to any restrictions on assignment set forth herein), (iv) the words “herein,” “hereof” and “hereunder,” and words of similar import, shall be construed to refer to this Agreement in its entirety and not to any particular provision hereof, (v) all references herein to Sections, Exhibits and Schedules shall be construed to refer to Sections of, and Exhibits and Schedules to, this Agreement and (vi) the words “asset” and “property” shall be construed to have the same meaning and effect and to refer to any and all tangible and intangible assets and properties, including cash, securities, accounts and contract rights word.

(e)    To the extent any provision herein is duplicative of any other provision herein, such provisions shall be read together and shall not be deemed to be separate or independent rights or obligations of the Parties.

2.    The Program.

2.1    General Program Matters. Affirm and Bank hereby agree that (a) Affirm shall market loans in accordance with the Program Guidelines throughout the United States and its territories in order to facilitate the making of Loans by Bank to Borrowers and (b) any review or other involvement by Bank in any action or any document preparation shall not relieve Affirm from its obligations to ensure that Loans are facilitated and Applications are handled in accordance with Applicable Law and the Program Terms. The terms and conditions of each Loan shall be set forth in the Loan Agreement for such Loan and such Loan shall be originated by Bank in compliance with the terms of the Program, the Credit Policy and Applicable Law. The proceeds of Loans shall be delivered by Bank to Merchants, as specified by Borrowers in the Loan Documents, to facilitate the purchase of products and services by Borrowers.

2.2    Scope of the Program.

(a)    Bank shall adopt and supervise the Program, including by creating, approving and adopting the Program Terms and Credit Policy and originating Loans to Borrowers pursuant to Loan Agreements.

(b)    Affirm, on behalf of Bank, shall market the Program to consumers, manage and administer the Program, process Applications and service Loans, all pursuant to the terms and conditions of this Agreement.

(c)    The funds provided by Bank with respect to the Loans shall be provided to the relevant Merchant for the consumer purposes of the related Borrower as allowed by law and subject to the terms and conditions in this Agreement and additional terms and conditions required by Bank with the assistance and advice of Affirm.

(d)    Affirm shall be responsible for performing clerical, ministerial and non-discretionary activities in support of the Program as a bank service company under 12 U.S.C. § 1867(c).

(e)    The Parties acknowledge and agree that their relationship under the Program shall be deemed a third-party lending arrangement under FIL 44-2008 relating to Examination Guidance for Third-Party Lending arrangements. The Parties further acknowledge and agree that (i) the FDIC issued proposed guidance on July 29, 2016 (FIL 50-2016), which, if and when formally adopted, will enhance the requirements set forth in FIL 44-2008 and (ii) the current Bank policy is to manage all third-party lending relationships according to the guidance set forth in FIL 50-2016. In connection therewith, the Parties intend for the Program and this Agreement to adequately address issues of risk management that are applicable to the Program.

2.3    Duties and Responsibilities of Bank.

(a)    General. During the Term, Bank agrees to offer Loans to all Qualifying Applicants, it being understood that Bank shall not be obligated to extend credit to any Applicant that is not a Qualifying Applicant. Bank shall extend credit to Borrowers pursuant to the Loan Agreements, during the Term. Such Loans shall be owned by Bank unless and until such Loans are sold to Affirm under the Loan Sale Agreement. Bank shall provide all funds pursuant to a Loan Agreement from Bank’s own funds, and shall deliver such funds to Merchants as specified by Borrowers in the Loan Documents.

(b)    Program Terms. Bank shall adopt Program Terms and promptly provide such Program Terms to Affirm. In the event Affirm requests material changes to the Program Terms, Affirm shall propose in writing such material changes to Bank and Bank shall consider such requested changes; provided that no material changes may be made to the Program Terms unless agreed to in writing by both Bank and Affirm, in accordance with the SLAs in Exhibit G.

(c)    Policies, Procedures, Guidelines and Controls. Bank shall implement and maintain appropriate policies, procedures, guidelines and controls to adequately monitor, supervise and control the Program. Bank shall use commercially reasonable efforts to ensure that such policies, procedures, guidelines and controls and Bank’s performance under the Agreement comply with Applicable Law and industry best practices.

(d)    Additional Responsibilities. In addition to the duties and responsibilities of Bank set forth in this Section 2.3, Bank shall perform the duties and responsibilities set forth in Exhibit B.

2.4    Duties and Responsibilities of Affirm.

(a)    General. Bank hereby appoints Affirm as Bank’s representative solely to (i) market the Program, (ii) manage and administer the Program, (iii) process Applications and (iv) perform Services, all in accordance with the terms of this Agreement, and Affirm accepts such appointment.

(b)    Application Services. Affirm, on behalf of Bank, shall process Applications for Loans, including (i) screening Applicants, detecting fraud and verifying Applicant identity, (ii) facilitating Application transmission, data entry, processing and storage, (iii) preparing and delivering approval and decline letters and other required notices and correspondence approved by Bank, (iv) promoting customer service, (v) developing audit, compliance and reporting functions, and (vi) performing the activities set forth in this Section 2.4.

(c)    Execution and Storage of Applications. Affirm shall use commercially reasonable efforts to (i) cause all Applications to be executed by the related Applicants and (ii) store all data submitted by an Applicant in connection with an Application in either hard copy or electronic format for the time period required by Applicable Law, including: (A) any documents or information used by Affirm to identify an Applicant; (B) all information included in any Application; (C) Customer Identification Program information; (D) any notice of adverse action under any Applicable Law; and (E) any other information required to be stored or maintained by Applicable Law.

(d)    Loan Agreements and Credit Policy. Subject to Section 5.3 and any other exceptions that are permitted under this Agreement, Affirm shall ensure that the terms and conditions of each Loan Agreement and Credit Policy used in the administration of the Program do not materially deviate from the forms of such items as approved by Bank.

(e)    Servicing of Loans. Affirm is hereby authorized from and after the date hereof until such authorization is revoked by Bank, to act for Bank, as servicer and in such capacity, shall manage, service, administer and collect on all Loans (during the period in which the Loans are owned by Bank), and perform the other actions required by Affirm on behalf of Bank under this Agreement.  Affirm agrees that it shall service the Loans in accordance with Applicable Law and using the degree of skill and attention that Affirm and its applicable Third-Party Service Providers exercise from time to time with

respect to all comparable unsecured consumer loans that it services for itself or others in accordance with the Servicing Policy and, to the extent more exacting, the requirements of this Agreement (collectively, the “Servicing Standard”).  Affirm’s duties shall include (i) collection and posting of all payments on the Loans, (ii) responding to inquiries of Borrowers related to the Loans, (iii) seeking to contact delinquent Borrowers, (iv) reporting any required tax information to Borrowers, (v) accounting for collections on the Loans, and (vi) performing the other duties specified herein, all of which shall be performed in accordance with the Servicing Standard and the Servicing Policy. In addition, upon written request of Bank and at a reasonably practical and mutually agreed-upon time, Affirm shall contract with a Third-Party Service Provider, which shall be approved by Bank, that will act as a back-up servicer under the Program if necessary.

(f)    Additional Responsibilities. In addition to the duties and responsibilities of Affirm set forth in this Section 2.4, Affirm shall perform the duties and responsibilities set forth in Exhibit C.

2.5    Applications and Credit Policy. Upon receipt of an Application, Affirm (on behalf of Bank) shall only approve Qualifying Applicants for Loans in accordance with the Credit Policy. Each of Bank and Affirm shall agree to the Credit Policy and the form of Application in writing prior to the date Loans are first offered under the Program. Each of Bank and Affirm shall use commercially reasonable efforts to ensure that the form of Application complies with Applicable Law. Affirm shall make modifications to the Credit Policy or the form of Application as reasonably directed by Bank in writing upon not less than fifteen (15) Banking Days’ notice; provided that such notice contains a description of and rationale for each modification. Affirm may propose revisions to the Credit Policy or the form of Application during the Term; provided that Bank shall approve such revisions in writing in accordance with the relevant SLA in Exhibit G prior to Affirm implementing such revisions.

2.6    Loan Terms. Each of Bank and Affirm shall agree in writing to the terms and conditions for Loans to be issued under the Program prior to the date Loans are first offered to Applicants. Each of Bank and Affirm shall use commercially reasonable efforts to ensure that the terms and conditions of the Loans (including the interest rates and charges) comply with Applicable Law, the Credit Policy and other requirements of the Parties at all times during the Term, subject to any exceptions permitted under the Credit Policy or otherwise under this Agreement. The interest rate and all-in annual percentage rate applicable to each Loan originated by Bank under the Program shall in all cases be less than 36%.

2.7    Borrower Products and Product Add-Ons. Each of Bank and Affirm may propose new Borrower Products to be marketed by Affirm and funded by Bank under the terms of this Agreement; provided, however, that any such new Borrower Product shall be approved in writing by both Affirm and Bank prior to the offering of such product by Affirm or the funding of such product by Bank. Affirm shall not directly offer any Product Add-On to Borrowers without the prior written approval of Bank; provided that products offered to Borrowers by Retail Partners of Affirm shall not require notice or such approval. Nothing in this Agreement shall obligate Affirm to market, support or otherwise offer any new Borrower Product or Product Add-On or require Bank to approve any new Borrower Product or Product Add-On.

2.8    Loan Documents. Affirm, on behalf of Bank, shall provide all Loan Documents to each Applicant within the timeframes required by Applicable Law or the Program. The Loan Documents shall be governed by Utah law and shall require that any dispute with a Borrower be submitted to binding arbitration. Affirm shall provide to Bank copies of completed Loan Documents and Applicant electronic signatures in a format mutually agreed to by the Parties.

2.9    Loan Issuance.

(a)    Affirm shall provide the Application for each Qualifying Applicant, in a manner agreed to by the Parties setting forth the Loan amount such Qualifying Applicant is qualified to receive under the Program Terms, and the applicable date on which such credit amount shall be made available to such Qualifying Applicant. Bank shall originate a Loan for such Qualifying Applicant.

(b)    Each of Bank and Affirm acknowledge and agree that the origination of a Loan by Bank creates a creditor-borrower relationship between Bank and the related Borrower.

(c)    Bank shall originate all Loans only in accordance with Applicable Law and the Program Terms, and Bank shall not be required to originate any Loans except in accordance with the foregoing.

2.10    Processing Services. Affirm shall perform all Services related to the Loans in accordance with policies and procedures established and agreed between Bank and Affirm, the Program Terms, Applicable Law and such other reasonable written directions from Bank delivered during the Term, as acknowledged and agreed to by Affirm. Affirm shall maintain records on behalf of, and as a service provider to, Bank, in accordance with Affirm’s Retention Policy. Bank and Affirm agree that Affirm shall use such information and copies of records obtained from Bank to perform the Services in accordance with Applicable Law and this Agreement. To the extent permitted by Applicable Law and as reasonably necessary for the Services to be rendered, Bank agrees to provide Affirm and any authorized agent of Affirm with access to records related to a Borrower.

2.11    Relationship Officers. The Bank Relationship Officer, together with Bank’s auditors, legal counsel, compliance officers and other Bank Personnel or representatives, may, upon five (5) Banking Days’ prior written notice to the Affirm Relationship Officer, access Affirm’s facilities, Personnel, files and records as reasonably necessary for purposes of reviewing and examining Affirm’s compliance with the terms of this Agreement and Applicable Law; provided that the Bank Relationship Officer and such auditors, legal counsel, compliance officers and other Bank Personnel or representative shall not have direct access to any Affirm systems. The Bank Relationship Officer shall be permitted to use a system of routine monitoring, sampling and other review methods to evaluate Affirm’s performance of its obligations under this Agreement and shall be granted reasonable access to those Personnel at Affirm who can answer questions relating to the Program; provided that the Bank Relationship Officer provides five (5) Banking Days’ prior written notice to the Affirm Relationship Officer before accessing such Personnel; provided further that such system shall not unreasonably interfere with the operations of Affirm. The Bank Relationship Officer shall be permitted to request final audit reports and quality assurance reviews conducted by Affirm relating to the Loans and the Affirm Relationship Officer shall deliver such reports and reviews within five (5) Banking Days. The Bank Relationship Officer shall assist the Affirm Relationship Officer in undertaking the activities contemplated herein and in the Loan Sale Agreement. Bank shall consult with Affirm prior to replacing the Bank Relationship Officer, and Affirm shall consult with Bank prior to replacing the Affirm Relationship Officer, and each of Bank and Affirm shall discuss any reasonable objection the other Party may have to such replacement.

2.12    Compliance Officers. The board of directors of Affirm shall designate a “Chief Compliance Officer” responsible for Affirm’s CMS and all compliance-related activities and a “Bank Secrecy Act Officer” (who may be the same person as the Chief Compliance Officer). Such compliance officers shall have sufficient education and work experience to oversee the CMS and BSA Policy.

2.13    Program Costs and Administrative Fees.

(a)    In connection with the development of the Program under this Agreement, Affirm shall pay Bank [***] as follows:

(i)    [***] upon the execution of this Agreement; and

(ii)    [***] upon receiving the first Application from the general public for a Loan under the Program.

(b)    As compensation for the services provided by Affirm with respect to the Program, Bank shall pay Affirm the Marketing and Servicing Fee as set forth in Exhibit D; provided that the Marketing and Servicing Fee may be netted against the Loan Performance Fee due under the Loan Sale Agreement.

(c)    To the extent Bank retains or does not sell to Affirm any Loans created under the Program, Bank shall be responsible for paying Affirm the Retained Loan Marketing and Servicing Fee set forth on Exhibit D.

