Private Label Banking Program Agreement by and between Customers Bank and T-Mobile USA, Inc. dated as of February 24, 2017

This PRIVATE LABEL BANKING PROGRAM AGREEMENT (together with any exhibits, schedules, and attachments, collectively, this “Agreement” or the “Agreement”) is dated this 24th day of February , 2017 (the “Effective Date”) and is by and between T- MOBILE USA, INC., a corporation organized and existing under the laws of Delaware, with offices located at 12920 SE 38th Street, Bellevue, Washington 98006-1250 (“Company”), and CUSTOMERS BANK, a Pennsylvania state-chartered banking institution with a mailing address of 99 Bridge Street, Phoenixville, Pennsylvania 19460 (“Bank”). Company and Bank are collectively referred to as the “Parties” and are individually referred to as a “Party.”

NOW, THEREFORE, in consideration of the mutual covenants and conditions hereinafter set forth, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties hereto, intending to be legally bound, agree as follows:

1.CERTAIN DEFINITIONS. Capitalized terms used herein shall have the meanings ascribed to such terms in this Section 1 or in the body of this Agreement and such meanings shall be applicable to both the singular and the plural forms of such terms.

(a)    “Account Agreement” means, collectively, the agreement(s) between Bank and a Customer governing the terms and use of a T-Mobile Customer Account or a Card and all related disclosures as may be required by Applicable Law or deemed necessary by Bank.

(b)    “Account Terms and Conditions” has the meaning ascribed to such term in Section 3.1(a).

(c)    “Active T-Mobile Customer” means (1) a T-Mobile Customer that has made a deposit or withdrawal to a T-Mobile Customer Account in the previous three (3) months; or (2) has an open account with a balance.

(f)    “Applicable Law” means, as and to the extent applicable to a Party, (i) any international, federal, state, or local law, (ii) any regulation, rule, supervisory guidance, guideline, directive, or interpretation promulgated or published by any Regulatory Authority, or (iii) any order issued by a court having jurisdiction over a Party related to the issuance, sale, authorization or usage of the Cards or services to be provided under this Agreement.

(w)    “Company Marks” means the Marks of Company set forth in Exhibit 0 and the Marks of Company for the Program, in each case, as such Marks may be modified or updated from time to time by Company.

(x)    “Company Specific User Interface” has the meaning ascribed to such term in Section 14.2.

(z)    “Control” means the occurrence of one or more of the following events: (i) a purchase, lease, or other acquisition of all or substantially all of the assets of a party; (ii) a purchase or other acquisition (including by way of merger, consolidation, share exchange, or otherwise) of securities representing fifty percent (50%) or more of the voting power of a party; or (iii) possession, directly or indirectly, of power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests, by contract, or otherwise) of a party.

(aa) “Customer Activation Process” has the meaning ascribed to such term in Section 10(d) of Exhibit D.

(bb) “Deposit Account” shall have the meaning set forth in Section 3(1) of the Federal Deposit Insurance Act, 12 U.S.C. § 1813(1), including, without limitation, demand deposit accounts, certificates of deposit, savings accounts, NOW accounts, individual retirement accounts and, to the extent applicable, omnibus deposit accounts and their subaccounts (as described in Federal Deposit Insurance Corporation General Counsel’s Opinion No. 8 – Insurability of Funds Underlying Stored Value Cards and Other Nontraditional Access Mechanisms).

(cc) “Digital Banking Platform” has the meaning ascribed to such term in Section 10 of Exhibit D.

(gg) “DT Marks” means the Marks of DT set forth in Exhibit 14.6, as such Marks may be modified or updated from time to time by Company.

(ll)    “Fee Auditor” has the meaning ascribed to such term in Section 9.3.

(mm) “Fee Audit Report” has the meaning ascribed to such term in Section 9.3.

(nn) “Fees” means all banking revenue generated from the use of the T-Mobile Customer Accounts, including any Card usage, interchange and miscellaneous fees.

(tt) “Initial Card Credentials” has the meaning ascribed to such term in Section 10(c) of Exhibit D.

(vv)    “Interchange Fee Limits” has the meaning ascribed to such term in Section 7.1(g).

(xx) “Issuer Network Assessment” means domestic assessments, cross-border volume fees, transaction processing fees, and other related fees, net of rebates and incentives, assessed by the payment card or ATM networks (or any similar entities) on Bank for providing transaction processing and other payment-related products and services.

(yy) “Joint Governance Committee” has the meaning ascribed to such term in Section 15.4(a).

(ccc) “Marks” means the trademarks, service marks, trade names, trade dress, designs, domain names, color combination, insignia, and logos (including graphic and color configurations) of a Party.

(ggg) “Mobile Application” has the meaning ascribed to such term in Section 10(c) of Exhibit D.

(hhh) “Mobile Network Operator” means any providers of wireless services, wireless carriers, cellular companies, or mobile network carriers, including, but not limited to, Verizon, AT&T, and Sprint, in each case, including any affiliates and subsidiaries.

(iii) “Mobile Offering” has the meaning ascribed to such term in Section 10(a) of Exhibit D.

Section 10.2(b).

(mmm)“Net Interchange Fees” means the total of all interchange revenue (net of any Issuer Network Assessments) received from payment card networks in connection with the use of Cards.

(nnn) “Online Offering” has the meaning ascribed to such term in Section 10(a) of Exhibit D.

of Exhibit D.

(rrr)    “Program Manager” has the meaning ascribed to such term in Section 15.4(a).

(vvv) “Regulatory Audit” has the meaning ascribed to such term in Section 3.4(c).

(www) “Regulatory Authority” means, as the context requires, the Office of the Comptroller of the Currency; the FDIC; the Federal Reserve Board; the Consumer Financial Protection Bureau; the Federal Trade Commission; the Financial Crimes Enforcement Network; and any other international, foreign, federal or state regulator or agency having jurisdiction over Bank or Company.

(xxx) “Rejection Notice” has the meaning ascribed to such term in Section 10(e) of Exhibit D.

(yyy)    “Renewal Term” has the meaning ascribed to such term in Section 10.1.

(zzz)    “Sale Option” has the meaning ascribed to such term in Section 10.5(a).

(aaaa) “Sale Option Notice” has the meaning ascribed to such term in Section 10.5(a).

(ffff) “Supervisory Objection” means (i) an objection, verbally or in writing, raised by a Regulatory Authority having supervisory authority over Bank that expresses the Regulatory Authority’s opinion that one or more provisions of this Agreement constitute a violation of Applicable Law or is unsafe or unsound, (ii) any cease-and-desist or other similar formal written order of a Regulatory Authority, or (iii) a written directive by a Regulatory Authority to cease or materially limit performance of the obligations under this Agreement; provided, that, notwithstanding anything to the contrary, a determination by the FDIC that the T-Mobile Customer Accounts constitute Broker Deposits shall not be considered to be a Supervisory Objection for purposes of the Agreement.

(iiii) “T-Mobile Customer Account” means the Deposit Account(s) of a T-Mobile Customer in connection with the T-Mobile Customer’s participation in the Program and receipt and use of the T-Mobile Financial Services that is held at Bank and that is subject to an Account Agreement between Bank and the T-Mobile Customer.

(jjjj) “T-Mobile Financial Services” means the products, services, features, and functionality set forth on Exhibit F.

(kkkk) “T-Mobile Retailer” means any Company-owned T-Mobile location and/or any T- Mobile dealer location, as determined by Company from time to time.

(mmmm) “Transition Assistance Period” has the meaning ascribed to such term in Section 10.4(a).

(nnnn) “Transition Assistance Services” has the meaning ascribed to such term in Section 10.4(a).

2.1    Purpose. The Program established pursuant to this Agreement will allow customers of Company, through Bank’s standard and customized technology and financial products and services (including the establishment of T-Mobile Customer Accounts, the issuance of Cards and other financial products and services, as further described herein), to receive and use the T-Mobile Financial Services.

2.2    Development and Implementation of Program. Bank shall develop and implement the Program in accordance with this Agreement, including Exhibits A, B, C, D, E, F, G, H, I, and J, which exhibits are hereby incorporated into and made a part of this Agreement.

3.1    Marketing. Bank acknowledges that Company may promote and market the Program to prospective T-Mobile Customers from time to time. Company agrees that it will promote and market the Program in accordance with Applicable Law and this Agreement.

(a)    [***]. The terms and conditions applicable to each T-Mobile Customer Account offered pursuant to the Program shall be mutually agreed upon by Bank and Company prior to the implementation of the Program and shall be set forth in an Account Agreement between Bank and each T-Mobile Customer (as updated from time to time in accordance with this Agreement, the “Account Terms and Conditions”). [***]. Notwithstanding the foregoing, Company acknowledges that Bank is subject to certain regulatory obligations under Applicable Law and, as such, Bank shall have final authority on certain components of the Account Terms and Conditions that implicate Applicable Law. Bank agrees that, during the Term, Bank will provide Company with the Account Terms and Conditions and with any updates or modifications to the Account Terms and Conditions promptly; provided, that, prior to implementing any updated or modified Account Terms and Conditions, Bank shall obtain Company’s approval so long as such updates or modifications are not required by Applicable Law, in which case Bank shall not be required to obtain Company’s approval. Bank shall enter

into an Account Agreement with each T-Mobile Customer that elects to participate in the Program, subject to Bank’s usual and customary account opening procedures. Bank represents, warrants, and covenants that the account opening procedures for T-Mobile Customers in connection with the Program will be substantially similar to the account opening procedures Bank uses for all other prospective consumer checking - and savings - account customers of Bank.

(b)    Company will submit all proposed Solicitation Materials (and ongoing changes to same) to Bank for review and written approval prior to the release or use of such Solicitation Materials in the marketplace for the purpose of allowing Bank to review such Solicitation Materials to ensure that they comply with Applicable Law with respect to financial services under this Agreement. Bank shall review any Solicitation Materials and notify Company of its decision with respect to such Solicitation Materials within a commercially reasonable period of time; provided, that for Solicitation Material less than [***], Bank will reply within [***] following Bank’s receipt of such Solicitation Materials. Bank may only reject the use of Solicitation Materials if Bank reasonably determines that such Solicitation Materials are likely to cause Bank or Company to violate Applicable Law. Company agrees that it will make any changes, on a prospective basis, in such terms, manner and conditions that the Bank deems reasonably necessary to comply with Applicable Law and Regulatory Authority guidance. In addition, Bank shall have the right to object to any Solicitation Materials that Bank believes will negatively affect Bank’s reputation, and Company agrees to consider such objection in good faith and to add a mutually agreed upon disclosure to address Bank’s specific reputational concerns. Notwithstanding the foregoing, it is expressly understood that Bank’s review and approval or rejection of the Solicitation Materials shall be for Bank’s own independent purposes and Bank’s approval of Solicitation Materials shall not constitute a certification to Company of any kind, other than to grant Company permission to use such Solicitation Materials pursuant to this Section 3.1(b). It is further understood that Bank shall have the right to withdraw approval of any previously approved Solicitation Material in the event of a change in Applicable Law or court decision related to the Solicitation Materials that adversely reflects on the Solicitation Materials or upon written or verbal direction of any Regulatory Authority with supervisory authority over Bank or the Solicitation Materials. Bank and Company shall cooperate to ensure that all Solicitation Materials comply with all applicable payment card network (e.g., Visa, Mastercard, etc.) guidelines, policies and rules.

3.2    Bank Secrecy Act Compliance. Company will reasonably cooperate with Bank, as mutually agreed by the Parties, in the implementation of Bank’s anti-money laundering and anti-terrorism financing compliance program (as modified from time to time, the “AML Program”) in accordance with Applicable Law, including in connection with Bank’s implementation of such commercially reasonable policies and procedures, and modifications to the Program, that may be required by Applicable Law. Company will reasonably cooperate with Bank, as mutually agreed by the Parties, in the implementation of measures to allow Bank to verify the identity of all T-Mobile Customers and prospective T-Mobile Customers consistent with Applicable Law.

3.3    Program and Compliance Training. Company shall, or shall permit Bank to, train representatives of Company that will be involved in the marketing, promotion, or implementation of the Program. The Parties agree that the training shall be conducted

periodically as mutually agreed by the Parties, [***].

(a)Bank will keep and maintain complete records reflecting the identity of each T- Mobile Customer and the steps taken to verify the identity of each T-Mobile Customer, if verification is required under Applicable Law or this Agreement. With respect to each T- Mobile Customer Account, Bank shall retain all required records for the time period required by Applicable Law and shall retain records for no less than five (5) years after the closure of a T- Mobile Customer Account or the termination of this Agreement, whichever is earlier.

