Services Agreement, dated March 29, 2022, between Retail Finance Servicing, LLC and Fiserv Solutions, LLC

This is an AMENDED AND RESTATED SERVICES AGREEMENT made and effective as of March 29, 2022 (the “Effective Date”) by and between FISERV SOLUTIONS, LLC (“Fiserv”), a Wisconsin limited liability company with offices at 255 Fiserv Drive, Brookfield, Wisconsin 53045, and RETAIL FINANCE SERVICING, LLC (“RFS”), a Delaware limited liability company with offices at 170 Election Road, Suite 125, Draper, Utah 84020.

This Agreement is being made and entered into with reference to the following:

(a)RFS and the RFS Affiliates are subject to a wide range of regulatory oversight and requirements in connection with its financial services business;

(b)RFS desires that certain payment card processing, production support (including card embossing and printing and mailing of statements and letters), software development, financial technology services and related activities be performed and managed by an experienced and capable vendor skilled in the performance of these services;

(c)Fiserv wishes to perform the requested services for RFS and has the skills, qualifications, and experience necessary to perform and manage such services in an efficient, cost-effective and controlled manner with a high degree of quality and responsiveness; and

(d)[***]

The Parties desire to establish uniform terms and conditions which will:

(a)allow Fiserv and its Affiliates to provide to RFS and its Affiliates various products and services, including RFS’ (i) receipt of certain processing services and professional services; (ii) receipt of certain production and related services; and (iii) receipt of certain financial technology services;

(b)allow (i) RFS or RFS’ Affiliates, and (ii) Fiserv or Fiserv’s Affiliates, to add New Services, as defined herein, in order for RFS and/or RFS’ Affiliates to receive additional services under this Agreement;

(c)be applicable to all future services provided under this Agreement by (i) Fiserv and its Affiliates to (ii) RFS and its Affiliates;

(d)enable RFS and its Affiliates to focus on core competencies and on those activities which provide a competitive advantage;

(e)enable RFS to combine and use common technologies, processes and procedures to perform the various functions related to the Services;

(f)establish a flexible framework within which to quickly respond to evolving technologies, competitive conditions, and RFS’s changing business needs;

(g)identify means to improve services and reduce costs to RFS and to enable RFS to improve and expand its business operations; and

(h)provide for the uninterrupted transitioning of responsibility for performing the Services back to RFS or its designee(s) in connection with the termination or expiration of this Agreement.

The goals and objectives provided in this Article 1 are intended to be a general introduction and are not intended to expand the scope of the Parties' obligations under this Agreement or to alter the plain meaning of the terms and conditions of this Agreement.

The following terms will have the meanings provided below with respect to this Agreement:

(a)[***]

(b)[***]

(c)“AAA” shall have the meaning provided in Section 22.2(a).

(d)“AAA Rules” shall have the meaning provided in Section 19.4.

(e)“Account” shall mean the legal relationship established between RFS and any Account Holder for the provision of a financial service or product together with the current status of such account and any database records used to reflect the current disposition of such relationship or its history.

(f)“Account Holder” shall mean any natural person or corporation, company, organization, or other entity who is assigned an Account by, or establishes an Account with, RFS; provided however, an Account Holder does not include a retailer or merchant customer of RFS or a vendor of RFS.

(g)“Action Plan” shall have the meaning provided in Section 13.9(b).

(h)“Active Account” shall mean, solely with respect to Technology Services, any Designated Account that, during the period of determination as to whether such Designated Account is an Active Account, had a balance or for which a debit, credit, or payment has taken place during such period.

(i)“Affiliate” shall mean:

(i)With respect to RFS: any corporation, limited liability company, partnership, limited partnership, business trust, mutual insurance company, joint venture or other entity or business that, directly or indirectly, Controls, is Controlled by, or under common Control with, RFS at any time during the Term, whether now existing or subsequently created or acquired during the Term. At RFS’ option, (A) an entity that was receiving the Services at the time it ceased being Controlled by RFS (or an Affiliate of RFS), and (B) the purchaser of a line of business of RFS (or an Affiliate) which was receiving the Services at the time of sale (but only with respect to such line of business) shall continue to be deemed an Affiliate for such period designated by RFS (not to exceed [***], in accordance with Section 3.2(a)(iii) of this Agreement); and

(ii)With respect to Fiserv: any entity Controlled by Fiserv, Inc. at the time in question.

(j)[***]

(k)[***]

(l)“Agreement” shall mean this Amended and Restated Services Agreement, including its schedules, attachments exhibits, and appendices, all as amended from time to time.

(m)“Applicable Laws” shall mean:

(i)any applicable law, statute, regulation, ordinance or subordinate legislation in force from time to time to which a Party or any of its Affiliates is subject;

(ii)the common law as applicable to the Parties from time to time;

(iii)any binding court order, judgment or decree (including consent decree); and

(iv)any applicable directive, policy, rule or order that is binding on a Party and that is made or given by any government, an agency thereof, or any regulatory body of any country or other national, federal, commonwealth, state, provincial or local jurisdiction.

(n)[***]

(o)“Assessment Notice” shall have the meaning provided in Section 13.9(b).

(p)“BCP” shall have the meaning provided in Section 3.5(a).

(q)[***]

(r)[***]

(s)[***]

(t)[***]

(u)“Business Day” shall mean every day Monday through Friday other than those holidays (not to exceed fifteen (15) per calendar year) when RFS’ corporate headquarters is not scheduled to be open for business. References in this Agreement to “days” that do not specifically refer to Business Days are references to calendar days and, unless otherwise provided, a period of more than seven (7) days that expires on a day other than a Business Day shall be automatically extended to the next following Business Day.

(v)“Card Account” shall mean an Account established pursuant to a debit card, dual card, bank card, private label card or stored value card agreement.

(w)“CCPA” shall mean the California Consumer Privacy Act of 2018, and the implementing regulations and regulatory interpretations thereto, as amended from time to time.

(x)“Change Control Committee” shall have the meaning provided in Section 12.6(c).

(y)“Change Control Procedure” shall have the meaning provided in Section 12.6(b).

(z)“Charges” shall mean any charges for the Services set forth in or described in Schedule C or elsewhere in this Agreement. The term “Charges” does not include (i) Pass-Through Expenses; (ii) Out-of-Pocket Expenses; or (iii) Taxes.

(aa)“Claim(s)” shall mean any civil, criminal, administrative, or investigative claim, demand, action, charge, or proceeding then pending or threatened by a third party against either Party or its Affiliates.

(ab)“Commercially Reasonable Efforts” shall mean taking such steps and performing in such a manner as a well-managed business would undertake where such business was acting in a

determined, prudent, cost-effective and reasonable manner to achieve a particular desired result for its own benefit in similar circumstances, taking all relevant factors into account.

(ac) “Confidential Information” shall have the meaning provided in Section 14.5(a).

(ad)[***]

(ae)“Contract Year” shall mean each consecutive twelve (12) month calendar year period; except, the first Contract Year shall begin on the Effective Date and end on December 31, 2022 (“Contract Year One”). Subsequent Contract Years shall begin on January 1 and end on December 31 (or, if earlier upon termination/expiration of this Agreement).

(af)“Control” and its derivatives shall mean with regard to any entity the legal, beneficial or equitable ownership, directly or indirectly, of: (i) fifty percent (50%) or more of the capital stock (or other ownership interest, if not a stock corporation) of such entity ordinarily having voting rights; (ii) in the case of RFS, (A) [***] or more of the capital stock (or other ownership interest, if not a stock corporation) and (B) either (1) a greater percentage than any other juridical person or (2) management control by agreement; or (iii) (with respect to an entity not domiciled in the United States) the greater of [***] of the capital stock (or other ownership interest, if not a stock corporation) and the maximum percentage allowed by local law for a United States domiciliary to directly or indirectly own in accordance with local law.

(ag)“Conversion” or any derivation thereof (i.e., Convert) shall mean (i) the transfer of data relating to Designated Accounts from the processing system(s) in which that data at the time of transfer resides and is processed to the Fiserv System, with the Fiserv System, at the time of such transfer, being capable of performing the Fiserv System’s account processing services for such data; (ii) the commencement of the processing of such Designated Accounts by the Fiserv System for production, and not testing, purposes; and (iii) the performance of the activities necessary to undertake and complete the activities described in clauses (i) and (ii).

(ah)“Core Card Processing Platform” shall mean the equipment, Software, systems, and interfaces used by Fiserv to perform the core card processing services of authorization, maintaining an account on file, and settlement under the Technology Services Tower.

(ai)“Cycle Schedules” shall have the meaning provided in Section 12.6(a)(v).

(aj)“Default Rate” shall mean the rate identified as the Prime Rate in The Wall Street Journal from time to time.

(ak)“Designated Account” shall mean the Card Accounts designated by RFS as receiving the Technology Services.

(al)“Development Hour Rate” shall have the meaning provided in Section 9.5(f).

(am)“Dispute Date” shall have the meaning provided in Section 22.1(a)(i).

(an)[***]

(ao)“Documentation” shall mean the written User Manuals and bulletins for the Fiserv Systems provided by Fiserv from time to time.

(ap)“DRP” shall have the meaning provided in Section 3.5(a).

(aq)“Effective Date” shall have the meaning provided in the preamble to this Agreement.

(ar)[***]

(as)“Equipment” shall mean the computer and telecommunications equipment (without regard to which entity owns or leases such equipment) used by Fiserv and its Subcontractors to provide the Services. Equipment includes the following:

(i)computer equipment, including associated attachments, features, accessories, peripheral devices, front end devices, and other computer equipment;

(ii)telecommunications equipment, including private branch exchanges, multiplexors, modems, CSUs/DSUs, hubs, bridges, routers, switches and other telecommunications equipment; and

(iii)related services (e.g., maintenance and support services, upgrades, subscription services) provided by third parties (e.g., manufacturer and lessor) in the same or related agreement covering the provision of such Equipment.

(at)[***]

(au)[***]

(av)[***]

(aw)[***]

(ax)[***]

(ay)“FFIEC” shall mean the Federal Financial Institution Examination Council.

(az)“Financial Related Crime” shall mean any criminal offense involving dishonesty, a breach of trust, or money laundering, including offenses described in §19(a)(2)(A)(i) of the Federal Deposit Insurance Act.

(ba)[***]

(bb)[***]

(bc)“Fiserv Confidential Information” shall have the meaning provided in Section 14.5(c).

(bd)“Fiserv General Manager” shall have the meaning provided in Section 5.1(a)(iii).

(be) “Fiserv Information” shall mean all information, in any form, furnished or made available directly or indirectly by Fiserv to RFS or otherwise obtained by RFS from Fiserv.

(bf)[***]

(bg)“Fiserv Intellectual Property” shall have the meaning provided in Section 7.2(a).

(bh)“Fiserv Licensed Software” shall have the meaning provided in Section 3.3(b).

(bi)“Fiserv Personnel” shall mean employees of Fiserv, employees of its Affiliates, and employees of its Subcontractors (and any individual independent contractors engaged by Fiserv, its Affiliates or Subcontractors) assigned to perform the Services.

(bj)“Fiserv-Provided Third Party Software” shall mean the third party Software, if any, provided by Fiserv to RFS or used by Fiserv to provide the Services.

(bk)“Fiserv Regulatory Agencies” shall have the meaning provided in Section 13.1(a).

(bl)“Fiserv Security Incident” shall mean any event or circumstance that involves:

(i)unauthorized access, use, or acquisition of data that compromises the confidentiality, integrity or availability of any RFS Data (A) while such RFS Data is either maintained or being processed by Fiserv or any Fiserv Affiliate or Subcontractor; or (B) that is in transit between or among any of the following: Fiserv, Fiserv Affiliates, Fiserv Personnel or Fiserv Subcontractors;

(ii)unauthorized disclosure to a third party of RFS Data by Fiserv or any Fiserv Affiliate or Subcontractor; or

(iii)[***]

(bm)“Fiserv Software” shall mean, collectively: (i) Fiserv proprietary Software and (ii) Fiserv-Provided Third Party Software.

(bn)“Fiserv System” shall mean the Fiserv Software, Equipment and network connectivity and infrastructure provided by Fiserv to RFS or used by Fiserv to provide the Services (excluding network connectivity and infrastructure RFS provides under this Agreement).

(bo)[***]

(bp)“Force Majeure Event” shall have the meaning provided in Section 20.4(a).

(bq)[***]

(br)“Function” shall have the meaning provided in Section 9.5(b).

(bs)“Furnishing Party” shall have the meaning provided in Section 14.5(a).

(bt)“GAAP” shall mean United States generally accepted accounting principles, applied on a consistent basis.

(bu)“GLB Act” shall mean the Gramm-Leach-Bliley Act, 15 USC § 6801 et. seq., and the implementing regulations and regulatory interpretations thereto, as amended from time to time.

(bv)“Initial Term” shall have the meaning provided in Section 4.1.

(bw)“Intellectual Property” shall mean, collectively, any and all of the following: (i) software and other works of authorship, including associated copyrights, moral rights, databases, and mask-works; (ii) trademarks, service marks, trade names, logos and trade dress; (iii) trade secrets; (iv) patents, designs, algorithms, know-how, and other industrial property and rights thereto; (v) rights in domain names, universal resource locator addresses, telephone numbers (including toll free numbers), SMS addresses, social networking identifiers and similar identifiers; (vi) other intellectual and industrial property and rights thereto of every kind and nature, however designated, whether arising by operation of law, contract, license or otherwise; and (vii) registrations, initial applications, renewals, extensions, continuations, divisions or reissues thereof now or hereafter in force (including any rights in any of the foregoing); and in each case, including all rights thereof (including, as appropriate, the right to use, access, copy, perform, display, transfer, distribute, or create derivatives), as may arise or be protected under the laws of any country or any state or province.

(bx)[***]

(by)[***]

(bz)[***]

(ca)“Losses” shall mean all losses, liabilities, damages and claims, and all related costs, and expenses (including reasonable legal fees, and disbursements and costs of investigation, litigation, settlement, judgment, interest, and penalties).

(cb)“Monthly Charges” shall mean the Charges payable with respect to Services provided under this Agreement in a particular month, without regard to when such Charges are billed or payable and without reduction for Service Level Credits.

(cc)“Monthly Performance Report” shall have the meaning provided in Section 12.3(a).

(cd)“New Cycle Schedules” shall have the meaning provided in Section 12.6(a)(v).

(ce)[***]

(cf)[***]

(cg)“Non-Public Personal Information” shall have the meaning provided in the GLB Act, 15 U.S.C. § 6809(4), and shall include (i) an individual’s name, address, e-mail address, IP address, telephone number(s), and/or social security number; (ii) the fact that an individual has a relationship with RFS or any of its Affiliates; and (iii) an individual’s or RFS’ or its Affiliates’ customer’s account information.

(ch)“Non-Renewal Election” shall have the meaning provided in Section 4.2.

(ci)“Notice” shall have the meaning provided in Section 22.2(b).

(cj)“Notice of Election” shall have the meaning provided in Section 19.6(a).

(ck)“Notifying Party” shall have the meaning provided in Section 22.2(b).

(cl)“OFAC” shall mean the US Department of Treasury Office of Foreign Assets Control.

(cm)“Out-of-Pocket Expenses” shall mean reasonable, demonstrable, and actual out-of-pocket expenses incurred by Fiserv, but not including Fiserv’s overhead costs (or allocations thereof), administrative expenses, or other mark-ups. In determining Fiserv’s expenses, Fiserv’s actual, incremental expense shall be used and shall be net of all rebates, discounts, and allowances received by Fiserv.

(cn)“Party” shall mean either Fiserv or RFS, as appropriate, and “Parties” means Fiserv and RFS.

(co)“Pass-Through Expenses” shall have the meaning provided in Section 9.2(a).

(cp)“PCI DSS” means the Payment Card Industry Data Security Standards available at http://www.pcisecuritystandards.org, as amended from time to time.

(cq)[***]

(cr)“Performance Standards” shall mean, individually and collectively, the quantitative and qualitative performance standards and commitments for the Services contained in this Agreement, including Service Levels.

(cs)“Permitted User” shall have the meaning provided in Section 3.2(a).

(ct) “Personal Data” shall mean “personal information” as defined in the California Consumer Privacy Act of 2018 (as amended from time to time) or a similar term as defined in any applicable privacy or data protection law or regulation of one of the states of the United States, whether relating to an Account Holder or otherwise, that has been obtained by Fiserv from or on behalf of RFS in connection with the Services.

(cu)“Production Services” shall mean the portion of the Services described as such in Schedule A. Production Services shall be one of the Service Towers.

(cv)“Production Services Tower” shall mean the Service Tower for the Production Services.

(cw)“Prohibited Persons Lists” shall have the meaning provided in Section 5.2(d)(i)(C).

(cx)“Receiving Party” shall have the meaning provided in Section 14.5(a).

(cy)[***]

(cz)“Refresh Acceptance” shall have the meaning provided in Section 20.3.

(da)“Refresh Request” shall have the meaning provided in Section 20.3.

(db)“Regulatory Agencies” shall have the meaning provided in Section 13.1(a).

(dc)[***]

(dd)“Renewal Term” shall have the meaning provided in Section 4.2.

(de) “Required Consents” means consents required by a third party for another entity to have access to or make use of such third party’s Software.

(df)“RFS Confidential Information” shall have the meaning provided in Section 14.5(b).

(dg)“RFS Contract Manager” shall have the meaning provided in Section 8.1(a).

(dh)“RFS Data” shall mean [***].

(di) “RFS Functional Executive” shall have the meaning provided in Section 5.1.

(dj)“RFS Information” shall mean all information, including RFS Data, in any form, furnished or made available directly or indirectly to Fiserv by RFS or otherwise obtained by Fiserv from RFS.

(dk)[***]

(dl)[***]

(dm)“RFS Intellectual Property” shall have the meaning provided in Section 7.1(b).

(dn)“RFS Legal Requirements” shall have the meaning provided in Section 16.1(c).

(do)[***]

(dp)“RFS Regulatory Agencies” shall have the meaning provided in Section 13.1(a).

(dq)[***]

(dr)“RFS Supplier Assessments” shall have the meaning provided in Section 13.9(a).

(ds)“Root Cause Analysis” or “RCA” shall mean the process of determining the underlying reason for an error or problem, so that the process that produced the error/problem can be altered in a way that prevents or reduces the risk of it from recurring.

(dt)“Rules” shall mean the rules, regulations, and other requirements of the PCI Security Standards Council or any payment network, including those of VISA, MasterCard, Discover and the National Automated Clearing House Association, as amended from time to time.

(du)“Service Levels” shall have the meaning provided in 11.1.

(dv)“Service Level Credits” shall means credits calculated as liquidated damages for failure to satisfy penalty-bearing Service Levels as set forth in mutually agreed upon written specifications.

(dw)“Service Tower” shall mean a group of Services that the Parties designate as a separate “Service Tower” in this Agreement or in mutually agreed upon written specifications.

(dx)“Services” shall have the meaning provided in Section 3.1(a).