2.14    Penalties and Fines. The Parties agree that all damages, losses, payments of restitution, civil damages, penalties or fines incurred by Bank or Affirm resulting from:

(a)    any Program-related litigation, arbitration or mediation between the (i) Bank or Affirm, on the one hand, and (ii) any Borrower or Applicants, on the other hand;

(b)    any action of any Regulatory Authority with respect to the Program; or

(c)    any restitution or remediation resulting from a violation of Applicable Law by Affirm,

in each instance only to the extent such penalties, fines or other amounts are not indemnifiable by a Party pursuant to the indemnification provisions in Section 21, shall be paid by Affirm; provided, in each case, that Bank has notified Affirm in writing, to the extent permitted by Applicable Law, of any threatened damages, losses, payments of restitution, civil damages, penalties or fines; provided further that the foregoing shall not apply to any damages, losses, payments of restitution, civil damages, penalties or fines incurred by Bank directly relating to (i) a breach of data security resulting from actions or inactions of Bank (or Bank’s agents, employees or third-party service providers other than Affirm or those hired by Affirm); (ii) Bank’s Information Security Program; (iii) Bank’s privacy policy or Bank’s misuse of Personal Information; (iv) Bank’s violation of Applicable Law, not due to a material violation of Applicable Law by Affirm; (v) an event that has resulted from Bank’s negligence or willful misconduct, including Bank’s operation in an unsafe and unsound manner; or (vi) any of Bank’s indemnification obligations under Section 21.1.

2.15    Allocation of Costs.

(a)    As between Bank and Affirm, any and all reasonable and documented out-of-pocket costs and expenses necessary to implement and operate the Program shall be Affirm’s obligation unless otherwise set forth in this Agreement or the Loan Sale Agreement, including wire costs, Loan Agreements and other materials required by the Program; costs of all Program notices and printing and mailings thereof; all warning bulletin expenses; and all credit bureau reports as well as all costs associated with designing and implementing the Program such as marketing campaigns, generating and processing Applications, servicing and other activities relevant to the ongoing management of the Program. Bank shall be solely responsible for all of its costs and expenses related to (i) the implementation and operation of its day-to-day business; and (ii) its use of attorneys (internal and external) and accountants, except for (A) external attorneys’ fees related to the negotiation and drafting of any amendments to this Agreement or the Loan Sale Agreement that are requested by Affirm, (B) litigation expenses (including external attorneys’ fees and costs) related to lawsuits filed by Borrowers that relate solely to the Program or for which Affirm is required to pay under Section 2.14 and Section 21 of this Agreement and not to any of Bank’s other products, programs, or initiatives, and (C) external accountants’ fees related to an audit for which Affirm is responsible for under this Agreement.

(b)    Bank shall obtain prior written approval (which shall not be unreasonably withheld, conditioned or delayed) from Affirm for any cost or expense to be paid by Affirm pursuant to Section 2.15(a) exceeding [***]. Bank shall request such approval by providing Affirm with at least five (5) Banking Days’ prior written notice of such cost or expense, including sufficient detail as determined by Affirm in its sole discretion. If Affirm does not respond to a written request by Bank to approve the expense within ten (10) Banking Days, Affirm shall be deemed to have approved such request.

(c)    Bank shall provide to Affirm a written request for reimbursement of any amounts to be reimbursed by Affirm pursuant to Section 2.15(a) within sixty (60) days of incurrence, including a receipt, invoice or other evidence acceptable to Affirm in its sole discretion. Affirm shall

reimburse Bank for such cost or expense within thirty (30) days after Affirm’s receipt of such written request unless such request is subject to a good faith dispute.

2.16    Ownership of Loans. Bank shall make Loans to Borrowers. Bank shall own the Loans upon the making of such Loans until any such right, title and interest therein is otherwise sold or transferred in accordance with the Loan Sale Agreement. Bank shall not own any Proprietary Information of Affirm at any time.

3.    Marketing of the Program.

3.1    General. Affirm shall promote and market, on its own behalf or through third parties, the Program using any form of media determined to be appropriate by Affirm and approved by Bank (such approval not to be unreasonably withheld, conditioned or delayed). Affirm shall not promote or market the Program in any internet forum, publication or broadcast that promotes pornography or illegal activity. Affirm shall be responsible for all costs and expenses associated with Affirm implementing any marketing programs under this Agreement unless otherwise agreed to by the Parties.

3.2    Marketing Materials Reviews. Affirm shall submit Marketing Materials to Bank for its review and approval in accordance with the process outlined in the Advertising and Marketing Policy, attached hereto as Exhibit K. During the Term, Bank shall review and approve Marketing Materials in accordance with the relevant SLA set forth in Exhibit G. Marketing Materials may be used by Affirm until Bank finds issue and provides thirty (30) days’ prior written notice to Affirm unless earlier withdrawal is required by Applicable Law. Space permitting and based on commercially reasonable standards, Marketing Materials shall identify Bank as the lender with respect to the Loans either directly or through a “1-click away” approach.

3.3    Assurances Regarding Marketing Materials. Affirm shall use its commercially reasonable efforts to ensure that (a) all Marketing Materials are accurate and not misleading in all material respects; (b) all Marketing Materials include, where applicable, the agreed-upon disclosures; and (c) all Marketing Materials and promotional strategies comply in all material respects with Applicable Law.

4.    Finance Materials.

4.1    Subject to Section 2.5, in the event Affirm proposes a material change to any of the Finance Materials, Affirm shall submit the proposed changes for the Finance Materials to Bank, for its prior approval not to be unreasonably withheld, conditioned or delayed. Bank shall review and provide a timely response to any such material change to the Finance Materials submitted by Affirm as set forth in Exhibit G. Upon approval by Bank, such Finance Materials shall be used by and on behalf of Bank in connection with the Program. Each Loan Agreement and all other documents referring to the creditor in connection with the Loans shall identify Bank as the creditor.

4.2    The Parties shall cooperate and use their commercially reasonable efforts to make any change to the Finance Materials that the Parties agree is required by Applicable Law as soon as reasonably practicable.

4.3    Affirm, in its role as servicer under this Agreement, shall adhere to the Servicing Policy, attached hereto as Exhibit H, as mutually agreed upon by Bank and Affirm, and may act outside the scope of the policy only with the prior written approval of Bank, not to be unreasonably withheld, conditioned or delayed.

4.4    The Parties shall use commercially reasonable efforts to ensure that the Finance Materials comply with Applicable Law. The Finance Materials and other Program documents shall be governed by Utah law.

4.5    The Parties shall confirm that the Policies in place on the date the first Application is received from the general public to be used by Affirm in providing the Services and by Bank have been approved by the other Party. The Parties shall use commercially reasonable efforts to ensure that procedures in effect pertaining to a given Policy are fully compliant with that Policy. Except

as required by Applicable Law or otherwise set forth in this Agreement, neither Party may amend or otherwise modify the Policies in any material respect without the prior written consent of the other Party, which consent shall not be unreasonably withheld, conditioned or delayed.

5.    Loan Referral, Processing and Origination.

5.1    Solicitations. Affirm may present prescreened or prequalified offers on behalf of Bank and conduct other solicitations to prospective Applicants on behalf of Bank. Affirm shall process Applications and Prequalification Requests on behalf of Bank (including by retrieving credit reports on behalf of Bank when applicable) to determine whether an Applicant is a Qualifying Applicant.

5.2    Information Provision. Affirm shall provide to Bank mutually agreed-upon information for each Qualifying Applicant, including the name, social security number and date of birth of such Qualifying Applicant. If Bank requests additional information, Affirm shall provide to Bank the information related to an Application that is reasonably available to Affirm in order for Bank to perform additional evaluations or other actions to process such Application. Bank shall have final authority to approve or deny any Application.

5.3    Communication with Applicants and Borrowers. On behalf of Bank, Affirm shall (a) respond to inquiries from Applicants regarding the application process; (b) provide to Applicants and Borrowers (i) all notices and documents required by Applicable Law, including adverse action notices with regard to Applications that do not meet the Credit Policy standards or are otherwise denied by Bank, (ii) Loan Agreements with regard to Applications that are approved by Bank and (iii) privacy notices, if applicable; and (c) provide any other Borrower communications in accordance with the Policies on behalf of Bank. Bank shall assist Affirm in the foregoing activities to the extent reasonably requested by Affirm.

5.4    Document Retention. Affirm shall hold and maintain, or cause to be held and maintained, all documents on behalf of Bank pertaining to Loans in accordance with Applicable Law and the Retention Policy. Such documents may be retained in paper or electronic form and in accordance with Applicable Law. Affirm shall provide Bank with access to copies of such documents upon request within a commercially reasonable time frame.

5.5    Pre-prepared Communications. Upon written request from Bank, Affirm shall provide to Bank all general forms of pre-prepared written and digital user communications with Borrowers, including collection letters, and for any general form of pre-prepared written and digital user communication with a Borrower.

5.6    Model Risk Management.

(a)    To the extent that Affirm develops, implements and uses models for quantitative analysis and decision making in regard to the Program, prospective Applicants, or Applicants (collectively the “Model Risk Management Program”), Affirm shall cause the Model Risk Management Program to be developed and maintained in compliance with Applicable Law and Exhibit I.

(b)    Affirm shall provide such assistance to Bank that is reasonably necessary to allow Bank to understand the Model Risk Management Program. Affirm shall allow Bank to review, pursuant to the guidelines set forth in Exhibit I, (i) documentation of model development and independent model validation, (ii) ongoing monitoring of models and (iii) analysis of the effectiveness of models.

(c)    The Parties shall, during the term of the Program, review and analyze the models used in the Program to assess (i) model quality, conceptual soundness and reliability; (ii) whether the models reflect the Program’s underwriting criteria; (iii) whether the models consider fluctuations in economic cycles; and (iv) whether the models are operated in compliance with Applicable Law.

(d)    Affirm shall modify the models used in the Program as reasonably directed by Bank in accordance with Exhibit I and the SLA specified in Exhibit G.

6.    Funding of Loans.

6.1    Direct Disbursement to Merchants. By the related Funding Time on each Funding Date, Bank shall transfer, or cause to be transferred, the Funding Amount in accordance with the corresponding Funding Statement.

6.2    Virtual Card Network Funding.

(a)    On or before the VCN Start Date, Bank shall establish an Issuing Account within Bank.

(b)    Prior to the VCN Start Date, Bank shall deposit funds into the Issuing Account as directed by Affirm to accommodate anticipated Loans. Commencing with the VCN Start Date, Bank shall deposit additional funds into the Issuing Account in an amount to be determined by Affirm to accommodate anticipated Loans upon at least one (1) Banking Day’s prior notice from Affirm.

7.    Borrower Data.

7.1    Each Party shall provide Borrower Data to the other Party upon request in order to enable each of them to perform their responsibilities under this Agreement and Applicable Law.

7.2    Each Party shall establish and maintain appropriate administrative, technical and physical safeguards designed to (i) protect the security, confidentiality and integrity of Borrower Data, (ii) protect against any anticipated threats or hazards to its security and integrity, (iii) protect against unauthorized access to or use of such information or associated records; and (iv) enable the proper disposal of Borrower Data. Such safeguards shall be established in accordance with Applicable Law, including Section 501 of GLBA and the Interagency Guidelines Establishing Standards for Safeguarding Customer Information adopted pursuant to Section 501 of GLBA (the “Guidelines”) and an Information Security Program.

(a)    In the event either Bank or Affirm becomes aware of any unauthorized use, modification, destruction or disclosure of, or unauthorized access to Borrower Data related to the Program (each, a “Security Incident”), such Party shall immediately (and shall cause each applicable Third-Party Service Provider to immediately) initiate response measures designed to identify the nature and scope of the Security Incident promptly (but not later than five (5) Banking Days after becoming aware of such Security Incident) notify the other Party in the event such Party reasonably determines that such Security Incident could result in any notification obligations under Applicable Law and in such notification provide the other Party with (i) a list of the names of persons whose Borrower Data has been affected, (ii) a description of the type and categories of the Borrower Data that has been affected and (iii) the circumstances underlying the Security Incident. Such Party shall not delay notification on the basis of incomplete information, but shall instead provide the available information and update any incomplete information promptly. Such Party and each applicable Third-Party Service Provider shall cooperate with the non-disclosing Party and shall assist in notifying affected Borrowers and take any other remedial action required by Applicable Law. The Parties shall cooperate with each other to assess the nature and scope of any such Security Incident requiring notification as set forth above. In addition, each Party shall take all appropriate measures to contain and control any Security Incident to prevent further unauthorized access to or use of Borrower Data.

(b)    The Party responsible for any Security Incident and any applicable Third-Party Service Provider shall investigate, mitigate and remediate the effects of such Security Incident, provide regular updates to the other Party of such remediation efforts in the event notification is required as set forth above, take reasonable care not to destroy or impair any evidence with respect to the Security Incident, document in an appropriate manner the Security Incident and responses thereto and assist and cooperate with respect to (i) reasonable requests by the other Party related to disclosure of the Security Incident to affected entities, individuals or governmental authorities as reasonably determined by the other Party, (ii) other remedial measures reasonably requested by the other Party or required under Applicable Law and (iii) reasonable requests by the other Party to assist in responding to regulatory inquiries, litigation or other similar actions as directed by the other Party, as applicable.

(c)    The Party responsible for a Security Incident shall bear the cost and expense of any notifications, remedial actions and reasonable out-of-pocket costs incurred by the other Party in connection therewith, including reasonable outside counsel fees and other costs related thereto to the extent such expense is not indemnifiable by the other Party pursuant to Section 21.

(d)    Either Party may disclose the occurrence of a Security Incident as required by Applicable Law and to mitigate risks of fraud or other harm; provided that neither Party shall name the other Party in any public, written consumer or regulatory notifications without the express written permission of the other Party, except as may be required by Applicable Law.

7.3    Affirm may use the Borrower Data in accordance with Applicable Law and subject to Affirm’s Privacy Policy. Any material changes to Affirm’s Privacy Policy shall be approved in writing by Bank prior to implementation, such approval not to be unreasonably withheld, conditioned or delayed.

7.4    Bank may use the Borrower Data solely for fulfilling the purposes of this Agreement; provided that no use of Borrower Data shall be permitted to the extent it conflicts with the Bank-approved version of Affirm’s Privacy Policy applicable to such Borrower Data or Applicable Law. Bank shall hold Borrower Data in accordance with Applicable Law.

7.5    Each Party, and each Third-Party Service Provider, may receive, use and disclose the Borrower Data with respect to the Program solely to the extent permitted by this Section 7 and in compliance with Applicable Law and the Bank-approved version of Affirm’s Privacy Policy applicable to such Borrower Data (i) for purposes of promoting the Program, (ii) as otherwise necessary to carry out its obligations under this Agreement, and (iii) as otherwise permitted by the Bank-approved version of Affirm’s Privacy Policy applicable to such Borrower Data and Applicable Law. Bank shall not, directly or indirectly, sell or otherwise transfer (including permitting sale by a third party) any right in or to the Borrower Data other than as provided herein.