(b)[***]

(ii)    Each Party reserves the right, at its own expense to inspect, copy and audit the other Party, including any records of the other Party directly relating to the other Party’s performance hereunder, including Company’s right to perform technology assessments on Bank’s technology architecture and to provide input to Bank in connection therewith. Any such audit will be conducted at mutually agreed upon times, upon reasonable prior written notice (but in no event on, less than thirty (30) business days’ written notice), and in a manner designed to minimize any disruption to the other Party’s normal business activities; provided, however, that in agreeing to times for the audit, the other Party shall be reasonable in scheduling the audit. The Parties shall reasonably cooperate and accommodate each other in connection with audit requests. The Parties agree that the audit rights hereunder will be exercised during normal business hours and no more than once in any twelve (12) month period, except that a Party shall be entitled to additional audits (but in no event more frequently than quarterly) if: (i) critical issues were identified in a previous audit (including any non-compliance with this Agreement); (ii) there is a material change to the business or financial condition of either Party; or (iii) there is a material increase in regulatory scrutiny of Bank or the Program. The Parties agree that upon the occurrence of (i), (ii) or (iii), the Parties will provide reasonable updates in connection with such issues. If a Party is entitled to conduct such additional audits pursuant to (i), (ii) or (iii) and such additional audits relate solely to a contractual issue between the Parties, the reasonable cost of such additional audits shall be borne by Bank; provided, that, Company shall not conduct an additional audit if (w) the additional audit relates to regulatory issues at Bank, (x) a Regulatory Authority is auditing Bank in connection with such regulatory issues for which Company is entitled to conduct the additional audit (such audit, a “Regulatory Audit”), (y) Bank is permitted to and does provide Company with information in connection with the Regulatory Audit, and (z) Bank keeps Company reasonably apprised of the developments in connection with the Regulatory Audit through the conclusion of such Regulatory Audit. Each Party may engage a third party to conduct an audit of the other Party in accordance with this Section 3.4(c); provided, that the Party electing to engage a third party to conduct such an audit shall

(b)[***]

3.6    Company will work with Bank to develop and refine certain financial products and services, as well as technology enhancements, in connection with the Program.

3.7    [***]

3.8    [***]

3.9    Company agrees that any branding, notices or statements that are required by Applicable Law shall include the name or trademark of the Bank.

3.10    [***]

4.1    Representations and Warranties. Company represents and warrants to Bank as follows:

(a)    This Agreement is valid, binding and enforceable against Company in accordance with its terms, except as such enforceability may be limited by laws governing creditors’ rights and general principles of equity.

(b)    Company is a corporation duly formed, validly existing and in good standing under the laws of the State of Delaware and is duly qualified and is properly licensed to do business in each jurisdiction in which the nature of Company’s activities makes such authorization or licensure necessary. Neither the execution of this Agreement nor Company’s performance of its obligations hereunder requires any consent, authorization, approval, notice to, license, or other action by or in respect of, or filing with, any third party or any Regulatory Authority.

(c)    Company has the full power and authority to execute and deliver this Agreement and to perform all of its obligations under this Agreement. The provisions of this Agreement

and the performance by Company of its obligations under this Agreement are not in conflict with Company’s documents of formation or operation, or any other agreement, contract, lease or obligation to which Company is a party or by which it is bound.

(d)    Company has not been subject to the following, in each case, that would materially adversely affect Company’s ability to exercise its rights or perform its obligations hereunder:

(e)    There is not pending or threatened against Company any litigation or proceeding, judicial, tax or administrative, the outcome of which might materially adversely affect the ability of the Company to perform its obligations hereunder.

(a)Company will perform its obligations under this Agreement in accordance with Applicable Law.

(b)Subject to Section 8.1(b), Company will obtain and maintain appropriate licenses with respect to any trademarks and copyrights required for Company in connection with this Agreement.

(c)[***].

(d)Company will not, without Bank’s prior written consent, outsource or otherwise subcontract with third parties for the provision of any of its material obligations (each, a “Material Subcontractor”) in connection with the delivery of the T-Mobile Financial Services. Bank shall have the right to conduct due diligence on a Material Subcontractor at Bank’s reasonable discretion. Bank’s review and approval of a Material Subcontractor shall not be

unreasonably withheld, conditioned or delayed; provided, that, in any case, Bank shall review and approve or reject a Material Subcontractor within fourteen (14) days. However, any such consent of assignment of Company’s obligations hereunder shall not release Company of its obligations to Bank under this Agreement, and Company shall remain fully liable to Bank for any breach of this Agreement caused by a subcontractor or third party retained by Company. [***]. If a dispute arises in connection with the designation of a third- party service provider as a Material Subcontractor, the Parties agree that the dispute shall be referred to the Joint Governance Committee for resolution and, if the Joint Governance Committee is unable to resolve the issue, the dispute shall be referred to the Advisory Board for resolution in accordance with Section 15.4(c); provided, that, Company may use the third-party service provider during the Joint Governance Committee’s and Advisory Board’s consideration of the issue. At Bank’s request, Company shall provide, at least once annually, a list of all Material Subcontractors utilized by Company in connection with this Agreement.

(e)Company agrees that any Regulatory Authority with supervisory authority over Bank (an “Auditing Party”) shall have the right, consistent with the Regulatory Authority’s customary practices and procedures for the review of third-party relationships, [***]. Such audit, inspection or examination shall be at Bank’s sole expense (including any costs and expenses incurred by Company in connection with such audit, inspection or examination), during regular business hours of Company, on reasonable notice, and conducted in a manner so as to not interfere with Company’s normal business operations.

(f)Bank and Company will reasonably cooperate in the implementation of commercially reasonable measures designed to meet the objectives of the security and confidentiality guidelines published by various Regulatory Authorities that are applicable to Bank and the Program including, but not limited to, the implementation of appropriate policies, procedures, and other measures designed to protect against unauthorized access to or use of customer information maintained by Company in connection with the Program that could result in substantial harm or inconvenience to any T-Mobile Customer and the proper disposal of T- Mobile Customer information in connection with the Program. Company shall further cooperate with Bank in implementing a response program in connection with the Program which may require Company to take commercially reasonable actions to address incidents of unauthorized access to T-Mobile Customer Accounts or other information, including notification to Bank and T-Mobile Customers as soon as possible following any such incident. Company shall ensure that, to the extent any third-party service provider engaged by Company has access to T-Mobile Customer Account information, such third-party service provider shall

(g)[***]

6.1    Bank shall administer the Program and provide the T-Mobile Financial Services in accordance with this Agreement (including Exhibit D). Bank shall use commercially reasonable efforts to [***]. The Parties acknowledge that the offering of the Program in [***] is subject to regulatory approval, provided, that Bank shall use best efforts to obtain such regulatory approval. The Launch Date shall be adjusted to the extent Company requests changes to the Program which result in implementation delays. For purposes of clarity, Exhibit D hereto sets forth the financial products and services that Bank must provide in connection with the Program and the terms and conditions applicable to the provision of such products and services.

6.2    In addition to Bank’s other duties and obligations under this Agreement, Bank shall be responsible for developing and maintaining the technology and operations in connection with the Program and for delivering the T-Mobile Financial Services and Cards, and shall bear all responsibility for and pay all normal expenses of the operations, except as otherwise described in this Agreement.

7.1    Representations and Warranties. Bank represents and warrants to Company as follows:

(a)    This Agreement is valid, binding and enforceable against Bank in accordance with its terms, except as such enforceability may be limited by laws governing creditors’ rights and general principles of equity.

(b)    Bank is a state bank, validly chartered and in good standing under the laws of the Commonwealth of Pennsylvania, and is duly qualified and is properly licensed to do business in each jurisdiction in which the nature of Bank’s activities, including in connection with this Program, makes such authorization or licensure necessary. Neither the execution of this Agreement nor Bank’s performance of its obligations hereunder requires any consent, authorization, approval, notice to, license, or other action by or in respect of, or filing with, any third party or any Regulatory Authority.

(c)    Bank has the full power and authority to execute and deliver this Agreement and to perform all its obligations under this Agreement. The provisions of this Agreement and the

performance by Bank of its obligations under this Agreement are not in conflict with Bank’s charter, bylaws or any other agreement, contract, lease or obligation to which Bank is a party or by which it is bound.

(d)    Bank is not subject to any order, judgment, decree, or any other legal or regulatory action that could impede, impair, or prevent Bank from fulfilling all of its obligations under this Agreement.

(f)    There is not pending or threatened against Bank any litigation or proceeding, judicial, tax or administrative, the outcome of which might materially adversely affect the continuing operations of Bank.

(g)    As of the date of this Agreement, Bank qualifies for the small issuer exemption pursuant to 12 C.F.R. § 235.5(a) (as modified or amended from time to time, the “Durbin Exemption”) and Card activity in connection with the Program is not subject to the cap on interchange fees pursuant to 12 C.F.R. § 235.3, (as modified or amended from time to time, the “Interchange Fee Limits”).

(a)Bank will perform its obligations under this Agreement in accordance with Applicable Law.

(b)[***].

(d)To the extent permitted by Applicable Law, Bank will promptly give written notice to Company of any material change in the business operations (including Bank’s compliance programs) or condition, financial or otherwise, of Bank if such material change is reasonably likely to affect Bank’s ability to perform its obligations hereunder.

(e)In the event Bank receives notice of a complaint regarding the Program from any third party, including any state or federal regulator, consumer protection or advocacy agency, or other similar party, Bank shall, subject to any restrictions or provisions of Applicable Law and any obligation to maintain the confidentiality of such complaint or communication, promptly forward such complaint to Company and shall review, investigate, and resolve such complaint.

(f)Bank will, to the extent permitted by Applicable Law, promptly notify Company upon becoming aware of (i) any formal regulatory investigation, regulatory inquiry, enforcement action, or the like involving Bank or in connection with the Program (provided that the foregoing shall not apply to any informal regulatory discussions or informal audits conducted in the ordinary course of Bank’s business), or (ii) any order, judgment, decree, or any other legal or regulatory action that could affect the Program, and Bank will provide, to the extent permitted by Applicable Law and upon Company’s reasonable request, any information and materials requested by Company in connection therewith.

(g)Bank will make available, at least once annually, a reasonable summary of the Bank’s risk assessments in connection with the Program and will give Company the option, at least once annually, to review the risk assessments in their entirety at the Bank’s offices.

(h)Bank will not, without providing at least ninety (90) days’ prior written notice to Company, outsource or otherwise subcontract with third parties for the provision of any of its obligations under this Agreement. Company shall have the right to conduct due diligence on all new third-party service providers at its reasonable discretion prior to Bank’s use of any third- party service provider in connection with this Agreement. Notwithstanding anything to the contrary, Bank’s use of any third party-service provider to perform any of Bank’s obligations under this Agreement shall not release Bank of its obligations to Company under this Agreement, and Bank shall remain fully liable to Company for any breach of this Agreement caused by any third-party service provider retained by Bank. Notwithstanding anything to the contrary, Company hereby approves the third-party service providers set forth on Schedule 8.1(i)(h).

(i)Bank will implement commercially reasonable measures designed to meet the objectives of the security and confidentiality guidelines published by various Regulatory Authorities relevant to the Program, including, but not limited to, the implementation of appropriate policies, procedures, and other measures designed to protect against unauthorized access to or use of customer information maintained by Bank in connection with the Program that could result in substantial harm or inconvenience to any T-Mobile Customer and the proper disposal of T-Mobile Customer information in connection with the Program. Bank shall further implement a response program in connection with the Program consistent with the requirements

of its Regulatory Authority, including, without limitation, notification to Company and affected T-Mobile Customers as soon as reasonably possible following any such incident. Bank shall ensure that any third-party service provider having access to T-Mobile Customer information is obligated to cooperate in the implementation of similar security measures and response programs.

(j)Bank will, at all times, comply with the obligations set forth in Exhibit J [Security Safeguards, Company Information, and Cardholder Information] hereto. In the event of any conflict between the terms and conditions of this Agreement and the terms and conditions of Exhibit J with respect to the subject matter thereof, the terms and conditions set forth in Exhibit J shall control.

(k)Bank shall, while this Agreement is in effect, prepare and maintain disaster recovery, business resumption, and contingency plans in connection with the Program consistent with the requirements of its Regulatory Authority. Bank shall periodically test such disaster recovery, business resumption, and contingency plans as may be appropriate and prudent in light of the nature and scope of the activities and operations of Bank and its obligations hereunder and shall promptly provide Company with a summary of the results of any such tests.