(dy)“Small Business” means a business that is organized for profit, with a place of business located in the U.S. and eligible for assistance from SBA (Small Business Administration). Together with its affiliates, it must meet the numerical size standards as defined in the Small Business Size Regulations. 13 CFR Part 23.

(dz)“Software” shall (unless a more specific reference is provided) mean computer software, whether applications software or systems software.

(ea)“SSAE 18” shall have the meaning provided in Section 13.3.

(eb)“Statement of Work” or “SOW” shall have the meaning provided in Section 3.1(e) hereof.

(ec)“Steering Committee” shall have the meaning provided in Section 12.2(a).

(ed)“Subcontractor” shall have the meaning provided in Section 12.8(a).

(ee)“Tax” or “Taxes” shall (unless the context otherwise requires) mean any federal, state, local or foreign net or gross income, gross receipts, license, payroll, employment, excise, severance, stamp, occupation, premium, customs duties, capital stock, franchise, profits, withholding, social security (or similar), unemployment, disability, real property, personal property, sales, use, transfer, registration, value added, alternative or add-on minimum, estimated, or other tax, governmental fee or like assessment or charge of any kind whatsoever.

(ef)“Technology Services” shall mean the portion of the Services described as such in an Attachment to Schedule A. Technology Services shall be one of the Service Towers.

(eg)“Technology Services Tower” shall mean the Service Tower for the Technology Services.

(eh)“Term” shall mean the Initial Term and any Renewal Terms.

(ei)“Termination/Expiration Assistance” shall have the meaning provided in Section 21.12(a).

(ej)“Termination/Expiration Assistance Plan” shall have the meaning provided in Section 21.12(b).

(ek)[***]

(el)“Update” shall mean any new version, release update, upgrade, enhancement, or bug fix made available by Fiserv, including as part of maintenance and support.

(em)“User Manuals” means user manuals for the Technology Services explaining how the Fiserv System operates and how RFS may configure and use the Fiserv System, including report descriptions and formats.

(en)“Virus” shall mean: (i) program code or programming instruction or set of instructions intentionally designed to disrupt, disable, harm, interfere with, or otherwise adversely affect computer programs, data files, or operations; or (ii) other code typically described as a virus or by similar terms, including Trojan horses, worms, or backdoors.

(eo)[***]

(ep)[***]

(a)As used in this Agreement, references to “RFS” include Affiliates of RFS in accordance with the following:

(i)A reference includes Affiliates of RFS where expressly so provided;

(ii)References to RFS in the following definitions include Affiliates of RFS (unless expressly provided to the contrary): Account, Account Holder, Personal Information, RFS Data and RFS Information; and

(iii)References to the business, operations, policies, procedures, and the like of RFS include Affiliates of RFS to the extent such Affiliates are receiving the Services.

(b)Subject to the foregoing, references to RFS shall include Affiliates of RFS as RFS reasonably designates.

(c)RFS and Fiserv each will be responsible for the acts and omissions of its respective Affiliates under this Agreement.

(a)Terms other than those defined within this Agreement shall be given their plain English meanings, and those terms, acronyms, and phrases known in the information technology services industry shall be interpreted in accordance with their generally known meanings. Unless the context otherwise requires, words importing the singular include the plural and vice-versa, and words importing gender include both genders. Unless the context otherwise requires, “persons” includes individual natural persons and legal entities.

(b)References to articles, sections, and paragraphs shall be references to articles, sections, and paragraphs of this Agreement, unless otherwise specifically stated.

(c)The article and section headings in this Agreement are intended to be for reference purposes only and shall not be construed to modify or restrict any of the terms or provisions of this Agreement.

(d)Where there is similar, but not identical, construction of phrases, sentences, or clauses of this Agreement they shall each be construed separately and independently, in accordance with their plain meaning.

(e)The words “include”, “includes”, “including”, and “e.g.”, when following a general statement or term, are not to be construed as limiting the general statement or term to any specific item or matter set forth or to similar items or matters, but rather as permitting the general statement or term to refer also to all other items or matters that could reasonably fall within its scope.

(f)The word “may” (unless followed by “not”) shall be construed as meaning “shall have the right, but not the obligation, to”.

(a)Scope. Fiserv shall provide the following services, functions and responsibilities, as they may evolve during the Term and as they may be supplemented, enhanced, modified or replaced (collectively, the “Services”):

(i)the services, functions and responsibilities described in this Agreement, including the services, functions and responsibilities described in Schedule A and in the other Schedules and Attachments hereto;

(ii)the services, functions and responsibilities [***], even if the services, functions or responsibilities are not specifically described in this Agreement, subject to any ongoing discussions or negotiations between the Parties as of the Effective Date regarding whether any such services, functions and responsibilities constitute New Services, which will be addressed in a manner consistent with Section 9.5(b) of this Agreement;

(iii)any New Services (subject to any new charges and other terms and conditions established with respect to such New Services in accordance with Section 9.5); and

(iv)any changes RFS contracts with Fiserv to perform pursuant to a change order executed by both Parties or amendment.

(b)Implied Services. If any services, functions, or responsibilities not specifically described in this Agreement are necessarily required for the proper performance and provision of the Services, they shall be deemed to be implied by and included within the scope of the Services to the same extent and in the same manner as if specifically described in this Agreement.

(c)Services Performed by RFS or Third Parties.

(i)[***]. Without limitation of the foregoing, RFS may sell Accounts, portfolios or lines of business which are receiving the Services, and if so elected by RFS any such sold Accounts, portfolios or lines of business will no longer be subject to this Agreement. RFS also may acquire Accounts, portfolios or lines of business and provide, or have third parties provide, Services in connection with such Accounts, portfolios or lines of business separately from this Agreement and the Services provided hereunder. [***]. For the avoidance of doubt, Fiserv’s approval is not required for any reduction of Services that RFS is entitled to make pursuant to the provisions of this Agreement, and any requirement that such changes be documented through the Change Control Procedure shall not be deemed to require Fiserv’s approval.

(ii)If a component of the Services is reduced pursuant to this Section 3.1(c), the charges for the Services shall be equitably adjusted in good faith to reflect [***] to Fiserv resulting from Fiserv's ceasing to provide the component of the Services no longer required. [***].

(iii)If RFS performs any of the Services itself or retains a third party to do so, Fiserv shall cooperate with RFS and any such third party, as reasonably necessary to enable each of RFS and such third party to perform its respective work, which cooperation shall include:

(A)to the extent that Fiserv exercises any control over any RFS facilities or any facility of an RFS Affiliate being used to provide the Services, providing reasonable access to such facilities;

(B)hosting and maintaining third party software packages as mutually agreed by the Parties, provided (1) Fiserv will not unreasonably refuse to host and maintain third party software packages when requested by RFS; and (2) any charges proposed by Fiserv for such hosting and maintenance shall be determined in the same manner that charges for New Services are to be determined under this Agreement;

(C)providing reasonable access to the Fiserv System (to the extent permitted under any underlying agreements with third parties) and to the other relevant Fiserv-operated interfaces and production facilities to enable integration of third party platforms with the Fiserv System; and

(D)providing such information regarding the operating environment, system constraints and other parameters as a person with reasonable commercial skills and expertise would find reasonably necessary for RFS or a third party to perform its work.

(iv)Third parties retained by RFS shall comply with Fiserv's reasonable security and confidentiality requirements, and shall, to the extent performing work interfacing with the Fiserv System or Fiserv Equipment, comply with Fiserv's reasonable work standards, methodologies and procedures, as have been provided by Fiserv. Fiserv shall promptly notify RFS if an act or omission of such a third party may cause a problem or delay in providing the Services and shall work with RFS to prevent or circumvent such problem or delay.

(d)[***]

(e)Statements of Work. All Services to be provided by Fiserv hereunder as of the Effective Date are described in written specifications that have been mutually agreed upon by the Parties in accordance with Section 12.4 of this Agreement. Following the Effective Date, all New Services shall be provided pursuant to written statements of work in the form contained in Exhibit II to this Agreement (each a “Statement of Work” or “SOW”) or other such written amendment or other document which the Parties may agree. As applicable, each Statement of Work or other written amendment or other document upon which the Parties may agree may include or reference any applicable business requirements, mutually agreed project plans or milestone schedules, mutually agreed governance documents, or other mutually agreed project documents). All Statements of Work or other such written amendments or other documents shall be mutually agreed by the Parties, duly executed by their authorized representatives and be numbered in sequential order for each applicable Service Tower.

(f)[***]

(a)Subject to Section 3.2(b) and the licenses granted in Section 3.3, the Services shall be provided by Fiserv, and the Services may be used during the Term (including any period of Termination/Expiration Assistance, as provided in Section 21.12) by (collectively, the “Permitted Users”):

(i)RFS and its Affiliates;

(ii)third party suppliers and contractors of RFS and its Affiliates for the sole purpose of providing services to RFS and its Affiliates and other Permitted Users described in Section 3.2(a)(vi);

(iii)Former Affiliates for the period (up to [***]) designated by RFS that is reasonably necessary for such Former Affiliate to arrange to convert and then to actually convert its processing in an orderly manner, whether directly with Fiserv or to another system or supplier. During such period, Fiserv’s relationship shall continue to be with RFS (and RFS shall remain responsible for its obligations under this Agreement with respect to the Former Affiliate), and, unless otherwise agreed between Fiserv and the Former Affiliate, Fiserv shall have no obligation directly to the Former Affiliate;

(iv)RFS Regulatory Agencies as a part of any of their respective regulatory oversight responsibilities with respect to RFS;

(v)[***]; and

(vi)those third party clients or joint ventures with whom RFS or an Affiliate of RFS has a bona fide commercial relationship with respect to Card Account types described in Section 3.2(b) below but that is broader than mere resale of the Services.

(b)The Card Accounts for which a Permitted User may use the Services must meet one or both of the following criteria:

(i)RFS or an Affiliate of RFS is the issuer; or

(ii)RFS or an Affiliate of RFS is the servicer for the Account.

(a)Fiserv System. Fiserv grants to RFS a limited, non-exclusive, non-transferable, royalty free (other than as set forth in this Agreement), worldwide license during the Term (and any Termination/Expiration Assistance period) to allow the Permitted Users to access and use the Fiserv System (including the functionality provided by the Fiserv Software that is part of the Fiserv System but not including the right to directly access the object code or source code of the Fiserv Software on the Fiserv System; provided, the restriction in this parenthetical shall not limit or prohibit (i) any such access that RFS has had to the Fiserv Software within the twelve (12) months prior to the Effective Date [***]; (ii) access and use of record layouts for purposes of identifying data fields available for queries and data extractions; or (iii) access and use of information for data mapping necessary for Account Conversions) to receive and use the Services as permitted in Section 3.2. The license granted in this Section 3.3(a) does not include a license to Fiserv Licensed Software (which is defined in and the subject of Section 3.3(b) below).

(b)Fiserv Licensed Software. Fiserv grants to RFS a limited, non-exclusive, non-transferable, royalty free (other than as set forth in this Agreement) license during the Term (and any Termination/Expiration Assistance period) to permit RFS and its Permitted Users to access and use the object code format of the Fiserv Licensed Software to receive and use the Services as permitted in Section 3.2. “Fiserv Licensed Software” shall mean the Fiserv Software provided by Fiserv or its Affiliates to RFS to use on RFS’ or its Affiliates’ own systems. The Parties will use reasonable efforts to implement a governance process to maintain a current list of the Fiserv Licensed Software. With respect to Fiserv Licensed Software, RFS shall not:

(i)disclose or distribute any Fiserv Licensed Software (in any format) to any third party other than a Permitted User;

(ii)permit any third party to access or use any Fiserv Licensed Software (in any format) through any time-sharing service, service bureau, or network consortium;

(iii)rent, lease, sell, sublicense, assign, or otherwise transfer its rights under the license granted in this Section 3.3 to any third party, whether by operation of law or otherwise, except as expressly permitted in this Agreement;

(iv)decompile, disassemble, reverse engineer, or attempt to reconstruct or discover any source code or underlying ideas or algorithms of any Fiserv Licensed Software;

(v)modify, alter or create derivative works of the source code for Fiserv Licensed Software, unless permitted under a separate written agreement between the Parties;

(vi)copy any Fiserv Licensed Software, except (A) for backup and archival purposes or (B) as necessary for production and testing; or

(vii)install Fiserv Licensed Software in, ship Fiserv Licensed Software to, or access Fiserv Licensed Software from any country other than the United States [***], without obtaining Fiserv’s advance written consent, provided that the foregoing list of permitted countries may be further expanded or limited with respect to specific Fiserv Licensed Software as may be agreed by the Parties from time to time [***].

(c)RFS will not remove (or allow to be removed) any proprietary rights notices from any Fiserv Licensed Software and will display the Fiserv Licensed Software name and the names, logos, trademarks, trade names, and any copyright notices of Fiserv and Fiserv’s licensors, as reasonably requested by Fiserv.

(d)RFS will comply with the United States Export Administration Act and all applicable use, export, and re-export restrictions and regulations of the U.S. Department of Commerce or other relevant U.S. agency or authority with respect to any use of or access to the Fiserv System or Fiserv Licensed Software by RFS or the Permitted Users that is subject to such restrictions and regulations.

(e)Fiserv reserves all rights in the Fiserv System and Fiserv Licensed Software that are not expressly granted to RFS in this Agreement.

(f)If RFS permits access to or use of the Fiserv System or Fiserv Licensed Software by the Permitted Users, RFS will be responsible for those Permitted Users’ compliance with the terms of this Agreement and any written specifications agreed to by the Parties from time to time, in each case, that are applicable to such access or use.

(a)As more fully described elsewhere in this Agreement, Fiserv will prepare, maintain, and provide at no additional cost to RFS one or more Business Continuity Plans (“BCP”) and/or Disaster Recovery Plans (“DRP”) (either herein referred to as the “Plan”) that collectively cover all Services under this Agreement. The Plans are designed to ensure Fiserv is capable of  providing such Services covered by the applicable Plan in accordance with the terms of this Agreement in the event of a disaster or other Plan triggering event covered by the applicable Plan, [***].

(b)[***]

(c)The applicable Plan for each product and Service shall be updated at least annually [***] and an executive summary of the updated Plan shall be provided to RFS, onsite or during an online meeting, within sixty (60) days after test execution.  The applicable Plan for each Service shall be tested and updated at least annually and RFS will be provided with an executive summary, online or during an online meeting, of the nature, scope, and test results [***].

(d)[***]

(e)[***]

The term of this Agreement shall commence on the Effective Date and expire on [***] (the “Initial Term”), unless it is terminated earlier or is extended pursuant to the terms hereof.

[***] election not to renew at least [***] days prior to the then-existing expiration date of this Agreement (“Non-Renewal Election”), at the end of the Initial Term (or the then-current Renewal Term) the Term shall be automatically extended for [***] (each such [***] period, a “Renewal Term”); provided that there shall not be more than [***] Renewal Terms. Absent earlier termination, the Term shall expire after the [***] Renewal Term. [***].

(a)Adequate Number of Qualified Personnel. Fiserv shall assign an adequate number of personnel to perform the Services. The personnel Fiserv assigns to perform the Services shall be properly educated, trained, and fully qualified for the Services they are to perform.

(b)Personnel Turnover. RFS and Fiserv both agree that it is in their mutual best interests to maintain the turnover rate of the Fiserv Personnel performing the Services to a reasonably low level. Accordingly, if RFS believes that Fiserv's turnover rate may be excessive and so notifies Fiserv, Fiserv shall provide data concerning its turnover rate, meet with RFS to discuss the reasons for, and impact of, the turnover rate and otherwise use Commercially Reasonably Efforts to keep such turnover rate to a reasonably low level. If appropriate, Fiserv shall submit to RFS its proposals for reducing the turnover rate, and the Parties will mutually agree on a program to bring the turnover rate down to an acceptable level. In any event, notwithstanding transfer or turnover of personnel, Fiserv remains obligated to perform the Services without degradation and in accordance with this Agreement.

(c)[***] Fiserv Personnel. If RFS determines in good faith that the continued assignment to the RFS account of one of the Fiserv Personnel who [***] or spends a majority of such person’s time of the RFS account, is not in the best interests of RFS, then RFS will give Fiserv written notice to that effect. After receipt of such notice, Fiserv shall have a reasonable period of time in which to investigate the matters stated in such notice, discuss its findings with RFS, and resolve any problems with such person. As requested by Fiserv, senior management of the Parties shall address and discuss the pertinent issues during the referenced time period. [***]. This provision shall not operate or be construed to limit Fiserv’s responsibility for the acts or omissions of Fiserv Personnel.

(d)Screening. The individuals who are assigned to perform the Services shall at all times meet the requirements provided below.

(i)Prior to assigning any individual to perform the Services in the United States (or if Services are to be performed outside of the United States, to the maximum extent permitted under local law), Fiserv shall satisfactorily perform the following screening activities:

(A)a five panel drug screen (except to the extent restricted by law) for any individuals hired after January 1, 2005;

(B)a criminal background check that (except to the extent restricted by law) includes a check for a conviction of, or participation in a pretrial diversion program regarding, a Financial Related Crime or job-related felony, in each case during the [***] period covered by the background check;

(C)a determination as to whether the person is subject to, or identified on, any prohibited persons lists, including the following [***] (collectively, the “Prohibited Persons List”); and

(D)a confirmation that the individual's employment complies with relevant immigration law in the country where he or she is employed and any country where he or she is present in order to provide the Services.

(ii)Fiserv shall not assign any person to perform the Services who:

(A)has failed the drug screen;

(B)has been convicted of, or participated in a pretrial diversion program regarding, a Financial Related Crime or a job-related felony, in each case during the [***] period covered by the background check;

(C)is listed on any of the Prohibited Persons Lists; or

(D)does not meet the requirements under immigration law to be employed in the applicable jurisdiction.

(iii)With respect to Services to be performed outside of the United States, except to the extent restricted by Applicable Law, Fiserv shall conduct those screening activities set forth on Schedule E with respect to any specific country and if no activities are listed in Schedule E for a particular country from which Fiserv provides the Services, Fiserv shall conduct the reasonably equivalent screening activities of Section 5.2(d)(i) using the criminal records and other relevant information in the applicable local jurisdiction.

(iv)[***]

Except to the extent specifically provided elsewhere in this Agreement, Fiserv shall be responsible for providing all resources (including Equipment and Software) necessary to provide the Services and will only recover such costs through the corresponding fixed and variable charges provided in the Schedule C.

If Fiserv has access to information technology systems, data and/or voice network circuits, or infrastructure made available by RFS or RFS Affiliates in the course of performing Services, Fiserv shall use such systems and network circuits and infrastructure exclusively for performing Services on authorized efforts. Unauthorized use of RFS’ or a RFS Affiliate’s information technology systems, network circuits and infrastructure includes the following:

(a)failure to reasonably safeguard resources from damage, misuse or theft;

(b)circumventing or attempting to compromise, for any reason, RFS computer security controls such as security software, computer dial-up controls and administrative or operational procedures, without consent of RFS;

(c)tampering with a computer system in a manner which is generally believed to (i) cause harm to computer information, or (ii) lead to the unavailability of the computer resources; and

(d)performing work of a personal or business nature not directly related to the work required to be performed under this Agreement.