7.6    Each Party may disclose the Borrower Data solely in compliance with Applicable Law and the Bank-approved version of Affirm’s Privacy Policy applicable to such Borrower Data:

(a)    To any other entity to which disclosure is necessary for processing an Application;

(b)    To its Third-Party Service Providers and Retail Partners with a permitted use of such Borrower Data under this Section 7; provided that each such Third-Party Service Provider and Retail Partner agrees in writing to maintain all such Borrower Data as strictly confidential and not to use or disclose such information to any person other than Affirm or Bank, except as required by Applicable Law or any Regulatory Authority (after giving Bank or Affirm, as applicable, prior notice and an opportunity to defend against such disclosure); provided further that each such Third-Party Service Provider and Retail Partner maintains, and agrees in writing to maintain, an appropriate Information Security Program that is designed to protect Borrower Data and information related to the Program;

(c)    To its employees, consultants, attorneys, accountants, advisors and other representatives with a need to know such Borrower Data in connection with a permitted use of such Borrower Data under this Section 7; provided that (A) any such Person is bound by terms substantially similar to this Section 7 as a condition of employment or of access to Borrower Data or by professional obligations imposing comparable terms; and (B) such Party shall be responsible for the compliance by each such Person with the terms of this Section 7; and

(d)    To any Regulatory Authority with authority over Bank or Affirm (A) in connection with an examination of either Party; or (B) pursuant to a specific requirement to provide such Borrower Data by such Regulatory Authority or pursuant to compulsory legal process; provided that such Party seeks the full protection of confidential treatment for any disclosed Borrower Data to the extent available under Applicable Law governing such disclosure and, to the extent permitted by Applicable Law, such Party (x) provides at least ten (10) Banking Days’ prior notice of such proposed disclosure to the other Party if reasonably possible under the circumstances, and (y) seeks to redact the Borrower Data

to the fullest extent possible under Applicable Law governing such disclosure. Notwithstanding the foregoing, neither Party will be required to seek the full protection of confidential treatment available under Applicable Law when disclosing Borrower Data pursuant to subpoena requests (i) from any State, local or federal law enforcement agency related to fraud investigations or (ii) pursuant to any legal demand in connection with pending or threatened immaterial litigation; provided that such disclosure complies with Applicable Law.

8.    Employees and Personnel.

8.1    Affirm shall, and shall cause its applicable Third Party Service Providers providing customer care and collections services to, to the extent required by, or permitted by, Applicable Law, (i) conduct background checks on each of its employees and agents and sales representatives engaged in providing Services pursuant to the Program, and (ii) actively and diligently monitor its sales representatives, sales offices and agents to verify their compliance with this Agreement and Applicable Law. Affirm shall (x) be liable for all actions or failure to act by such sales representatives and other agents in connection with this Agreement and (y) shall use its commercially reasonable efforts to take immediate action to rectify any non-compliant activity or other activity under Affirm’s control or authority that could cause harm to Bank’s reputation or business and for which Bank provides Affirm with written notice thereof, including a reasonable description of the applicable non-compliant activity.

8.2    Affirm shall provide appropriate training for its officers, employees, agents and representatives with respect to their duties related to the Program.

8.3    The compliance officers of each Party shall have primary responsibility for ensuring that each Party fulfills its compliance obligations hereunder.

8.4    The Parties shall employ procedures in accordance with the customary and usual standards of practice of prudent business persons in its performance of its obligations under this Agreement, including Program marketing and Application processing.

9.    Data Security and Business Continuity. Each Party shall prepare and maintain, during the Term of this Agreement, disaster recovery, business resumption and contingency plans, whether prepared and maintained directly or by a Third-Party Service Provider, that are appropriate for the nature and scope of the activities of and the obligations to be performed by such Party hereunder and consistent with industry standards for the banking and commercial lending industry, including backup servicers. Each Party’s plans shall be sufficient to enable it to promptly resume the performance of its obligations hereunder in the event of a natural disaster, destruction of such Party’s facilities or operations, utility or communication failures, or similar interruption in the operations of such Party or the operations of a third party which in turn materially affect the operations of such Party.

9.1    Each Party shall maintain, at its sole cost and expense, the information systems in accordance with industry standards necessary to perform its obligations under this Agreement in a compliant manner, as well as to reasonably secure all Proprietary Information and Protected Data. Each Party, at its own cost and expense, shall, and shall require that all of its employees or agents comply with its Information Security Program, including with regard to processing, handling, managing and securing Proprietary Information and Protected Data.

9.2    Each Party shall notify and reasonably cooperate with the other Party in the event of any actual, threatened or suspected data security breach related to the Program in accordance with Section 7. If either Party receives guidance on data security or business continuity from any Regulatory Authority, it shall promptly provide to the other Party written notice of such guidance.

9.3    Each Party agrees and represents to the other Party that it has, or shall have prior to the receipt of any Proprietary Information or Protected Data, designed and implemented an Information Security Program. Each Party shall provide reasonable advance written notice to the other Party of any material revisions or changes to its Information Security Program.

9.4    Bank (at its own cost and expense) shall have the right to inspect, upon reasonable prior notice of at least ten (10) Banking Days, Affirm’s Information Security Program, associated audit reports, summaries of test results or equivalent measures taken by Affirm to ensure that its Information Security Program complies with Applicable Law. Any such inspection shall be conducted during normal business hours and in a manner so as to minimize any interruption to Affirm’s operations. Bank shall be entitled to conduct two (2) such examinations in any calendar year during the Term; provided that if Bank, in its reasonable discretion, believes that Affirm’s Information Security Program is materially deficient under Applicable Law, Bank shall be allowed to conduct additional inspections upon at least 48 hours’ prior written notice to Affirm, and shall provide to Affirm a written description of the presumed deficiency, solely to assess and address the deficiency. Bank agrees to promptly provide Affirm with a copy of any audit or test result report or equivalent measure, as applicable.

9.5    Affirm shall perform a review of its existing and new Third-Party Service Providers and to the extent these parties have or would have access to Borrower Data, shall confirm that they have security measures adhering with the required security standards of an Information Security Program, pursuant to the procedure outlined in Exhibit J (Third-Party Service Provider SOP).

9.6    Affirm (at its own cost and expense) shall perform either an annual SOC II Type II audit in accordance with industry standards or maintain annual PCI DSS certification. In addition, Affirm will conduct or cause to be conducted, annual penetration testing. To the extent Affirm retains an audit firm other than a Big 4 Accounting Firm, the audit firm conducting such audit and the scope of such audit shall be subject to Bank’s written approval, which shall not be unreasonably withheld, conditioned or delayed. Affirm shall share results of such audit and testing with Bank in a timely manner. Affirm acknowledges that Bank, as part of its oversight by the FDIC and the Utah Department of Financial Institutions, is subject to an annual IT examination. Bank shall conduct annual penetration testing in accordance with industry standards and Applicable Law. Bank shall share any issues identified as part of such examinations, audits and procedures that directly affect the Program with Affirm to the extent allowed by Applicable Law.

9.7    Affirm shall cause a Business Impact Analysis, Business Continuity Risk Assessment and a Business Continuity Plan Test (collectively, a “BCP Test”) on the Program to be conducted annually, and Affirm shall report the results of such activities to the board of directors of Affirm and to Bank in a timely manner.

10.    Compliance.

10.1    Bank shall monitor and supervise the compliance of the Program in accordance with the requirements of Applicable Law. Affirm shall create, implement and manage a compliance management system (“CMS”) for the Program as described in Section 13.8 and Exhibit C.

10.2    Affirm shall promptly correct any failure to comply with Applicable Law that may be identified by Bank with respect to:

(a)    the terms and conditions for the Loans (including the related interest rates and charges);

(b)    the Loan Documents; and

(c)    the Credit Policy and procedures.

11.    Regulatory Communication.

11.1    If either Party receives criticism in a report of examination or in a related document or specific oral communication from, or is subject to formal or informal supervisory action by, or enters an agreement with, any Regulatory Authority with respect to a matter relating to (including omissions therefrom) the Program, including:

(a)    non-compliance with Applicable Law, or the presence or absence of any aspect of the Program which may lead to re-characterization of Bank’s provision of Bank funds as other than extensions of credit by Bank as the true lender under such Loans; or

(b)    otherwise could substantially interfere with Bank’s rights as true lender, (any such event a “Criticism”),

each Party shall (i) advise the other Party promptly in writing of the Criticism received and share the relevant portions of any written documentation, or for oral communications, provide a detailed summary in writing, received from the relevant Regulatory Authority to the extent not specifically prohibited by Applicable Law and (ii) take all reasonable actions deemed necessary by the Parties to address the Criticism in the manner and time determined by the Parties or specified by the relevant Regulatory Authority.

11.2    Each Party shall, to the extent permitted by Applicable Law, provide the other Party with notice and copies of any written communications from any Regulatory Authority (“Regulatory Communications”), with respect to either the Program or the Party, received by such Party concerning any aspect of the Program within two (2) Banking Days of receipt of such Regulatory Communication. For any Regulatory Communication related to the Program for which a response from a Party is required, or in a Party’s reasonable judgment is prudent, the Parties shall use their commercially reasonable efforts to coordinate and cooperate on the response. If the Parties are unable to agree on a response to a Regulatory Communication, the Party that received such Regulatory Communication shall have the final authority to approve the actual response to such Regulatory Communication; provided that unless otherwise instructed or permitted by the other Party, no Party shall respond to a Regulatory Communication with respect to issues related to the other Party’s participation in the Program except as required by such Regulatory Authority or Applicable Law.

12.    Complaint Management.

12.1    To the extent not prohibited by law or regulation, each Party shall provide the other Party with notice and copies of any written complaint regarding the Program from (i) a Regulatory Authority and (ii) any other Person (except for a Borrower or Applicant which shall be dealt with pursuant to Section 12.2) threatening material litigation (each an “Executive Complaint”) within three (3) Banking Days of receipt of such Executive Complaint. The Parties shall meet to determine an appropriate response to such Executive Complaint. Bank shall approve the final response for such Executive Complaints; Affirm shall not respond to a Regulatory Authority or other Executive Complaint under this Section 12.1 without Bank’s written approval of such proposed response, except to the extent required by Applicable Law or as mandated by such Regulatory Authority or Executive Complaint. Furthermore, when resolved, each Party shall provide the other Party with a summary of the resolution of the Executive Complaint to the extent permitted by Applicable Law.

12.2    Any complaint from a Borrower, Applicant or other Person regarding the Program that is not an Executive Complaint is hereafter referred to as an “Operational Complaint”. Bank shall report all Operational Complaints it receives directly pertaining to the Program to Affirm, as soon as practical, but in no event later than two (2) Banking Days after receipt.

12.3    Each Party shall catalog and maintain copies of all (i) Criticism, (ii) Executive Complaints, (iii) Operational Complaints, and (iv) responses thereto, it receives regarding the Program or its participation in the Program for the period required by Applicable Law or such longer period as agreed by the Parties. For purposes of this Agreement, Criticism, Executive Complaints and Operational Complaints are collectively referred to as “Complaints”. Each Party shall also maintain copies of all reports of Complaints given to the other Party hereunder.

12.4    Subject to all Applicable Law, including those addressing issues of consumer privacy, Affirm shall report on a monthly basis to Bank all written Complaints, including those Complaints previously reported to Bank under other provisions of this Agreement. Such report shall include the complainant’s name and account number, a brief summary of the Complaint, and, when resolved, a brief summary of the resolution for each Complaint.

13.    Other Legal Compliance and Matters.

13.1    Affirm shall be responsible for providing to Borrowers, on behalf of Bank, any privacy notices or other disclosure required by Applicable Law, such notices and disclosure to be developed in cooperation with and approved by Bank.

13.2    Should any names of Borrowers or Applicants match any names on the OFAC List, Affirm shall alert Bank and Affirm shall follow appropriate procedures for determining the validity of the match set forth in the OFAC Hit Procedure in Exhibit E.

13.3    Affirm shall complete a Bank Secrecy Act risk assessment and implement a Bank Secrecy Act policy (the “BSA Policy”) and procedures prior to the Program Start Date as approved by Bank, and any amendments to such policies and procedures as agreed to by Bank. In accordance with such procedures, Affirm shall implement a system to monitor, identify and report to Bank (i) any questionable activity that meets the thresholds identified in such policies and procedures for submitting a “Questionable Activity Report” under the Bank Secrecy Act, and (ii) any instance that such policies and procedures require the filing of a “Currency Transaction Report”.

13.4    Each Party shall provide the other Party with such information and services as may be reasonably required to assist Bank in complying with all Applicable Law relating to the Program, including anti-money laundering laws, rules and regulations.

13.5    The Parties shall agree on the guidelines for the ongoing compliance and monitoring of the Program before the Program Start Date.

13.6    Affirm shall develop, maintain and update such financial and other models and related documentation as may be required under or pursuant to Applicable Law, the Credit Policy, the Services and other aspects of the Program. Affirm shall provide model information and documentation to Bank, upon Bank’s request, to allow Bank to review and assess the quality, implementation, use and control of such models.

13.7    Affirm shall develop, maintain and update such vendor management and vendor risk policies and related documentation related to Affirm’s use of third-party vendors for the Services or other aspects of the Program as may be required under or pursuant to Applicable Law, the Services and other aspects of the Program. Affirm shall provide such policies and documentation to Bank, upon Bank’s request, in order to allow Bank to review and assess the quality, implementation, use and control of such policies and documentation. At Bank’s request, Affirm shall provide any onsite reports regarding its Third Party Service Providers providing customer care and collections services to the extent such reports are (i) owned by Affirm or performed by Affirm and (ii) allowed to be shared based on the applicable contractual arrangement between Affirm and the applicable Third Party Service Provider.

13.8    Affirm shall create, implement and maintain the CMS consistent with Bank’s written CMS requirements. The CMS shall include appropriate governance and oversight of policies and procedures, employee training (the program is approved by Bank, and the training logs are reported to Bank), complaint resolution and tracking (with regular monthly reporting to Bank), and regular testing and monitoring activities (also with regular reporting to Bank). The Parties shall agree on the guidelines for the ongoing compliance and monitoring of the Program before the Program Start Date.