(l)If, at any time during the Term, Bank no longer qualifies for the Durbin Exemption, Bank will use best efforts to consummate a transaction pursuant to which a financial institution that qualifies for the Durbin Exemption (the “Durbin-Exempt Bank”) will become the holder of the T-Mobile Customer Accounts and the issuer of Cards in connection with the Program; provided, that (i) the Durbin-Exempt Bank shall be reasonably acceptable to Company, (ii) the transition of the T-Mobile Customer Accounts to the Durbin-Exempt Bank shall not have any adverse impact on T-Mobile Customers, as determined by Company in its reasonable discretion; and (iii) Bank shall ensure that all of Bank’s obligations under this Agreement will continue to be honored in accordance with the terms of this Agreement without modification hereof. Notwithstanding the foregoing, any transaction with, or assignment to, a Durbin-Exempt Bank that is announced prior to the Beta Launch Date shall not require Company’s approval or consent as described in this Section 8.1(l)(i)-(ii). If Bank is unable to consummate such a transaction, then, notwithstanding anything to the contrary in this Agreement: (i) Bank will continue to operate and administer the Program and satisfy all of its obligations under this Agreement in accordance with the terms of this Agreement; and (ii) Bank will pay to Company, on a monthly basis, one-hundred percent (100%) of Net Interchange Fees for Card activity in connection with the Program during the period in which Bank is not eligible for the Durbin Exemption.

(m)Subject to Company’s input and approval with respect to (i) the structure of the Program and the Sale Option, (ii) the financial institution that will hold the T-Mobile Customer Accounts and any deposits received by Bank for T-Mobile Customer Accounts, and (iii) any other term or condition Company deems relevant, [***].

(n)In the event of any Supervisory Objection, Bank will promptly notify Company in writing of such Supervisory Objection (the “Supervisory Objection Notice”) and such Supervisory Objection Notice will describe, in sufficient detail, the nature of the Supervisory Objection and the extent to which the Supervisory Objection could affect the Program. In the case of a written Supervisory Objection, Bank shall provide the Supervisory Objection Notice along with a copy of the written Supervisory Objection, except as prohibited by Applicable Law. Prior to implementing any change to the Program in connection with any Supervisory Objection, Bank shall use best efforts to meet and work with Company to resolve the Supervisory Objection by way of a mutually agreed-upon solution. Except as prohibited by Applicable Law, Bank shall provide Company with any information reasonably requested by Company in connection with any Supervisory Objection. In the event any Supervisory Objection directing Bank to terminate this Agreement is not in writing, Bank agrees to request, and use reasonable efforts to obtain, a written Supervisory Objection and to provide such written Supervisory Objection to Company. If Bank is unable to obtain a written Supervisory Objection directing Bank to terminate this Agreement, then Bank will use best efforts to facilitate a meeting among the Regulatory Authority and Bank to discuss the oral Supervisory Objection directing Bank to terminate this Agreement. If Bank is unable to (i) obtain a written Supervisory Objection and to provide such Supervisory Objection to Company or (ii) facilitate a meeting among the Regulatory Authority and Bank, then Bank shall provide an official letter from Bank’s board of directors that represents and warrants that Bank is subject to a Supervisory Objection that requires Bank to terminate this Agreement and that describes such Supervisory Objection in sufficient detail. Notwithstanding the foregoing, in no event shall Bank be required to provide documentation or information to the extent prohibited by Applicable Law.

(o)Within thirty (30) days following the execution of this Agreement, Bank will complete Company’s information technology risk assessment. Bank will remediate any issue(s) identified in the information technology risk assessment to Company’s satisfaction prior to the Beta Launch Date; provided, that if Bank fails to remediate any such issue(s) to Company’s satisfaction prior to the Beta Launch Date, Company may terminate this Agreement.

9.1    Program Revenues. Each Party will be entitled to and responsible for those fees and charges as set forth in Exhibit B hereto [Fee Schedule]. Except for those fees expressly set forth in this Agreement (including Exhibit B), Bank shall not impose any other fees on Company in connection with this Agreement. The Parties acknowledge and agree that the [***]. At any time, if Bank and Company agree upon additional services from Bank, the Parties will negotiate in good faith to determine the pricing for such additional services. Company shall be entitled to compensation as set forth on Exhibit

9.2    Implementation Fee. Company agrees to pay a fee in the amount of [***] to Bank for the development, design, and creation of the Program (the “Implementation Fee”). The Implementation Fee shall be paid in increments according to the following schedule: [***].

9.3    Program Fees. Bank shall maintain fees for the Program that are, in the aggregate, at or below industry standards relative to private-label banking programs administered by other banks. Bank agrees that, at all times, the fees imposed on Company in connection with the Program (including, without limitation, the fees set forth on Exhibit B), shall, in the aggregate, be at least as favorable to Company as the fees charged by Bank in connection with any other private-label banking program administered by Bank. Bank shall, at least once annually at the expense of Bank, engage a qualified, mutually agreed upon third party (the “Fee Auditor”) to review and compare the fees charged by Bank in connection with the Program (including, without limitation, the fees set forth on Exhibit B) with the fees imposed by banks, generally, in connection with administering private-label banking programs (the “Fee Audit”). Bank shall cause the Fee Auditor to prepare a report that details the Fee Auditor’s findings (the “Fee Audit Report”) and to provide a copy of the Fee Audit Report to Company within thirty (30) days of completing the Fee Audit. If the Fee Audit Report indicates that Bank is imposing fees on Company in connection with the Program in the aggregate in excess of fees imposed by other banks in connection with private-label banking programs, then Bank shall formulate a plan for Bank to satisfy its obligations under this Section 9.3, which plan shall be subject to Company’s approval.

9.4    Fees Payable to Bank. Company will remit all undisputed fees to Bank within sixty (60) days after an invoice is uploaded into Company’s accounts payable system (the “Invoice Receipt Date”). Bank agrees that Bank waives any rights to any Charges payable under this Agreement that are not invoiced by Bank to Company within one-hundred eighty (180) days after the provision of services.

(a)    Company will notify Bank of any disputed fees in writing. Bank and Company will attempt in good faith to resolve any disputed amounts. If Company agrees to pay all or a portion of a disputed amount, Bank will re-invoice that amount. Company will pay all such re- invoiced amounts to Bank within sixty (60) days after the reissued invoice is uploaded into Company’s accounts payable system. For the avoidance of doubt, the date on which any re- issued invoice uploaded into Company’s accounts payable system will be deemed to be the Invoice Receipt Date.

(b)    All invoices will follow Company’s invoicing standards. At a minimum, each invoice issued by Bank to Company must be in a form and content reasonably acceptable to Company and meet the requirements in this Agreement. Each invoice must contain details describing the basis for the requested payment, including a description of the services performed and such other details as may be reasonably necessary to explain the charges in the

invoice. Bank will furnish such receipts, documents and other supporting materials as Company reasonably may request to verify the charges set forth in any invoice. Bank agrees that any terms or conditions included on the invoice that are in conflict with this Agreement are null and void.

(c)    Electronic Payments. Company will issue all payments to Bank via ACH through Company’s electronic payment system. Bank will enroll in Company’s electronic payment system in order to receive payments. Bank will provide a point of contact and follow enrollment instructions provided by Company to enroll in the electronic payment system.

9.5    Fees Payable to T-Mobile. Bank will remit all amounts to Company via ACH on a monthly basis as described in Exhibit A within fifteen (15) days of issuing the monthly report.

10.1    Initial Term and Renewal Terms. The term of this Agreement shall commence as of the Effective Date, and shall continue for a period of three (3) years (the “Initial Term”), unless terminated earlier in accordance with this Agreement. Company may extend this Agreement for an additional two-year (2-year) period (the “Renewal Term”) by providing written notice to Bank prior to the end of the Initial Term. The Initial Term and the Renewal Term may be referred to herein as the “Term.”

(a)Generally. In addition to any other termination rights under this Agreement, this Agreement may be terminated as follows:

Service Approval Rating of [***] in any application store [***] during the Term;

(b)Brokered Deposits Durbin Exemption. In addition to any other termination right under this Agreement, either of Company or Bank may terminate this Agreement in accordance with this Section 10.2(b) if the FDIC determines that the T-Mobile Customer Accounts constitute Brokered Deposits or if Bank, at any time during the Term, no longer qualifies for the Durbin Exemption and fails to consummate a transaction as contemplated by and in accordance with Section 8.1(l) or assign this Agreement to a Durbin-Exempt Bank subject to and in accordance with Section 15.12 and Section 8.1(l), respectively; provided, that (i) neither Party may exercise its right to terminate this Agreement pursuant to this Section 10.2(b) before July 1, 2018, and (ii) if either Party exercises its right to terminate this Agreement pursuant to this Section 10.2(b), then, notwithstanding anything to the contrary in this Agreement, Bank shall perform its obligations under this Agreement in accordance with the terms of this Agreement through June 30, 2019 (the “Modified Transition Assistance Period”). In the case of either of the foregoing, Company shall have the right to the Sale Option.

10.3    The Parties agree that, notwithstanding anything to the contrary in this Agreement, any wind-down and/or de-conversion costs (collectively, the “Wind-Down Costs”) in connection with any termination of this Agreement shall be borne by [***].

(a)Transition Period and Assistance. Upon expiration or termination of this Agreement for any reason, [***], Bank shall continue to perform its obligations under this Agreement for a period not to exceed twelve (12) months (or 18 months in the event of a termination by Company pursuant to Section 10.2(a)(ii)) of the expiration or termination date (the “Transition Assistance Period”); provided, that, Company may elect, in its sole discretion, to end the Transition Assistance Period at any time after one-hundred eighty (180) days. Notwithstanding anything to the contrary, if Bank is directed, pursuant to a Supervisory Objection, to terminate this Agreement, Bank shall use commercially reasonable efforts and work in good faith with Company and with the Regulatory Authority that issued the Supervisory Objection that directed Bank to terminate this Agreement to provide Transition Assistance Services (as defined below) as mutually agreed by the Parties and as permitted by the Regulatory Authority. During the Transition Assistance Period, Bank shall continue to perform its obligations under this Agreement in accordance with the terms and conditions specified herein and shall provide any and all assistance reasonably requested by Company to transition the Program to a Successor Institution pursuant to the Sale Option without degrading or interfering with (i) the Program, (ii) any of the services provided by Bank hereunder, or (iii) the business, operations, or systems of Company, including, without limitation: (1) any data migration to Company or Successor Institution with Regulatory Authority approval at Company’s option; and (2) any other commercially reasonable transition assistance services as are reasonably requested by Company (collectively, the “Transition Assistance Services”). For the avoidance of doubt, Bank shall provide the Transition Assistance Services in accordance with this paragraph without regard to the reason for the termination of this Agreement and the Term of this Agreement shall not be deemed to have expired or terminated until the Transition Assistance Services have been completed; provided, that, Company shall not be subject to any minimum fees or similar financial obligations during any Transition Assistance Period. The Transition Assistance Services shall be provided as part of the Program at the rates specified herein; [***].

T-Mobile Customers) in a form that is reasonably retrievable for a period of five (5) years after the closure of any T-Mobile Customer Account, or the termination of this Agreement (whichever is earlier). The Parties agree to cooperate with one another to make such records and documentation available as may be required to comply with Applicable Law, or to respond to customer inquiries, legal requests (such as a subpoena), audits, or regulatory examination requests.

(a)Upon review and discussion, the Parties acknowledge and agree that it is in the best interest of T-Mobile Customers to ensure that the T-Mobile Financial Services offered in connection with the Program maintain the value proposition offered to T-Mobile Customers in the event of the expiration or termination of this Agreement. Bank, as the financial institution that will hold the T-Mobile Customer Accounts during the Term, hereby expresses its desire to transition such T-Mobile Customer Accounts upon the expiration or termination of this Agreement and hereby agrees [***] T-Mobile Customer Accounts upon such expiration or termination; provided, that, [***] after such expiration or termination, Bank will offer Company the right of first refusal to purchase the T-Mobile Customer Accounts or to facilitate the purchase of the T-Mobile Customer Accounts to a qualified successor financial institution designated by Company (the “Successor Institution”), in each case, for [***] of such T-Mobile Customer Accounts, which shall be determined in accordance with Section 10.5(b) (the “Sale Option”). If Company does not accept the Sale Option, Bank may sell the T-Mobile Customer Accounts to any financial institution. If Company accepts the Sale Option, Company shall: (1) provide written notice to Bank [***] following receipt of the Sale Option (the “Sale Option Notice”); (2) execute, or facilitate the execution of, an agreement for the purchase of the T-Mobile Customer Accounts [***] following the delivery of the Sale Option Notice to Bank; and (3) provide, or cause the Successor Institution to provide, Bank with a detailed outline of its intentions in connection with the T-Mobile Customer Accounts, including, as applicable, the identity of the Successor Institution, the procedures for the transition of the T-Mobile Customer Accounts, and any other information reasonably requested by Bank that is necessary to facilitate the Sale Option. The Parties agree that the Sale Option shall be contingent upon the execution of an agreement that sets forth the mutually agreed to terms and conditions of the Sale Option.

(b)The sale price will be equal to [***]

[***]. Subject to the receipt of all necessary approvals from any Regulatory Authority, Bank agrees to transition the T-Mobile Customer Accounts to Company or the Successor Institution, as applicable, within [***] after closing of the Sale Option.