(a)Grant of Right to Fiserv. RFS grants to Fiserv a fully paid-up, royalty-free, non-transferable, non-exclusive right during the Term (and any period of Termination/Expiration Assistance) to use the RFS Intellectual Property for the sole purpose of providing the Services pursuant to this Agreement, but (i) subject to obtaining Required Consents with respect to third party Intellectual Property licensed to RFS and (ii) only to the extent RFS agrees such RFS Intellectual Property is necessary for Fiserv to provide the Services. Fiserv may not use RFS Intellectual Property for the benefit of any entities other than RFS and its Affiliates and other Permitted Users in connection with this Agreement. Except as otherwise requested or approved by RFS in writing, Fiserv shall cease all use of the RFS Intellectual Property upon the later of (A) expiration or termination of this Agreement and (B) expiration or termination of the Termination/Expiration Assistance.

(b)Ownership. As between the Parties, RFS and its Affiliates retain all rights, title and interest in, and sole ownership of, RFS Intellectual Property, subject to the rights expressly granted under Section 7.1(a). “RFS Intellectual Property” means all Intellectual Property that is:

(i)owned by RFS or any RFS Affiliate as of the Effective Date;

(ii)developed or acquired by or for RFS or any RFS Affiliate after the Effective Date independent of this Agreement;

(iii)licensed by a third party to RFS or any RFS Affiliate; or

(iv)[***].

(a)Fiserv Intellectual Property. As between the Parties, Fiserv and its Affiliates retain all rights, title and interest in, and sole ownership of, the Fiserv Intellectual Property, subject to the rights expressly granted under this Agreement. “Fiserv Intellectual Property” means Intellectual Property that is:

(i)owned by Fiserv or any Fiserv Affiliate as of the Effective Date;

(ii)developed or acquired by or for Fiserv or any Fiserv Affiliate after the Effective Date independent of this Agreement (such developed or acquired Intellectual Property to include, without limitation, specifically any modifications and improvements to the Fiserv Systems [***]);

(iii)licensed by a third party to Fiserv or any Fiserv Affiliate; or

(iv)[***]

but in each case not including any RFS Information or RFS Intellectual Property.

(b)Interfaces. Interfaces to Fiserv Software and interfaces to the Fiserv System will be defined, supported, and made available by Fiserv to and for RFS and the other Permitted Users. Custom interfaces developed for RFS will be changed only with RFS’ prior approval. Other interfaces (e.g., industry interfaces, standard client-wide system interfaces) may change without RFS’ prior approval but Fiserv shall provide RFS with sufficient advance notice of such changes for RFS to prepare for such changes, and Fiserv shall provide to RFS complete Documentation regarding such changes.

Nothing contained in this Agreement shall restrict a Party from the use of any general ideas, concepts, know-how, methodologies, processes, technologies, algorithms or techniques retained in the unaided mental impressions of such Party’s personnel relating to the Services which either Party, individually or jointly, develops or discloses under this Agreement, provided that in doing so such Party does not breach its obligations under Article 14, [***] or infringe the Intellectual Property rights of the other Party or third parties who have licensed or provided materials to the other Party. Except for the license rights contained in Article 3 and this Article 7, neither this Agreement nor any disclosure made hereunder grants any license to either Party under Intellectual Property rights of the other Party. This Section 7.4 shall survive termination or expiration of this Agreement.

Fiserv, with the cooperation of RFS, shall obtain any Required Consents for RFS to have access to and make use of Fiserv Software as required to receive and make use of the Services, and Fiserv shall pay such fees as may be required to obtain such Required Consents.

The Parties acknowledge that certain Software and technical data to be provided hereunder and certain transactions hereunder may be subject to export controls under Applicable Laws. Neither Party shall export or re-export any such items or any direct product thereof or undertake any transaction in violation of any such laws or regulations. To the extent within Fiserv's control, Fiserv shall be responsible for, and shall coordinate and oversee, compliance with such export laws in respect of such items exported or imported hereunder. RFS will provide to Fiserv at least ten (10) days’ notice if any of the Software, Equipment, technical data, or other items, provided to Fiserv by RFS that will be used or accessed by Fiserv in providing the Services is controlled for export under the International Traffic in Arms Regulations or other applicable laws (unless such items are controlled for export under United States law only as ECCN EAR 99) and, if requested by Fiserv, will provide the ECCN classification of any such item, or the similar classification as appropriate under Applicable Law.

In addition to RFS’ responsibilities provided elsewhere in this Agreement, RFS shall have the following responsibilities:

(a)RFS shall designate one (1) individual to whom Fiserv may address operational communications concerning this Agreement (the “RFS Contract Manager”);

(b)RFS shall cooperate with Fiserv, including by making available management decisions, information, approvals and acceptances, as reasonably requested by Fiserv so that Fiserv may accomplish

its obligations and responsibilities hereunder. The RFS Contract Manager or such person’s designee will be the principal point of contact for obtaining such decisions, information, approvals, and acceptances. Only personnel as expressly so designated by the RFS Contract Manager will be authorized to make commitments on the part of RFS that amend this Agreement or commit resources that are subject to a Charge (other than Charges that result from changes RFS makes to parameters in the Fiserv System in the ordinary course of business); and

(c)[***]

(a)Due to the material adverse impact termination of this Agreement or suspension of performance of the Services would have on RFS’ business[***].

(b)Fiserv’s nonperformance of its obligations under this Agreement shall be excused if and to the extent (i) Fiserv’s nonperformance results from RFS’ (or its agents’, contractors’, or others for whom RFS is responsible) failure to perform its express responsibilities in this Agreement; (ii) Fiserv provides RFS with reasonable notice of such nonperformance; and (iii) (if requested by RFS) Fiserv uses Commercially Reasonable Efforts to perform notwithstanding RFS’ failure to perform (with RFS being responsible to reimburse Fiserv for its additional Out-of-Pocket Expenses and on a time and materials basis at the rates provided in Schedule C for Fiserv’s non-insubstantial incremental internal costs for such efforts).

All charges for the Services are set forth or described in this Article 9, in Schedule C and in mutually agreed upon written specifications. RFS shall not be required to pay Fiserv any amounts for the Services in addition to those payable to Fiserv under this Agreement or as the Parties may otherwise agree in writing. The Charges, Pass-Through Expenses, and Out-of-Pocket Expenses payable by RFS under this Agreement shall fully compensate Fiserv for providing the Services.

(a)“Pass-Through Expenses” are charges to be paid directly by RFS or by RFS through Fiserv. All Pass-Through Expenses are described in Schedule C. If the Parties agree that a particular Pass-Through Expense is to be paid by RFS directly, Fiserv shall promptly provide RFS with the original third-party invoice for such expense together with a statement that Fiserv has reviewed the invoiced charges and made a determination of which charges are proper and valid and should be paid by RFS. Otherwise, Fiserv shall act as payment agent for RFS and shall pay third party charges comprising the Pass-Through Expense. Prior to making any such payment, however, Fiserv shall review the invoiced charges to determine whether such charges are proper and valid and should be paid. Upon request and subject to Fiserv’s confidentiality requirements with its suppliers, Fiserv shall provide RFS with a reasonable opportunity to review the invoice to confirm Fiserv's determination. Following such review by Fiserv and RFS, Fiserv shall pay the amounts due and shall invoice RFS for such charges.

(b)Fiserv shall use Commercially Reasonable Efforts to [***]. With respect to services or materials paid for on a Pass-Through Expenses basis, RFS shall have the right to: (i) obtain such services or materials [***]; (ii) [***] for such services or materials; (iii) [***] Fiserv shall obtain, provided that if Fiserv demonstrates to RFS that [***] will have an adverse impact on Fiserv’s ability to meet the Service Levels, [***]; (iv) require Fiserv to [***] share the results thereof with RFS; and (v) review and approve the Pass-Through Expense for such services or materials [***].

Fiserv acknowledges that, except as may be otherwise provided in this Agreement, expenses that Fiserv expects to incur in performing the Services (including travel and lodging, document reproduction and administrative correspondence shipping, and long-distance telephone) are included in Fiserv's charges and rates set forth in this Agreement. Accordingly, such Fiserv expenses are not separately reimbursable by RFS unless, on a case-by-case basis for unusual expenses, RFS has agreed in advance and in writing to reimburse Fiserv for the expense. RFS acknowledges that it will be responsible for its own incidental expenses (including travel and lodging, document reproduction and administrative correspondence shipping, and long-distance telephone).

The Parties' respective responsibilities for Taxes arising under or in connection with this Agreement shall be as follows:

(a)Each Party shall be responsible for:

(i)any personal property Taxes on property it uses, regardless of whether such property is owned or leased;

(ii)franchise and privilege Taxes on its business; and

(iii)Taxes based on its net income or gross receipts.

(b)Fiserv shall be responsible for any sales, use, excise, value-added, services, consumption and other Taxes and duties payable by Fiserv on the goods or services used or consumed by Fiserv in providing the Services where the Tax is imposed on Fiserv's acquisition or use of such goods or services and the amount of Tax is measured by Fiserv's costs in acquiring such goods or services.

(c)RFS shall be financially responsible for all Taxes imposed on the Services in the countries in which RFS receives them, provided that RFS will not be liable for any tax imposed on Fiserv’s corporate franchise, net income, or gross receipts. If a Tax is assessed on the provision of any portion of the Services, the Parties shall work together to segregate the payments under this Agreement into three (3) payment streams:

(i)those for taxable Services;

(ii)those for which Fiserv functions merely as a payment agent for RFS in receiving goods, supplies, or services (including leasing and licensing arrangements) that otherwise are non-taxable or have previously been subject to Tax; and

(iii)those for other nontaxable Services.

(d)The Parties shall cooperate with each other to enable each to more accurately determine its own tax liability and to minimize such liability to the maximum extent legally permissible. Fiserv will deliver to RFS a duly completed and valid withholding certificate as required by law (e.g., an IRS Form W-9 or other applicable form), and such additional documentation reasonably requested by RFS as may be necessary for RFS to comply with its withholding and reporting obligations, upon execution of this Agreement and at relevant times thereafter. Unless RFS has provided Fiserv with tax-exemption, direct pay, or resale certificates, Fiserv's invoices shall separately state the amounts of any Taxes Fiserv is proposing to collect from RFS, and Fiserv shall remit such Taxes to the appropriate authorities. [***]. Fiserv agrees to accept any valid state or local exemption certificate or documentation that allows RFS to purchase any otherwise taxable Service(s) in good faith without payment of tax to Fiserv, thereby allowing RFS to claim exemptions in good faith or self-report the Tax. Each Party shall provide and make available to the other reasonable tax determination information, including any direct pay or resale certificates, sourcing and nexus information regarding out-of-state or out-of-country sales or use of

equipment, materials, or services, and other exemption certificates, power of attorney or other necessary authorizations or information reasonably requested by the other Party.

(e)Fiserv shall notify RFS as soon as reasonably possible after receiving notification of, and coordinate with RFS the response to and settlement of, any claim for Taxes asserted by applicable taxing authorities for which RFS is responsible hereunder, it being understood that with respect to any claim arising out of a form or return signed by a Party to this Agreement, such Party may elect to control the response to and settlement of the claim, but the other Party shall have all rights to reasonably participate in the responses and settlements that are appropriate to its potential responsibilities or liabilities. If RFS requests Fiserv to challenge the imposition of any Tax that RFS lacks standing to challenge itself, Fiserv shall do so in a timely manner and RFS shall reimburse Fiserv for the reasonable legal fees and expenses it incurs. RFS shall be entitled to any Tax refunds or rebates granted to the extent such refunds or rebates are of Taxes that were paid by RFS.

(f)To the extent that Fiserv fails to accurately and timely invoice RFS for taxes and/or to remit such taxes directly to the applicable taxing authority, (i) Fiserv shall be responsible for the payment of such taxes to the applicable taxing authority, (ii) Fiserv shall then have the right to invoice to, and receive payment from, RFS for the amount of any such taxes and interest to the extent that RFS is otherwise responsible for or required to pay such taxes under this Agreement, and (iii) Fiserv will be responsible for and will pay any penalties imposed by the applicable taxing authority as a result of Fiserv’s failure to have accurately and timely invoiced RFS for such taxes or Fiserv’s failure to have remitted such taxes to the applicable taxing authority.

(a)Fiserv shall invoice RFS on a monthly basis in arrears for all amounts due under this Agreement. Unless the Parties agree otherwise, Fiserv will invoice RFS electronically and provide RFS with on line access to all necessary information in order for RFS to validate the charges. The invoice shall show details as to charges as reasonably specified by RFS. Fiserv shall include the calculations utilized to establish the charges in sufficient detail to enable RFS to confirm the accuracy of the charges included in the invoice. Invoices shall be rendered by the fifteenth of each month for charges in the previous month.

(b)If a credit is due RFS pursuant to this Agreement, Fiserv shall provide RFS with an appropriate credit against amounts then due and owing; if no further payments are due to Fiserv, Fiserv shall pay such amounts to RFS within thirty (30) days.

(c)Fiserv shall render a single consolidated invoice for each month's charges for each Service Tower, unless otherwise agreed by the parties, showing such details as reasonably specified by RFS, including as necessary to satisfy RFS’ internal accounting and chargeback requirements (such as service components, projects, locations, and departments). Such invoice shall separately state the amounts of any Taxes Fiserv is collecting from RFS. [***]. The invoice shall state for each item or service charged the billing element set forth in Schedule C or otherwise agreed upon by the Parties in writing authorizing Fiserv to charge for such item or service.

(d)Fiserv shall use good faith efforts to ensure that each month’s invoice is complete as to the charges for such month. [***]. [***]. If Fiserv discovers that an invoice failed to include any

amounts which were properly billable to RFS, [***] Fiserv will communicate to RFS promptly after identification of those amounts and will explain the reason for the omission at the time of the appropriate invoice. [***].

(e)[***].

(f)Subject to the other provisions of this Article 10, invoices provided for under Section 10.1 and properly submitted to RFS pursuant to this Agreement shall be due and payable by RFS within (i) [***] days after the date of invoices for Production Services and (ii) *** days after the date of invoices for all other Services. RFS shall pay amounts due from it to Fiserv electronically.

Fiserv shall maintain complete and accurate records of, and supporting documentation for, the amounts billable to and payments made by RFS hereunder, in accordance with generally accepted accounting principles applied on a consistent basis. Fiserv agrees to provide RFS with documentation and other information with respect to each invoice as may be reasonably requested by RFS to verify accuracy and compliance with the provisions of this Agreement. RFS and its authorized agents and representatives shall have access to such records for purposes of audit during normal business hours during the Term and during the period for which Fiserv is required to maintain such records.

Periodic charges under this Agreement are to be computed on a calendar month basis or calendar year basis, as the case may be, and shall be prorated for any partial month or year.

(a)Prepaid Amounts. Where RFS has prepaid for a service or function for which Fiserv is assuming financial responsibility under this Agreement, where Fiserv has benefitted from such prepayment, Fiserv shall refund to RFS, upon either Party identifying the prepayment, that portion of such prepaid expense which is attributable to periods on and after the effective date of Fiserv assuming such responsibility.

(b)Refunds and Credits. If Fiserv should receive a refund, credit or other rebate for goods or services previously paid for by RFS, Fiserv shall promptly notify RFS of such refund, credit or rebate and shall promptly pay the full amount of such refund, credit or rebate, as the case may be to RFS. Unless previously paid to RFS, Fiserv will reflect any refund, credit or rebate as a reduction of the amounts payable to Fiserv in the next invoice delivered to RFS under this Agreement. If no further payments are due to Fiserv under this Agreement, Fiserv shall pay such amounts to RFS within thirty (30) days of RFS’ request therefor.

With respect to an amount to be paid by RFS hereunder, RFS may deduct from that amount any amount that Fiserv is obligated to pay or credit to RFS.

Subject to Section 10.5, RFS shall pay undisputed charges when such payments are due under this Article 10 and Schedule C. RFS may withhold payment of particular charges that RFS disputes in good faith. RFS agrees to notify Fiserv of such dispute within a reasonable time after receipt of an invoice, and to use best efforts to resolve in a timely manner, any material disputed charges.

Fiserv shall perform the Services:

(a)[***]

(b)[***]

(c)in accordance with the performance standards for certain of the Services provided in Schedule B and in mutually agreed upon written specifications (“Service Levels”), [***].

    At least annually during the Term the Parties will review the Service Levels and will make adjustments to them as appropriate to reflect improved performance capabilities associated with advances in technology, processes and methods. The Parties expect and understand that the Service Levels will be improved over time. As new technologies and processes are introduced, additional Service Levels reflecting [***] for those technologies and processes will be established in accordance with the procedures described in Schedule B.

In terms of providing daily operational support during the Term, unless otherwise requested by RFS, the Fiserv General Manager shall directly contact the RFS Contract Manager and his or her designees and representatives. Only the RFS Contract Manager or a designee of the RFS Contract Manager (as identified by the RFS Contract Manager to Fiserv in writing) will be authorized to make commitments on the part of RFS with Fiserv that amend or waive compliance with this Agreement.

(a)The Parties shall form a steering committee (“Steering Committee”) to provide high-end support and coordination in the relationship between Fiserv and RFS. This support may include high-level discussions regarding policies, procedures, guiding principles of the relationship, issues associated with information or cyber security, Fiserv’s execution of the Services, allocation of resources, support and understanding of RFS’ strategic direction and review of RFS priorities. The Steering Committee shall also serve in an advisory role. The Steering Committee and the actions it takes shall in no way diminish the rights and authority provided to RFS in this Agreement. If the Steering Committee is unable to reach a consensus on any issue brought before it, any member of the Steering Committee may provide notice of such occurrence to the RFS Functional Executive. The RFS Functional Executive and the Fiserv General Manager shall promptly meet to discuss in good faith and undertake to resolve any such impasse. If the RFS Functional Executive and the Fiserv General Manager are unable to resolve such impasse within ten (10) days following notice from the Steering Committee, the impasse shall be submitted to the Executive Vice President level officer of each of the Parties having functional control over the Services, who shall confer to resolve such impasse.

(b)The Steering Committee shall be comprised of at least four (4) individuals: two (2) appointed by RFS and two (2) appointed by Fiserv. The Parties may, upon their mutual consent, add additional persons to the Steering Committee.

(a)Reports. Fiserv shall provide RFS with periodic reports as agreed by the Parties in specifications from time to time. As one such report, Fiserv shall provide a monthly performance report, which shall be delivered to RFS within [***] after the end of each month, describing Fiserv's performance of the Services in the preceding month (the “Monthly Performance Report”). Such Monthly Performance Report shall:

(i)separately address Fiserv's performance in each area of the Services;

(ii)for each area of the Services, assess the degree to which Fiserv has attained or failed to attain the pertinent objectives in that area, including with respect to the Performance Standards, including the Service Levels;

(iii)explain deviations from the Performance Standards and include a plan for corrective action where appropriate;

(iv)describe the status of problem resolution efforts, ongoing projects, and other initiatives;

(v)provide a record of the material Equipment, Software and personnel changes that pertain to the Services and describe planned changes during the upcoming month that may affect the Services;

(vi)provide the utilization of resources for the month and report on utilization trends and statistics; and

(vii)include such documentation and other information as RFS may reasonably request to verify compliance with, and meeting the objectives of, this Agreement.