13.9    Affirm shall develop and maintain an identity theft/red flags program and policy as is required under Applicable Law or otherwise appropriate in connection with Applicable Law, the Services and other aspects of the Program. Affirm shall provide such policies and documentation to Bank, upon Bank’s reasonable request, in order to allow Bank to review and assess the quality, implementation, use and control of such policies and documentation.

13.10    Notwithstanding anything else contained in this Agreement to the contrary, each Party agrees to cooperate in implementing policies and procedures that the other Party deems reasonably appropriate or necessary for the Program in connection with any of the Services pursuant to any new or amended Applicable Law.

13.11    In accordance with the terms of this Agreement and subject to Applicable Law, each Party shall have full access to all information or data related to the Program or the Services to allow it to perform risk and compliance management responsibilities, including, but not limited to access to Loan performance data, internal and external audits and Loan funding information.

14.    Program Compliance and Parameters.

14.1    Subject to Applicable Law, Bank and Affirm shall comply with the version of Affirm’s Privacy Policy as approved by Bank in accordance with the terms of this Agreement and shall take such steps as necessary and as further described herein to assure that all Third-Party Service Providers necessary to the Program, including employees, agents, Affiliates, subcontractors and assigns, observe such Privacy Policy.

14.2    Each Party agrees to meet on a regular basis to discuss the Program and its performance and to discuss any desired changes to this Agreement.

14.3    Each Party hereto agrees to cooperate fully with the other Party hereto in furnishing any information or performing any action reasonably requested by such Party that is needed by the requesting Party to perform its obligations under this Agreement or to comply with Applicable Law or any request from a Regulatory Authority, including internal audit or compliance reviews conducted by Bank. Each Party agrees that it shall furnish the other Party with true, accurate and complete copies of such records and all other information to the best of its ability with respect to the Program and the Loans as such Party or its authorized representatives may reasonably request; provided, however, that neither Party shall be required to disclose any records to the extent prohibited by Applicable Law.

14.4    Each Party agrees that at Bank’s reasonable discretion and at Bank’s expense, Bank, its authorized representatives and agents (collectively the “Auditing Party”), shall have the right to inspect, audit and examine Affirm’s facilities, records and Personnel, in each case relating to the activities contemplated by this Agreement at any time during normal business hours upon reasonable notice; provided that no more than two such inspections, audits and examinations shall be conducted in a calendar year. Affirm agrees to reasonably cooperate with the Auditing Party in connection with such audits.

14.5    Affirm shall maintain accurate computer records regarding the services to be provided by Affirm for the Loans and provide Bank with Monthly Management Reports. Monthly Management Reports shall be provided by Affirm to Bank within twelve (12) Banking Days, but no later than the 16th calendar day of the month following the end of each calendar month.

14.6    Affirm shall provide data metrics to Bank in accordance with the Data Requirements as set forth in Exhibit F.

15.    Other Uses of Program Data & Program Insights.

15.1    Except as necessary to carry out its rights and responsibilities under this Agreement, Bank shall not use Affirm’s Proprietary Information and shall not provide or disclose any of Affirm’s Proprietary Information or Program Insights to any Person, except to the extent required to do so under Applicable Law or legal process.

15.2    Other than with respect to the Program, Bank may make solicitations for goods and services to the public, which may include one or more Applicants or Borrowers; provided that Bank does not (i) specifically target Applicants or Borrowers in general solicitations; (ii) target such solicitations to specific Applicants or Borrowers; (iii) use or permit a third party to use any list of Applicants or Borrowers in connection with such solicitations; (iv) use any of Affirm’s Proprietary Information without Affirm’s prior written consent; or (v) refer to or otherwise use the name of Affirm; provided further that Bank may provide products, services or credit to such Applicant if (x) an Applicant or Borrower contacts Bank directly requesting Bank’s products or services (other than the Program) as the result of non-specific, general advertising by Bank or (y) on an unsolicited basis an Applicant or Borrower contacts Bank seeking credit separate from the Program.

16.    Determination by Regulatory Authority.

16.1    To the extent any Regulatory Authority provides written or oral guidance, Criticism or instructions to either Party to make changes to any aspect of the Program or if either Party determines, based upon advice of counsel, that a change needs to be made to this Agreement or any Program Terms to comply with Applicable Law, to the extent not prohibited by Applicable Law or regulation, the Parties shall discuss in good faith within a period of thirty (30) days, or such shorter time if required by such guidance or requirements, to negotiate amendments to this Agreement or revisions to the Program Terms reasonably necessary to comply with Applicable Law or the guidance or instructions of any Regulatory Authority.

16.2    If either Party receives a request of any Regulatory Authority having jurisdiction over such Party, including any letter or directive of any kind from any such Regulatory Authority, that prohibits or restricts such Party from carrying out its obligations under this Agreement or the Loan Sale Agreement: (i) the Party receiving such request shall promptly notify the other Party; and (ii) the Parties shall meet and consider in good faith any modifications, changes or additions to the Program, this Agreement or the Loan Sale Agreement that may be necessary to eliminate such result while remaining feasible (both practically and economically) for each Party to continue its performance under this Agreement and the Loan Sale Agreement.

16.3    During the period that the Parties are engaged in the discussions required under Section 16.1, either Party may suspend performance of the obligations that are expressly prohibited or restricted under the written request from the Regulatory Authority, subject to providing the other Party with advance written notice of such suspension and written communication from the Regulatory Authority pursuant to which such suspension is sought.

16.4    If the Parties are unable to reach agreement regarding modifications, changes, or additions to the Program, this Agreement or the Loan Sale Agreement to eliminate the prohibition or material restrictions resulting from the express written demand from the Regulatory Authority within thirty (30) Banking Days after notification by the receiving Party, or such shorter time if required by such letter or directive, either Party may terminate this Agreement upon the timeframe set forth by the Regulatory Authority or, if no timeframe is provided, upon thirty (30) Banking Days’ prior written notice to the other Party without fees or termination penalties contemplated herein.

17.    Confidentiality of Proprietary Information.

17.1    Ownership and Restrictions on Use. The Receiving Party acknowledges and agrees that the Proprietary Information of the Disclosing Party remains the sole and exclusive property of the Disclosing Party or a third party providing the information to the Disclosing Party, and the disclosure of the information to the Receiving Party does not confer upon it any license, interest or right of any kind in or to the Proprietary Information, except as provided under this Agreement.

17.2    Confidentiality. At all times and notwithstanding any termination of this Agreement, the Receiving Party agrees that it shall (a) hold in strict confidence and not disclose to any third party the Proprietary Information of the Disclosing Party, except as approved in writing by the Disclosing Party; (b) only permit access to the Proprietary Information of the Disclosing Party to those of its Personnel who have a need to know in order for the Receiving Party to perform its obligations under this Agreement; (c) be responsible to the Disclosing Party for any of its Personnel’s use or disclosure of the Proprietary Information in violation or breach of, or in a manner not authorized by, this Agreement; (d) only use Proprietary Information that it receives to carry out the purposes of this Agreement and for no other purpose whatsoever; and (e) use at least the same degree of care it would use to protect its own Proprietary Information of like importance, but in no event less than a reasonable degree of care, including maintaining the information security standards for the Proprietary Information required by this Agreement. Neither Party shall communicate any information to the other Party in violation of the proprietary rights of any third party.

17.3    Required Disclosures. If the Receiving Party is required by a Regulatory Authority or Applicable Law to disclose any Proprietary Information of the Disclosing Party, the

Receiving Party must first, if legally permissible, give written notice of the required disclosure to the Disclosing Party; take reasonable steps to allow the Disclosing Party to seek to protect the confidentiality of the Proprietary Information required to be disclosed; and then disclose only that part of the Proprietary Information which, in the written opinion of its legal counsel, it is required to disclose. The foregoing requirements do not apply to or limit either Party’s ability to fully comply with requests for information that will remain confidential from a Regulatory Authority or the Internal Revenue Service.

17.4    Notice of Unauthorized Disclosures. The Parties shall immediately provide notice of any attempted or actual breach resulting in unauthorized disclosure(s) of the Proprietary Information and shall specify the corrective action taken by the Party with respect to which a breach has occurred.

17.5    Limit on Reproductions. The Receiving Party shall not reproduce the Disclosing Party’s Proprietary Information in any manner except as required to perform the Receiving Party’s obligations under this Agreement. All reproductions of Proprietary Information by the Receiving Party remain the property of the Disclosing Party and must bear all confidential or proprietary notices or legends appearing on the original.

17.6    Treatment of Proprietary Information Following Termination. Upon termination of this Agreement, or earlier, if requested, the Receiving Party promptly shall return to the Disclosing Party all physical and electronic materials in the Receiving Party’s possession or control containing the Disclosing Party’s Proprietary Information. The materials must be delivered via a secure method and upon such media as may be reasonably required by the Disclosing Party. Alternatively, with the Disclosing Party’s prior written consent, the Receiving Party may permanently destroy or delete the Disclosing Party’s Proprietary Information, and if requested, shall certify the destruction or deletion in writing to the Disclosing Party. However, if the Receiving Party, due to requirements of Applicable Law, must retain any of the Disclosing Party’s Proprietary Information, or is unable to permanently destroy or delete the Disclosing Party’s Proprietary Information as permitted above within sixty (60) days after termination of this Agreement, the Receiving Party shall so notify the Disclosing Party in writing, and the Parties shall confirm any extended period needed for permanent destruction or deletion of the Disclosing Party’s Proprietary Information. All Proprietary Information remaining in the Receiving Party’s possession or control shall continue to be subject to the provisions of this Section 17. The methods used to destroy and delete the Proprietary Information must ensure that no Proprietary Information remains readable nor can it be reconstructed to be readable. Destruction and deletion must also comply with the following specific requirements:

17.7    Equitable Relief. If either Party or its Affiliates breached or threatens to breach any provision of this Section 17, the non-breaching Party, in addition to any other remedy it may have at law or in equity, shall be entitled to seek a restraining order, injunction or other similar remedy to specifically enforce the provisions of this Agreement without proving actual damages or posting bond or

other security. Each Party specifically acknowledges that money damages alone would be an inadequate remedy for the injuries and damages that would be suffered and incurred by the non-breaching Party or its Affiliates from a breach of any provision of this Agreement.

17.8    Survival. Notwithstanding any termination of this Agreement, all the Receiving Party’s obligations pursuant to this Section 17 shall survive (a) with respect to Confidential Business Information (other than Trade Secrets), for so long as such information continues to be confidential pursuant to the terms of this Agreement; (b) with respect to Trade Secrets, for so long as the information continues to constitute a trade secret under Applicable Law; and (c) with respect to Borrower Data and Protected Data, for so long as required by Applicable Law.

18.    Proprietary Material.

18.1    Each Party (“Licensing Party”) hereby provides the other Party (“Licensee”) with a non-exclusive right and license to use and reproduce the Licensing Party’s name, logo, registered trademarks and service marks (“Proprietary Material”) on the Applications, Loan Agreements, Marketing Materials and otherwise in connection with the fulfillment of Licensee’s obligations under this Agreement; provided, however, that (a) Licensee shall at all times comply with written instructions provided by Licensing Party regarding the use of its Proprietary Material (or otherwise cease use of such Proprietary Material), and (b) Licensee acknowledges that, except as specifically provided in this Agreement, it shall acquire no interest in Licensing Party’s Proprietary Material. Upon expiration or termination of this Agreement, Licensee shall cease using Licensing Party’s Proprietary Material.

18.2    Except for Bank’s Proprietary Material, and except for Bank’s trademarks and service marks, all material and branding created or generated by either Party in connection with this Agreement or the Program, including all URLs, IP Addresses and Program names, shall be the property of Affirm, and Affirm shall retain all rights in and to such material, including all intellectual property rights in such material.

18.3    During the Term, Bank shall use the Credit Policy solely for purposes of the Program to approve or deny an Application or to modify the terms of the Credit Policy in accordance with Section 2.5.

19.    Representations and Warranties of Bank. Bank hereby represents and warrants to Affirm as of the Effective Date and each Funding Date that:

19.1    Bank is an industrial bank duly organized, validly existing, and in good standing under the laws of State of Utah.

19.2    Bank is an FDIC-insured, state-chartered financial institution that accepts insured deposits from affiliated and non-affiliated companies, Bank’s deposits are fully insured in accordance with Applicable Law and no proceeding has been instituted to revoke such insurance.

19.3    Bank has full power and authority to execute, deliver and perform its obligations under this Agreement, including the authority to extend credit to Borrowers in all United States jurisdictions, and the execution, delivery and performance of this Agreement has been duly authorized and such performance is not in conflict with and does not violate the terms of the charter or bylaws of Bank and shall not result in a material breach of or constitute a default under, or require any consent under, any indenture, loan or agreement to which Bank is a party.

19.4    All approvals, authorizations, licenses, registrations, consents and other actions by notices to, and filings with, any Person, where the lack of such would have a material adverse effect on, delivery and performance of this Agreement by Bank, have been obtained (other than those required to be made to or received from Borrowers and Applicants).

19.5    This Agreement constitutes a legal, valid and binding obligation of Bank, enforceable against Bank in accordance with its terms, except (a) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, or other similar laws now or hereafter in

effect, which may affect the enforcement of creditors’ rights in general, and (b) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity).

19.6    Neither the execution, delivery, validity, or enforceability of this Agreement, nor the consummation of the transactions contemplated by this Agreement shall (i) require any consent, approval, authorization, notice, registration, or filing under any Applicable Law permit, license or agreement applicable to Bank; (ii) require the consent or approval of, or notice to, any other party, contract, instrument or commitment applicable to Bank; or (iii) result in a violation or termination of, or a breach or default under, any Loan Agreement, or otherwise render any Loan Agreement or any provision thereof unenforceable or give any Borrower the right to cancel or terminate any Loan Agreement. Bank is not subject to any agreement with any Regulatory Authority that would prevent the consummation by Bank of the transactions contemplated by this Agreement.