(c)If Company elects to accept the Sale Option and the T-Mobile Customer Accounts are transitioned to Company or the Successor Institution, as applicable, [***]. If Company accepts the Sale Option within the time period provided under Paragraph 10.5(a), the Term of this Agreement shall be extended and the Parties shall remain in compliance with all provisions of this Agreement, including the timely payment of all other fees and sums called for under this Agreement, through the date that the T-Mobile Customer Accounts are transitioned to Company or the Successor Institution, as applicable; provided, that Company shall not be subject to any minimum fee or similar commitments following the effective date of any expiration or termination of this Agreement. Company or the Successor Institution will be responsible for obtaining any necessary approvals from any Regulatory Authority.

10.6    Exclusivity and Cross-Marketing. Bank agrees that, for the duration of the Term, (i) Bank shall not offer any financial products or services that are substantially similar to the T- Mobile Financial Services to any other Mobile Network Operator in the United States, and (ii) Bank shall not target any T-Mobile Customers using any T-Mobile Customer or Company customer list(s) or any data from or about the Program for the purpose of marketing or selling any financial product or service, other than the T-Mobile Financial Services, to any such T-Mobile Customer. Company agrees that, for the duration of the Term, Company shall not offer a consumer-facing demand deposit account with any other financial institution. The provisions of this Section 10.6 shall not apply during any Termination Assistance Period.

11.1    Confidential Information. The term “Confidential Information” shall mean this Agreement and any and all proprietary information, data, trade secrets, business information and other information of any kind whatsoever which (a) a Party discloses in writing, orally, or visually (the “Discloser”) to the other Party (the “Recipient”) or to which the Recipient obtains access in connection with the negotiation of this Agreement or the exercise of its rights or performance of its obligations hereunder, and which (b) relates to (i) the Discloser’s business or business practices, (ii) the Discloser’s customers and/or associates, or (iii) consumers who have made Sensitive Customer Information available to Bank and/or Company. “Sensitive Customer

Information” means “non-public personal information,” as defined in the Gramm-Leach-Bliley Act and its implementing regulations (the “GLBA”). Except as otherwise provided in Section 11 of this Agreement, Confidential Information may only be accessed, used, and disclosed by the Parties for the business purpose contained herein.

11.2    Sensitive Customer Information. Each Party acknowledges and agrees that it will protect, maintain, use, and disclose Sensitive Customer Information in accordance with this Agreement and in a manner that is not prohibited by Applicable Law. In addition to the other requirements set forth in Section 11 regarding Confidential Information, Sensitive Customer Information shall be subject to the additional restrictions set forth in this Section 11.2. The Recipient shall access, use, and disclose Sensitive Customer Information only for the purpose of exercising its rights and performing its obligations hereunder and shall disclose such Sensitive Customer Information only to its affiliates, employees, officers, agents, subcontractors, and third-party vendors (collectively, “Recipient Third Parties”) on a “need to know” basis and only to the extent such Recipient Third Parties are subject to obligations with respect to such Sensitive Customer Information that are no less restrictive than the obligations imposed on Recipient hereunder. The restrictions set forth herein shall apply during the Term and after the termination of this Agreement.

11.3    Marketing Data. Bank acknowledges and agrees that it will provide to Company, and Company may securely maintain, [***]. Bank agrees that it will make any and all disclosures and obtain any and all consents, authorizations, and approvals from T-Mobile Customers required under Applicable Law for Company to exercise its rights and for Bank to perform its obligations hereunder.

11.4    Compliance with Applicable Law. The Parties shall comply with Applicable Law with respect to the use and disclosure of Sensitive Customer Information.

11.5    Disclosure to Employees, Agents and Third Parties. Each of the Parties, as a Recipient, hereby agrees on behalf of itself and Recipient Third Parties that Confidential Information will only be disclosed or made available to Recipient Third Parties on a “need to know basis” for a Party to exercise its rights and perform its obligations hereunder and only if such Recipient Third Parties are subject to confidentiality obligations with respect to such Confidential Information that are no less restrictive than the obligations imposed on the Recipient hereunder. Each of the Parties, as a Recipient, also may disclose Confidential Information as required by law; provided, that, prior to any disclosure of Confidential

Information as required by law, the Recipient shall (i) notify the Discloser of any actual or threatened legal compulsion of disclosure and any actual legal obligation of disclosure immediately upon becoming so obligated, and (ii) cooperate with the Discloser’s reasonable, lawful efforts to resist, limit or delay disclosure.

11.6    Return/Destruction of Materials. Upon the termination of this Agreement, or at any time upon the request of a Party, the other Party shall return or, at the requesting Party’s election, destroy all Confidential Information, including Sensitive Customer Information, in the possession of such Party or in the possession of any third party over which such Party has or may exercise control, except as otherwise provided in this Agreement or as required to meet record-retention requirements under Applicable Law; provided, that, Company shall be under no obligation to return or destroy Behavior Data.

11.7    Exceptions. The obligations of confidentiality in this Section 11 shall not apply to any information which a Party rightfully has in its possession when disclosed to it by the other Party, information which a Party independently develops, information which is or becomes known to the public other than by breach of this Section 11 or information rightfully received by a Party from a third party without the obligation of confidentiality.

11.8    The Parties acknowledge and agree that the same or similar information, including Confidential Information, may constitute Company data and Bank data and, to the extent such information is both Company data and Bank data, (i) Company shall retain its ownership and use rights in such Company data without restriction hereunder as to elements of Company data that are also elements of Bank data, and (ii) Bank shall retain its ownership and use rights in such Bank data without restriction hereunder as to elements of Bank data that are also elements of Company data; provided, that, notwithstanding anything to the contrary in this Agreement, Bank shall not use any data accessed, disclosed, obtained, or received in connection with the Program to market any financial products or services to T-Mobile Customers.

11.9    Media Releases. All media releases by either Party regarding the Program shall be coordinated with and, subject to requirements of Applicable Law, approved by the other Party in writing prior to the release thereof, which approval will not be unreasonably withheld or delayed.

11.10    Injunctive Relief. The Parties acknowledge that, in the event either Party breaches the terms of Section 11, the non-breaching Party shall be entitled to injunctive relief, in addition to any other remedies that may be available to it at law or under the terms of the Agreement.

12.1    Required Insurance Coverage. Except as otherwise provided in Section 12.1(e), each Party shall, at its own cost and expense, obtain and maintain in full force and effect, with financially sound and reputable insurers having A.M. Best ratings of [***] or better, insurance to cover such Party’s obligations under this Agreement. Upon execution of this Agreement and before the commencement of any services contemplated under the Agreement, each Party shall provide the other Party with a certificate of insurance or declaration page

evidencing the following coverages and amounts with such insurers and naming the other Party as an additional insured:

(a)    Commercial General Liability. Including products, completed operations liability and personal injury, contractual liability and broad form property damage liability coverage for damages to any property with a minimum combined single limit of [***] per occurrence and [***] general aggregate per location for bodily injury, death, property damage and personal injury.

(b)    Business Automobile Coverage. Covering use of any owned, non-owned, and hired automobiles with a minimum combined single limit of [***] per occurrence for bodily injury and property damage liability.

(c)    Workers’ Compensation Coverage. Including occupational illness or disease coverage, or other similar social insurance in accordance with the laws of each State in which services are performed; and Employer’s Liability Insurance with a minimum limit of [***] per occurrence.

(d)    Umbrella/Excess Liability. Coverage with a minimum limit of [***] to cover claims in excess of the coverage limits for Commercial General Liability, Employer’s Liability and Automobile Liability.

(e)    Professional Liability/Errors and Omissions Insurance. Bank shall maintain professional liability/errors and omissions liability insurance applicable to Bank’s obligations hereunder for minimum limits of [***] per claim and [***]. If such coverage is written on a claims-made basis, then (i) the retroactive date must precede the obligations performed under this Agreement, and (ii) the coverage must continue through the purchase of an extended reporting period (or continuation of the existing coverage) for [***] after termination of this Agreement.

(f)    Bank’s Obligation to Maintain Cybersecurity Insurance Coverage. Bank, at all times, shall obtain and maintain cybersecurity and technology coverage for any liability arising from or related to the theft, dissemination, and/or use of Confidential Information and personal data stored or transmitted in electronic form and for any liability arising from or related to the introduction of a computer virus into, or otherwise causing damage to, any Company’s or any third party’s (including any T-Mobile Customer’s), computer systems, networks or similar computer-related property and the data, software, and programs stored thereon. The amount of coverage maintained by Bank, at all times, shall be [***] in accordance with the table below:

[***]. For the avoidance of doubt, Bank’s failure to maintain coverage, at all times, in the amount required under this Section 12.1(f) shall be deemed to be a material breach of this Agreement.

If the coverage required under this Section 12.1(f) is written on a claims-made basis, then (i) the retroactive date must precede the obligations performed under this Agreement, and (ii) the coverage must continue through the purchase of an extended reporting period (or continuation of the existing coverage) for [***] after termination of this Agreement.

(a)Each Party shall cause its insurers or its representatives to issue certificates of insurance evidencing that the coverages under this Agreement are maintained in force, and each Party will provide not less than thirty (30) days written notice to the other Party prior to any cancellation of any of the policies.

(b)Each Party shall provide evidence of such policies of insurance to the other Party upon request.

(c)Nothing in this Section 12 will be construed as limiting either Party’s liability to the other Party or to any third party.

(d)Each Party shall be named additional insured under the General Liability and Umbrella Liability.

12.3    No Warranty. No warranty is provided that the coverages and limits listed in this Section 12 are adequate to cover and protect the interests of either Party. These are solely minimums that have been set to protect the interests of the Parties. Each Party will be fully responsible for risk of loss of, and damage to, any building, equipment, software or other materials owned or leased by it and used in providing the services in the Agreement.

13.1    No Special Damages. EXCEPT TO THE EXTENT SUCH DAMAGES ARISE OUT OF OR RELATE TO A PARTY’S (A) BREACH OF SECTIONS [***], (B) A PARTY’S [***], OR (C) A PARTY’S FRAUD, WILLFUL MISCONDUCT, OR GROSS NEGLIGENCE, IN NO EVENT SHALL EITHER PARTY BE

LIABLE TO THE OTHER PARTY, WHETHER IN CONTRACT, TORT, EQUITY OR OTHERWISE, FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS, EVEN IF SUCH PARTY HAS KNOWLEDGE OF THE POSSIBILITY OF SUCH DAMAGES ARISING FROM OR RELATED TO THIS AGREEMENT.

13.2    Disclaimers of Warranties. EXCEPT AS OTHERWISE PROVIDED IN THIS AGREEMENT, THE PARTIES SPECIFICALLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, ARISING OUT OF OR RELATED TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MARKETABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, AND IMPLIED WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE, EACH OF WHICH IS HEREBY EXCLUDED BY AGREEMENT OF THE PARTIES.

13.3    Liabilities of Parties for Regulatory Claims. Each Party shall be liable to the ther Party for any and all costs, expenses, liabilities, and losses, including, without limitation, the cost of investigation, the cost of litigation, and reasonable attorneys’ fees (collectively, “Losses”), in connection with any (a) claim, demand, or cause of action brought by or on behalf of any T-Mobile Customer as a result of the other Party’s failure to comply with Applicable Law, or (b) regulatory investigation conducted by any Regulatory Authority.

14.1    Each Party shall be the sole owner of all right, title, and interest in and to all such intellectual property owned by it immediately preceding the Effective Date and any intellectual property acquired, created, or developed by such Party independently of this Agreement after the Effective Date. For the purposes of clarity, Bank is the owner of all right, title, and interest in and to all intellectual property and proprietary rights in and to its banking system and related technology, including, but not limited to, its mobile and web-based applications, user interface (“Bank User Interface”), data systems, databases, financial and banking processes, and related systems and processes used and operated by Bank in connection with its online banking system for retail and commercial banking and financial services (collectively, “Bank FinTech”). Company shall not, nor assist any third party’s efforts to, modify, reverse engineer, disassemble, decrypt, decompile, make derivative works of, or attempt to discover or modify in any way the underlying source code or object code relating to Bank FinTech.

14.2    As between the Parties, each Party, respectively, will be the sole and exclusive owner of all right, title, and interest in and to all intellectual property acquired from a third party or developed by or on behalf of such Party in connection with such Party exercising its rights or performing its obligations hereunder. Without limiting the foregoing, Company shall own all respective rights, title, and interest in and to any modification or customization of Bank’s User Interface, and any component thereof, created or developed by or on behalf of Company (including by Bank or any affiliate of Bank) with Bank’s authorization (the “Company Specific User Interface”), including, without limitation, any information architecture of the Company Specific User Interface, wireframes, and flows of the Company Specific User Interface, as well as the design (including the look and feel) of the Company Specific User Interface. For the

purposes of clarity, Company acknowledges and agrees that it is acquiring ownership rights solely in and to the modifications and customizations made to the Bank User Interface that are embodied in the Company Specific User Interface, but not any ownership rights in the Bank User Interface. The Company Specific User Interface shall constitute a “work made for hire” under the U.S. Copyright Act of 1976 (17 U.S.C. §101 et seq. and any successor statute thereto), and the ownership of the Company Specific User Interface shall vest in Company at the time it is created. To the extent any rights, title, or interest in or to the Company Specific User Interface, including any intellectual property rights, may not vest automatically in Company, whether by operation of law or otherwise, Bank hereby irrevocably assigns and transfers to Company all right, title, and interest in and to the Company Specific User Interface, including any intellectual property rights therein. For the avoidance of doubt, Customer Specific User Interface shall not be considered to be jointly-owned intellectual property.