(b)Meetings. The Parties shall participate in periodic meetings to be held between representatives of RFS and Fiserv, as further described in this Section 12.3(b). Fiserv shall prepare and circulate an agenda reasonably in advance of each such meeting to give participants an opportunity to prepare for the meeting. Fiserv shall incorporate into such agenda those items that RFS desires to discuss and communicates in writing to Fiserv reasonably in advance of the applicable meeting. At RFS’ request, Fiserv shall prepare and circulate minutes promptly after a meeting, although neither Party shall be bound thereto and RFS shall not be obligated to correct or object to any errors therein. Unless otherwise agreed by the Parties in writing, such meetings shall include the following:

(i)weekly meetings among operational personnel representing RFS and Fiserv to discuss issues (if any) that require the investigation and reporting, including a Root Cause Analysis, described in Section 11.2(a);

(ii)monthly meetings among operational personnel representing RFS and Fiserv to discuss the prior month’s performance under each Services Tower;

(iii)monthly meetings among operational personnel representing RFS and Fiserv to discuss the Monthly Performance Report, performance under all Service Towers, planned or anticipated activities and changes that might adversely affect performance, and otherwise to address, review and discuss matters specific to RFS;

(iv)weekly and monthly meetings among operational personnel representing RFS and Fiserv to discuss billings under this Agreement;

(v)quarterly meetings among the Fiserv General Manager (and any Fiserv Personnel the Fiserv General Manager deems appropriate) and the RFS Contract Manager (and any RFS personnel the RFS Contract Manager deems appropriate) to discuss and review financial performance under the Agreement; and

(vi)such other meetings between RFS representatives and Fiserv Personnel as reasonably requested by either Party as necessary to address performance of the Services.

Fiserv shall maintain, and comply with the service descriptions, standards, processes, and other requirements for the Services as mutually agreed in written specifications by the Parties from time to time.

(a)Change Control Requirements. Fiserv shall comply with the following change control requirements:

(i)Prior to using any new software or new equipment to provide the Services, Fiserv shall have verified that the item has been properly installed, tested, is operating in accordance with its specifications, interfaces with RFS properly, continues to meet RFS’ functional requirements (as made known to Fiserv) at least as well as the prior Software or Equipment, and is performing its intended functions in a reliable manner.

(ii)Fiserv shall not take an action or make a decision which (A) has a material adverse effect on RFS or an RFS Affiliate; (B) adversely affects the function or performance of, or may decrease the resource efficiency of, the Services; (C) adversely affects RFS’ costs or efficiency in conducting its business; or (D) adversely affects Fiserv’s capability or commitment to provide disaster recovery or business continuity services for the Services, including implementing changes in technology or Equipment and Software configuration that has such effect, without [***]; provided changes in the production cycle for the Production Services shall be governed by Section 12.6(a)(v) below. Fiserv may make temporary changes required by an emergency if it has been unable to contact an appropriate RFS manager [***] after making reasonable efforts. Fiserv shall document and promptly report such emergency changes to RFS. Fiserv shall, as requested by RFS, provide support for changes to the RFS systems and procedures, if any, necessitated by changes in the Fiserv Software or Fiserv System.

(iii)Fiserv shall move programs from development and test environments to production environments in a controlled and documented manner, so that no changes are introduced into the programs during such activity.

(iv)Fiserv shall, as requested by RFS, support RFS’ testing of changes to the Fiserv System and RFS’ testing of its information and processing systems and those of the RFS Affiliates in connection with changes which may affect such systems.

(v)With respect to the addition of material new RFS volumes within the Production Services Tower requested by RFS for (A) existing RFS customers resulting from the acquisition of material new business volumes from third parties by such customers (rather than volume growth related to their existing business operations) or (B) persons who become RFS customers after the Effective Date into then-existing production cycles (the “Cycle Schedules”; and such Cycle Schedules as modified, adjusted or reloaded to accommodate such new RFS volumes shall be referred to as “New Cycle Schedules”), RFS and Fiserv shall use Commercially Reasonable Efforts to mutually agree on such New Cycle Schedules, including adding shifts, extending shift hours, the movement of the new or existing RFS volumes to other Fiserv-operated production facilities so long as neither RFS nor any RFS Affiliate

is prevented, either contractually (under agreements with RFS customers or otherwise) or under legal requirements, rules or regulations from approving the performance of the Production Services at, or having the Production Services performed at, other Fiserv-operated facilities.

(b)Change Control Procedures. Fiserv shall maintain change control procedures for each of the Services Towers (each a “Change Control Procedure”) detailing how Fiserv will comply with the requirements set forth in Section 12.6(a) above and otherwise control changes in or affecting the applicable processing environment. The Change Control Procedures may not modify or change the scope of Services to be provided under, or any other terms or conditions of, this Agreement. All updates to the Change Control Procedures shall be provided to RFS for review, comment, and approval. Fiserv shall perform the Services in accordance with the Change Control Procedure.

(c)Change Control Committee. The Parties shall maintain a change control committee (“Change Control Committee”), which shall manage and support the Parties in regard to custom changes, joint testing and other custom application development and maintenance issues. [***].

(a)Each third party to whom Fiserv subcontracts a portion of the Services provided herein [***] are referred to herein as a “Subcontractor”).

(b)Fiserv may, in the ordinary course of business, use Subcontractors for third party services or products that are not dedicated to RFS, that are not material to a particular function constituting a part of the Services, and that do not result in a material change in the way Fiserv conducts its business, provided use of such Subcontractor does not adversely affect RFS, whether in performance of or Charges for the Services or otherwise. If RFS expresses concerns to Fiserv about a Subcontractor covered by this Section 12.8(b), Fiserv shall discuss such concerns with RFS and work in good faith to resolve RFS’ concerns on a mutually acceptable basis. Fiserv may also engage individual independent contractors (either directly or through “staffing” companies) to supplement its employee workforce, and such individuals shall be subject to the same screening processes as for Fiserv Personnel as set forth in Section 5.2(d) hereof.

(c)Subject to Section 12.8(b), Fiserv may use Subcontractors in the performance of its obligations under this Agreement only in accordance with the following: Prior to entering into any subcontract with a Subcontractor (other than a Subcontractor described in Section 12.8(b)), Fiserv shall [***].

(d)[***].

(e)Fiserv shall remain responsible for obligations, services, and functions performed by Subcontractors and its independent contractors to the same extent as if such obligations, services, and functions were performed by Fiserv’s employees, and for purposes of this Agreement such work shall be deemed work performed by Fiserv’s employees. Fiserv shall be RFS’ sole point of contact regarding the Services, including with respect to payment.

(f)To the extent Subcontractors, independent contractors, agents, representatives and other entities perform, or otherwise provide support to Fiserv related to, the Services, Fiserv shall cause such entities to comply with the obligations and restrictions applicable to Fiserv under this Agreement and Fiserv shall be liable to RFS for any breach on the same basis as if Fiserv itself had caused such breach.

As part of its total quality management process, Fiserv shall provide continuous quality assurance and quality improvement through: (a) the identification and application of proven techniques and tools from other installations within its operations (i.e., “best practices”) that would benefit RFS either operationally or financially; and (b) the implementation of concrete programs, practices and measures. Such procedures shall include checkpoint reviews, testing, acceptance, and other procedures for RFS to confirm the quality of Fiserv's performance, and shall be agreed upon in writing by the Parties from time to time.

(a)RFS and its Affiliates are subject to rules and regulations of, and examination and supervision by, the Board of Governors of the Federal Reserve System and, in certain cases, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and other applicable regulatory or supervisory agencies of financial institutions (collectively, the “RFS Regulatory Agencies”). Fiserv and its Affiliates are subject to the rules and regulations of, and examination and supervision by, the Federal Financial Institutions Examination Council and other applicable regulatory or supervisory agencies of financial services companies (the “Fiserv Regulatory Agencies” and collectively with the RFS Regulatory Agencies, the “Regulatory Agencies”).

(b)Nothing in this Agreement or any other agreement or document related to this Agreement shall be deemed to preclude or restrict the other Party or its Affiliates from disclosing to any of the Regulatory Agencies, or any of the Regulatory Agencies from obtaining access to this Agreement, either Party’s Confidential Information, or any information generated, provided, or collected in connection with the performance of this Agreement pursuant to the examination or supervisory requirements of any of the Regulatory Agencies without the necessity of notice to such Party and without a requirement to assist in contesting such disclosure, provided that each Party and its Affiliates will use Commercially Reasonable Efforts to (i) notify the other Party before the disclosure is made to the disclosing Party’s Regulatory Agencies; and (ii) seek from the applicable Regulatory Agency the same protection from further disclosure for the other Party’s Confidential Information that the disclosing Party or its Affiliates seeks for its own Confidential Information.

(a)Fiserv shall maintain a reasonable audit trail of all financial and non-financial transactions resulting from this Agreement. Fiserv shall provide to RFS, its auditors (including internal audit staff and external auditors), inspectors, regulators, and other representatives as RFS may from time to time designate in writing, access at reasonable times (and in the case of RFS Regulatory Agencies at any time required by such RFS Regulatory Agencies) to any facility or part of a facility at which either Fiserv or any of its subcontractors is providing the Services, to Fiserv Personnel, and to data and records relating to the Services for the purpose of performing audits and inspections of either Fiserv or any of its Subcontractors during the Term and for the period Fiserv is required to maintain records hereunder to:

(i)verify the security and integrity of RFS Information; the systems that receive, process store, support and transmit RFS Information; and Fiserv’s compliance with the data privacy, data protection, and confidentiality provisions of this Agreement;

(ii)verify the accuracy of charges and invoices;

(iii)examine Fiserv’s performance of the Services and conformance to the terms of this Agreement including, to the extent applicable to the Services and to the charges therefor, performing audits: (A) of operating practices and procedures, (B) of systems used to perform Services, (C) of supporting information and calculations regarding compliance with Performance Standards, (D) of the efficiency of Fiserv in performing the Services (but only to the extent affecting charges for, or timing of, Services hereunder), (E) of general controls and security practices and procedures, (F) of applicable disaster recovery and back-up procedures, or (G) as necessary to enable RFS to meet, or to confirm that Fiserv is meeting, applicable regulatory and other legal requirements (e.g., Sarbanes Oxley-related compliance).

(b)Fiserv shall provide to such auditors, inspectors, and representatives such assistance as they reasonably require (and all assistance requested by RFS Regulatory Agencies). Fiserv shall cooperate fully with RFS or its designees in connection with audit functions and with regard to examinations by RFS Regulatory Agencies. RFS’ auditors and other representatives shall comply with Fiserv's reasonable security requirements. With respect to RFS-initiated general audits that are conducted on-site at Fiserv:

(i)RFS shall give Fiserv at least [***] prior notice of RFS’ intent to audit and the notice shall include a description of the scope of the audit;

(ii)RFS shall limit audits that are to be conducted on-site at Fiserv facilities to [***] per calendar year lasting no more than [***];

(iii)Fiserv shall permit RFS to make inquiries, observe Fiserv performing Services and conduct walkthroughs of Fiserv service delivery locations;

(iv)RFS will not be given direct access to conduct its own testing or scans on the Fiserv System. Fiserv will, however, (A) permit RFS to [***] and (B) provide RFS with [***];

(v)Fiserv may require RFS to review sensitive Fiserv policies, disaster recovery/business continuity and other proprietary documents on-site at a Fiserv site;

(vi)if RFS requests access to information that Fiserv reasonably believes it cannot make available without also disclosing proprietary and confidential information in violation of its commitments to other Fiserv customers, or where disclosure would jeopardize the safety and security of the Fiserv System, the Parties will manage the RFS request and Fiserv disclosure of information in accordance with the “Oversight Information Request Process” used by the Parties as of the Effective Date; and

(vii)Fiserv shall provide documentation and other information about training programs as they relate to security training for Fiserv Personnel.

The limitations in this Section 13.2(b) shall not apply to audits conducted by RFS Regulatory Agencies.

(c)Fiserv will provide RFS with prompt notification of any financial difficulty and other financial information via Fiserv’s publicly available documents, (e.g. 10-Ks, and 10-Qs) and via periodic financial discussions with the Fiserv CFO or his designee when requested by RFS.

(d)[***]

Fiserv will cause to be conducted an annual third party audit (as well as any “gap” letters required to cover stated controls for the applicable annual period not to exceed three (3) months) of its operations in each country in which Fiserv provides Services under this Agreement. The audit described in this Section 13.3 will be conducted by a national major auditing firm as selected by Fiserv, and Fiserv shall provide such auditor with such assurance of management as may be required, in conformance with the

requirements for a SOC 1 and SOC 2, Type II audit under American Institute of Certified Public Accountants SSAE 18 (“SSAE 18”), or any successor or substitute statement adopted by such (or, in those jurisdictions in which SSAE 18 standards do not apply, a comparable auditing standard), and its scope will include SOC1 and SOC 2 audits (where applicable), will cover the processes and internal controls maintained by Fiserv to provide the Services and the SOC 1 audits will be performed on all systems that support RFS’s financial reporting. Fiserv shall consider RFS’ auditors reasonable input into the scope of each proposed audit. Promptly after completion of each such SSAE 18 audit (or comparable audit), Fiserv will provide RFS with a copy of the audit report. If such report indicates any deficiencies or matters requiring attention, Fiserv shall promptly address all such items. [***].

    Fiserv shall comply with any legal requirements directly imposed upon it (if any) under Section 404 of the Sarbanes Oxley Act of 2002, as the same may be amended from time to time. Fiserv will cooperate reasonably and in good faith with RFS to support RFS in RFS’s and its Affiliates’ compliance with the Sarbanes Oxley Act of 2002. RFS is and remains responsible for its compliance with the Sarbanes Oxley Act of 2002.

RFS and Fiserv agree to develop mutually agreed-upon operating procedures for the prompt sharing of executive summaries of material audit findings related to Fiserv's operating practices and procedures produced by auditors of either Party and which reveal that a material failure to perform in accordance with this Agreement has occurred or that there is a reasonable possibility of such a failure occurring.  If any such audit, finding or report reveals that a material failure to perform in accordance with this Agreement has occurred or that there is a reasonable possibility of such a failure occurring, Fiserv shall promptly (a) advise RFS of the issue; (b) provide an executive summary of the related material audit findings, which at a minimum includes (i) the locations, RFS customers, and areas of Service affected, (ii) the severity of the issue, and (iii) the potential impact of the issue on RFS; and (c) advise RFS of the remedial efforts being undertaken with respect to such failure or potential failure to perform and provide periodic updates on the status of such efforts.

(a)Following RFS’ completion of an audit or examination of Fiserv, RFS may conduct, or request its external auditors or examiners to conduct, an exit conference with Fiserv to obtain factual concurrence with issues identified in the audit.

(b)If requested by RFS, Fiserv and RFS (or RFS’ auditors) shall promptly meet to review each audit report after its issuance (including audit reports provided by RFS, Fiserv or a third party) and to mutually agree upon the appropriate manner, if any, in which to respond to the changes suggested by the audit report.

(c)[***]

    Fiserv shall maintain and upon request provide access to the records, documents and other information set forth in the Records Retention Schedule attached hereto as Schedule F. For the specific records, documents and other information designated in Schedule F as being subject to a requirement for a notice of destruction, Fiserv shall provide RFS notice of destruction of RFS’ records and an opportunity to recover or retain such records, documents and other information as set forth in that Schedule.

[***]

(a)In addition to the audits required or permitted in Sections 13.1 through 13.5, Fiserv will reasonably and in good faith cooperate with RFS with respect to various risk assessments that RFS reasonably requests to conduct with respect to Fiserv from time to time during the Term (collectively, the “RFS Supplier Assessments”), which may include providing RFS access to subject matter experts, completing questionnaires provided by RFS, and participating in meetings to address particular or general concerns raised by RFS. RFS Supplier Assessments may cover topics such as Fiserv’s financial health, legal and compliance issues, operations issues, technology, business continuity/disaster recovery, and information security. [***]. RFS Supplier Assessments may include onsite visits to Fiserv locations by RFS staff and subject matter experts in coordination with Fiserv. Onsite visits for all RFS Supplier Assessments in a Contract Year shall not exceed [***]. RFS may conduct more than one RFS Supplier Assessment onsite concurrently. RFS shall give Fiserv at least [***] prior notice of a requested RFS Supplier Assessment, and the notice shall describe the subject matter and reason for the RFS Supplier Assessment. The Parties shall then cooperate in good faith to schedule the RFS Supplier Assessment and establish a plan, including scope and required Fiserv resources, for the RFS Supplier Assessment. For the avoidance of doubt, RFS will not be given direct access to conduct its own testing or scans on the Fiserv System, and Fiserv may require RFS to review sensitive Fiserv policies, disaster recovery/business continuity and other proprietary documents on-site at a Fiserv site if any such review is within the scope of an RFS Supplier Assessment. If RFS requests access to information that Fiserv reasonably believes it cannot make available without also disclosing proprietary and confidential information in violation of its commitments to other Fiserv customers, or where disclosure would jeopardize the safety and security of the Fiserv System, the Parties will manage the RFS request and Fiserv disclosure of information in accordance with the “Oversight Information Request Process” used by the Parties as of the Effective Date.

(b)RFS may conduct RFS Supplier Assessments on an ongoing periodic basis after the Effective [***] based on the inherent risk profile of Fiserv and the severity of any risks that RFS reasonably identifies and that are relevant to RFS and the Services, subject to the notification, scheduling, and time limitation provisions set forth in Section 13.9(a). RFS’ determination of the results of each such RFS Supplier Assessment will be based on RFS’ reasonable risk-based analysis and criteria applied uniformly to Fiserv and similar RFS suppliers. If the results of an RFS Supplier Assessment are unsatisfactory to RFS, RFS may notify Fiserv (an “Assessment Notice”) and initiate the following process: (i) RFS shall advise Fiserv of its concerns in the Assessment Notice, and the Parties shall promptly meet to discuss them; (ii) the Parties will conduct such discussions in good faith and mutually agree upon the appropriate manner, if any, in which to respond to the concerns raised by RFS’ Assessment Notice; (iii) Fiserv will act in good faith to attempt to reach agreement with RFS to address the concerns raised in the Assessment Notice, but if Fiserv does not agree that a concern raised by RFS in an Assessment Notice should be addressed by Fiserv, then Fiserv will provide RFS with a reasonable explanation of the reasons for its determination (which reasons may include that the remedy or action is unreasonably costly compared to the risk at issue, the remedy or action would interfere with or threaten the performance or security of the Fiserv System, or the remedy or action would violate Fiserv policy) and discuss the same with RFS and (iv) if the Parties agree that concerns identified by RFS in its Assessment Notice will be addressed by Fiserv, then within [***] following such agreement, Fiserv shall develop an action plan designed to address such concerns in the manner agreed upon by the Parties (an “Action Plan”). Upon confirmation from RFS that such Action Plan will adequately address the identified concerns, Fiserv shall promptly implement the Action Plan. Within [***] of completed implementation of the Action Plan, RFS may undertake a reassessment of the applicable RFS Supplier Assessment to determine if the issue has been adequately remediated. For the avoidance of doubt, (A) the reassessments described in the immediately preceding sentence, (B) the Parties’ discussion of concerns raised by RFS in Assessment Notices as described in this Section 13.9(b), (C) if applicable, escalation of any such concerns pursuant to Section 13.9(c), and (D) onsite visits conducted by RFS in exercising its audit rights or other rights elsewhere in this Agreement, shall not count against the [***] limitation on onsite visits described in Section 13.9(a).