19.7    There are no proceedings or investigations pending or, to the best knowledge of Bank, threatened against Bank (i) asserting the invalidity of this Agreement, (ii) seeking to prevent the consummation of any of the transactions contemplated by Bank pursuant to this Agreement, (iii) seeking any determination or ruling that, in the reasonable judgment of Bank, would materially and adversely affect the performance by Bank of its obligations under this Agreement, (iv) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement, or (v) that would have a materially adverse financial effect on Bank or its operations if resolved adversely to it.

19.8    The execution, delivery and performance of this Agreement and the Program by Bank complies with all Applicable Laws. Each Loan shall have been validly and legally established at Bank in accordance with Applicable Law.

19.9    Bank is in full compliance with applicable minimum capital requirements prescribed by the FDIC and any other Regulatory Authority having jurisdiction over Bank, and Bank meets the requirements to be considered “adequately capitalized” as defined in the Federal Deposit Insurance Act, as amended, and the applicable regulations promulgated thereunder.

19.10    The Proprietary Materials Bank licenses to Affirm pursuant to Section 18, and their use as contemplated by and in accordance with the terms of this Agreement, do not violate or infringe upon, or constitute an infringement or misappropriation of, any United States patent, copyright or United States trademark, service mark, trade name or trade secret of any person or entity and Bank has the right to grant the licenses set forth in Section 18.

19.11    Bank has implemented and shall maintain Reasonable Security Procedures and Practices that constitute an Information Security Program that meets the objectives of the Interagency Guidelines Establishing Information Security Standards, or its authoritative predecessor that is designed to (i) ensure the security and confidentiality of Borrower Data, (ii) protect against any anticipated threats or hazards to the security or integrity of Borrower Data; (iii) protect against unauthorized access to or use of Borrower Data that could result in substantial harm or inconvenience to Affirm or any of its customers, and (iv) ensure the proper collection, access, use, storage, disclosure and disposal of Borrower Data in compliance with Bank’s Information Security Program and all Applicable Law. Bank shall (1) take appropriate action to address any Security Incident, and (2) notify Affirm as soon as possible of any Security Incident and any other breach in Bank’s security that materially affects Affirm or Borrowers in accordance with the terms of this Agreement. Bank shall ensure that any Third-Party Service Provider (or other applicable service provider) having access to Borrower Data shall maintain similar security measures and response programs and notify Affirm promptly upon Bank’s receipt of information regarding an actual or suspected Security Incident impacting Borrower Data, whether the same is experienced directly by Bank or by Bank’s Third-Party Service Providers (or other applicable service provider), and shall require any such service providers with access to Borrower Data to do substantially the same as set forth in this Section 19.11.

19.12    Except as otherwise disclosed, Bank is not currently subject to the following:

(a)    A criminal conviction (except minor traffic offenses and other petty offenses) in the United States of America or in any foreign country;

(b)    Unpaid Federal or State tax lien, or any foreign tax lien;

(c)    Administrative or enforcement proceedings commenced by the Securities and Exchange Commission, any State securities regulatory authority, Federal Trade commission, federal or State bank regulator, or any other State or federal regulatory agency in the United States or in any other country; or

(d)    Restraining order, decree, injunction, or judgment in any proceeding or lawsuit, alleging fraud or deceptive practice on the part of Bank.

19.13    Bank shall remain throughout the Term in full compliance with applicable minimum capital requirements prescribed by the FDIC and any other Regulatory Authority having jurisdiction over Bank, and Bank shall meet throughout the Term the requirements to be considered “adequately capitalized” as defined in the Federal Deposit Insurance Act, as amended, and the applicable regulations promulgated thereunder.

20.    Representations and Warranties of Affirm. Affirm hereby represents and warrants to Bank as of the Effective Date and each Funding Date that:

20.1    Affirm is a corporation, duly incorporated and validly existing under the laws of the State of Delaware, and has full power and authority to execute, deliver, and perform its obligations under this Agreement. Performance of this Agreement has been duly authorized and such performance is not in conflict with and does not violate the terms of the charter or bylaws of Affirm and shall not result in a material breach of or constitute a default under or require any consent under any material indenture, loan, or agreement to which Affirm is a party.

20.2    All approvals, authorizations, consents, and other actions by, notices to, and filings with any Person, where the lack of such would have a material adverse effect on the execution, delivery, and performance of this Agreement by Affirm, have been obtained or shall be acquired prior to engaging in the Program activity or activities giving rise to the need for such a license.

20.3    This Agreement constitutes a legal, valid, and binding obligation of Affirm, enforceable against Affirm in accordance with its terms, except (a) as such enforceability may be limited by applicable bankruptcy, insolvency, reorganization, moratorium, or other similar laws now or hereafter in effect, which may affect the enforcement of creditors’ rights in general, and (b) as such enforceability may be limited by general principles of equity (whether considered in a suit at law or in equity).

20.4    Neither the execution, delivery, validity, or enforceability of this Agreement, nor the consummation of the transactions contemplated by this Agreement shall (i) require any consent, approval, authorization, notice, registration, or filing under any Applicable Law, permit, or license applicable to Affirm; (ii) require the consent or approval of, or notice to, any other party, contract, instrument or commitment applicable to Affirm; or (iii) result in a violation or termination of, or a breach or default under, any Loan Agreement, or otherwise render any Loan Agreement or any provision thereof unenforceable or give any Borrower the right to cancel or terminate any Loan Agreement. Affirm is not subject to any agreement with any Regulatory Authority that would prevent the consummation by Affirm of the transactions contemplated by this Agreement.

20.5    There are no proceedings or investigations pending or, to the best knowledge of Affirm, threatened against Affirm (a) asserting the invalidity of this Agreement, (b) seeking to prevent the consummation of any of the transactions contemplated by Affirm pursuant to this Agreement, (c) seeking any determination or ruling that, in the reasonable judgment of Affirm, would materially and adversely affect Affirm’s ability to perform this Agreement, (d) seeking any determination or ruling that would materially and adversely affect the validity or enforceability of this Agreement, or (e) that would have a materially adverse financial effect on Affirm or its operations if resolved adversely to it.

20.6    The execution, delivery and performance of this Agreement by Affirm, the Finance Materials (except to the extent modified by Bank without the prior written consent of Affirm) and the promotional and marketing materials and strategies shall all comply with Applicable Law.

20.7    Affirm shall assure that, as respects its rights and obligations under this Agreement, the Program is compliant with Applicable Law, including any changes to Applicable Law that may materially affect the Program.

20.8    The Proprietary Materials Affirm licenses to Bank pursuant to Section 18, and their use as contemplated by and in accordance with the terms of this Agreement, do not violate or infringe upon, or constitute an infringement or misappropriation of, any United States patent, copyright or United States trademark, service mark, trade name or trade secret of any person or entity and Affirm has the right to grant the license set forth in Section 18.

20.9    Affirm has implemented and shall maintain Reasonable Security Procedures and Practices that constitute an Information Security Program that meets the objectives of the Interagency Guidelines Establishing Information Security Standards, or its authoritative successor, and that is designed to (i) protect the security and confidentiality of Borrower Data, (ii) protect against any anticipated threats or hazards to the security or integrity of Borrower Data; (iii) protect against unauthorized access to or use of Borrower Data that could result in substantial harm or inconvenience to Affirm or any of its customers, and (iv) enable the proper disposal of Borrower Data in accordance with the terms of this Agreement. Affirm shall (1) take appropriate action to address any Security Incident, and (2) notify Bank as soon as possible of any Security Incident requiring notification as set forth in Section 7.2 and any other breach in Affirm’s security that materially affects Bank or Borrowers in accordance with the terms of this Agreement.

20.10    For each Loan, to Affirm’s actual knowledge (without any implied duties of inquiry): (i) all required disclosures to Borrowers have been delivered in compliance with Applicable Law; (ii) the Loan Agreement and all other Loan Documents are genuine; and (iii) all necessary approvals required by Affirm have been obtained.

20.11    To Affirm’s actual knowledge (without any implied duties of inquiry), each Borrower under a Loan is eligible for such Loan under the Credit Policy; and each such Borrower, directly or through a representative, has submitted an Application.

20.12    Affirm shall provide Bank with its (a) audited balance sheet and related statements of income and cash flow within 150 calendar days from the end of each of its fiscal years audited financial statements, (b) unaudited quarterly financial statements consisting of balance sheets and related statements of income and cash flow within forty-five (45) days following the end of each of Affirm’s fiscal quarters and (c) initial, preliminary annual volume projections with respect to Program activities no later than sixty (60) days preceding the applicable fiscal year, during the Initial Term and any Renewal Term of this Agreement. The audited financial statements shall be prepared by an independent certified public accountant in accordance with GAAP, as consistently applied by Affirm. Notwithstanding anything to the contrary, Affirm’s obligations to provide financial statements set forth in this Section 20.12 shall terminate and cease upon Affirm’s first underwritten public offering of its common stock under the Securities Act of 1933, as amended, and the rules and regulations promulgated thereunder.

20.13    Affirm must maintain minimum liquidity in unrestricted cash or cash equivalents, in an amount equal to or greater than [***] ([***]). Affirm shall use its reasonable efforts to reply to questions asked by Bank related to Affirm’s financing strategy to the extent it directly affects the Program.

20.14    Except as otherwise disclosed, Affirm has not been subject to the following:

(a)    A criminal conviction (except minor traffic offenses and other petty offenses) in the United States of America or in any foreign country;

(b)    Unpaid Federal or State tax lien, or any foreign tax lien;

(c)    Administrative or enforcement proceedings commenced by the Securities and Exchange Commission, any State securities regulatory authority, Federal Trade commission, federal

or State bank regulator, or any other State or federal regulatory agency in the United States or in any other country; or

(d)    Restraining order, decree, injunction, or judgment in any proceeding or lawsuit, alleging fraud or deceptive practice on the part of Affirm.

21.    Indemnification.

21.1    Indemnity of Affirm. Bank agrees to indemnify, defend and hold harmless Affirm and its Affiliates, and their respective officers, directors, employees, managers, representatives, owners, agents and attorneys (the “Affirm Indemnified Parties”) from and against any and all Losses that arise from (a) the negligence or intentional misconduct of Bank or its agents or representatives (other than Affirm) in connection with the performance of its obligations under this Agreement; (b) the breach by Bank or its agents or representatives (other than Affirm) of any of Bank’s covenants, obligations, representations, warranties or undertakings under this Agreement; (c) violation by Bank or any of its employees, agents or representatives (other than Affirm) of Applicable Law; (d) infringement or misappropriation of the intellectual property rights (patents, copyrights, trademarks, etc.) of any third party by Bank in connection with the Program or Bank’s obligations hereunder or (e) any unauthorized, illegal or fraudulent access to or use of Borrower Data caused by Bank or arising from a Security Incident associated with systems maintained by Bank.

21.2    Indemnity of Bank. Affirm agrees to indemnify, defend and hold harmless Bank and its Affiliates and the officers, directors, employees, representatives, shareholders, agents and attorneys of such entities (the “Bank Indemnified Parties”) from and against any and all Losses, that arise from (a) the negligence or intentional misconduct of Affirm or its agents or representatives in connection with its performance of its obligations under this Agreement; (b) breach by Affirm or its agents or representatives of any of Affirm’s covenants, obligations, representations, warranties or undertakings under the Agreement; (c) a violation by Affirm, its subcontractors, employees, agents, representatives of any Applicable Law; (d) infringement or misappropriation of the intellectual property rights (patents, copyrights, trademarks, etc.) of any third party by Affirm in connection with the Program or Affirm’s obligations hereunder; (e) any unauthorized, illegal or fraudulent access to or use of Borrower Data caused by Affirm or arising from a Security Incident associated with systems maintained by Affirm; or (f) Bank’s participation in the Program as contemplated by this Agreement, except if (i) such Losses result from the negligence or intentional misconduct of, or breach of this Agreement or Applicable Law by, Bank or its subcontractors, employees, agents, or representatives (other than Affirm), or (ii) such Loss is subject to indemnification by Bank pursuant to Section 21.1.

21.3    Party References. The Affirm Indemnified Parties or Bank Indemnified Parties are sometimes referred to herein as the “Indemnified Party,” and Affirm or Bank, as an indemnitor hereunder, is sometimes referred to herein as the “Indemnifying Party.”

21.4    General Conditions on Indemnity Obligations. Each Indemnifying Party’s obligations under this Agreement shall be subject to the Indemnified Party (a) unless otherwise required by Applicable Law, promptly, after receipt of any written claim or notice of any action giving rise to a claim for indemnification, providing the Indemnifying Party notice of the claim or action and specifying in reasonable detail the nature and amount of the Loss (provided that failure to so notify the Indemnifying Party shall not relieve the Indemnifying Party of its indemnification obligations, except to the extent that the failure or delay is prejudicial); (b) providing reasonable cooperation and assistance in the defense or settlement of any claim; and (c) granting the Indemnifying Party control over the defense and settlement of the same (provided that any Indemnified Party shall be entitled to participate in the defense and settlement of the claim and to employ counsel at its own expense to assist in the handling of the claim; and provided further that the Indemnified Party does not invoke its retained right to defend as stated below). The Indemnifying Party shall not agree to any settlement that results in any obligation or an admission of liability by the Indemnified Party without the Indemnified Party’s prior written consent.

21.5    Reservation of Right to Defend. If the Indemnified Party reasonably determines that the Indemnifying Party has failed to diligently assume and maintain a prompt and vigorous defense of any claim, the Indemnified Party may, at its own expense, option, and discretion, assume sole control of

the defense of any claim and all related settlement negotiations with counsel of its own choosing and without waiving any other rights to indemnification. If the Indemnified Party provides sufficient evidence to support its right to defend pursuant to this Section 21, the Indemnifying Party shall pay all costs and expenses (including reasonable attorneys’ fees) incurred by the Indemnified Party in the defense. Notwithstanding anything to the contrary in the foregoing, the Indemnified Party shall not accept any settlement on behalf of the Indemnifying Party that results in an admission of liability, or does not provide a full unconditional release, without the Indemnifying Party’s express written consent, which consent shall not be unreasonably withheld, conditioned or delayed.