14.3    Bank hereby grants to Company and its third-party service providers a revocable, non-transferable, non-sublicenseable, non-exclusive, worldwide, royalty-free license, during the Term and any Transition Assistance Period or Modified Transition Assistance Period, to all intellectual property it provides to Company, or to which it provides Company with access, solely for the purpose of using such intellectual property in connection with the Program and as necessary to exercise its rights and perform its obligations hereunder during the Term and any Transition Assistance Period or Modified Transition Assistance Period. Notwithstanding anything to the contrary, to the extent that the Company Specific User Interface relies on Bank intellectual property owned by Bank preceding the Effective Date or any intellectual property acquired, created, or developed by Bank independently of this Agreement after the Effective Date, Bank hereby grants to Company, under intellectual property rights owned or controlled by Bank or any Bank affiliate, an irrevocable, sublicensable, exclusive, royalty-free, perpetual, worldwide right and license to such intellectual property, including to make use the Company Specific User Interface.

14.4    The Parties shall not develop any intellectual property that will be deemed jointly- owned unless they have agreed, in advance and in writing, that such intellectual property writing will be jointly-owned. If, notwithstanding the foregoing, a “joint work of authorship” (as defined under the U.S. Copyright Act) or a “joint invention” (as defined under the U.S. Patent Act) arises in any jurisdiction in the absence of such a separate agreement, then each Party will have the right to use, license, and otherwise exploit such jointly-owned intellectual property without any restriction or obligation to account to the other Party; provided, however, that the foregoing shall not be construed as granting or conveying any right or licenses under any other intellectual property of the other Party even if necessary to use or otherwise exploit such jointly-owned intellectual property.

14.5    Bank hereby grants to Company, its parents and affiliates, and its third-party service providers a revocable, non-transferrable, non-sublicenseable, non-exclusive, worldwide, royalty-free license, during the Term and any Transition Assistance Period or Modified Transition Assistance Period, to use, host, display, reproduce, and transmit the Bank Marks for the purpose of exercising its rights and performing its obligations hereunder solely in connection with the Program.

14.6    Company hereby grants to Bank (i) a limited, personal, revocable, non-exclusive, non-transferrable, non-sublicenseable, royalty-free sublicense, to use the DT Marks, and (ii) a limited, personal, revocable, non-exclusive, non-transferable, non-sublicenseable, royalty-free license to use the Company Marks, during the Term and any Transition Assistance Period or Modified Transition Assistance Period, in the United States, for the purpose of exercising its rights and performing its obligations hereunder solely in connection with the Program.

14.7    Bank, Company, and DT shall retain all right, title, interest and ownership in and to their respective Marks. Neither Bank nor Company will challenge, nor assist any third party in challenging, any right, title or interest of the other Party or such Party’s licensors in their respective Marks, claim any right, title or interest in or to the other Party’s or such Party’s licensor’s Marks, or assert any interest in, or attempt to register or apply for registration of, any of the other Party’s or such Party’s licensor’s Marks or any confusingly similar variation of such Marks. Any use of Bank Marks by Company will inure to the benefit of Bank, and any use of Company Marks and DT Marks by Bank shall inure to the benefit of Company and DT, respectively. Except as provided herein, neither Party shall use the other Party’s Marks or such other Party’s licensor’s Marks, or any adaptation or variation of such Marks, in any manner whatsoever (including, without limitation, in any press releases, advertising, promotion or sales literature), without the prior written consent of the other Party. Neither Party will use the other Party’s Marks or such Party’s licensor’s Marks, or incorporate any such Marks, including any confusingly similar variation of such Marks, into any company or trade names, other marks, email addresses, gTLDs, domain names or URL strings, telephone numbers, Google AdWords (or other online paid search advertising tool), or social networking user names, “handles,” or hashtags. Each Party acknowledges that it is familiar with the high standards, quality, style and image of the other Party’s Marks or such other Party’s licensor’s Marks, and will use such Marks in a manner consistent with such uses. Neither Party will use the other Party’s Marks or such Party’s licensor’s Marks in any way that causes, or may cause, damage to the reputation, business or goodwill of the other Party or its licensors. Neither Party will do anything itself, or aid or assist any other person or entity to do anything that would, or could reasonably be expected to infringe, violate, tarnish, dilute, cause a loss of distinctiveness, harm, disparage, misuse or bring into disrepute the other Party’s Marks or such other Party’s licensor’s Marks, and/or do anything that would, or could reasonably be expected to damage the goodwill associated therewith. Each Party will meet and comply with all of the specifications and standards prescribed by the other Party or its licensors, including but not limited to (a) Bank’s standards (as set forth in Exhibit 14.7), and (b) Company’s Marks Rules (available at http://www.t-mobile.com/marksrules/) and brand guidelines. On ten (10) days written notice, either Party may require the other Party to provide a sampling of goods and media bearing the such other Party’s Marks or such Party’s licensor’s Marks to determine the manner in which such Marks are used and the nature and quality of the goods and services with which such Marks are used. To the extent a Party determines that any use of its Marks by the other Party is inconsistent with the terms and conditions of this Section 14.7, then such Party may provide written notice of such inconsistency to the other Party and the Parties will work in good faith to address the issue giving rise to such written notice within a commercially reasonable period of time. Notwithstanding anything to the contrary, Company shall maintain all right and title to, and ownership in and of, all branding used in connection with the Program (except for Banks Marks).

14.8    Notwithstanding anything to the contrary, Company shall maintain all right and title to, and ownership in and of, all branding used in connection with the Program (except for Bank Marks).

14.9    All rights not expressly granted hereunder are reserved by the owner of such rights, and the reserved rights shall remain the exclusive property of such owner.

(a)Company shall indemnify and hold harmless Bank, its parent, subsidiaries and affiliates and their respective officers, directors, employees and permitted assigns (as applicable, the “Bank Indemnified Party”), from and against any direct damages, costs, expenses, or liabilities arising from or related to any legal action, claim, demand, proceeding, order, suit, or cause of action (collectively, any “Claim”) brought against any Bank Indemnified Party by any third party in connection with: (i) Company’s breach of any representation, warranty, or covenant of this Agreement or any agreement between Company and a T-Mobile Customer in connection with the Program; (ii) Company’s breach of any of its obligations under this Agreement; (iii) Company’s negligence, willful misconduct, or bad faith; or (iv) [***].

(b)Bank shall indemnify and hold harmless Company and its parent, subsidiaries and affiliates, and their respective officers, directors, employees, and permitted assigns (as applicable, a “Company Indemnified Party”), from and against any direct damages, costs, expenses, or liabilities incurred by a Company Indemnified Party arising from or related to any Claim brought against any Company Indemnified Party by any third party in connection with Program, including, without limitation: (i) Bank’s breach of any representation, warranty, or covenant of this Agreement, (ii) Bank’s breach of any of its obligations under this Agreement or under any agreement between Bank and a T-Mobile Customer; (iiii) Bank’s negligence, willful misconduct, or bad faith, or (iv) Bank’s infringement of any third party intellectual property rights caused by Company’s use of Bank’s FinTech, the Company Specific User Interface, Bank Marks, or other similar rights licensed to a Company Indemnified Party, provided that Bank shall not be required to indemnify the Company under this subsection (iv) if Bank’s FinTech, Bank Marks, or other similar licensed rights were modified or changed by Company without Bank’s written authorization.

(c)If any Claim is asserted against an Indemnified Party by any third party in respect of which the Indemnified Party may be entitled to indemnification under the provisions of

subsections (a) or (b) above, the Indemnified Party shall promptly provide written notice of such Claim to the Indemnifying Party from which indemnification may be sought. The Indemnifying Party shall have the right, by notifying the Indemnified Party within thirty (30) days of its receipt of the notice of the Claim, to assume the entire control of the defense of the Claim, including the right to settle the Claim at the sole discretion of the Indemnifying Party, provided that such settlement: (i) does not impose any obligation on the Indemnified Party, (ii) does not include an admission of liability by the Indemnified Party, (iii) grants the Indemnified Party a full and unconditional release from all liability with respect to the Claim, and (iv) does not otherwise adversely affect the Indemnified Party. The Indemnifying Party may not consent to the entry of any judgment with respect to a Claim without the written consent of the Indemnified Party. Any counsel retained by the Indemnifying Party for such purposes shall be reasonably acceptable to the Indemnified Party. The Indemnifying Party shall institute and maintain any such defense diligently and reasonably and shall keep the Indemnified Party fully advised as to the status thereof. The Indemnified Party shall have the right to participate in the defense of any Claim, including through employing its own counsel, but the fees and expense of such counsel shall be at the Indemnified Party’s expense, unless otherwise authorized in writing by the Indemnifying Party.

(d)The provisions of this Section 15.1 and of Section 15.2 shall survive termination or expiration of this Agreement.

(a)Each Party shall promptly notify the other of any action, suit, proceeding which might give rise to any indemnification hereunder or which might materially and adversely affect either Party’s ability to perform this Agreement.

(b)Each Party represents and warrants to the other Party that it has no knowledge of any pending or threatened suit, action, arbitration or other proceedings of a legal, administrative or regulatory nature, or any governmental investigation, against it or any of its affiliates or any officer, director, or employee, which has not been previously disclosed in writing and which would materially and adversely affect its financial condition or its ability to perform this Agreement.

15.3    Legal Compliance. Each Party represents and warrants to the other Party that it is familiar with the requirements of Applicable Law and agrees that it will use commercially reasonably efforts to maintain familiarity with Applicable Law relating to its activities under this Agreement, now and in the future. The provisions of this Section 15.3 shall not alter the responsibilities of the Parties to ensure compliance as otherwise required by separate sections of this Agreement.

15.4    Program Governance. The Parties agree to adhere to the joint governance structure for oversight and management of the Program as described in this Section 15.4.

(a)    Program Managers and Program Teams. Within thirty (30) days after the Effective Date, each Party shall appoint one Program relationship manager (“Program Manager”). Each Program Manager shall serve as the other Party’s principal point of contact on

Program-related issues and shall lead the Program Manager’s respective team (“Program Team”) in executing its Party’s obligations hereunder. Each Party shall endeavor to provide stability and continuity in the Program Manager positions and each Party’s other Program personnel. Bank’s Program Team and Company’s Program Team collectively will constitute the “Joint Governance Committee.”

(b)    Joint Governance Committee. The Joint Governance Committee shall be responsible for monitoring all aspects of the Program to ensure that the Parties are exercising their rights and performing their obligations in accordance with this Agreement; provided, however, that the Joint Governance Committee shall not be authorized to amend this Agreement or modify either Party’s obligations hereunder. The Joint Governance Committee, at a minimum, shall meet in person, by phone, or by videoconference on a quarterly basis. The Joint Governance Committee shall: [***].

(c)    Within thirty (30) days after the Effective Date, each Party shall appoint two (2) senior executives to serve on an advisory board (the “Advisory Board”). If the Joint

Governance Committee is unable to resolve any matter of material significance, then the Joint Governance Committee shall refer the matter to the Advisory Board and the Advisory Board shall endeavor, within a reasonable period of time, to resolve such matter.

(d)    Fraud Losses. Both Parties recognize that managing losses on the Program is an essential element. Bank will implement a loss prevention program designed to detect, prevent, and mitigate losses in connection with the Program. Company shall reasonably cooperate with Bank in the implementation of loss prevention activities throughout the term of the Agreement. [***]. The Parties will meet annually to discuss Bank’s Fraud Prevention Policy.

(e)    Risk Management. The Parties will reasonably cooperate to identify the legal, financial, and reputational risks associated with the Program (including, without limitation, any information technology risks) and will manage and regularly review a transparent and accessible risk matrix that identifies such risks, including the probability and impact of such risks, as well as mitigations and contingencies to address and respond to such risks. Bank promptly shall notify Company of any material changes to Bank’s technology architecture.

15.5    Relationship of Parties. Bank and Company intend for their relationship to be that of independent contractors in performing their respective obligations hereunder. Nothing in this Agreement or in the working relationship established and developed hereunder shall be deemed to be, nor shall it cause, Bank and Company to be treated as partners, joint venturers, employees or joint associates for profit.