(c)If the Parties are unable to agree as to whether concerns raised by RFS in an Assessment Notice will be addressed by Fiserv, then either Party may initiate escalation of such matter or matter(s) by giving the other Party a written escalation notice, in which case the Fiserv General Manager and RFS

Contract Manager shall escalate the matter or matters at issue to appropriate executives up to and including each Party’s Chief Executive Officer to resolve such matter or matters.

RFS Information shall be and remain, as between the Parties, the property of RFS. Fiserv shall not possess or assert any lien or other right against or to RFS Information. No RFS Information, or any part thereof, shall be:

(a)used by Fiserv for any purpose other than in connection with providing the Services;

(b)sold, assigned, or leased or otherwise disposed of to third parties by Fiserv; or

(c)commercially exploited by or on behalf of Fiserv.

Fiserv Information shall be and remain, as between the Parties, the property of Fiserv. RFS shall not possess or assert any lien or other right against or to Fiserv Information. No Fiserv Information, or any part thereof, shall be:

(a)used by RFS for any purpose other than in connection with utilizing the Services;

(b)sold, assigned, leased or (except as otherwise permitted in this Agreement) otherwise disposed of to third parties by RFS; or

(c)commercially exploited by or on behalf of RFS.

(a)Fiserv will implement and maintain physical, technical and organizational measures (including reasonable logical or physical security for the Fiserv System and at Fiserv’s facilities where its servers or other network equipment are located) to protect the security and confidentiality of RFS Data under the control of Fiserv (or its Affiliates, Subcontractors or independent contractors) against, among other things, accidental, unauthorized or unlawful access, use, modification, disclosure, loss, or destruction of RFS Data (collectively, “Fiserv Security Measures”). Such Fiserv Security Measures shall, at a minimum, (i) include the network and physical level security and other controls described by Fiserv in Fiserv’s written policies and procedures, including any such policies or procedures provided to RFS or otherwise made available to RFS for review; and (ii) be in compliance with Section 16.1. Fiserv will, upon request by RFS, permit RFS to review the Fiserv information security policies and procedures on-site at a Fiserv facility. Fiserv shall notify RFS in advance of any proposed changes to the Fiserv Security Measures that would materially reduce the then-existing security measures, in the aggregate. Any such proposed changes are subject to Section 12.6 and may be evaluated by RFS through the RFS Supplier Assessments process described in Section 13.9. The Fiserv information security policies and procedures are Fiserv’s Confidential Information.

(b)Without limiting Section 14.3(a):

(i)Fiserv shall not permit Fiserv Personnel to access, or allow access to, any RFS Data which is not required for performance of the Services by Fiserv Personnel. If such access is attained (or is reasonably suspected), Fiserv shall promptly report such incident to RFS pursuant to Section 14.7.

(ii)Fiserv shall utilize Commercially Reasonable Efforts, including thorough systems security measures, to guard against the unauthorized access, alteration, or destruction of RFS

Data. Such measures shall include the use of Software which: (A) requires all users to enter a user identification and password prior to gaining access to the information systems; (B) controls and tracks the addition and deletion of users; and (C) controls and tracks user access to areas and features of the information systems.

(iii)[***]

(c)Fiserv will use Commercially Reasonable Efforts to (i) ensure that any materials provided by Fiserv to RFS in connection with security audits and assessments conducted by RFS under this Agreement are complete and accurate in all material respects, and (ii) to communicate to RFS corrections to any such materials promptly upon discovery.

(a)In addition to and not in limitation of Fiserv’s other obligations of confidentiality and nondisclosure under this Agreement, Fiserv will implement appropriate administrative, technical, and physical safeguards and other appropriate measures to protect the security, confidentiality and integrity of RFS Data to the extent related to the Gramm-Leach-Bliley Act (“GLB Act”), other RFS Data received by Fiserv from RFS and its Affiliates, all as may be appropriate to meet the objectives of the GLB Act, including its implementing regulations promulgated thereunder and the guidelines issued pursuant to § 501 of the GLB Act, and (ii) Fiserv shall not use any RFS Data relating to RFS customers received from RFS or its Affiliates or obtained as a result of Services performed for RFS except as necessary in the ordinary course of business to perform Services hereunder or as authorized in writing by RFS. Fiserv will ensure that any such third party to whom Fiserv transfers or provides access to RFS Data (other than those to whom RFS has instructed Fiserv to transfer or provide access, which shall be RFS’ responsibility):

(i)signs a written agreement to restrict its use of RFS Data to the use specified in the agreement between the Fiserv and the third party (which use must be in conjunction with Fiserv’s performance of its obligations hereunder);

(ii)agrees to restrict disclosure of RFS Data as provided in this Section 14.4; and

(iii)agrees to implement and maintain appropriate administrative technical and physical safeguards to protect the security, confidentiality and integrity of all RFS Data as provided herein.

(b)In addition to and not in lieu of any other obligations contained in this Agreement or any ancillary document governing Fiserv’s access to or use of RFS Data, Fiserv agrees that it will:

(i)not sell any RFS Data;

(ii)not retain, use, disclose or otherwise process RFS Data other than for the specific purpose of performing the Services, including retaining, using, or disclosing the RFS Data for a commercial purpose other than provision of the Services; and

(iii)not retain, use or disclose the RFS Data in a manner that violates the terms of this Agreement or any ancillary agreement.

Notwithstanding anything to the contrary in this Section 14.4(b), the parties agree that Fiserv’s performance of the Services encompasses the exercise of Fiserv’s rights and obligations under this Agreement and any ancillary agreement, including without limitation, Fiserv’s use, retention and disclosure of RFS Data for the purposes mutually agreed elsewhere in the Agreement, any ancillary agreement, or in mutually agreed upon written specifications. Notwithstanding anything in this Agreement or any order form entered in connection herewith, RFS and Fiserv acknowledge and agree that Fiserv’s access to RFS Data is not part of the consideration exchanged by the Parties in respect of this Agreement.

(c)In addition, Fiserv may (i) create and derive from its provision of the Services anonymized and/or aggregated data, which shall be considered “deidentified”, “aggregate consumer information” or other similar designation as defined in the CCPA or other Applicable Law, provided that such anonymized and/or aggregated data does not identify, either explicitly or through other means, RFS or any consumer or other individual, and/or (ii) use, publicize or share with third parties such data to improve Fiserv’s products and services and for Fiserv’s other lawful business purposes. With respect to Fiserv’s exercise of its rights and obligations under this Section 14.4(c), Fiserv will not, and will take reasonable measures to prevent, the re-identification of the anonymized and/or aggregated data.

(d)Fiserv will be responsible for the acts or omissions of any third party to whom it transfers or provides access to RFS Data hereunder, other than a third party whom RFS or its Affiliates has instructed Fiserv to make such disclosure.

(a)Confidential Information. Fiserv and RFS each acknowledge that they may be furnished with, receive or otherwise have access to information of or concerning the other Party that such Party considers to be confidential, a trade secret or otherwise restricted. “Confidential Information” of a Party means any non-public, commercially proprietary or sensitive information (or materials) belonging to, concerning or in the possession or control of the Party or its Affiliates (the “Furnishing Party”) that is furnished, disclosed or otherwise made available to the other Party (the “Receiving Party”) (or entities or persons acting on the other Party’s behalf) in connection with this Agreement and which is either marked or identified in writing as confidential, proprietary, secret or with another designation sufficient to give notice of its sensitive nature, or is of a type that a reasonable person would recognize it to be commercially sensitive. The terms and conditions of this Agreement and any specifications agreed in writing by the Parties from time to time shall be deemed Confidential Information of each Party.

(b)In the case of RFS, Confidential Information also shall include, whether or not labeled as “Confidential Information”,

(i)RFS Data;

(ii)the specifications, designs, documents, correspondence, software, documentation, and other materials and work products produced by RFS or its representatives;

(iii)fraud tables, parameter settings, and configurations entered in the Fiserv System by or on behalf of RFS;

(iv)information concerning the operations, affairs and businesses of RFS, the financial affairs of RFS, and the relations of RFS with its customers, employees and service providers (including customer lists, customer information, account information and consumer markets);

(v)Software provided to Fiserv by or through RFS; and

(vi)other information or data concerning RFS or its operations, affairs or business that is stored on magnetic media or otherwise or communicated orally, and obtained, received, transmitted, processed, stored, archived or maintained by Fiserv under this Agreement

(collectively, the “RFS Confidential Information”).

(c)In the case of Fiserv, Confidential Information also shall include, whether or not labeled as “Confidential Information”, the following if disclosed to RFS in connection with provision of the Services:

(i)all User Manuals, specifications, designs, documents, correspondence, Fiserv Software (including Fiserv Licensed Software), Documentation, the Fiserv System, Fiserv Equipment, and data and other materials and work products owned or produced by Fiserv in the course of

performing the Services located therein or thereon (other than software, documentation and other materials which the Parties have agreed is owned by RFS or an RFS Affiliate);

(ii)all information concerning the operations, affairs and businesses of Fiserv (including ideas, marketing plans, business strategies, data and other information that are trade secrets or are competitively sensitive), the financial affairs of Fiserv, and the relations of Fiserv with its other customers, employees and service providers (including customer lists, customer information, account information and consumer markets); and

(iii)other information or data concerning Fiserv or its operations, affairs or business that is stored on magnetic media or otherwise or communicated orally, and obtained, received, transmitted, processed, stored, archived or maintained by Fiserv under this Agreement,

(collectively, the “Fiserv Confidential Information”); provided, however, that Fiserv Confidential Information shall not include any RFS Confidential Information.

(d)Obligations.

(i)Each Party’s Confidential Information shall remain the property of that Party except as expressly provided otherwise by the provisions of this Agreement. Each Party shall use at least the same degree of care as it employs to avoid unauthorized disclosure of its own information, but in any event no less than Commercially Reasonable Efforts, to prevent disclosing to unauthorized parties the Confidential Information of the other Party, provided that (A) Fiserv may disclose such information to Fiserv Personnel, Subcontractors, officers, lawyers, accountants and other professional advisers, external or internal auditors, directors, and agents to the extent necessary for Fiserv to perform the Services; and (B) RFS may disclose such information (other than pricing related terms of this Agreement) to third parties as and to the extent necessary for the conduct of its business, other than to a Fiserv Competitor (except for disclosure of information relating to Fiserv interfaces as necessary to interface with Fiserv Competitor systems or disclosure of information permitted to be disclosed under (and in accordance with) Section 21.12 in connection with Termination/Expiration Assistance). Further, if Fiserv adds a person to the list of Fiserv Competitors, or if a Fiserv Competitor acquires or otherwise becomes affiliated with a person, and that person is providing services to RFS in connection with RFS’ receipt or use of the Services at the time of such addition, acquisition or other affiliation occurs, then RFS may continue to receive such services from such person and disclose Confidential Information to such person consistent with past practices and as and to the extent necessary to continue to receive such services. In each case of disclosure permitted under subclause (A) or (B) above, the Party making the disclosure described in subclause (A) or (B) must first obtain an agreement in writing from the person to whom such information will be disclosed obligating them to the confidentiality obligations described in this Section 14.5.

(ii)As requested by a Party during the Term (but in the case of Fiserv Information, except as required by RFS and the RFS Affiliates in order to receive and use the Services), and upon expiration or any termination of this Agreement and completion of the other Party’s obligations under this Agreement, such other Party shall return or destroy, as the requesting Party may direct, all material in any medium that contains the requesting Party’s Confidential Information or, in the case that RFS is the requesting Party, any other RFS Information, or, in the case that Fiserv is the requesting Party, any other Fiserv Information, except (A) as necessary to comply with Applicable Laws and Rules; or (B) for archival data files which shall not be used for any purpose and shall be destroyed in the ordinary course of such Party’s computer file backup procedures.

(iii)In the event of any actual or suspected misuse, disclosure or loss of, or inability to account for, any Confidential Information of the Furnishing Party, the Receiving Party promptly shall (without limiting Section 14.7):

(A)notify the Furnishing Party upon becoming aware thereof;

(B)promptly furnish to the other Party full details of the unauthorized possession, use, or knowledge, or attempt thereof, and use reasonable efforts to assist the

other Party in investigating or preventing the reoccurrence of any unauthorized possession, use, or knowledge, or attempt thereof, of Confidential Information;

(C)take such actions as may be necessary or reasonably requested by the Furnishing Party to minimize the violation; and

(D)cooperate in all reasonable respects with the Furnishing Party to minimize the violation and any damage resulting therefrom.

(iv)Neither Party shall commence any legal action or proceeding against a third party with respect of any unauthorized possession, use, or knowledge, or attempt thereof, of Confidential Information by any person or entity which action or proceeding publicly identifies the other Party without reasonable prior consultation with such Party.

(e)Exclusions. Section 14.5(d) shall not apply to any particular information (other than RFS Data and any Non-Public Personal Information) which Fiserv or RFS can demonstrate:

(i)was, at the time of disclosure to it, in the public domain;

(ii)after disclosure to it, is published or otherwise becomes part of the public domain through no fault of the Receiving Party;

(iii)was lawfully in the possession of the Receiving Party at the time of disclosure to it without obligation of confidentiality;

(iv)was received after disclosure to it from a third party who had a lawful right to disclose such information to it without any obligation to restrict its further use or disclosure; or

(v)was independently developed by the Receiving Party without reference to Confidential Information of the Furnishing Party.

In addition, a Party shall not be considered to have breached its obligations by disclosing Confidential Information (including RFS Data and Non-Public Personal Information) of the other Party as required to satisfy any legal requirement of a competent government body provided that, promptly upon receiving any such request and to the extent that it may legally do so, such Party advises the other Party of the request prior to making such disclosure in order that the other Party may interpose an objection to such disclosure, take action to assure confidential handling of the Confidential Information, or take such other action as it deems appropriate to protect the Confidential Information.

(f)No Implied Obligation. Each Party’s Confidential Information shall remain the property of that Party. Nothing contained in this Section 14.5 shall be construed as obligating a Party to disclose its Confidential Information to the other Party, or as granting to or conferring on a Party, expressly or impliedly, any rights or license to the Confidential Information of the other Party, and any such obligation or grant shall only be as provided by other provisions of this Agreement.

Fiserv shall comply with the PCI-DSS, and maintain current validation of its compliance with all applicable payment card networks, at all times during the Term. [***].

(a)In addition to any other provisions of this Agreement, Fiserv shall notify RFS (by such method as may be appropriate in the circumstances, including verbal notification) promptly, but in no event greater than [***] of any Determined Fiserv Security Incident.  As used in this Agreement, a “Determined Fiserv Security Incident” shall mean a matter determined by Fiserv in accordance with Fiserv’s incident management policies to be: (i) an [***] Fiserv Security Incident, or the unauthorized

disclosure or loss of, or unauthorized access to or use of, RFS Confidential Information maintained or being processed by Fiserv; (ii) [***]; or (iii) an incident of which Fiserv as a “Bank Service Provider” is required to notify RFS under the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers dated November 23, 2021 or any successor requirement. Following such initial notification [***], Fiserv shall also provide RFS with a detailed description of the incident [***], a description of the proposed actions to be taken [***]. [***].

(b)Fiserv agrees to take action *** to investigate any matter that has the potential to be a Fiserv Security Incident and to identify, prevent and mitigate the effects of any Fiserv Security Incident, and to carry out any recovery or other action necessary to remedy the impact of such Fiserv Security Incident.  The content of any filings, communications, notices, press releases, or reports related to any Fiserv Security Incident that identifies RFS or its Affiliates by name shall first be approved by RFS prior to any publication or communication thereof to any third party, except as mandated by Applicable Law of either Party.  [***]. Each Party will cause its respective security personnel to meet in order to discuss and agree upon those circumstances when the parties will exchange information related to industry-wide data security threats that could cause risk to either Party.

(c)Notwithstanding subsection (a) above, Fiserv is not required to notify RFS of the loss by Fiserv of any medium or equipment containing RFS Data where all the RFS Data in the medium or equipment is determined by Fiserv in accordance with Fiserv’s incident management policies to be encrypted using industry standard or stronger encryption.

(d)Fiserv represents and warrants that [***].

(e)The obligations of Fiserv described in this Section 14.7 will be without prejudice to RFS’s other rights and remedies under this Agreement, at law, or in equity.   

    Each Party agrees to comply with its own data encryption policies and controls regarding data at rest, the transmission to and from such other Party of, and secure application access to tapes, images, records maintained and produced by either Party in connection with the Services (“RFS Files”) or other data in connection with the Services (collectively, with the RFS Files, “Data”). [***].

Schedule H provides additional terms applicable to Fiserv’s performance of Services in Canada.

Unless expressly addressed in another provision of this Agreement (such as being subject to a specific performance standard), Fiserv represents and warrants that the Services shall be rendered with promptness and diligence and shall be executed in a workman-like manner, in accordance with the practices and high professional standards used in well-managed operations performing services similar to the Services. Fiserv represents and warrants that it shall use adequate numbers of qualified individuals with suitable training, education, experience, and skill to perform the Services. For purposes of clarity, RFS and Fiserv agree that, with respect to any obligation that is covered by a performance standard, that satisfaction of such performance standard shall also be considered compliance with this Section 15.1.

Fiserv represents and warrants that it shall maintain the Fiserv System, and the Fiserv Equipment so that they operate in accordance with their specifications, including (a) maintaining such equipment in good operating condition, subject to normal wear and tear, (b) undertaking repairs and preventive maintenance on such equipment in accordance with the applicable equipment manufacturer's

recommendations, and (c) performing software maintenance in accordance with the applicable documentation, recommendations and specifications.

Fiserv represents and warrants that it shall use efficiently the resources or services necessary to provide the Services. Fiserv represents and warrants that it shall perform the Services in a reasonably cost-effective manner consistent with the required level of quality and performance.

(a)Fiserv represents and warrants that it shall provide the Services using, consistent with the Change Control Procedure, proven, current technology that will enable RFS to take advantage of [***].