21.6    Limitation of Liability. EXCEPT FOR A BREACH OF THE OBLIGATIONS UNDER SECTIONS 7 (BORROWER DATA), 9 (DATA SECURITY AND BUSINESS CONTINUITY), 16 (OTHER USES OF PROGRAM DATA & PROGRAM INSIGHTS) OR 17 (CONFIDENTIALITY OR PROPRIETARY INFORMATION), ANY CLAIM RESULTING FROM A SECURITY INCIDENT, THE UNAUTHORIZED, ILLEGAL OR FRAUDULENT ACCESS OR USE OF BORROWER DATA, OR ANY CLAIM RELATING TO A PARTY’S FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY) OR ANY OTHER LEGAL OR EQUITABLE PRINCIPLES, OR FOR ANY LOSS OF PROFITS, BUSINESS OR REVENUE, REGARDLESS OF WHETHER SUCH PARTY KNEW OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES.

Notwithstanding anything in this Section 21.6 to the contrary, nothing in this Section 21.6 shall limit any liability or obligation of either Party to pay damages, losses, payments of restitution, civil damages, penalties or fines pursuant to Section 2.14.

21.7    Disclosure. Each Party shall promptly notify the other Party of any action, suit, proceeding, facts and circumstances, and the threat of reasonable prospect of same, which might give rise to any indemnification hereunder or which might materially and adversely affect a Party’s ability to perform its obligations under this Agreement.

22.    Term and Termination.

22.1    Unless otherwise terminated according the provisions herein, this Agreement shall have an initial term beginning on the Program Start Date and ending three (3) years after such date (the “Initial Term”). This Agreement shall continue to renew automatically, for subsequent consecutive one-year terms (each, a “Renewal Term”), unless and until either (i) Affirm terminates this Agreement pursuant to Section 22.9 or (ii) either Party provides written notice of non-renewal to the other Party at least one hundred and twenty (120) days prior to the end of the Initial Term or any subsequent renewal term. The Initial Term, together with all Renewal Terms, are referred to as the “Term.” Notwithstanding the foregoing, the Parties agree to meet in good faith on an annual basis to review the terms of this Agreement and modify, as necessary.

22.2    A Party shall have a right to terminate this Agreement immediately upon written notice to the other Party in any of the following circumstances (each a “Cause”), such termination to be effective as of the date Notice of Termination is given to the other Party pursuant to Section 32, following the lapse of any applicable cure period:

(a)    Failure by the non-terminating Party to observe or perform, in any material respect, that Party’s obligations to the other Party hereunder, so long as the failure is not due to the actions or failure to act of the terminating Party, but only if the failure continues for a period of, (i) in the case of a failure not involving the payment of money, thirty (30) days after the non-terminating Party receives written notice from the terminating Party specifying the failure; provided, however, that in the case of a failure that is not cured within such thirty (30) day period, the cure period shall be extended by a one-time additional thirty (30) day period if the non-terminating Party is diligently pursuing remedial action, or (ii) in the case of a failure involving the payment of money, five (5) Banking Days after the non-performing Party is given written notice from the terminating Party specifying the failure in the case of a failure to pay any undisputed amount of [***] ([***]) or more, then due hereunder;

(b)    Any representation or warranty made by the non-terminating Party herein shall have been false in any material respect as of the time when made or given and has a material adverse effect on the Program or this Agreement and continues to be false for a period of thirty (30) days after the non-terminating Party receives written notice from the terminating Party specifying how the representation or warranty is false; provided, however, that in the case of an inaccuracy that is not cured within such thirty (30) day period, the cure period shall be extended by a one-time additional thirty (30) day period if the non-terminating Party is diligently pursuing remedial action;

(c)    In the event the non-terminating Party (i) voluntarily commences any proceeding or files any petition seeking relief under Title 11 of the United States Code or any other federal, State or foreign bankruptcy, insolvency, liquidation, receivership or similar law, (ii) applies for or consents to the appointment of a receiver, trustee, custodian, sequestrator or similar official for such Party or for a substantial part of its property or assets, (iii) makes a general assignment for the benefit of creditors, (iv) takes formal action for the purpose of effecting any of the foregoing, or (v) is otherwise insolvent;

(d)    Upon the commencement against the non-terminating Party of an involuntary proceeding or the filing of an involuntary proceeding or the filing of an involuntary petition in a court of competent jurisdiction seeking (i) relief in respect of such Party, or of a substantial part of its property or assets under Title 11 of the United States Code or any other federal, State or foreign bankruptcy, insolvency, liquidation, receivership or similar law, (ii) the appointment of a receiver, trustee, custodian, sequestrator or similar official for such Party or for a substantial part of its property or assets, or (iii) the winding up or liquidation, of such Party, if such proceeding or petition shall continue un-dismissed for thirty (30) days or an order or decree approving or ordering any of the foregoing shall be entered.

(e)    an involuntary case or other proceeding, whether pursuant to banking regulations or otherwise, is commenced against the other Party seeking liquidation, reorganization, or other relief with respect to it or its debts under any bankruptcy, insolvency, receivership, conservatorship or other similar law now or hereafter in effect or seeking the appointment of a trustee, receiver, liquidator, conservator, custodian, or other similar official of it or any substantial part of its property; or an order for relief is entered against either Party under the federal bankruptcy laws as now or hereafter in effect.

22.3    Either Party may terminate this Agreement as provided in Section 16.4.

22.4    This Agreement shall terminate automatically upon any expiration or termination of the Loan Sale Agreement.

22.5    Bank shall not be obligated to approve Applications after the expiration or termination of this Agreement.

22.6    The expiration or termination of this Agreement either in part or in whole shall not discharge any Party from any obligation incurred prior to such expiration or termination.

22.7    Each Party’s obligation to operate the Program after a Notice of Termination or termination of this Agreement shall in all cases be subject to Applicable Law.

22.8    All provisions, promises, and warranties contained in this Agreement, which by their nature or effect are required or intended to be observed, kept, or performed after termination of this Agreement (including, servicing of Loans by Affirm, ownership of property, confidentiality, security, audit rights, indemnities, limitation of liability, and miscellaneous provisions), shall survive the expiration or termination of this Agreement and remain binding upon and for the benefit of the Parties. Sections 15 (Other Uses of Program Data & Program Insights), 17 (Confidentiality of Proprietary Information), 18 (Proprietary Material), 21 (Indemnification), 22.9 (Termination Fee), and 26 (Inspection; Reports) 28 (Governing Law and Jurisdiction), 32 (Notices), 38 (Cooperation), 39 (Examination Cooperation), and 40 (Disputes) shall survive termination or expiration of this Agreement.

22.9    Affirm may terminate this Agreement at any time for convenience upon ninety (90) days prior written notice. If, during the Initial Term, this Agreement is terminated by Affirm without Cause or by Bank for Cause, and a written notice of termination (“Notice of Termination”) by Bank for Cause or by Affirm without Cause, has been delivered to the other Party, then, in such event, Affirm shall pay to Bank (i) all amounts accrued by Affirm and due to Bank under the Program Terms, including the purchase price of outstanding Loans originated under the Program, as of the termination date, and (ii) within 60 days of such termination, a Termination Fee in accordance with the following:

(i)    [***] if termination occurs in the first Contract Year

(ii)    [***] if termination occurs in the second Contract Year

(iii)    [***] if termination occurs in the third Contract Year

No Termination Fee shall be payable if this Agreement is terminated by Affirm for Cause, or if this Agreement is terminated by Affirm effective on or after the last day of the Initial Term. For the avoidance of doubt, no additional Minimum Annual Fees due under the Loan Sale Agreement shall be payable by Affirm to Bank following a termination of this Agreement pursuant to this Section; provided that the prorated amount of the Minimum Annual Fee requirement, as described in the Loan Sale Agreement, has been satisfied as of the time that the Agreement is terminated, or any portion thereof.

23.    Third-Party Service Providers. The Parties agree that Affirm may retain the services of one or more service providers (“Third-Party Service Providers”) to satisfy some or all of Affirm’s obligations pursuant to this Agreement including Affirm’s obligation to assure back-up services provided, that Affirm shall remain responsible for the performance of such services. Affirm shall be responsible for all fees and expenses of each Third-Party Service Provider. The Parties agree that Affirm may retain the services of any Third-Party Service Provider set forth in Exhibit J as approved Third-Party Service Providers. Affirm shall not appoint any other Third-Party Service Provider who shall perform any material functions and shall have access to Borrower Data pursuant to this Agreement without approval by Bank, which approval may not be unreasonably withheld, conditioned or delayed, pursuant to the SLA in Exhibit G and the procedure for approval as outlined in Exhibit J. Affirm shall provide notice to Bank not less than ten (10) days before the effective date of such appointment and shall provide such information about such Third-Party Service Provider as requested by Bank.

24.    Insurance. During the Term, Affirm shall maintain at its own expense employee dishonesty coverage and a general comprehensive liability policy, each with a financially sound and nationally reputable insurer reasonably acceptable to Bank. Such employee dishonesty and general comprehensive liability policy shall provide coverage limits of not less than [***], each, together with commercial umbrella coverage with a general aggregate limit of not less than [***]. Affirm shall provide copies of such insurance policies to Bank and provide to Bank such evidence as it may reasonably request concerning the continued existence of such coverages during the term of this Agreement. During the Term, Bank shall maintain insurance coverages customary and appropriate for the nature of its business and its obligations under this Agreement.

25.    Manner of Payments. Unless the manner of payment is expressly provided herein, all payments under this Agreement shall be made by ACH transfer to the bank accounts designated by the respective Parties. Notwithstanding anything to the contrary contained herein, neither Party shall fail to make any payment required of it under this Agreement for a breach or alleged breach by the other Party of any of its obligations under this Agreement or any other agreement; provided that the making of any payment hereunder shall not constitute a waiver by the Party making the payment of any rights it may have under this Agreement or by law.

26.    Inspection; Reports.

26.1    Each Party agrees to timely submit to any examination or audit that may be required by a Regulatory Authority having jurisdiction over such Party, during regular business hours and upon reasonable prior notice, and to otherwise provide reasonable cooperation to the other Party in responding to such Regulatory Authorities’ inquiries and requests relating to the Program.

26.2    Any third party conducting an inspection or investigation on behalf of a Party shall be subject to the other Party’s consent, which consent shall not be unreasonably withheld, conditioned or delayed.

26.3    All expenses of inspection shall be borne by the Party conducting or requesting the inspection.

26.4    Each Party shall store all documentation and electronic data related to its performance under this Agreement and shall make such documentation and data available to the other Party upon request in accordance with the terms of this Agreement and Applicable Law. With such frequency and in such manner as mutually agreed by the Parties, each Party shall timely report to the other Party regarding the performance of its obligations.

27.    Relationship of Parties. The Parties agree that in performing their responsibilities pursuant to this Agreement, they are in the position of independent contractors. This Agreement is not intended to create, nor does it create and shall not be construed to create, a relationship of partner or joint venture or any association for profit between Bank and Affirm. The Parties agree as well that, as a party providing marketing, accounting and other services under this Agreement, Affirm is operating on behalf of Bank.

28.    Governing Law and Jurisdiction. For purposes of litigating any dispute that arises directly or indirectly from the relationship of the Parties under this Agreement, the Parties hereby submit to and consent to the exclusive jurisdiction of the State of Utah and agree that such litigation shall be conducted only in the courts of Salt Lake County, Utah, or federal courts for the United States for the District of Utah. The Parties acknowledge that Bank, as a Utah industrial bank, is regulated by the FDIC, and is therefore subject to federal law, and entitled to preemption from State laws to the fullest extent permitted by law. In any matters not so preempted (if any), this Agreement and all rights and obligations hereunder, including matters of construction, validity and performance, shall be governed by and construed in accordance with the laws of the State of Utah applicable to contracts made to be performed within such State and applicable federal law. Each Party hereby submits to the jurisdiction of the courts of such State, and (subject to Bank’s reservation of preemption rights above) waives any objection to venue with respect to actions brought in such courts.

29.    Severability. Any provision of this Agreement which is deemed invalid, illegal or unenforceable in any jurisdiction, shall, as to that jurisdiction, be ineffective to the extent of such invalidity, illegality or unenforceability, without affecting in any way the remaining portions hereof in such jurisdiction or rendering such provision or any other provision of this Agreement invalid, illegal, or unenforceable in any other jurisdiction.

30.    Assignment. This Agreement and the rights and obligations created under it shall be binding upon and inure solely to the benefit of the Parties and their respective successors and permitted assigns. Neither Party shall be entitled to assign or transfer any interest under this Agreement without the prior written consent of the other Party, except that Affirm may assign this Agreement to an Affiliate or a successor-in-interest as a result of a change in control transaction or a sale of a substantial portion of Affirm’s assets.

31.    Third-Party Beneficiaries. Nothing contained herein shall be construed as creating a third-party beneficiary relationship between either Party or any other Person.

32.    Notices. Agreement shall be in writing and shall be deemed given (a) on the day delivered, if delivered by hand; (b) on the day transmitted, if transmitted by facsimile or email (in each case with confirmation of transmission as well as confirmation of receipt (confirmation of receipt may be by telephone)) if sent during the recipient’s normal business hours, and on the next Banking Day if sent after the recipient’s normal business hours; (c) when received by the addressee if sent by a nationally recognized overnight courier (receipt requested); or (d) three (3) days after the date of mailing to the other Party, if mailed certified or registered, return receipt requested, postage prepaid, at the following address, or such other address as either Party shall specify in a notice to the other:

33.    Amendment and Waiver. This Agreement may be amended only by a written instrument signed by each of the Parties. The failure of a Party to require the performance of any term of this Agreement or the waiver by a Party of any default under this Agreement shall not prevent a subsequent enforcement of such term and shall not be deemed a waiver of any subsequent breach. All waivers must be in writing and signed by the Party against whom the waiver is to be enforced.

34.    Counterparts. This Agreement may be executed and delivered by the Parties in any number of counterparts, and by different parties on separate counterparts, each of which counterpart shall be deemed to be an original and all of which counterparts, taken together, shall constitute but one and the same instrument.

35.    Interpretation. The Parties acknowledge that each Party and its counsel have reviewed and revised this Agreement and that the normal rule of construction to the effect that any ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement or any amendments thereto, and the same shall be construed neither for nor against either Party, but shall be given a reasonable interpretation in accordance with the plain meaning of its terms and the intent of the Parties.