15.6    Regulatory Examinations and Financial Information. Company agrees to submit to any examination which may be required by any Regulatory Authority with audit and examination authority over Bank, to the fullest extent of such Regulatory Authority. Company shall also provide to Bank any information, which may be required by any Regulatory Authority in connection with their audit or review of Bank or the Program, and shall reasonably cooperate with such Regulatory Authority in connection with any audit or review of Bank. Nothing in this Agreement shall limit the right of any Party to this Agreement to seek injunctive relief, to the extent available, with respect to breaches of this Agreement.

15.7    Governing Law. This Agreement shall be governed by the internal laws, and not by the laws regarding conflicts of laws, of the State of New York. Each Party hereby submits to the jurisdiction of the courts of the State of New York, and hereby waives any objection to venue with respect to actions brought in any court in the State of New York.

15.8    Severability. If any provision of this Agreement is deemed by a court, Regulatory Authority, or other public or private tribunal of competent jurisdiction to be invalid or otherwise unenforceable, then such provision shall be deemed to have been omitted from this Agreement. In the case of the foregoing, the remaining provisions of this Agreement shall remain in full force and effect.

(a)Neither Party is liable for the failure of such Party to perform its obligations hereunder if such failure is the result of an act of God (including fire, flood, earthquake, storm,

hurricane or other natural disaster), war, invasion, act of foreign enemies, hostilities (regardless of whether war is declared), civil war, rebellion, revolution, insurrection, military or usurped power or confiscation, terrorist activities, government sanction, blockage, embargo, labor dispute, strike, lockout or interruption or failure of electricity or telephone service (each, a “Force Majeure Event”).

(b)If either Party asserts this Section 15.9 as an excuse for the failure to perform its obligations hereunder, then the non-performing Party must prove that the Party took commercially reasonable steps to minimize any delay or damages caused by foreseeable events, that the Party substantially fulfilled all non-excused obligations, and that the other Party was timely notified of the likelihood or actual occurrence of a Force Majeure Event.

15.10    Survival. Any rights and obligations of Bank and Company which, by their nature, should extend beyond the termination of this Agreement shall survive the termination of this Agreement, including any representations and warranties made by each Party, the indemnification obligations of each Party, and the liability provisions hereof.

15.11    Successors and Third Parties. Except as limited by Section 15.12, this Agreement and the rights and obligations hereunder shall bind and inure to the benefit of the Parties and their successors and permitted assigns.

15.12    Assignments. Except as otherwise provided in this Section 15.12, neither Party may assign this Agreement, or any rights hereunder, without the other Party’s prior written consent; provided, that (i) Company may assign this Agreement, or any of its rights hereunder, to any affiliate of Company, and (ii) Bank may assign this Agreement, or any of its rights hereunder, to a Durbin-Exempt Bank as contemplated by and subject to Section 8.1(l). If a Party attempts to assign this Agreement, or any rights hereunder, without the other Party’s consent, then the other Party may terminate this Agreement, without penalty, immediately upon written notice to the other Party. Notwithstanding anything to the contrary, Company may assign this Agreement in the event of a change of Control of Company. If Bank assigns this Agreement subject to and in accordance with Section 8.1(l) or this Section 15.12, then, notwithstanding anything to the contrary, Bank shall be bound by and comply with Bank’s confidentiality obligations and the exclusivity provisions of this Agreement as if Bank were still a party to this Agreement.

15.13    Notices. All notices, requests, and approvals required by this Agreement shall be in writing addressed and directed to the other Party at the mailing address, electronic mail address, or facsimile set forth below or at such other mailing address, electronic mail address, or facsimile as the Parties may designate in writing from time to time subject to and in accordance with this Section 15.13. Notices, requests, and approvals shall be deemed to have been given upon the earlier of (i) the receipt of an electronic mail or facsimile transmission during normal business hours or (ii) the actual receipt thereof. Notices, requests and approvals shall be addressed to the attention of:

15.14    Waivers. Neither Party shall be deemed to have waived any of its rights, power, or remedies hereunder, except in a writing signed by an authorized agent or representative of the Party to be charged. Either Party may, by an instrument in writing, waive compliance by the other Party with any term or provision of this Agreement. The waiver by either Party of a breach of any term or provision of this Agreement shall not be construed as a waiver of any subsequent breach.

15.15    Entire Agreement: Amendments. This Agreement, including any exhibits, schedules, and attachments, constitutes the entire Agreement between the Parties and supersedes all prior agreements, understandings, and arrangements, oral or written, between the Parties with respect to the subject matter hereof. This Agreement may not be modified or amended except by an instrument or instruments in writing signed by the Party against which enforcement of any such modification or amendment is sought.

15.16    Counterparts. This Agreement may be executed and delivered by the Parties in counterparts, each of which shall be deemed an original and both of which, together, shall constitute one and the same instrument. Facsimile or other electronically delivered copies of signature pages to this Agreement shall be treated between the Parties as original signatures for all purposes.

(a)    Duty to Notify. In the event of any dispute, controversy, or claim arising out of or relating to this Agreement or the construction, interpretation, performance, breach, termination, enforceability or validity thereof (hereinafter, a “Dispute”), the Party raising such Dispute shall notify the other Party promptly and no later than one-hundred eighty (180) days from the date of its discovery of the Dispute. If a Party fails to notify the other Party of a Dispute relating to a T- Mobile Customer Account, transaction statements or any other similar matter within one- hundred eighty (180) days of the date of the discovery of the Dispute, then the matter shall be deemed to be undisputed and accepted by the Party attempting to raise the Dispute.

(b)    Cooperation to Resolve Disputes. The Parties shall cooperate and attempt in good faith to resolve any Dispute promptly by negotiating between persons who have authority to settle the Dispute and who are at a higher level of management than the persons with direct responsibility for administration and performance of the provisions or obligations of this Agreement that are the subject of the Dispute.

(c)    Arbitration. Any Dispute which cannot otherwise be resolved as provided in paragraph (b) above shall be resolved by arbitration conducted in accordance with the commercial arbitration rules of the American Arbitration Association, and judgment upon the award rendered by the arbitral tribunal may be entered in any court having jurisdiction thereof. The arbitration tribunal shall consist of a single arbitrator mutually agreed upon by the Parties, or in the absence of such agreement within thirty (30) days from the first referral of the dispute to the American Arbitration Association, designated by the American Arbitration Association. The place of arbitration shall be New York, NY, unless the Parties shall have agreed to another location within fifteen (15) days from the first referral of the dispute to the American Arbitration Association. The arbitral award shall be final and binding. The Parties waive any right to appeal the arbitral award, to the extent a right to appeal may be lawfully waived. Each Party retains the right to seek judicial assistance: (i) to compel arbitration, (ii) to obtain interim measures of protection prior to or pending arbitration, (iii) to seek injunctive relief in the courts of any jurisdiction as may be necessary and appropriate to protect the unauthorized disclosure of its proprietary or confidential information, and (iv) to enforce any decision of the arbitrator, including the final award. In no event shall either Party be entitled to punitive, exemplary or similar damages.

(d)    Confidentiality of Proceedings. The arbitration proceedings contemplated by this Section 15.17 shall be as confidential and private as permitted by law; provided, however, that either Party is permitted to disclose the proceedings to accountants, legal counsel and professional advisors. To that end, the Parties shall not disclose the existence, content or results of any proceedings conducted in accordance with this Section 15.17, and materials submitted in connection with such proceedings shall not be admissible in any other proceeding, provided, however, that this confidentiality provision shall not prevent a petition to vacate or enforce an arbitral award, and shall not bar disclosures required by any laws or regulations.

15.18    Headings and Construction. The various captions and section headings in this Agreement are included for convenience only and shall not affect the meaning or interpretation of any provision of this Agreement. Notwithstanding anything to the contrary, in all cases, the use of the term “including” shall be construed as being inclusive and shall be deemed to mean “including, without limitation,”.

On a monthly basis, Bank shall prepare a compilation of revenue and expense items associated with the Program as set forth in this Exhibit A and shall provide detailed reports to the Company by the fifteenth (15th) day following the month in which the Program was operated and the T-Mobile Financial Services were provided. Amounts due to Bank will be paid in accordance with Section 9.4 of the Agreement. Amounts due to Company will be paid in accordance with Section 9.5 of the Agreement.

Company shall be compensated by Bank as follows:

[***]

[***]

Service Level Implementation: The provisions in this Exhibit C shall be measured on a going-forward basis beginning [***] after the Launch Date. Bank, at all times during the Term, shall comply with the service levels set forth in the table below (each, a “Service Level”).

1.Each Service Level set forth in the table below is expressed as a simple average and is measured on a monthly basis.

2.Response time for electronic authorizations shall exclude any authorizations requiring manual intervention and shall exclude transaction transmission time.

3.T-Mobile Customer Account applications that Bank is reviewing under special circumstances requiring manual intervention, such as a fraudulent T-Mobile Customer Account application, shall not be included in the measurement of performance.

4.Any Service Level failure that is the result of a Force Majeure Event shall be excluded from consideration in measuring compliance with this Exhibit C.

5.If a single event causes more than one Service Level failure during a month, such event shall be deemed a single failure for purposes of this Exhibit C.

6.If Company does not provide Bank with sufficient advance notice of changes in its systems and such changes cause Bank to miss a Service Level for the period, the Service Level will not be deemed to have been failed.

7.Both Parties acknowledge and agree that Company-driven changes to [***] could potentially alter [***]. If such changes occur, the Parties agree [***].

Bank shall report to Company, on a monthly basis and in a mutually agreed format, Bank’s performance under each of the Service Levels set forth in this Exhibit C.

Service Failure Payments:

If Bank fails to meet any Critical Service Level in any [***], then no later than the [***] of the following month, Bank shall deliver to Company a report detailing the reason(s) for such failure and a corrective action plan. Bank shall implement such corrective action plan as soon as practicable but no later than [***]. Bank shall deliver to Company a second report, [***], assessing the preliminary results of the plan. During any twelve (12)

month period, the month immediately following Bank’s initial failure to meet any Service Level shall be a cure month (“Cure Month”) [***]. If Bank fails to meet the same Service Level more than once during any twelve (12) month period [***], Company will be eligible for a Performance Credit in the amount corresponding to the magnitude of the failure to meet the Service Level for the second and each subsequent time during such twelve (12) month period.

By way of illustration, if Bank’s Critical Service Level is [***], the difference between the target Service Level of [***] and the actual Service Level would be [***] and Bank would pay a Performance Credit in the amount of [***] for the Service Level failure of the Non- Critical Service Level. [***]; provided, that in the event of the foregoing, Company shall have the right to terminate the Agreement.

Company may only exercise its termination rights in respect of any Service Level Termination Event if the applicable Service Level failure(s) has a material adverse effect on the Program or on Company in Company’s reasonable judgment. [***].

1.Bank shall administer the Program and provide the T-Mobile Financial Services subject to and in accordance with the Agreement and Applicable Law.

2.Approval of Prospective T-Mobile Customers. Bank shall use best efforts, based on mutually agreed upon criteria, to approve prospective T-Mobile Customers that are existing customers of Company to participate in the Program.

(a)    Applications. Bank shall process all complete T-Mobile Customer Account applications from prospective T-Mobile Customers. Bank shall be responsible for making all decisions regarding the approval of T-Mobile Customer Account applications; provided, that, Bank shall use standards that are at least as favorable to the approval of applications submitted in connection with the Program as the standards used by Bank in connection with prospective Bank customers and with other programs administered or operated by Bank in determining whether to approve T-Mobile Customer Account applications in connection with the Program. Company acknowledges that Bank has the authority to approve applications and establish T-Mobile Customer Accounts; provided, however, that if Bank’s approval rate for all completed T-Mobile Customer Account applications is below [***] (the “Approval Rate”) for any calendar quarter and does not meet or exceed the Approval Rate in the following calendar quarter, then the Parties shall meet promptly to discuss, in good faith, reasonable adjustments that can be made to meet or exceed the Approval Rate. If the Parties do not agree upon reasonable adjustments, then Company may terminate the Agreement without penalty. In the event of the foregoing, Bank shall be obligated to provide Transition Assistance Services in accordance with the Agreement.

(b)    Service Lines. Bank shall use standards in connection with the Program that are at least as favorable as the standards used by Bank in connection with Bank’s customers and with other programs administered or operated by Bank with respect to establishing available products and services and, to the extent applicable, the amount of such products and services, for prospective T-Mobile Customers.

3.Service Level Agreements. Bank shall provide and administer the Program and the T-Mobile Financial Services in accordance with the Service Levels in Exhibit C. Bank represents and warrants that such Service Levels are at least as favorable as the service level agreements by which Bank abides in connection with Bank’s customers and to which Bank agrees in connection with other programs administered or operated by Bank.

4.Bank Reporting Requirements. Bank shall track the metrics set forth in Exhibit I and such other metrics as may be requested by Company from time to time and shall provide to Company the reports set forth in Exhibit I, including any raw data (except for personally identifiable information) requested by Company, in a form acceptable to Company and at the frequency specified in Exhibit I.