(b)Fiserv will use industry standard coding practices designed to be secure in coding and development of all developed materials and will conduct industry standard testing and assurance of such materials

Each Party represents and warrants to the other that as of the Effective Date:

(a)It has the requisite corporate power and authority to enter into this Agreement and to carry out the transactions contemplated by this Agreement;

(b)The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated by this Agreement have been duly authorized by the requisite corporate action on the part of such Party and will not constitute a violation of any judgment, order or decree;

(c)The execution, delivery and performance of this Agreement and the consummation of the transactions contemplated by this Agreement will not constitute a material default under any material contract by which it or any of its material assets are bound, or an event that would, with notice or lapse of time or both, constitute such a default; and

(d)Except as has been previously disclosed to RFS in writing prior to the Effective Date, there is no proceeding pending or, to the knowledge of the Party, threatened in writing that challenges or may have a material adverse effect on this Agreement or the transactions contemplated by this Agreement.

Each Party represents and warrants to the other that it has not knowingly violated any Applicable Laws or any of the other Party’s policies of which it has been given notice regarding the offering of unlawful inducements in connection with this Agreement. If at any time during the Term, a Party determines that the foregoing warranty is inaccurate, then, in addition to any other rights it may have at law or in equity, it shall have the right to terminate this Agreement for cause without affording the other Party an opportunity to cure.

(a)Fiserv warrants that it will ensure that no Viruses are coded or introduced into the Fiserv System or into the RFS or RFS Affiliate information environments through the Fiserv System or the Services. If (i) a Virus which has adversely affected, or could adversely affect, the Services or the RFS Data in the possession or under the control of Fiserv, is found to have been introduced into the Fiserv System or (ii) a Virus has been introduced into the RFS or RFS Affiliate information environment through the Fiserv System or the Services, Fiserv promptly will (A) notify RFS of the introduction and the extent of any known damage to the RFS Data, and (B) if the Virus is in the Fiserv System, eradicate

the Virus, repair any damage to the RFS Data and eliminate any adverse effect on the Services resulting from the Virus or the eradication thereof.

(b)RFS warrants that it will ensure that no Viruses are introduced by it or its Permitted Users into the Fiserv System. If a Virus which has adversely affected, or could adversely affect, the Fiserv System is found to have been introduced into the Fiserv System by RFS or one of its Permitted Users, RFS promptly will notify Fiserv of the introduction of the Virus into the Fiserv System.

Fiserv represents and warrants that, without the prior written consent of RFS, Fiserv shall not knowingly insert into the Fiserv Software any code which would have the effect of disabling or otherwise shutting down all or any portion of the Fiserv Software or Services; except that the Fiserv Software may contain security and authentication features that have the effect of prohibiting or restricting use of or access to the Fiserv System or Fiserv Software without proper authorizations. Fiserv further represents and warrants that, with respect to any disabling code that may be part of the Fiserv Software, Fiserv shall not invoke such disabling code at any time during the Term or any period of Termination/Expiration Assistance for any reason in a manner that would affect access or use of the Services or access or use of the Fiserv System or Fiserv Software as permitted under this Agreement, without RFS’ prior written consent.

EXCEPT AS PROVIDED IN THIS AGREEMENT, THERE ARE NO OTHER EXPRESS WARRANTIES AND THERE ARE NO IMPLIED WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THIS AGREEMENT IS A SERVICES AGREEMENT AND THE PROVISIONS OF ARTICLE II OF THE UNIFORM COMMERCIAL CODE SHALL NOT APPLY TO IT.

(a)Fiserv is responsible for compliance with all Applicable Laws directly applicable to Fiserv (including identifying and procuring required permits, certificates, approvals and inspections directly applicable to Fiserv), and other Rules directly applicable to Fiserv, including, without limitation, PCI-DSS and all Rules applicable to payment card processors. If a charge of non-compliance with any such Applicable Law or Rules occurs, which may have an adverse impact on RFS, Fiserv shall promptly notify RFS of such charge in writing.

(b)Fiserv shall maintain the Fiserv System so that the Fiserv System (including the Services provided in connection therewith) contains functionality enabling RFS to comply with the RFS Legal Requirements [***] to the extent the RFS Legal Requirements pertain to RFS or to any RFS activities for which RFS uses the Services. [***].

(c)RFS is responsible for monitoring and interpreting Applicable Laws and Rules pertaining to RFS’ payment card issuing, merchant and other businesses, including those with respect to usury, equal credit opportunity, truth in lending, fair credit billing, fair credit reporting, fair debt collection practices, general consumer protection, the GLB Act, [***] (collectively, the “RFS Legal Requirements”). RFS is responsible for selecting the available parameter settings and programming features and options within the Fiserv System that apply to RFS’ use of the Services in compliance with the RFS Legal Requirements and for determining that such selections are consistent with the RFS Legal Requirements and with the terms and conditions of RFS’ contracts with its cardholders. In making such determinations, RFS may rely on the descriptions of such settings, features and options provided by Fiserv. Fiserv shall review with and explain to RFS such settings, features and options and shall provide clarification on the operation of such features as requested by RFS. [***].

(d)Subject to Article 14 (Safeguarding of Data; Confidentiality), each Party shall cooperate in providing information and/or records to the other Party in connection with the examinations, requests or proceedings of its Regulatory Agencies.

(e)[***]

Fiserv represents that it is, and during the Term shall remain, an equal opportunity affirmative action employer. Fiserv certifies that Fiserv does not, and shall not, discriminate against its employees or applicants for employment on any legally impermissible basis and is and shall remain in compliance with all Applicable Laws against discrimination, including Executive Orders 11141, 11246, 11375, 11458, 11625, 11701, and 11758. Fiserv certifies in accordance with 41 CFR Chapter 60-1.8 that its facilities are not segregated and that Fiserv complies with the Equal Opportunity Clause (41 CFR §60-1.4), the Affirmative Action Clause for Handicapped Workers (41 CFR §60-250.4), and the Affirmative Action Clause for Disabled Veterans and Veterans of the Vietnam Era (41 CFR §60-741.4), which are incorporated herein by reference.

Without limiting the indemnification provisions of this Agreement, during the Term and for a period of [***] thereafter, Fiserv shall have and maintain in force, at its sole cost and expense, the following minimum insurance coverages in the United States, and shall use Commercially Reasonable Efforts to obtain similar coverages in other jurisdictions which are compliant with Applicable Laws and consistent with the Services provided by Fiserv to RFS in such jurisdiction:

(a)Worker’s Compensation Insurance (Coverage A) with statutory limits, Disability and Unemployment Insurance, and all other insurance in accordance with the laws of the country, state, or territory exercising jurisdiction over the employee. 

(b)Employer’s Liability Insurance (Coverage B) in accordance with the laws of the country, state, or territory exercising jurisdiction over the employee, with minimum limits of not less than: $1,000,000 per accident, $1,000,000 per employee – disease, and $1,000,000 per employee – policy limit.

(c)Commercial General Liability Insurance written on an ISO occurrence form covering (i) liability arising from premises, operations, independent contractors, products-completed operations, bodily injury, and personal injury, and (ii) liability assumed under an insured contract.  The amount of required insurance shall be not less than: $5,000,000 per occurrence and a general aggregate limit of not less than $5,000,000 (provided however that so long as Fiserv has and maintains the coverage required by Section 18.1(h), such coverage may be at least $1,000,000 per occurrence and a general aggregate limit of at least $1,000,000). 

(d)Comprehensive Auto Liability Insurance in an amount not less than $5,000,000 combined single limit (Bodily Injury/Property Damage) including coverage for Owned, Non-owned, and Hired Car Coverage.  Such Comprehensive Auto Liability insurance shall include appropriate clauses pursuant to which the insurance companies waive all rights of subrogation against either Party in connection with losses caused by such Party (except for losses resulting from gross negligence or willful misconduct (provided however that so long as Fiserv has and maintains the coverage required by Section 18.1(h), such coverage may instead be at least $1,000,000 combined single limit).

(e)Professional Errors & Omission insurance covering the activities of Fiserv, including loss of, mishandling of or failure to prevent unauthorized access to, or use of, systems or data, including data containing private or confidential information of Fiserv or others for which Fiserv responsible, and

software copyright infringement, with coverage limits of not less than [***] per claim or per occurrence [***] aggregate. The policy may be issued either on an “occurrence” basis with full prior acts coverage for claims arising out of services rendered from the initial commencement of Services through the end of the Agreement, or on a “claims made” basis, providing coverage for claims arising out of services rendered from the initial commencement of Services through three (3) years after the end of the Agreement without any limitations for prior acts.

(f)Comprehensive Crime, Employee Dishonesty/Fidelity Bond and Computer Fraud Insurance covering loss arising out of or in connection with any fraudulent or dishonest acts (including theft) committed by the employees or Subcontractors of Fiserv or its Affiliates (including employees, agents, representatives, internal or external consultants or contractors), acting alone or in collusion with others, including an endorsement or insuring agreement specifying that such personnel theft coverage extends to the property and funds of RFS and others in their care, custody or control, in a minimum amount of [***] per loss. This policy shall name RFS and its Affiliates as loss payees and Fiserv shall provide verification of such to RFS.

(g)Cyber Risk/Professional Insurance in an amount not less than [***] covering losses, including losses of or damage to electronic or other data, arising out of: (i) damage to Fiserv’s systems caused by Viruses or other malicious code, (ii) data theft, and (iii) claims of code misappropriation or code theft.

(h)Umbrella or Excess Liability Insurance with a minimum limit of [***] (including the underlying coverage, not necessarily in excess of the insurance under other policies required under Sections 18.1(a) through 18.1(d) above.) 

(i)Full “All risk” and “Extended Coverage” Replacement Cost Coverage Property Insurance on any and all Equipment belonging to RFS that is within Fiserv’s possession or control. 

The Commercial General Liability Insurance and Umbrella or Excess Liability Insurance described above shall include RFS and its Affiliates as additional insureds. The foregoing insurance coverage shall be primary and non-contributing with respect to any other insurance or self-insurance that may be maintained by either Party. Fiserv shall cause its insurers to issue either (a) binding certificates of insurance issued by an authorized representative of the insurer evidencing that the coverage and policy endorsements required under this Agreement are maintained in force; or (b) other proof of binding insurance. Such certificates or proof of insurance shall include the following language: “Retail Finance Servicing LLC and its affiliates and/or their successors and assigns as their interests may appear.” Fiserv shall provide not less than thirty (30) days’ prior written notice to RFS if Fiserv fails to continue any insurance coverage required by this provision.  The insurers selected by Fiserv shall each have an A.M. Best & Co. rating of not less than “A-” or “VII” or otherwise be acceptable to RFS.  Fiserv represents that such insurance policies contain self-executing provisions that serve to endorse its policy automatically to cover Fiserv’s contractual obligations.

Fiserv shall indemnify, defend and hold harmless RFS and its Affiliates and (at RFS’ option) their respective officers, directors, employees, agents, successors and assigns from, any and all Losses and threatened Losses based upon allegations of any of the following in connection with Claims made by an unaffiliated third party:

(a)[***];

(b)Fiserv’s willful misconduct or gross negligence;

(c)subject to Section 19.2, any Claims of infringement or misappropriation of any Intellectual Property of a third party, alleged to have occurred because of systems or other resources provided by Fiserv to RFS, or based upon performance of the Services by Fiserv, except to the extent the Claim is caused by:

(i)RFS’ use of the Fiserv System in breach of this Agreement;

(ii)[***]; or

(iii)RFS’ use of the Services in combination with systems, services, or methods not provided by Fiserv (and which combination is not required by the Documentation),

provided such infringement would not have occurred without such breach, specifications, materials and/or designs, or combination;

(d)any amounts including Taxes, interest, and penalties assessed against RFS which are obligations of Fiserv pursuant to Section 9.4;

(e)any claim or action by Subcontractors arising out of Fiserv's breach or violation of Fiserv's subcontracting arrangements; and

(f)[***].

RFS agrees to indemnify, defend and hold harmless Fiserv and its Affiliates and (at Fiserv’s option) their respective officers, directors, employees, agents, successors and assigns from any and all Losses and threatened Losses based upon allegations of any of the following in connection with Claims made by an unaffiliated third party:

(a)[***]; and

(b)any Claims of infringement or misappropriation of any Intellectual Property of a third party, caused by:

(i)RFS’ use of the Fiserv System in breach of this Agreement;

(ii)[***]; or

(iii)RFS’ use of the Services in combination with systems, services, or methods not provided by Fiserv (and which combination is not required by the Documentation),

provided such infringement would not have occurred without such breach, specifications, materials and/or designs, or combination.

Each Party (indemnitor) agrees to indemnify, defend, and hold harmless the other, and its Affiliates, and (at such Party’s option) officers, directors, employees, agents, successors, and assigns (collectively, the indemnitee), from any and all Losses and threatened losses based upon allegations of any of the following Claims made by an unaffiliated third party:

(a)the death or bodily injury of any agent, employee (other than an employee of the indemnitor), customer, business invitee, or business visitor or other person caused by the tortious conduct of the indemnitor (except to the extent within the scope of, and actually covered by, (i) insurance

coverage which the indemnitee is required to carry pursuant to this Agreement or (ii) the indemnitee’s worker’s compensation coverage);

(b)the damage, loss or destruction of any real or tangible personal property caused by the tortious conduct of the indemnitor (except to the extent within the scope of, and covered by, insurance coverage which the indemnitee is required to carry pursuant to this Agreement); and

(c)any claim, demand, charge, action, cause of action, or other proceeding asserted against the indemnitee but resulting from an act or omission of the indemnitor in its capacity as an employer of a person.

If any item provided by Fiserv to provide the Services becomes, or in Fiserv's reasonable opinion is likely to become, the subject of an infringement or misappropriation claim or proceeding, except where the infringement or misappropriation is subject to Section 19.2(b), in addition to indemnifying RFS as provided in this Article 19 and to the other rights RFS may have under this Agreement, Fiserv, at its option and expense, shall either:

(a)promptly secure the right to continue using the item, or

(b)replace or modify the item to make it non-infringing or without misappropriation, provided that any such replacement or modification will not degrade the performance or quality of the affected component of the Services.

However, if none of the remedies in clause (a) or clause (b) above is available to Fiserv, Fiserv may remove the item from the Services and equitably adjust Fiserv’s Charges to adequately reflect such removal.

With respect to third-party Claims the following procedures shall apply:

(a)Notice. Promptly after receipt by any entity entitled to indemnification under Sections 19.1 through 19.5 of notice of the commencement or threatened commencement of any action, proceeding or other Claim by a third party in respect of which the indemnitee will seek indemnification pursuant to any such Section, the indemnitee shall promptly notify the indemnitor of such Claim in writing. No failure to so notify an indemnitor shall relieve it of its obligations under this Agreement except to the extent that it can demonstrate actual and material prejudice attributable to such failure. Within fifteen (15) days after receipt of notice from the indemnitee relating to any Claim (but if time of receipt of the summons permits, no later than ten (10) days before the date on which any response to a complaint or summons is due) the indemnitor shall notify the indemnitee in writing if the indemnitor elects to assume control of the defense and settlement of that Claim (a “Notice of Election”).

(b)Procedure Following Notice of Election. If the indemnitor delivers a Notice of Election relating to any Claim within the required notice period, the indemnitor shall be entitled to have sole control over the defense and settlement of such Claim, which it shall defend actively and with all reasonable diligence; provided that (i) the indemnitee shall be entitled to participate in the defense of such Claim and to employ counsel at its own expense to assist in the handling of such Claim; and (ii) the indemnitor shall obtain the prior written approval of the indemnitee before entering into any settlement of such Claim or ceasing to defend against such Claim. After the indemnitor has delivered a Notice of Election relating to any Claim in accordance with the preceding paragraph (and, in fact, diligently defends the claim), the indemnitor shall not be liable to the indemnitee for any legal expenses incurred by the indemnitee in connection with the defense of that Claim. In addition, the indemnitor shall not be required to indemnify the indemnitee for any amount paid or payable by the indemnitee in the settlement of any

Claim for which the indemnitor has delivered a timely Notice of Election if such amount was agreed to without the written consent of the indemnitor.

(c)Procedure Where No Notice of Election Is Delivered Or The Claim Is Not Otherwise Defended. If the indemnitor does not deliver a Notice of Election relating to a Claim, within the required notice period or fails to diligently defend the Claim, the indemnitee may defend the Claim in such manner as it may deem appropriate (without any obligation to consult with or obtain any consent from the indemnitor), at the cost and expense of the indemnitor, including payment of any judgment or award and the costs of settlement or compromise of the Claim. The indemnitor shall promptly reimburse the indemnitee for all such costs and expenses, including payment of any judgment or award and the costs of settlement or compromise of the Claim. If it is determined that the indemnitor failed to defend a Claim for which it was liable, the indemnitor shall not be entitled to challenge the amount of any settlement or compromise paid by the indemnitee.

If an indemnitor shall be obligated to indemnify an indemnitee pursuant to this Article 19, the indemnitor shall, upon fulfillment of its obligations with respect to indemnification, including payment in full of all amounts due pursuant to its indemnification obligations, be subrogated to the rights of the indemnitee with respect to the Claims to which such indemnification relates.

Subject to the specific provisions of this Article 20, it is the intent of the Parties that each Party shall be liable to the other Party for any actual damages incurred by the non-breaching Party as a result of the breaching Party's failure to perform its obligations in the manner required by this Agreement.

(a)Damages Exclusion. IN NO EVENT, WHETHER IN CONTRACT OR IN TORT (INCLUDING BREACH OF WARRANTY, NEGLIGENCE AND STRICT LIABILITY IN TORT), SHALL A PARTY BE LIABLE FOR INDIRECT OR CONSEQUENTIAL, LOST PROFITS, EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE [***].

(b)Limitation of Liability. Subject to Section 20.2(c), each Party’s total liability to the other for events occurring within a calendar year, whether in contract or in tort (including breach of warranty, negligence and strict liability in tort) shall be limited to an amount equal to the greater of (i) [***] the aggregate Charges incurred by RFS under this Agreement [***] during [***] or (ii) [***]; provided, however, to the extent any such liability results from [***], Fiserv's total liability under the preceding clause shall be the greater of (x) [***] the aggregate Charges incurred by RFS under this Agreement [***] during [***] or (y) [***]. References to the “immediately prior Full Contract Year” refer to either (y) the most recent full 12-month Contract Year occurring during the Term, or (z) in the case of Claims made in [***] during which services were provided by Fiserv to RFS [***] and/or this Agreement, as applicable.

(c)Exceptions to Limitations of Liability. The limitations set forth in Section 20.2(b) shall [***].

(d)Certain Damages Deemed Direct. The limitations in Section 20.2(a) shall not apply to the following damages if Fiserv is otherwise liable for such damages under this Agreement:

(i)reasonable costs and expenses of [***];

(ii)reasonable costs and expenses incurred to [***] due to Fiserv’s material breach of this Agreement;

(iii)payments, fines, penalties or interest imposed by a governmental body, payment card brand or regulatory entity under Applicable Laws or Rules; and

(iv)in connection with a Fiserv Security Incident: [***]. RFS will make decisions about whether to [***] in accordance with its normal business practices and policies without regard to [***]; and

(v)reasonable out-of-pocket [***] incurred by RFS or its Affiliates resulting from Fiserv’s material breach of this Agreement.