36.    Headings. Captions and headings in this Agreement are for convenience only, and are not to be deemed part of this Agreement.

37.    Referrals. Neither Party has agreed to pay any fee or commission to any agent, broker, finder, or other Person for or on account of such Person’s services rendered in connection with this Agreement that would give rise to any valid claim against the other Party for any commission, finder’s fee or like payment.

38.    Cooperation. Affirm hereto agrees to cooperate fully with Bank, at Bank’s expense, in furnishing any information or performing any action reasonably requested by Bank that is needed by Bank to perform its obligations under this Agreement or to comply with Applicable Law or any request from a Regulatory Authority, including internal audit or compliance reviews conducted by Bank. Affirm agrees that it shall furnish Bank with materially true, accurate and complete copies of such records and all other information with respect to the Program and the Loans as Bank or its authorized representatives may reasonably request; provided, however, that Affirm shall not be required to divulge any records to the extent prohibited by Applicable Law, confidentiality, or the attorney-client privilege.

39.    Examination Cooperation. In accordance with the terms of this Agreement and Applicable Law, Affirm agrees to reasonably cooperate with any examination, audit or review of Bank or the Program by any Regulatory Authority and to provide to Bank any information which may be required by any Regulatory Authority for its audit or review of Bank or the Program. In accordance with the terms of this Agreement and Applicable Law, Affirm shall provide such other reasonable information as Bank or any Regulatory Authority may from time to time request with respect to the Program, Applicants and Borrowers and documentation thereof. Affirm shall have no obligation to comply with any requests for information or documents or to cooperate if Affirm reasonably believes that such request or cooperation would violate Applicable Law, a confidentiality obligation, or the attorney-client privilege.

40.    Disputes.

40.1    Duty to Notify. In the event of any dispute, controversy, or claim arising out of or relating to this Agreement or the making, construction, interpretation, performance, breach, termination, enforceability or validity thereof (hereinafter, a “Dispute”), the Party raising such Dispute shall provide written notice to the other Party at least thirty (30) days prior to commencing any litigation with respect thereto specifying the nature of the asserted Dispute.

40.2    Cooperation to Resolve Disputes. The Parties shall cooperate and attempt in good faith to resolve any Dispute promptly by negotiating between persons who have authority to settle the Dispute and who are at a higher level of management than the persons with direct responsibility for administration and performance of the provisions or obligations of this Agreement that are the subject of the Dispute. The Bank Relationship Officer and the Affirm Relationship Officer shall cooperate in good faith to resolve any Dispute arising under the Agreement pursuant to this Section 40.

41.    Entire Agreement. This Agreement including schedules and exhibits, constitutes the entire agreement between the Parties with respect to the subject matter hereof, and supersedes any prior or contemporaneous negotiations or oral or written agreements about the same subject matter.

42.    Force Majeure. In the event that a Party fails to perform its obligations under this Agreement in whole or in part as a consequence of events beyond its reasonable control (including acts of God, fire, explosion, public utility failure, floods, embargoes, epidemics, pandemics, civil disorders, war, terrorist acts, nuclear disaster or riot or any other similar causes not within its reasonable control), such failure to perform shall not be considered a breach of this Agreement during the period of such disability. In the event of any force majeure occurrence as set forth in this Section 42, the disabled Party shall use its commercially reasonable efforts to remediate any issue and meet its obligations as set forth in this Agreement as soon as reasonably practicable. The disabled Party shall promptly and in writing advise the other Party if it is unable to perform due to a force majeure event, the expected duration of such inability to perform and of any developments (or changes therein) that appear likely to affect the ability of that Party to perform any of its obligations hereunder a whole or in part.

43.    Exclusivity. Nothing in this Agreement shall prevent either Party from entering into contractual relationships with any other Person.

IN WITNESS WHEREOF, the Parties have entered into this Marketing and Servicing Agreement as of the Effective Date.

“ACH” means the Automated Clearing House.

“Advertising and Marketing Policy” means the policy proposed by Affirm and approved by Bank for adoption and use of Marketing Materials and the overall marketing plan to be used in marketing the Program, a copy of which is attached hereto as Exhibit K.

“Affiliate” means, with respect to a Party, a Person who directly or indirectly controls, is controlled by or is under common control with the Party. For the purposes of this definition, the term “control” (including with correlative meanings, the terms controlling, controlled by and under common control with) means the power to direct the management or policies of such Person, directly or indirectly, through the ownership of 50% or more of a class of voting securities of such Person.

“Affirm” has the meaning set forth in the introductory paragraph of this Agreement.

“Affirm Indemnified Parties” has the meaning set forth in Section 21.1.

“Affirm Relationship Officer” means a specified Affirm representative reasonably acceptable to Bank, and shall initially be Meghan Ryan.

“Agreement” has the meaning set forth in the introductory paragraph of this Agreement.

“AML/KYC” means Anti-Money Laundering (“AML”) and Know Your Customer (“KYC”) in reference to the BSA.

“Applicable Law” means all federal, State and local laws, statutes, regulations, regulatory guidance and orders (including FIL 44-2008: Guidance for Managing Third-Party Risk and FIL 22-2017 Adoption of Supervisory Guidance on Model Risk Management) applicable to a Party or relating to or affecting any aspect of the Program including the Marketing Materials and the Finance Materials, all requirements of any Regulatory Authority having jurisdiction over a Party, as any such laws, statutes, regulations, orders and requirements may be amended and in effect from time to time during the term of this Agreement.

“Applicant” means a prospective Borrower that has completed an Application for a Loan.

“Application” means the completed electronic application submitted by an Applicant, on a form approved by Bank, related to a request for a Loan, together with any exhibits and ancillary materials; provided that the Application may only be modified with the consent of Bank in its sole discretion.

“Auditing Party” has the meaning set forth in Section 14.4.

“Bank” has the meaning set forth in the introductory paragraph of this Agreement.

“Bank Indemnified Parties” has the meaning set forth in Section 21.2.

“Bank Relationship Officer” means a specified Bank representative reasonably acceptable to Affirm, and shall initially be Shawn Brock.

“Banking Day” means any day, other than (a) a Saturday or Sunday, or (b) a New York, California or Utah banking holiday.

“BCP Test” has the meaning set forth in Section 9.7.

“Big 4 Accounting Firm” means any of Ernst & Young, Deloitte Touche Tohmatsu Limited, PricewaterhouseCoopers, or KPMG.

“Borrower” means a Person to whom Bank has made a Loan as part of the Program or who is a guarantor of, or co-signer on, such Loan who is liable for amounts owing with respect to a Loan made as part of the Program.

“Borrower Data” means information that is provided to or obtained by a Party in the performance of its obligations under this Agreement or otherwise regarding Applicants and Borrowers, including (a) name, postal address, social security number, email address, telephone number, date of birth, as well as data generated or created in connection with customer service, telephone logs and records, and other documents and information necessary for the processing and maintenance of Loans, and (b) all Personal Information.

“Borrower Product” means any extension of credit made to a consumer.

“BSA” means the Bank Secrecy Act, 31 U.S.C. 5311, et. seq.

“BSA Policy” has the meaning set forth in Section 13.3.

“Cause” has the meaning set forth in Section 22.2.

“CMS” has the meaning set forth in Section 10.1.

“Complaints” has the meaning set forth in Section 12.3.

“Confidential Business Information” means any valuable, secret business information other than Trade Secrets, that is either designated or identified as confidential at the time of the disclosure or is by its nature clearly recognizable as confidential information to a reasonably prudent person with knowledge of the Disclosing Party’s business and industry.

“Contract Year” means each 12-month period commencing on the Program Start Date. The Initial Term has three (3) Contract Years.

“Credit Policy” means the credit and underwriting requirements, including requirements applicable to applications for the extension of credit, of Bank as set forth in the Program Terms to be used by Affirm in reviewing all Loan Applications on behalf of Bank, as more fully set forth in Exhibit L.

“Criticism” has the meaning set forth in Section 11.1.

“Customer Identification Program” has the meaning set forth in 31 CFR 103.121 Federal Regulations.

“Data Requirements” means a set of performance metrics to which Affirm can provide access, including designated exceptions, approved Applications and denied Applications, among other things, to be agreed upon by the Parties before the Program Start Date.

“Disclosing Party” means the Party disclosing Proprietary Information hereunder, whether the disclosure is directly from the Disclosing Party or through the Disclosing Party’s Personnel or Affiliates.

“Dispute” has the meaning set forth in Section 40.1.

“Effective Date” has the meaning set forth in the introductory paragraph of this Agreement.

“Executive Complaint” has the meaning set forth in Section 12.1.

“Finance Materials” means, collectively, (a) the Application; (b) the Credit Policy; (c) the form of Loan Agreement; (d) the version of Affirm’s Privacy Policy applicable to Borrower Data; and (e) the form of default notice, adverse action notice or any other written notice related to an Applicant or Borrower.

“Funding Amount” means the amount of a Loan made by Bank on behalf of a Borrower, pursuant to an Application (it being understood that such amount may be reduced by any Merchant-related reconciliations, down payments, or discounts).

“Funding Date” means any day on which Bank receives a Funding Statement from Affirm pursuant to Section 6.1; provided, however, that if Bank receives any such Funding Statement (i) on a day that is not a Business Day or (ii) after 12:00 pm (eastern time) on a Business Day, Bank may delay the Funding Date to be the immediately succeeding Business Day.

“Funding Statement” means a statement provided by Affirm to Bank with respect to each Loan containing (i) all information necessary for the transfer of the Funding Amount to the related Merchant on behalf of and as directed by the Borrower, including depository institution names, routing numbers and account numbers; and (ii) such other information as shall be reasonably requested by Bank and mutually agreed to by Bank and Affirm.

“Funding Time” means each of 9:30 a.m., 11:45 a.m., 1:45 p.m. and 3:00 p.m. Mountain Time or such other time as agreed by the Parties.

“GLBA” means The Gramm-Leach-Bliley Act.

“Guidelines” has the meaning set forth in Section 7.2.

“Indemnified Party” has the meaning set forth in Section 21.3.

“Indemnifying Party” has the meaning set forth in Section 21.3.

“Information Security Program” means a written plan created and implemented by a financial institution to identify and control risks to customer information and customer information systems and to properly dispose of customer information, including policies and procedures regarding the institution’s risk assessment, controls, testing, servicer-provider oversight, periodic review and updating and reporting to its board of directors, that complies in all material respects with the applicable requirements set forth in 12 C.F.R. Part 364 and 16 C.F.R. Part 314, all as amended, supplemented or interpreted in writing by Regulatory Authorities and all other Applicable Law.

“Initial Term” has the meaning set forth in Section 22.1.

“IP Address” means an internet protocol address.

“Issuing Account” means an account at Bank or an intermediary bank, selected by Affirm, through which funds will be disbursed to Merchants on behalf of Borrowers via a virtual or physical card.

“Licensee” has the meaning set forth in Section 18.1.

“Licensing Party” has the meaning set forth in Section 18.1.

“Loan” means a consumer loan made by Bank to a Borrower under the Program.

“Loan Agreement” means, with respect to a Loan, the document or documents containing the terms and conditions of such Loan, including the disclosure statement, the loan agreement and the privacy notice.

“Loan Documents” mean, collectively, with respect to any Loan, the Loan Agreement, the Application and any other documents executed by the related Borrower in connection with such Loan.

“Loan Performance Fee” means the fee payable to Bank pursuant to Section 4.2 of the Loan Sale Agreement.

“Loan Sale Agreement” means that certain Loan Sale Agreement dated as of the Effective Date between Bank and Affirm.

“Losses” means all third-party claims, actions, liability, judgments, damages, fines, legal fees, reasonable costs and expenses, including fees, but excluding special, indirect, incidental, consequential, punitive or exemplary damages, including lost profits, even if a Party has knowledge of the possibility of such damages.

“Marketing and Servicing Fee” has the meaning set forth in Section 2.13(b) and Exhibit D.

“Marketing Materials” means any advertising, applications, marketing materials, advertising pieces, sales literature, telemarketing scripts and any other materials directly relating to the Program or containing Bank’s name that are used to induce Applicants to apply for a Loan or to induce potential Applicants to apply for a Loan under the Program, and any other materials used to induce use of the Program as agreed by the Parties in accordance with this Agreement.

“Merchant” means a seller of goods or services to a Borrower.

“Minimum Annual Fee” has the meaning set forth in the Loan Sale Agreement.

“Model Risk Management Program” has the meaning set forth in Section 5.6(a).

“Monthly Management Reports” means reports consisting of complaint logs, compliance issues logs, 1and other such reports as mutually agreed by the Parties on the current Program portfolio delivered to Bank by Affirm on a monthly basis in accordance with the terms of this Agreement.

“NOAA” as used in Exhibit C, means Notice of Adverse Action as referenced in Applicable Law, including Regulation B, the Fair Credit Reporting Act, and the Equal Credit Opportunity Act.

“Notice of Termination” has the meaning set forth in Section 22.9.

“OFAC” means the United States Department of Treasury’s Office of Foreign Assets Control. “OFAC List” means a list of individuals and companies published by OFAC which individuals and companies are owned or controlled by, or acting for or on behalf of, targeted countries. The OFAC List also includes individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called “Specially Designated Nationals” or “SDNs.” The assets are blocked and United States persons are generally prohibited from dealing with them.

“Operational Complaint” has the meaning set forth in Section 12.2.

“Original Borrower Loan Amount” means, with respect to any Loan, the amount financed as stated in the related final truth-in-lending statement contained in the Loan Documents.

“Party” means either Affirm or Bank and “Parties” means Affirm and Bank.

“Payment Month” has the meaning set forth in Exhibit D.

“Person” means any legal person, including any individual, corporation, limited liability company, partnership, joint venture, association, joint-stock company, trust, unincorporated organization, governmental entity, or other entity of similar nature.

“Personal Information” means non-public, personally identifiable information related to either Party’s customers, Personnel or other third parties that has been provided to a Party by such persons or their representatives, including (i) any information that identifies, or could be used to identify, a particular Person, including the Person’s name, address, telephone number, e mail address, social security number, driver’s license, or other identifying information and credit card and financial information; and (ii) any other information considered personal identifying information under then-existing Applicable Law.