5.Risk and Fraud Management. Bank shall be responsible for establishing a program to monitor and reduce risk and fraud in connection with the Program.

6.Inactive Account Closures. Bank will implement an account closure process that is consistent with Applicable Law and industry best practices to manage fraud losses. Each of Bank and Company acknowledge and agree that this process may change from time to time upon mutual agreement of the Parties. As of the Effective Date, the Parties agree that the current process will be as follows:

(a)    T-Mobile Customer Accounts that have had no balance and no activity for [***] or more will be closed. After [***] of no balance and no activity, the T-Mobile Customer will be notified by Bank that the T-Mobile Customer Account has had no balance and no activity for [***], and that the T-Mobile Customer Account will be closed if the zero balance and inactivity persists for another [***]. After [***] of no balance and no activity, the T-Mobile Customer will be notified by Bank that, as a result of the T-Mobile Customer Account having no balance and no activity for a period of [***], the T-Mobile Customer Account has been closed. Bank shall establish a simple reinstatement process that will allow T-Mobile Customers to reinstate their T-Mobile Customer Accounts and deposit any amounts, within the established limits of the Program, in their T-Mobile Customer Accounts through the Mobile Application.

(b)    T-Mobile Customer Accounts that have had a balance of less than [***] and no activity for [***] or more will be closed and a check in the amount of the remaining balance in the T-Mobile Customer Account will be mailed to the T- Mobile Customer’s last known address. After [***] of a balance of less than [***] and no activity, the T-Mobile Customer will be notified by Bank that the T-Mobile Customer Account will be closed if the balance remains below [***] and the inactivity persists for another [***]. After [***] of a balance of less than [***] and no activity, the T-Mobile Customer will be notified by Bank that the T-Mobile Customer Account will be closed if the balance remains below [***] and the inactivity persists for another [***]. After [***] of a balance of less than [***] and no activity, the T-Mobile Customer will be notified by Bank that, as a result of the T-Mobile Customer Account having a balance of less than [***] and no activity for a period of [***], the T-Mobile Customer Account has been closed and a check for the remaining balance will be mailed to the T-Mobile Customer’s last known address. Bank shall establish a simple reinstatement process that will allow T-Mobile Customers to reinstate their T-Mobile Customer Accounts and deposit the check received by the T-Mobile Customer or any other amounts, within the established limits of the Program, in their T-Mobile Customer Accounts through the Mobile Application.

7.Core Account Management and Services. Bank shall provide core T-Mobile Customer Account management and services as further described in this Section 7.

(i)    Bank shall obtain any and all information and data from T-Mobile Customers necessary to provide the T-Mobile Financial Services in a manner that is secure and that will enable [***]

[***]. Bank shall be responsible for proper accounting of all transactional activity through the T-Mobile Customer Accounts, including: (i) [***].

(ii)    Bank shall provide or otherwise facilitate [***] functionality in connection with the Program.

(iii)    Bank shall provide or otherwise facilitate [***] in connection with the Program.

(iv)    Bank shall provide or otherwise facilitate [***], as mutually agreed by Company and Bank.

(v)    Bank shall provide [***] in accordance with industry standards.

(vi)    Bank may provide access to other financial products and services, [***] as may be requested and mutually agreed by the Parties from time to time.

(vii)    Bank shall service T-Mobile Customer Accounts and Cards and shall provide any and all related services in connection therewith, including, without limitation, direct and indirect T-Mobile Customer support related to T-Mobile Financial Services in accordance with the Service Levels in Exhibit C.

(viii)    At Company’s request and expense, Bank shall provide [***] any other reasonable activity as may be requested and mutually agreed by the Parties from time to time.

(i)    Bank shall create and maintain Deposit Accounts with certain features [***], as determined by Company from time to time, and offer such Deposit Accounts to T-Mobile Customers in connection with the Program. Bank shall hold T-Mobile Customers’ funds in T-Mobile Customer Accounts in a manner that complies with Applicable Law [***].

(ii)    [***]

(i)    Bank shall maintain, at all times, its status as a participant and member in the payment card networks as necessary and appropriate to properly administer the Program and provide the T-Mobile Financial Services, [***].

(ii)    Bank shall issue Cards enabled on the payment card networks selected by Company to T-Mobile Customers in accordance with the rules of the payment card networks. Bank shall produce all Cards issued to T-Mobile Customers in connection with any T-Mobile Customer Account, subject to Company’s approval and in accordance with the payment card network rules and requirements.

(iii)    Bank shall be responsible for: (1) decisioning all Card authorizations initiated by T-Mobile Customers based on the funds available in such T-Mobile Customer Account; (2) maintaining and managing all Cards, both prior to and after the issuance of, such Cards; and (3) managing all aspects of security in connection with such Cards, including allowing T-Mobile Customers to select and change their password identification numbers (“PINs”) from time to time; in each case, in accordance with the payment card network rules and requirements.

(iv)    Bank shall be responsible for managing any and all aspects of Card activity in connection with any T-Mobile Customer Account, including for authorizing, clearing, and settling transactions in connection with the Program and for compliance with the payment card network rules and requirements.

8.Bank Provision of Back Office Support. Bank shall provide [***] in connection with the Program in accordance with commercially reasonable standards or as otherwise agreed by the Parties.

9.Bank shall be responsible for maintaining procedures for the identification of each new T-Mobile Customer upon the establishment of a T-Mobile Customer Account within a reasonable time thereafter as required by Applicable Law. Such procedures shall be designed to comply with the requirements of the federal Bank Secrecy Act, the federal USA PATRIOT Act, any regulations adopted pursuant to such acts, as well as applicable regulations of the Office of Foreign Assets Control.

10.Digital Services. Bank shall develop and maintain a digital banking platform (the “Digital Banking Platform”) in accordance with the technical specifications (as mutually agreed by the Parties in connection with the Program, and in accordance with Exhibit F.

(a)    The Digital Banking Platform shall be developed and maintained to function across multiple digital and mobile platforms and shall include, at a minimum, (i) an online banking offering (the “Online Offering”) and (ii) a mobile banking offering (the “Mobile Offering”). Company reserves the right, in its sole discretion, to select the set of products and features offered by the Bank (the “Product and Feature Set”) that shall be developed and maintained in connection with the Digital Banking Platform and to change, from time to time,

the Product and Feature Set described in Exhibit F offered to T-Mobile Customers. Company may integrate third-party services into the Digital Banking Platform; provided, that, such integration is permitted by Applicable Law and is consistent with commercially reasonable security standards.

(b)    Bank agrees that, in connection with the Online Offering and the Mobile Offering, Bank shall make available, on a non-discriminatory basis, and implement any and all software, applications, specification standards, software development kits, application programming interfaces, and any related documentation to Company and/or to any third-party service providers designated by Company. Bank shall be responsible for managing and implementing any and all aspects of the interfaces in connection with the Online Offering and the Mobile Offering and the payment card networks. Bank shall be obligated to provide the information and materials required pursuant to this Subsection (b) regardless of whether Company’s Product and Feature Set could compete with any of Bank’s then-current Product and Feature Sets or future Product and Feature Sets. For the avoidance of doubt, Bank shall be under no obligation to provide Company with Bank’s source code.

(c)    Bank agrees that, in connection with the Online Offering and the Mobile Offering, Bank shall develop and maintain a mobile application to be used in connection with the Program (the “Mobile Application”) in accordance with the design specifications provided by Company. Bank further agrees that the Mobile Application shall be made available to T-Mobile Customers through multiple mobile application stores, [***]. Bank shall develop and maintain the capabilities necessary to provision Cards to any and all mobile wallets designated by Company from time to time, [***] (collectively, the “Mobile Wallets”). Bank shall develop and maintain integration into the Mobile Wallets, as agreed upon by all parties, to enable a T-Mobile Customer to use the Mobile Wallets [***] upon activating and funding a T-Mobile Customer Account. Bank shall deliver to T-Mobile Customers the [***].

(d)    The Parties shall develop, implement and maintain the customer activation process (the “Customer Activation Process”) for new T-Mobile Customers. The Customer Activation Process may be updated or amended from time to time upon mutual agreement by the Parties. The Parties further agree that they will jointly work to develop a method by which they may leverage existing data, in a secure manner, held by Company to pre-qualify prospective T-Mobile Customers for participation in the Program.

(e)    Program Testing. The Parties agree that they will launch a beta version of the Program (the “Beta Version”) [***] of the Effective Date (the “Beta Program”), the purpose of which is to ensure that the Digital Banking Platform is commercially ready and operationally functional in accordance with the Agreement. The Parties

agree that, as a condition precedent to launching the Beta Program, the Beta Version must be delivered to and accepted by Company. Upon delivery of the Beta Version to Company, Company shall accept or reject the Beta Version within [***]. If Company accepts the Beta Version, the Parties will launch the Beta Version to designated employees of Company and Bank, as mutually agreed by the Parties. If Company rejects the Beta Version, Company shall notify Bank of such rejection and shall describe, in reasonable detail, Company’s reason(s) for rejecting the Beta Version (the “Rejection Notice”). Upon receiving the Rejection Notice, Bank shall make any modifications necessary to address Company’s concerns and shall deliver the updated Beta Version to Company within [***] and Company shall approve or reject the updated Beta Version within [***] after receiving the updated Beta Version. The Parties shall repeat this process until Company has accepted the Beta Version. If Bank fails to deliver the agreed upon features and functionality set forth in Exhibit F in the Beta Version, or if Company rejects the Beta Version, and Bank fails to remedy any issue(s) identified in the Rejection Notice within [***], then Company may terminate the Agreement immediately without penalty. Bank shall operate the Beta Program for a period of [***] or for such longer period as may be mutually agreed by the Parties. The Parties shall agree on a process for monitoring the Beta Program and for identifying and correcting any issues with the Beta Version; provided, that, Bank shall be required to correct any issue(s) with the Beta Version (including by implementing any fixes) within [***] of identifying such issue(s). Bank shall be responsible for monitoring the Beta Program and for identifying any issues uncovered through the operation of the Beta Program within [***] of identifying any such issues.

11.Bank will annually obtain and deliver to Company, at Bank’s sole expense, a Statement on Standards Attestation Engagement (SSAE) No. 16 Service Organization Controls (SOC) No.1 Type II, the international equivalent (ISAE 3204 Type II report), or an industry equivalent report agreed to by Company for any services performed or outsourced by Bank that are financially relevant to Company (including, without limitation, transaction processing or data-center management). The scope of any report will include control testing of both Bank’s and any third party’s information technology systems and any material reports provided to Company and will cover [***]. A full copy of the annual SSAE 16 SOC1 Type II or industry equivalent report will be provided to Company no later than [***]. In response to an inquiry from Company [***], a representative from Bank will provide a bridge letter indicating that there have not been any material changes in the internal controls described in the most recent SOC1 Type II report since it was issued or any significant deficiencies in the design or effectiveness of Bank’s internal controls and procedures that would require any corrective action.

For purposes of this Exhibit E, “Account Loss” or “Account Losses” means “losses, net of recovery, from fraud, disputed items, return deposits, forced card transactions, and reclamations in connection with Card and T-Mobile Customer Account activity.

[***]

[***]

Notwithstanding anything to the contrary, the measurement period for Account Losses will be the [***] thereafter (each, a “Measurement Period”). At the end of a Measurement Period, the Parties will review the Account Losses [***].

The Parties agree to meet [***] to review performance of the Account Losses [***].

[***]

program, (ii) provide, by the third (3rd) business day of the following month, end of month reports to enable Company to accrue for activity occurring in the then-current month, and (iii) provide by the seventh (7th) business day a prior month revenue and expense reports to Company (“Revenue and Expense Reports”). The Revenue and Expense Reports: (1) shall report gross amounts; (2) shall not net any line items; (3) shall support funds received (i.e., grossed-up reporting should match ACH amounts); (4) shall not include any customer-level information; and (5) shall separate revenue and expenses by Company subscribers and non-subscribers. Each revenue item or fee identified in the Revenue and Expense Reports shall be a separate line item with the amount of the revenue or fee, as applicable, and the method for calculating the amount (i.e., per unit amount, counts, rates, number of days, etc.).

“Applicable Privacy and Data Security Laws” means all privacy, security, data protection, direct marketing, consumer protection, and workplace privacy laws, rules, and regulations and all then-current industry standards, guidelines, and practices with respect to privacy, security, data protection, direct marketing, consumer protection, or workplace privacy, including the collection, processing, storage, protection, and disclosure of personal information.

“Company Information” means any information [***].

1.Handling of Company Information.

1.1.    Bank: (a) [***]; (b) will, without limiting any other obligations applicable to Company Information, treat and protect all Company Information as Confidential Information owned (as between Bank and Company) by Company and the Agreement regardless of whether Bank receives it directly from Company, Company affiliates, or any of its or their customers, designees, intermediaries, or other third parties; and (c) will ensure that all persons who have access to Company Information [***].