(e)Duty of Mitigation. Each Party shall have a duty to mitigate damages for which the other Party is responsible.

If the amount available for damages under Section 20.2(b) has been reduced (by whatever reason, including breaches of the Agreement by Fiserv) to [***] of the amount it would otherwise be (e.g., more than [***] has been reduced), RFS may request Fiserv to refresh such amount Pool (such request, a “Refresh Request”). Within thirty (30) days of RFS’ Refresh Request Fiserv may accept RFS’ request, by providing RFS with notice that it agrees such request (a “Refresh Acceptance”). If Fiserv has provided a Refresh Acceptance the amount available for damages Pool shall be refreshed as of such date to [***] such that no prior Claims or other reductions shall be considered from that date forward (but new Claims or other reductions arising thereafter shall still apply). If Fiserv provides a Refresh Acceptance, Claims and liabilities arising prior to the Refresh Request which would have reduced the amount available shall be thereafter disregarded from that date forward (but new Claims or other reductions arising thereafter shall still apply). If Fiserv does not provide a Refresh Acceptance within such thirty (30) day period (time being of the essence), RFS shall have the termination rights provided in Section 21.9(b).

(a)Subject to Section 20.4(b) below, neither Party shall be liable for any failure or delay in the performance of its obligations under this Agreement to the extent such failure or delay: is caused by any of the following: acts of war, terrorism, civil riots or rebellions; pandemic, quarantines, embargoes and other similar unusual governmental action; extraordinary elements of nature or acts of God (including fire, hurricane, tornado, earthquake or flood), or any other cause beyond the reasonable control of such Party ("Force Majeure Event"). The parties expressly acknowledge that Force Majeure Events do not include [***]. Moreover, a Force Majeure Event will not excuse Fiserv from its obligations to implement a BCP or DRP as provided in Section 3.5 of the Agreement unless a Force Majeure Event itself caused the failure to implement the Plan.

(b)Upon the occurrence of a Force Majeure Event, the non-performing Party shall be excused from any further performance or observance of the affected obligation(s) for as long as such circumstances prevail, and such Party continues to attempt to recommence performance or observance to the greatest extent possible without delay.

(c)The non-performing Party shall provide the other Party with written notice promptly upon becoming actually aware of its occurrence, and shall use Commercially Reasonable Efforts to seek a workaround or otherwise perform the affected obligations notwithstanding the existence of the Force Majeure Event.

(d)If any event under Section 20.4(a) above substantially prevents, hinders, or delays performance of the Services necessary for the performance of RFS functions reasonably identified by RFS as critical for more than [***] consecutive days, then at RFS’ option, RFS may procure such Services from an alternate source [***]. If any event under Section 20.4(a) above substantially prevents,

hinders, or delays performance of the Services necessary for the performance of RFS functions reasonably identified by RFS as critical for more than [***] consecutive days, then at RFS’ option, (i) RFS may terminate any portion of this Agreement so affected and the charges payable hereunder shall be equitably adjusted to reflect those terminated Services; or (ii) RFS may terminate this Agreement without liability to RFS or Fiserv as of a date specified by RFS in a written notice of termination to Fiserv. Fiserv shall not have the right to any additional payments from RFS for costs or expenses incurred by Fiserv as a result of any Force Majeure Event.

(a)If Fiserv:

(i)commits a material breach of this Agreement or of a Service Tower, which breach is not cured within thirty (30) days after notice of breach from RFS to Fiserv; provided, however, that (A) if a different period of time to cure for a particular matter is specified in this Agreement, then that cure period shall apply to such matter, or (B) if Fiserv is making diligent efforts to cure any such breach from the start of the thirty-day (30) cure period, then if requested by Fiserv, such cure period shall be extended for an additional period (not to exceed thirty (30) days);

(ii)commits a material breach of this Agreement or a Service Tower that is not capable of being cured within sixty (60) days;

(iii)commits numerous breaches of its duties or obligations that collectively constitute a material breach of this Agreement or a Service Tower and are not cured within a sixty (60) day period after notice of breach from RFS to Fiserv; or

(iv)commits an event which under the terms of mutually agreed upon written specifications gives RFS a termination right in connection with Service Level failures, and RFS notifies Fiserv that it elects to terminate within the period provided in the relevant section therein,

then RFS may by giving written notice to Fiserv terminate this Agreement or the Service Tower (as applicable), in whole or in part, as of a date specified in the notice of termination; provided however that if the breach is limited to one Service Tower and is not the result of Fiserv’s willful misconduct or gross negligence, then RFS may only terminate the Service Tower with respect to which the breach occurred. If RFS chooses to terminate this Agreement or a Service Tower in part, the Charges payable under this Agreement will be equitably adjusted to reflect the fact that neither RFS nor the RFS Affiliates are receiving the Services which have been terminated.

(b)If RFS:

(i)fails to pay Fiserv when due undisputed charges under this Agreement totaling [***] within sixty (60) days of the time specified for such payment and such default remains uncured thirty (30) days after written notice from Fiserv specifying the nature and extent of such default; or

(ii)commits a material breach of its obligations under [***], which breach is not cured within thirty (30) days after notice of breach from Fiserv to RFS; provided, however, that (A) if a different period of time to cure for a particular matter is specified in this Agreement, then that cure period shall apply to such matter, or (B) if RFS is making diligent efforts to cure any such breach from the start of the thirty-day (30) cure period, then if requested by RFS, such cure period shall be extended for an additional period (not to exceed thirty (30) days); or

(iii)commits a material breach of its obligations under [***] that is not capable of being cured within sixty (60) days;

then Fiserv may by giving written notice to RFS terminate this Agreement as of a date specified in the notice of termination (which date shall be not less than twelve (12) months following the date of such notice).

If a change in Control of Fiserv occurs where (a) such Control is acquired, directly or indirectly, in a single transaction or series of related transactions, (b) all or substantially all of the assets of Fiserv are acquired by, or (c) Fiserv is merged with or into another entity to form a new entity with, in each such case, an entity which is a “major competitor” of RFS, then RFS may, in its sole discretion, terminate this Agreement by giving Fiserv at least ninety (90) days prior written notice and designating a date upon which such termination shall be effective. For the purposes of this Section 21.3, an RFS “major competitor” shall mean [***] and each of their respective successors and Affiliates. [***].

This Agreement and any Service Tower may also be terminated in whole or part as provided in Section 20.4(d).

This Agreement and any Service Tower may also be terminated in whole or part by RFS upon notice to Fiserv if there is an injunction that prevents RFS from utilizing a substantial portion of the Services and Fiserv has not provided a workaround solution to such injunction.

If Fiserv:

(a)files a petition in bankruptcy;

(b)has an involuntary petition in bankruptcy filed against it which is not challenged within twenty (20) days and dismissed within sixty (60) days;

(c)makes a general assignment for the benefit of creditors;

(d)admits in writing its inability to pay its debts as they mature; or

(e)has a receiver appointed for its assets,

then RFS may by giving notice to Fiserv terminate this Agreement or any Service Tower for cause as of the date specified in such notice of termination.

RFS may terminate this Agreement or any Service Tower upon reasonable notice and without penalty, if a Regulatory Agency formally directs RFS in writing to terminate the Agreement or such Service Tower, provided that RFS has attempted in good faith to allow Fiserv to participate in the discussions with the regulator, and then fails to modify the applicable services to satisfy the regulator’s requirements within the timeframe requested by or agreed by the regulator (it being understood that RFS may only terminate the Service Tower with respect to the specific Services that the regulator formally directs RFS in writing to terminate and such other portions of the Services that in RFS’ reasonable judgment are directly related thereto).

(a)For Cause. If Fiserv:

(i)commits a material breach of a Statement of Work, which breach is not cured within thirty (30) days after notice of breach from RFS to Fiserv; provided, however, that (A) if a different period of time to cure for a particular matter is specified in this Agreement or such Statement of Work, then that cure period shall apply to such matter, or (B) if Fiserv is making diligent efforts to cure any such breach from the start of the thirty-day (30) cure period, then if requested by Fiserv, such cure period shall be extended for an additional period (not to exceed thirty (30) days);

(ii)commits a material breach of a Statement of Work that is not capable of being cured within sixty (60) days; or

(iii)commits numerous breaches of its duties or obligations that collectively constitute a material breach of a Statement of Work and are not cured within a sixty (60) day period after notice of breach from RFS to Fiserv,

then RFS may by giving written notice to Fiserv terminate such Statement of Work as of a date specified in the notice of termination

(b)Other Applicable Sections. The terms and conditions of Section 21.10 (Extension of Termination/Expiration Effective Date), Section 21.11 (No Damages From Termination) and Section 21.12 (Termination/Expiration Assistance) shall also apply to any termination by RFS of a Statement of Work under this Section.

(a)If any other agreement between the Parties provides RFS with an express right to terminate this Agreement, RFS may terminate this Agreement pursuant to the terms of such other agreement.

(b)If Fiserv does not provide a Refresh Acceptance within the thirty (30) day period described in Section 20.3, RFS may terminate this Agreement.

RFS may extend the effective date of termination/expiration of this Agreement, any Service Tower one or more times as it elects in its discretion, provided that the total of all such extensions on a per Service Tower basis shall not exceed one hundred eighty (180) days after the effective date of termination/expiration in place immediately prior to the initial extension under this Section 21.10 and, if termination is pursuant to Section 21.1(b), if required by Fiserv, RFS either (at RFS’ option) (a) pre-pays the estimated monthly Charges and Pass-Through Expenses at least thirty (30) days prior to each month or (b) posts an irrevocable letter of credit (or performance bond) in sufficient amount to meet the next three (3) months of on-going Charges and Pass-Through Expenses to be incurred and pays all new Charges and Pass-Through Expenses for Services when due. For any notice or notices of such extensions provided to Fiserv less than thirty (30) days before the then-scheduled date of termination/expiration, RFS shall also reimburse Fiserv for additional Out-of-Pocket Expenses caused by RFS giving such notices on such a short notice period.

Neither Party shall be liable to the other for any damages arising from proper termination of this Agreement or any Service Tower, although each Party shall remain liable for any damages suffered as a result of any underlying breach.

(a)Right to Request Assistance. Beginning six (6) months prior to expiration of this Agreement or a Service Tower, or on such earlier date as RFS may request, or commencing upon a notice of termination (including notice of termination based upon default by RFS) or of non-renewal of this Agreement or the relevant Service Tower, and continuing through the effective date of expiration or, if applicable, of termination of this Agreement or the relevant Service Tower (as such effective date may be extended pursuant to Section 21.10) and the additional period provided in Section 21.12(g), Fiserv shall provide to RFS, or at RFS’ request to RFS’ designee (such designee, the “Successor”), the reasonable termination/expiration assistance requested by RFS to allow the Services to continue without interruption or adverse effect and to facilitate the orderly transfer of the Services for RFS to RFS or its Successor (including a competitor of Fiserv) (“Termination/Expiration Assistance”). If RFS requests that Fiserv provide Termination/Expiration Assistance to a Successor (including a Fiserv Competitor), (i) RFS may disclose or otherwise share with such Successor Fiserv Confidential Information described in this Section 21.12 only to the extent reasonably necessary to complete the orderly transfer of the Services for RFS to such Successor, and RFS will reasonably attempt to minimize the amount of any such information that it shares with such Successor, and (ii) RFS shall obtain from the Successor a written agreement that such Successor will maintain the confidentiality of Fiserv’s Confidential Information disclosed or provided to the Successor in the course of receiving such Termination/Expiration Assistance. RFS shall return all Fiserv Confidential Information provided to RFS or its Successor under this Section 21.12 in accordance with Section 14.5(d)(ii) within thirty (30) days after the transition of the Services is completed. RFS’ request may be in the context of RFS’ reduction or removal of a portion of the Services (or a conversion of Card Accounts or customer relationships to a third party) in accordance with Section 3.1(c), although this Agreement or the relevant Service Tower is not itself being terminated. Termination/Expiration Assistance shall include the assistance described below.

(b)General. Fiserv shall:

(i)Provide a plan (the “Termination/Expiration Assistance Plan”) for the transition of requested operations from Fiserv which plan is subject to approval by RFS, and the Termination/Expiration Assistance Plan shall include at a minimum:

(A)A detailed description of the plan for transferring performance of the Services being terminated (“Terminated Services”) to RFS and/or its Successor;

(B)A detailed description of Fiserv’s responsibilities in support of such transfer of the Terminated Services;

(C)Details of Fiserv Personnel and other resources to be used in providing Termination/Expiration Assistance, which will include identification of any additional personnel to be used by Fiserv; and

(D)If the Parties contemplate that Fiserv Personnel will transfer to RFS after the notice of termination, procedures addressing the transfer to RFS and/or its Successor (if applicable) of any such Fiserv Personnel and other resources to be transferred pursuant to this Section 21.12.

(ii)Provide master file, field descriptions and record layouts, and other similar information necessary for RFS to deconvert from the Fiserv System and convert to another platform, the transferred Card Accounts [***] without disruption to RFS’ operations.

(iii)Provide all required deconversion files within [***]. Multiple requests may be required.

(iv)Provide RFS with such other information regarding the Services (including information of the personnel, third parties and other resources then used by Fiserv to provide the Services to RFS) as is reasonably prudent or necessary in order for RFS to transition and convert

responsibility for the Services to its Successor and continue the performance of the Services in an orderly manner, so as to minimize, as much as possible, disruption in the operations of RFS.

(c)Pre-Migration Services. Fiserv shall:

(i)Provide a list of all Equipment, Software and materials used to provide the Production Services and (if applicable) third party services used in providing the Production Services being terminated;

(ii)Provide to RFS copies of other reasonable information regarding the Services that RFS (or its Successor) requires in connection with the implementation of the transition plan, including documentation describing the business and operational requirements and features of customized system modifications created on behalf of RFS, including documentation relating to or affecting the transferred Card Accounts (but expressly not including documentation or information containing or describing the architecture, coding, or other technical implementation showing or explaining how any such customized system modification is implemented within the Fiserv System or Fiserv Software);

(iii)Provide an inventory of telephone numbers being used by Fiserv in conjunction with performing the Terminated Services;

(iv)Provide assistance to RFS in notifying third party vendors of the procedures to be followed during the turnover phase;

(v)Assist RFS in understanding naming conventions;

(vi)Provide to RFS access to Fiserv Personnel who were performing the Services in order that such personnel may answer the Successor’s questions;

(vii)Assist RFS in its analysis of file size and data storage space required for data to be transferred from Fiserv;

(viii)To the extent that Fiserv and RFS have established protocols and procedures with respect to how Fiserv would assist RFS in the event of an RFS disaster, train and inform RFS and Successor of such protocols and procedures related thereto;

(ix)Update and provide documentation used by Fiserv to provide business continuity services;

(x)Cooperate with RFS in the preparation for and conduct of migration testing to ensure the orderly transfer of the Terminated Services; and

(xi)Provide to RFS current and pending Termination/ Expiration Assistance Plans and status to enable RFS to perform services with minimum disruption to RFS’ operation.

(d)Migration Services. Fiserv shall:

(i)Provide all requested data files and other RFS Information to RFS or its Successor, subject to a release from RFS at the Development Hour rate set forth in Schedule C;

(ii)Deliver to the Successor as requested by RFS tapes of the requested data files (without content listing) and printouts of control file information relating to or affecting the transferred Card Accounts and customer relationships;

(iii)Provide reasonable assistance to the Successor in loading the data files;

(iv)In conjunction with RFS and/or Successor, conduct the cutover of the Terminated Services and support the commencement of the operations by RFS and/or Successor; and

(v)Arrange for additional overlapping business continuity coverage and support to minimize disruption.

(e)Post Migration Services. Fiserv shall:

(i)Provide additional assistance at RFS’ request to assure continuity of operations relating to or affecting the Services. Upon request by RFS, Fiserv shall maintain account information on-line for a period of time to be specified by RFS (but not to exceed the applicable retention periods set forth in Schedule F); and

(ii)Fulfill its obligations under Section 14.5(d)(ii).

(f)Personnel. [***].

(g)Third Party Services. To the extent necessary to complete the transition and to the extent permitted by Fiserv’s contract with the third party, Fiserv shall make available or use its best efforts to make available to RFS or its Successor, pursuant to reasonable terms and conditions, any third party services then being utilized by Fiserv in the performance of the Services including services being provided through third party service. Fiserv will be entitled to retain the right to utilize any such third party services in connection with the performance of services for any other Fiserv customer.

(h)Termination/Expiration Assistance Period. For [***] following the effective date of termination/expiration under other provisions of this Agreement or the relevant Service Tower, at RFS’ request Fiserv shall continue to provide Termination/Expiration Assistance. Actions by Fiserv under this Section 21.12 shall be subject to the other provisions of this Agreement.

(i)Charges for Termination/Expiration Assistance.

(i)If any Service Tower is terminated in whole or in part by expiration or by RFS pursuant to Section 21.1, then Fiserv (A) shall continue to charge RFS the applicable charges for continued performance of the Services under such Service Tower (or Service Towers) during the period of Termination/Expiration Assistance, but (B) shall provide all other activities required of Fiserv to provide Termination/Expiration Assistance with respect to such Service Tower (or Service Towers) [***].

(ii)If any Service Tower is terminated for any reason other than by RFS pursuant to Section 21.1, then Fiserv (A) shall continue to charge RFS the applicable charges for continued performance of the Services under such Service Tower (or Service Towers) during the period of Transition/Expiration Assistance, and (B) charge RFS for other activities required of Fiserv to provide the Termination/Expiration Assistance. [***].

Fiserv acknowledges that, in the event it breaches (or attempts or threatens to breach) its obligation to provide Termination/Expiration Assistance as provided in Section 21.12 or breaches its obligation of confidentiality pursuant to Article 14, RFS will be irreparably harmed. In such a circumstance, RFS may proceed directly to court. If a court of competent jurisdiction should find that Fiserv has breached (or attempted or threatened to breach) its obligation to provide Termination/Expiration Assistance or its obligation of confidentiality, Fiserv waives its right to request or obtain any additional findings of irreparable injury or other conditions to injunctive relief, it shall not oppose the entry of an appropriate order compelling performance by Fiserv and restraining it from any further breaches (or attempted or threatened breaches). This Section 21.14 does not in any manner limit the rights of the Parties under Section 22.4.

Any dispute between the Parties arising out of or relating to this Agreement, including with respect to the interpretation of any provision of this Agreement and with respect to the performance by Fiserv or RFS, shall be resolved as provided in this Article 22.

(a)Subject to Section 22.1(b), the Parties initially shall attempt to resolve their dispute informally, in accordance with the following:

(i)Upon the written notice by a Party to the other Party of a dispute (the date of such notice, the “Dispute Date”), each Party shall appoint a designated representative who does not devote substantially all of his or her time to performance under this Agreement, whose task it will be to meet for the purpose of endeavoring to resolve such dispute.