“Personnel” means the employees, contractors, and agents of a Party or its Affiliates and their employees and contractors.

“Policies” means all policies and procedures related to conducting prescreen or prequalification activity, solicitation and receipt of Applications, underwriting and processing of Applications, provision of adverse action notices, providing Loan Agreements to Applicants, and servicing the Loans.

“Prequalification Request” means any request from a prospective Applicant, in the form required by Bank, to determine whether such prospective Applicant qualifies for a Loan.

“Privacy Policy” means the privacy policy of Affirm as initially agreed by the Parties, as amended or modified from time to time by Affirm in accordance with the terms of this Agreement.

“Program” means Affirm’s program for the marketing and servicing of Loans which Bank will originate pursuant to the Program Terms.

“Program Data” means information that is provided to or obtained by a Party in the performance of its obligations under this Agreement or otherwise, including (a) individual and aggregate data from Applications and Loans; (b) information provided to or obtained by a Party that was originally derived from the other Party’s sources of Applications or Loan data; and (c) data from Prequalification Requests.

“Program Insights” means the business strategies derived from the Program Data or the business strategies and business operating rules proposed or originated by Affirm, including (a) pricing strategy; (b) loan origination marketing strategy and marketing channels; (c) fraud prevention strategy and rules, including an identity theft/red flags program and policy as described in Section 13.9; (d) collection and recovery strategy; and (e) data from Prequalification Requests.

“Program Start Date” means the date on which an Applicant that is not an employee of Affirm or Bank first submits a Prequalification Request or an Application.

“Program Terms” means the terms of this Agreement and the terms, procedures and materials governing the Program, which have been duly adopted and approved by Bank, including (i) forms of Loan Documents, disclosure and other documents relating to the Program; (ii) the Credit Policy; (iii) the CMS; and (iv) the Marketing Materials.

“Proprietary Information” means the Trade Secrets, Confidential Business Information, and Personal Information of a Party and its Affiliates. Proprietary Information does not include any information that (a) was in the Receiving Party’s possession before being disclosed to it by the Disclosing Party; (b) is or becomes a matter of public knowledge through no fault of the Receiving Party; (c) is rightfully received by the Receiving Party from a third party without a duty of confidentiality; (d) is disclosed by the Disclosing Party to a third party without a duty of confidentiality on the third party; or

(e) is independently developed by the Receiving Party without use of the Disclosing Party’s Proprietary Information.

“Proprietary Material” has the meaning set forth in Section 18.1.

“Protected Data” means all Applicant, Borrower, Person and other sensitive authentication data related to the Program, including: (i) all data and information that is protected or covered by the Payment Card Industry Data Security Standard, (ii) social security numbers and other official identification numbers; (iii) credit card or debit card numbers; (iv) bank account numbers; (v) critical infrastructure information (including physical site plans, IT systems information, system passwords, and information security plans); (vi) information protected by nondisclosure agreements; (vii) law enforcement and investigative records; (viii) employee information; (ix) internal emails; and (x) internally-produced documents.

“Purchase Price” has the meaning set forth in the Loan Sale Agreement.

“Qualifying Applicant” means any Person who (i) requests a Loan from Bank as part of the Program, (ii) qualifies for credit under the Credit Policy and (iii) resides in a State where the Program is offered.

“Reasonable Security Procedures and Practices” means and includes appropriate security measures for its operations that: (i) are in accordance with technological developments and evolving security needs; (ii) include administrative, technical and physical safeguards, including the use of secure and up-to-date encryption to protect Borrower Data and Protected Data while in transmission or storage; (iii) use reasonable precautions to protect the security, integrity, and confidentiality of the Borrower Data and Protected Data; (iv) protect against unauthorized access to or use of Borrower Data and Protected Data that could result in the destruction, use, modification or disclosure of Borrower Data and Protected Data, or substantial harm to Disclosing Party or any individual; and (v) comply with all Applicable Law, regulations, standards and industry best practices related to privacy and data security. Reasonable Security Procedures and Practices also includes establishing a computer network security policy, using reasonable methods of preventing unauthorized computer systems access, implementing administrative security controls (including in connection with any transfer, communication, remote access or storage of Borrower Data and Protected Data as permitted or required under this Agreement), installing computer network firewalls, protecting computer resources from insider abuse, having appropriate administrative procedures to restrict computer system access to Persons other than authorized users and is promptly withdrawn from terminated employees or other Persons who are no longer authorized, establishing a single point of contact for responses to security incidents, providing security and privacy training to employees and other personnel and monitoring the effectiveness of computer network security.

“Receiving Party” means the Party receiving Proprietary Information hereunder.

“Regulatory Authority” means any federal, State, local, domestic or foreign governmental, regulatory or self-regulatory authority, agency, court, tribunal, commission or other regulatory or self-regulatory entity, the United States of America, any State or other political subdivision thereof and any entity exercising executive, legislative, judicial, regulatory or administrative functions of or pertaining to government, in each case, that has jurisdiction or regulatory oversight with respect to the Program.

“Regulatory Communications” has the meaning set forth in Section 11.2.

“Renewal Term” has the meaning set forth in Section 22.1.

“Retail Partner” means a Merchant or a Merchant’s service provider with whom Affirm has a direct contractual relationship.

“Retention Policy” means a mutually agreed upon policy that determines retention terms for documents related to the Program based on record category and includes a schedule that is based on industry standards and best practices.

“Security Incident” has the meaning set forth in Section 7.2(a).

“Services” means the sales, marketing, Application processing services and other services provided by Affirm to Bank directly or indirectly, pursuant to this Agreement.

“Servicing Policy” means the policy set forth in Exhibit H.

“Servicing Standard” has the meaning set forth in Section 2.4(d).

“SLA” means any of the service level agreements between Bank and Affirm, as set forth in Exhibit G.

“Standard Scope” has the meaning set forth in Exhibit C.

“State” means any one of the fifty states of the United States of America, the District of Columbia or any of the United States Territories.

“Term” has the meaning set forth in Section 22.1.

“Termination Fee” has the meaning set forth in Section 22.9.

“Third-Party Service Providers” has the meaning set forth in Section 23.

“Trade Secrets” means trade secrets as defined under Applicable Law, as amended from time to time, and shall include without regard to form, technical or non-technical data, formulas, patterns, compilations, programs, software programs, devices, methods, techniques, drawings, processes, financial data, financial plans, product plans, non-public forecasts, studies, projections, analyses, all customer data of any kind, or lists of actual or potential customers or suppliers, business and contractual relationships, or any other information similar to the foregoing that (a) derives economic value, actual or potential, from not being generally known and not being readily ascertainable by proper means to other persons who can obtain economic value from its disclosure or use; and (b) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. For the sake of clarity, Trade Secrets includes information provided to either Party or its Affiliates by any third parties, which that Party or any of its Affiliates is obligated to hold in confidence. Program Insights are a Trade Secret of Affirm.

“United States Territories” means Puerto Rico, Guam, the Northern Mariana Islands, the U.S. Virgin Islands, and American Samoa.

“URL” means a uniform resource locator.

In addition to the duties and responsibilities that Bank shall undertake under the Agreement, Bank shall take the following action:

1.    Prior to distribution, Bank shall review and approve collateral such as Applications, Loan Agreements, secure packaging, adverse action letters, material changes to collection letters, and website terms and conditions. Bank will review Marketing Materials according to agreed-upon sampling process and cadence.

2.    Bank shall establish a joint subscriber code with Affirm for the purpose of obtaining Applicant and Borrower credit information, and otherwise identifying Affirm and Bank, for use of the credit reporting agencies.

3.    Bank shall provide support to Affirm pursuant to the Program Terms and Applicable Law.

4.    Bank shall maintain a compliance program in accordance with sound, industry-standard third-party risk management practices and in accordance with FDIC guidance, as may be amended from time to time. The compliance program shall encompass initial due diligence, ongoing monitoring, and ongoing oversight of Affirm’s policies, procedures, processes, and operations.

5.    Bank shall provide to Affirm key personnel biographies and resumes as reasonably requested by Affirm, and shall notify Affirm of any and all changes in key personnel at Bank.

6.    Bank shall collect refunds of Funding Amounts (or portions thereof) from Merchants after such Merchants have processed returned goods or services from Borrowers and distribute such amounts to Affirm. For the avoidance of doubt, Bank’s obligation in this subsection 6 shall survive termination of the Agreement.

7.    Upon Affirm’s request, Bank shall facilitate ACH debits from Merchant bank accounts for which Affirm has been properly authorized to initiate direct debits of amounts owed to Affirm.

8.    Bank shall notify Affirm in writing within ten (10) Banking Days after the departure of a member of the executive team of Bank.

In addition to the duties and responsibilities that Affirm shall undertake under the Agreement, Affirm shall take the following action:

1.    Affirm shall provide Program definition, strategy, and pricing to be approved by Bank, subject to any exceptions permitted under the Credit Policy or otherwise under this Agreement.

2.    Affirm shall develop and maintain a website that serves as a platform for the Program through which Affirm, Applicants and Borrowers may access and provide materials and communications related to the Program.

3.    Affirm shall develop the Application, which must be approved in writing by Bank.

4.    Affirm shall ensure that all aspects of Loan approval, customer service and collections are conducted in accordance with the Program Terms. Marketing Materials will be subject to review as provided under Section 3.2.

5.    Affirm shall create, implement and manage a CMS consistent with the Bank’s written requirements for the Program as agreed by the Parties. The CMS will include appropriate governance and oversight of policies and procedures, training, complaint resolution and tracking (with regular monthly reporting to Bank), and regular testing and monitoring activities as agreed by the Parties. Testing and monitoring results will be reported to the Bank as completed.

6.    Affirm shall develop and maintain a vendor management policy in accordance with the guidance provided in the FDIC Financial Institution Letter: FIL-44-2008 or any subsequent FDIC Guidance.

7.    Affirm’s Board of Directors shall appoint a compliance officer responsible for Affirm’s CMS and all compliance-related activities. The compliance officer shall have sufficient education and work experience to oversee the CMS and Affirm shall notify Bank of such appointment or any subsequent changes in that role.

8.    Affirm shall notify Bank in writing within ten (10) Banking Days after the departure of a member of the executive team of Affirm.

9.    Affirm’s board of directors shall appoint a Bank Secrecy Act (BSA) Officer responsible for Affirm’s BSA policies, procedures, risk assessment, and all BSA-related activities. The BSA officer must have sufficient education and work experience to oversee Affirm’s BSA compliance and Affirm shall notify Bank of such appointment or any subsequent changes in that role. The BSA officer may be the same individual as the Chief Compliance Officer.

10.    Affirm shall comply with AML/KYC regulations in Application processing on behalf of Bank. This includes OFAC checks and the sending of NOAAs on behalf of Bank. Affirm shall maintain a BSA Policy that is reviewed and approved by Bank on a regular basis that addresses AML/KYC responsibilities of Affirm.

11.    Affirm shall reimburse Bank for Bank’s costs for engaging an auditor to conduct an annual compliance audit of the Program, subject to the following:

(a)    The auditor shall be a qualified independent third-party auditor mutually acceptable by Bank and Affirm;

(b)    The audit shall cover the standard scope as determined by Bank’s other credit sponsorships (“Standard Scope”);

(c)    Costs related to a Standard Scope audit payable by Affirm shall not exceed [***];

(d)    Affirm may add additional matters and review procedures to the audit scope in order to satisfy requirements of other Persons that have contracted with Affirm but the costs of such additional matters shall be borne by Affirm and shall not reduce the [***] audit reimbursement amount agreed to above;

(e)    Bank shall share all aspects of the audit and the audit process, include the full audit report, summary, suggestions and other matters, with Affirm;

(f)     Bank shall keep the results of such report and audit confidential. Bank may share such report and audit with Bank’s board of directors, compliance officers and regulatory authorities;

(g)    Affirm may share the results of such report and audit with third parties who are subject to a non-disclosure agreement; and

(h)    Bank shall make best efforts to protect the rights of Affirm to share the audit with third parties pursuant to subsection (g) above and ensure that such rights are not restricted by the agreement between Bank and the auditor.

12.    Affirm shall develop and implement a GLBA-compliant Information Security Program which shall include either an annual SOC II Type II audit or an annual PCI certification program and an annual penetration testing.

13.    Affirm shall develop and maintain a Business Continuity Plan (“BCP”) and disaster recovery plan, including a Business Impact Analysis, compliant with bank regulations and FFIEC guidelines, and performing at least annual testing of the plans.

14.    Affirm shall accommodate Bank’s reasonable requests for descriptions or explanations of the design, theory, logic, methodologies, data, implementation, governance, policies, etc. belonging to Affirm’s proprietary credit models used in connection with the Program, as set forth in the Agreement.

15.    Affirm shall provide Bank with account-level reporting through a daily data feed, per the Data Requirements, which shall be implemented and tested before launching the Program.

16.    Affirm shall provide Bank with Program key performance indicators as agreed to by Bank and Affirm, such as portfolio performance, delinquency and charge-off rates in a format and frequency as mutually agreed, but no less than quarterly. At a minimum, Affirm shall provide to Bank quarterly financial statements and an annual financial audit to the extent required under Section 20.12 of this Agreement.

17.    Affirm shall provide appropriate fair lending testing reports as directed by Bank, at least annually, to verify compliance with all applicable fair lending laws including any potential disparate impact.

18.    Affirm shall contract with a secondary, backup servicer for the Program within an agreed upon time line. Affirm may use an existing backup servicer used by Affirm in other projects.

19.    Affirm shall operate the Program in compliance with all Applicable Laws, regulations and regulatory guidance. Affirm shall provide information reasonably requested by Bank (including Affirm’s records and customer information) to Regulatory Authorities as needed and as requested from time to time as required to conduct regulatory exams; provided, however, that the cost of any additional audits required from Affirm in connection therewith by any Regulatory Authority shall be shared equally by Bank and Affirm.

Affirm determines the validity of OFAC flagged Applicants using the attached OFAC Standard Operating Procedure. Affirm shall provide a list of OFAC flagged Applicants that are valid matches to Bank once per quarter.

Affirm shall provide Data Requirements to Bank based on the attached Sample Daily Draw File and Data Dictionary.