1.2.    Bank will comply with all Applicable Privacy and Data Security Laws and will not cause Company to be in violation of any Applicable Privacy and Data Security Laws.

1.3.    Bank will comply with all written privacy and security policies of Company upon execution of the Agreement or, in the case of future or updated policies, [***], subject to Section 2.4 below.

[***]. “De-Identified Data” means Company Information that has been scrubbed, hashed, encrypted, or otherwise obscured to remove any personally identifiable information.

1.5.    [***].

1.6.    For clarity, Bank’s compliance with any particular provision of this Exhibit J will not relieve Bank’s obligation to protect Company Information and other Confidential Information of Company under all provisions of the Agreement, including this Exhibit J.

2.1.    Bank shall be fully responsible for any authorized or unauthorized collection, storage, disclosure, use of, and access to Company Information under its control or made available to Bank under the Agreement. Bank will prevent any collection, storage, disclosure, use of, or access to Company Information not expressly authorized by the Agreement. Without limiting Bank’s other obligations under this Exhibit J, Bank will implement and maintain a comprehensive and effective written information security program appropriate to the nature of the Company Information that: (a) [***] (“Safeguards”), (b) meets industry best practices for such Safeguards, and (c) complies with all Applicable Privacy and Data Security Laws. Bank will (i) [***], (ii) [***], and (iii) [***]. Company reserves the right to review, upon request, Bank’s policies, procedures, and practices used to maintain the privacy, security, and confidentiality of Company Information.

2.2.    Bank shall, while this Agreement is in effect, prepare and maintain an information and physical security program in connection with the Program in accordance with the requirements of its Regulatory Authority and Applicable Law. [***]. Bank shall periodically test such information security infrastructure as required by Applicable Law and its Regulatory Authority and as appropriate and prudent in light of the nature and scope of the

2.3.    Bank will: (a) [***]; (b) [***]; (c) [***]; (d) [***]; (e) [***]; (f) [***]; (g) [***]; and (h) [***].

2.4 Changes to Security Program. Bank will, [***] update its security program and operations (including network and business systems and software) as necessary for ongoing compliance with the Agreement. Such updates will include updates to: (a) [***], (b) [***], (c) maintain current compliance with Applicable Privacy and Data Security Laws, and (d) meet new legal or regulatory requirements under other Applicable Law. To the extent a change in Bank practices is required [***], any changes to Bank’s security program or other operations in connection with the Program will be made in accordance with the requirements of Bank’s Regulatory Authority. To the extent additional controls or mitigation plans are required to correct a security vulnerability within Bank Systems (as defined below), identified by a security audit or are required by Applicable Law (including changes in Company policies adopted to comply with Applicable Law), such steps will [***].

3.1.    Bank represents and warrants that: (a) [***] (each, a “Security Breach”); and (b) if the Bank Systems have suffered [***] Security Breaches, that Bank has disclosed each Security Breach to Company in writing. Bank represents and warrants that [***].

3.2.    Bank will notify Company [***] if Bank learns that there has been any actual Security Breach that may impact Company Information. In any notification

to Company required under this Section 3.2, Bank will [***]. Bank will: (a) [***]; and (b) [***]. Bank will [***]. Unless prohibited by Applicable Law or court order, Bank will [***]. Except as required by Applicable Law, (x) [***], and (y) [***] (e.g., [***]) [***].

4.1.    Bank Risk Management Review. Company reserves the right to require Bank to complete Company’s Bank Risk Management Review (“SRMR”) process [***].

4.2.    Previous Security Audits. Bank hereby represents and warrants that Bank Systems have been the subject of [***] information security audits conducted by internal employees that report directly to the Bank’s Board of Directors or, if externally prepared, by a qualified, independent and nationally recognized third party. Bank further represents and warrants that it will share with Company the non-confidential results of the most recent audit and will communicate any steps taken to remedy potential or actual vulnerabilities. Bank hereby represents and warrants that either: (a) [***]

4.3.    Future Security Audits. [***], Bank will procure, [***], security audits of the Bank Systems, control activities, and processes established and maintained by Bank, including any third-party data centers utilized by Bank. Each such audit will be carried out by an independent registered public accounting firm nationally recognized in the United States and reasonably acceptable to Company, and will conform to the requirements for a SOC2 Type II audit, as set forth in the Statement on Standards for Attestation Engagements No. 16 published by the American Institute of Certified Public Accountants (a “Security Audit”). Bank will provide Company with the results of each Security Audit within thirty (30) days of completion (or upon request), including: (a) whether the Security Audit revealed any material findings in the Bank Systems, and (b) if so, the nature of each finding discovered. If the Security Audit reveals [***], Bank will [***]. Bank will complete all critical corrections within a reasonable timeframe of completion of the Security Audit. Notwithstanding anything in the Agreement to the contrary, Company may terminate the Agreement [***] if Company determines that any material deficiency identified in any Security Audit creates an unacceptable level of risk for Company, its employees, or its customers. In such event, [***]. Bank will give Company a full copy of the reports on which the Security Audit is based and such reports will be treated as Confidential Information of Bank. Bank will also give Company a management representation letter stating that, to the knowledge of Bank management after reasonable investigation, there have been no changes to the control environment between the date of the management representation letter and the date of the Security Audit. [***] between the period covered by the tests of controls and the delivery of the Security Audit. Bank’s failure to procure the Security Audit or to complete corrections in a timely manner will be a material breach of the Agreement.

4.4.    Visitation and Inspection Rights. Company or its authorized representatives, which may not be a competitor of the Bank, may, at any time upon reasonable notice to Bank, visit any or all locations of the Bank to inspect the Bank’s due diligence for Bank Systems and to assess Bank’s performance of its obligations under this Exhibit J, and Bank will share with Company any information reasonably requested by Company in connection with due diligence of Bank’s third party service providers involved with Bank Systems. For purposes of such an inspection, Bank will grant to Company and its representatives reasonable access, during normal business hours, to the Bank and to Program-related books, records, procedures, and information that relate to Bank’s performance under this Exhibit J, including any Program information Company deems reasonably necessary to ascertain any facts that relate to Bank’s performance hereunder. If: (a) Company determines in connection with any such inspection that Bank has failed to perform any of its material obligations under this Exhibit J, and (b) Company notifies Bank in writing of Bank’s breach of this Exhibit J, then Bank will, [***], develop a corrective action plan in cooperation with Company. The corrective action plan will not limit Company’s rights to terminate this Agreement in accordance with its terms. Bank will then have

[***]. Failure to rectify a material failure will be considered a material breach. In addition, Bank’s obligation to develop a corrective action plan and remediate any failure to perform its obligations under this Exhibit J will survive termination or expiration of this Agreement until such corrective action is deemed complete by Company. Such plan will include timeframes for completion and will be subject to Company’s reasonable approval and Bank will promptly implement such plan [***]. These inspection and corrective action rights supplement, and in no way limit, Company’s other rights under the Agreement.

4.5.    Application Security Testing. The Bank will, [***]. Bank will [***], Company may hire a mutually agreed-upon, independent third party to conduct additional testing in which Bank will submit the software or any applications with access to Company Information to security testing by the independent third party provider. Bank will cooperate with such application security testing, including by making appropriate arrangements for secure access to the application’s functional software (not source code) if reasonably required. If security testing reveals a vulnerability in the software (or any portion thereof), Bank will correct such vulnerability within the agreed upon reasonable timeframes. The mutually agreed upon independent third party provider or Bank will determine the vulnerability level for purposes of this Section 4. Bank’s failure to correct a vulnerability will be considered a material breach of the Agreement.

5.1.    Promptly upon Company’s request, Bank will provide Company with access to or delivery of Company Information, or any portion thereof identified by Company, being stored, processed, or transmitted or otherwise in Bank’s possession or control or that of its agent or subcontractor, in a form and format requested by Company.

5.2.    Bank will [***] notify Company in writing of (a) any inquiry received by Bank or its subcontractor from any individual relating to, among other things, the individual’s right to access, modify, or correct Company Information and (b) any complaint received by Bank or its subcontractor relating to the processing of Company Information. Bank will [***] comply and fully cooperate with all instructions of Company with respect to any action taken with respect to such inquiry or complaint.

5.3.    Before allowing or enabling a subcontractor or agent to have access to Company Information, Bank must evaluate and validate the subcontractor’s or agent’s capabilities to maintain the security of Company Information in accordance with the Agreement.

6.1.    For purposes of this Section 6, “Cardholder Information” means “any individual numbers used to identify credit or debit card or other similar card accounts or other personally identifiable information relating to the use of Cards, including the full primary account number, cardholder name, expiration date, service code, track data (from the magnetic stripe or equivalent

6.2.    PCI Standards. Bank represents, warrants, and covenants that Bank is presently in compliance with and will remain, at all times during and after the Term during which Bank stores, processes, or transmits Cardholder Information, in compliance with the most recent effective versions of all rules, regulations, standards, and guidelines adopted or required (a) by any entity offering or supporting payment card networks whose Cardholder Information is handled by Bank, and (b) by the Payment Card Industry Security Standards Council (the “Council”), in each case, relating to privacy, data security, or the safeguarding, disclosure, or handling of Cardholder Information, including the Payment Card Industry Data Security Standards, the Payment Card Industry’s Payment Application Data Security Standard, the Payment Card Industry’s PIN Transaction Security requirements, Visa’s Cardholder Information Security Program and Payment Application Best Practices, American Express’s Data Security Operating Policy, MasterCard’s Site Data Protection Program and POS Terminal Security program, and the analogous security programs implemented by other payment card networks, in each case, as amended, updated, replaced, or augmented from time to time (the standards described in this clause (c) being collectively referred to as the “PCI Standards”). Bank will, [***], perform all tasks, assessments, reviews, penetration tests, scans, and other activities required under the PCI Standards (including any compliance guidance related to the PCI Standards issued by the Council, its subordinate bodies, or any successors thereto) and otherwise to validate Bank’s compliance during the Term with the PCI Standards. To the extent that Bank is hosting a system or application which is Internet facing, its PCI attestation of compliance must be performed by a qualified security assessor. Bank will deliver to Company copies of all documentation necessary to verify compliance with these requirements (“Verification Documentation”). In the event Company reasonably determines that additional Verification Documentation is required under the PCI Standards or likely to be so required to verify such compliance, including a “Report on Compliance,” and an associated unqualified “Attestation of Compliance,” then, upon Company's request [***], Bank will provide such additional Verification Documentation to Company [***] from Company's request, or the timeframe required for Company to remain compliant, whichever is less. [***], Bank will deliver to Company a copy of the Verification Documentation, applicable to the Cardholder Information environment [***]. [***], Bank will deliver to Company, [***], evidence of a passing vulnerability scan applicable to the Cardholder Information environment conducted within [***]. Bank will [***] notify Company in writing of any exception in a Report on Compliance, Attestation of Compliance, or [***] vulnerability scan if Bank learns that it is no longer PCI Standards compliant or if it reasonably anticipates that it is or will be non-compliant. Such notification will include, in detail, the steps being taken by Bank to remediate such exception or non-compliance.

6.3.    Bank will not commit any act or omission that causes Company to violate the PCI Standards or to be fined, sanctioned, or penalized for the failure to properly protect, secure, maintain, use, or store Cardholder Information, including by any payment card network, the Council, merchant banks, or any other third party.

its personnel or subcontractors stores, possesses, transmits or controls.

6.5.    Bank will access, use, and disclose Cardholder Information only as and to the extent necessary to: (a) process and otherwise facilitate credit and debit transactions on Company's behalf; (b) comply with Applicable Laws, PCI Standards, payment card network rules and requirements, and written Company policies; and (c) as otherwise instructed in writing by an authorized by an officer of Company.

6.6.    If there is a known Security Breach of Cardholder Information within the Bank’s Systems, Bank will notify its Regulatory Authority and then Company, and then, as quickly as reasonably possible, provide to Company a list of the compromised T-Mobile Accounts as well as any other information reasonably requested by Company. Bank will work with payment card networks, merchant banks, and any of their respective agents and designees to remediate the situation to minimize financial loss and Bank will cooperate fully with any investigation, verification, testing, and review of Bank’s compliance with the PCI Standards. This Section 6.6 does not limit Section 3 of this Exhibit.

7.Cybersecurity Cooperation. Each Party acknowledges the importance of cooperating with the other Party with respect to issues related to cybersecurity and agrees to work with the other Party to establish a cybersecurity partnership team to share insight and best practices, as appropriate, for the mutual benefit of the Parties and for the benefit of the Program. The Parties agree that the cybersecurity partnership team will meet [***].

8.Entire Exhibit. If there is any conflict or inconsistency between this Exhibit J and any provision of the Agreement, such conflict or inconsistency will be resolved by giving precedence to this Exhibit J.