(ii)The designated representatives shall meet as often as the Parties reasonably deem necessary in order to gather and furnish to the other Party all information with respect to the matter in issue which the Parties believe to be appropriate and germane in connection with its resolution. The representatives shall discuss the problem and attempt to resolve the dispute without the necessity of any formal proceeding.

(iii)During the course of discussion, all reasonable requests made by a Party to the other for non-legally privileged information reasonably related to this Agreement shall be honored in order that a Party may be fully advised of the other Party's position.

(iv)The specific format for the discussions shall be left to the discretion of the designated representatives.

(b)Arbitration of a dispute may be commenced by either Party upon the earlier to occur of any of the following:

(i)the designated representatives mutually conclude that amicable resolution through continued negotiation of the matter does not appear likely;

(ii)thirty-five (35) days have elapsed from the Dispute Date (this period shall be deemed to run notwithstanding any claim that the process described in this Section 22.1 was not followed or completed); or

(iii)commencement of arbitration is deemed appropriate by a Party to avoid the expiration of an applicable limitations period or to preserve a superior position with respect to other creditors, or a Party makes a good faith determination, including as provided in Section 21.14 respecting RFS, that a breach of the Agreement by the other Party is such that a temporary restraining order or other injunctive relief is necessary.

(a)Except as provided in Section 21.14 above and Section 22.4 below, all disputes relating to the scope of the Parties’ obligations hereunder shall be decided by an arbitration panel consisting of one (1) arbitrator (selected as described below) convened in accordance with the rules of the American Arbitration Association (“AAA”) then in force except to the extent modified in this paragraph, unless the Parties mutually agree in writing to the contrary. Arbitrations under this Section shall be conducted by a single arbitrator in accordance with the following: (i) the arbitration will be governed by the Federal Arbitration Act; (ii) the AAA Rules will apply, except that the provisions of this Agreement will control over the AAA Rules; (iii) the arbitrator will be selected by agreement of the Parties or in the case of disagreement, from the AAA’s National Roster of Arbitrators in accordance with Rule R-12 of the AAA

Rules; (iv) the Expedited Procedures under R-1 of the AAA Rules shall apply if the monetary value of the Dispute as described in the Demand for Arbitration is less than or equal to $250,000; (v) the Parties may make motion(s) for summary adjudication; (vi) the fees and expenses of the arbitrator and for the administration of the arbitration shall be paid equally by the Parties; (vii) the location of any arbitration proceeding will be in New York City, NY; and (viii) the arbitrator is required to issue an award and a separate written decision which summarizes the reasoning and legal basis for the award. The Parties shall be entitled to challenge the neutrality of the arbitrators appointed by AAA in accordance with AAA’s rules. The appointed arbitrators shall, to the extent practicable, be arbitrators with experience in the resolution of commercial disputes in the general subject matter area of the demanded arbitration. The compensation of the appointed arbitrators shall be determined by AAA. The award rendered by the arbitrators shall be final and judgment may be entered upon it in accordance with the applicable law in any court having jurisdiction thereof.

(b)Notice of the demand for arbitration (the “Notice”) by either Party hereto (for the purposes of this paragraph, the Party making a demand for arbitration shall be referred to herein as the “Notifying Party”) shall be made in writing to the other Party to this Agreement (the Party receiving a demand for arbitration from a Notifying Party shall be referred to herein as the “Notified Party”) and filed simultaneously with AAA.

(c)The provisions of this Agreement requiring arbitration shall be specifically enforceable under prevailing law.

(d)The expense of any such arbitration (excluding attorneys’ fees incurred in the arbitration process by the participating Parties) shall be borne entirely by the Party that initiated the process , unless (i) the Parties mutually agree to initiate the process, in which case the expense of arbitration shall be shared equally, or (ii) the Party that initiated the process of arbitration obtains substantially all of the relief that it requested, in which case the expense of arbitration shall be borne entirely by the other Party. Each Party shall bear its own attorneys’ fees incurred in the arbitration process unless (x) if such Party initiated the process of arbitration, it obtained substantially all of the relief that it requested, or (y) if such Party did not initiate the process of arbitration, the arbitrator determines that such Party had been in substantial compliance with all obligations allegedly unfulfilled.

Except as otherwise directed by the other Party, each Party shall continue performing its obligations under this Agreement while a dispute is being resolved except (and then only) to the extent the issue in dispute precludes performance (dispute over payment shall not be deemed to preclude performance) and without limiting either Party’s right to terminate this Agreement as provided in Article 21.

Each of the Parties acknowledges that the other Party would be irreparably damaged if any of the provisions of Articles 13 (Audits), and 16 (Compliance With Laws) or of Sections 13.8 (Overcharges), 14.5 (Confidentiality), 21.12 (Expiration/Termination Assistance), or 22.3 (Continued Performance) were not performed in accordance with their specific terms or were otherwise breached. Accordingly, they agree that their remedy at law may be inadequate, and therefore each of the Parties shall be entitled to an injunction or injunctions (without posting bond or proving damages or irreparable harm) to prevent breaches (or threatened breaches) of such provisions of this Agreement and to enforce specifically this Agreement and the terms and provisions thereof in any action instituted in any court of the United States or any state or jurisdiction having subject matter jurisdiction, in addition to any remedy to which such Party may be entitled, at law or in equity. The defending Party agrees not to raise adequacy of legal remedies as a defense to such action.

This Agreement and performance under it shall be governed by and construed in accordance with the law of the State of New York without regard to any portion of its choice of law principles (whether those of New York or any other jurisdiction) that might provide for application of a different jurisdiction’s law. The Parties expressly intend to avail themselves of the benefit of Section 5-1401 of the New York General Obligations Law.

If any legal proceeding, arbitration, mediation, or lawsuit is brought by either Party in connection with this Agreement, the prevailing Party in such proceeding will be entitled to receive its costs, expert witness fees, and reasonable attorneys’ fees, including costs and fees on appeal from the non-prevailing Party.

THE PARTIES HEREBY UNCONDITIONALLY WAIVE THEIR RESPECTIVE RIGHTS TO A JURY TRIAL OF ANY CLAIM OR CAUSE OF ACTION ARISING DIRECTLY OR INDIRECTLY OUT OF, RELATED TO, OR IN ANY WAY CONNECTED WITH, THE PERFORMANCE OR BREACH OF THIS AGREEMENT, AND/OR THE RELATIONSHIP THAT IS BEING ESTABLISHED BETWEEN THEM. THE SCOPE OF THIS WAIVER IS INTENDED TO BE ALL ENCOMPASSING OF ANY AND ALL DISPUTES THAT MAY BE FILED IN ANY COURT OR OTHER TRIBUNAL (INCLUDING, WITHOUT LIMITATION, CONTRACT CLAIMS, TORT CLAIMS, BREACH OF DUTY CLAIMS, AND ALL OTHER COMMON LAW AND STATUTORY CLAIMS). THIS WAIVER IS IRREVOCABLE. IT MAY NOT BE MODIFIED EITHER ORALLY OR IN WRITING, AND THE WAIVER SHALL APPLY TO ANY SUBSEQUENT AMENDMENTS, RENEWALS, SUPPLEMENTS OR MODIFICATIONS TO THIS AGREEMENT, AND RELATED DOCUMENTS, OR TO ANY OTHER DOCUMENTS OR AGREEMENTS RELATING TO THIS TRANSACTION OR ANY RELATED TRANSACTION. IN THE EVENT OF LITIGATION, THIS AGREEMENT MAY BE FILED AS A CONSENT TO A TRIAL BY THE COURT.

This Agreement shall be binding on the Parties hereto and their respective successors and assigns. Neither Party may, or shall have the power to, assign this Agreement without the prior written consent of the other Party, except that RFS may assign its rights and obligations under this Agreement in their entirety (and not in part) without the approval of Fiserv to:

(a)any entity which acquires (i) all or substantially all of the assets of RFS, or (ii) all or substantially all of the assets of one or more of the business units of RFS or its Affiliates;

(b)any RFS Affiliate; or

(c)any successor entity in a merger or acquisition of RFS;

provided, however, that in all such circumstances any permitted successor or assign shall agree in writing to be bound by and assume all of RFS’ rights and obligations hereunder.

It is the intent of the Parties that this Agreement shall provide all the terms of the relationship between them and that no representative of a Party shall be required to enter into any additional contractual obligation (either personally or on behalf of such Party); except that (i) the foregoing shall not apply to or restrict confidentiality agreements that a Party is required to enter into pursuant to Section

14.5(d)(i) with its personnel, Subcontractors, officers, lawyers, accountants, other professional advisers, auditors, directors, agents, or other third parties as applicable, and (ii) this sentence is not meant to limit or preclude the Parties from entering into mutually agreed-upon and executed amendments, schedules, addendum or similar agreements to amend, modify or supplement the terms of this Agreement from time to time. Without limiting the generality of the foregoing if a Party’s (or its representatives’) personnel are requested or required by the other Party or any Subcontractor to execute any releases, waivers, confidentiality agreements, or similar documents (or comparable electronically entered-into agreements) to obtain access to such other Party’s or its Subcontractors premises or be provided with Confidential Information they shall be void and unenforceable and shall not be pleaded or introduced in any action. The foregoing shall not apply to any acknowledgements that may be required by, or necessary to comply with Applicable Law, such as acknowledgements of Material Safety Data Act disclosures. Such individuals are intended to be third party beneficiaries of this provision and may enforce it in their own name.

Each Party acknowledges that the limitations and exclusions contained in this Agreement have been the subject of active and complete negotiation between the Parties and represent the Parties' agreement based upon the level of risk to RFS and Fiserv associated with their respective obligations under this Agreement and the payments to be made to Fiserv and credits to be issued to RFS pursuant to this Agreement. The terms and conditions of this Agreement (including any perceived ambiguity herein) shall not be construed in favor of, or against, either Party by reason of the extent to which any Party or its professional advisors participated in the preparation of the original or any further drafts of this Agreement as each Party is a sophisticated business entity and has fully negotiated this Agreement with the full participation of counsel and other advisors and it represents their mutual efforts and their mutual intent.

(a)All notices, requests, demands and determinations under this Agreement (other than routine operational communications), shall be in writing and shall be deemed duly given:

(i)when delivered personally (against a signed receipt),

(ii)on the designated day of delivery (other than a weekend or Federal holiday) after being timely given to an express overnight courier with a reliable system for tracking delivery,

(iii)on the next Business Day when sent by confirmed facsimile or electronic mail with a copy sent concurrently by another means specified in this Section 23.4 (such concurrent copy requirement to be strictly construed, as facsimile and electronic mail is not always reliable and addresses change), or

(iv)four (4) Business Days after the day of mailing, when mailed by United States mail, registered or certified mail, return receipt requested and postage prepaid and addressed as provided below.

(b)In the case of notices to RFS:

(c)In the case of notices to Fiserv:

(d)Either Party may from time to time change its address or designee for notification purposes by giving the other prior notice of the new address or designee and the date upon which it will become effective. Where this Agreement provides that a notice has to be given on a certain date, notice given prior to such date shall be effective as if given on such date.

This Agreement may be executed in several counterparts, each of which shall be considered an original but all of which taken together shall constitute but one and the same agreement.

The article and section headings and the table of contents used in this Agreement are for reference and convenience only and shall not enter into the interpretation of this Agreement.

(a)Independent Contractor. Fiserv is, and shall at all times be, an independent contractor under this Agreement and not an agent of RFS. Nothing in this Agreement nor any actions taken by or arrangements entered into between the Parties in accordance with the provisions of this Agreement shall be construed as or deemed to create as to the Parties any partnership or joint venture, nor shall anything in this Agreement be construed or deemed to make RFS an agent of any RFS Affiliate. Fiserv shall not have any authority to bind or commit RFS contractually or otherwise to any obligations whatsoever to third parties.

(b)Taxes; Employee Benefits. Fiserv shall be solely responsible for the payment of any and all employment taxes and/or assessments imposed on the account of the payment for the services of Fiserv employees, including any unemployment insurance tax, federal, state, local and foreign income taxes, federal social security payments (FICA) and disability insurance taxes, as well as any and all contributions or payments required pursuant to any employee pension, welfare, bonus or other benefit plan, however defined or described, applicable to any Fiserv employees. Fiserv shall bear sole responsibility for maintaining and administering workers’ compensation, unemployment and any other insurance required for the Fiserv employees under law or any plan, as well as for compliance of all statutes and regulations applicable to the employer of Fiserv employees. The Parties recognize and agree that the Fiserv employees providing the Services shall not be entitled to any benefits established and maintained by RFS or RFS’ Affiliates for their employees, and Fiserv shall so advise the Fiserv employees. Any severance payments payable to Fiserv employees upon termination of their employment with Fiserv shall be the sole responsibility of Fiserv. Fiserv will make appropriate reporting of compensation paid to Fiserv employees as required by the Internal Revenue Service (“IRS”) including filing of Forms W-2 and 1099 with the IRS, if applicable.

(c)Fiserv Affiliates and Subcontractors. If the Fiserv Personnel include employees of Fiserv Affiliates or Subcontractors or individuals acting as contractors to Fiserv, Fiserv shall cause each such Affiliate, Subcontractor or individual contractor to comply with Section 23.7(b) as though all references to “Fiserv” were references to such Affiliates or Subcontractors.

If any provision of this Agreement conflicts with the law under which this Agreement is to be construed or if any such provision is held invalid by a competent authority, such provision shall be deemed to be restated to reflect as nearly as possible the original intentions of the Parties in accordance with Applicable Law. The remainder of this Agreement shall remain in full force and effect.

Except where expressly provided as being in the discretion of a Party, where approval, acceptance, consent, or similar action by either Party is required under this Agreement, such action shall not be unreasonably withheld, conditioned or delayed. An approval or consent given by a Party under this Agreement shall not relieve the other Party from responsibility for complying with the requirements of this Agreement, nor shall it be construed as a waiver of any rights under this Agreement, except as and to the extent otherwise expressly provided in such approval or consent.

(a)Each Party’s representatives may not be fully familiar with, or necessarily insist at all times on the full and complete performance with, the terms of the Agreement. A Party’s failure to insist in any one or more instances upon strict performance of any provision of the Agreement, or failure or delay to take advantage of any of its rights or remedies hereunder, or failure to notify the other Party of any breach, violation, or default, shall not be construed as a waiver or construction by such Party of any such performance, provision, rights, breach, violation, or default either then or in the future or the relinquishment of any of its rights and remedies.

(b)A delay or omission by either Party to exercise any right or power under this Agreement shall not be construed to be a waiver thereof. A waiver by either of the Parties of any of the covenants to be performed by the other or any breach thereof shall not be construed to be a waiver of any succeeding breach thereof or of any other covenant herein contained.

(c)Except as otherwise expressly provided herein, all remedies provided for in this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either Party at law or in equity.

Any provision of this Agreement which contemplates performance or observance subsequent to any termination or expiration of this Agreement, including those provisions relating to the obligations of Fiserv in connection with the Termination/Expiration Assistance, shall survive any termination or expiration of this Agreement and continue in full force and effect.

(a)All media releases, public announcements and public disclosures by either Party relating to this Agreement or the subject matter of this Agreement, including promotional or marketing material, but not including announcements intended solely for internal distribution or disclosures to the extent required to meet legal or regulatory requirements beyond the reasonable control of the disclosing Party, shall be coordinated with and approved by the other Party prior to release.

(b)If a Party determines that disclosure is required to meet legal or regulatory requirements it shall promptly inform the other Party and coordinate such disclosure with the other Party. The disclosing Party shall limit disclosure to that which is legally required and shall give due consideration to (and use Commercially Reasonable Efforts, consistent with Applicable Law, and in no case less than it would use concerning the disclosure of its own similar information, to limit disclosures based on) comments the other Party and its counsel provide regarding the nature of the disclosure.

Without RFS’ prior consent, Fiserv shall not use the name, service marks, or trademarks of RFS or its Affiliates.

Synchrony Bank, a federal savings bank (“Synchrony”) shall constitute a third-party beneficiary of the rights of RFS under this Agreement and shall be permitted to enforce the rights of RFS hereunder without the necessity of joining RFS as a party. Notwithstanding the foregoing, until Synchrony gives written notice to Fiserv and RFS to the contrary, Synchrony’s consent, written or otherwise, shall not be required for any amendment, modification or waiver with respect to this Agreement or the execution and delivery of any Service Tower or any amendment, modification or waiver with respect thereto. This Agreement shall not be deemed to create any rights in any other third parties, including suppliers and customers of a Party, or to create any obligations of a Party to any such third parties.

Each Party, in its respective dealings with the other Party under or in connection with this Agreement, shall act in good faith and with fair dealing.

(a)Each Party on its own behalf releases, discharges, and acquits the other Party and its Affiliates from any and all breaches, causes of action and claims, including damages and costs related thereto (whether known or unknown, matured or unmatured, asserted or unasserted) arising [***] prior to the Effective Date, other than:

(i)liabilities for taxes;

(ii)RFS’ obligation to pay invoices for Services rendered; provided that RFS shall not be responsible for any amount that is invoiced later than [***];

(iii)any liability of Fiserv to RFS for payments made as a result of Fiserv’s prior incorrect billings;

(iv)breaches of obligations of confidentiality not actually known to the injured Party’s senior officers responsible for dealing with the other Party;

(v)breaches of obligations which give rise to third party liability, whether known or unknown, and which are subject to the indemnity Article 19 of the SA or [***] and the obligation to indemnify as contained in said Articles;

(vi)claims for personal injury or property damage which are the subject of insurance coverage requirements; and

(vii)any ongoing discussions or negotiations between the Parties regarding whether any Functions constitute New Services, which will be addressed in a manner consistent with Section 9.5(b).

(b)The exclusive remedy for any breach, cause of action or claim related to any of the foregoing exceptions shall be monetary damages only and no such breaches, causes of action or claims shall serve as the basis for termination of this Agreement, except for breaches of confidentiality which were significant in scope and which are subject to Section 23.16(a)(iv).

(c)Notwithstanding clauses (a)(ii) and (a)(iii) above, the Parties mutually agree to waive any disputes related to errors in billings under [***] that were or reasonably could have been discovered by either Party during the negotiation of this Agreement.

(a)[***]

(b)[***]

(c)[***]

(d)[***]

(e)[***]

This Agreement, including any Schedules and Exhibits referred to herein and attached hereto, each of which is incorporated herein for all purposes, constitutes the entire agreement between the Parties with respect to the subject matter of this Agreement and supersedes all prior agreements [***], whether written or oral, with respect to such subject matter. Neither the course of dealings between the Parties nor trade practices shall act to modify, vary, supplement, explain, or amend this Agreement. If either Party issues any purchase order, terms or conditions, or other form, it shall be deemed solely for the administrative convenience of that Party and not binding on the other Party, even if acknowledged or acted upon. No amendment, change, waiver, or discharge hereof shall be valid unless in writing and signed by an authorized representative of the Party against which such change, waiver or discharge is sought to be enforced. There are no promises, representations, warrantees, or other commitments relied upon by either Party that is not expressly provided herein.

IN WITNESS WHEREOF, the Parties have each caused this Agreement to be signed and delivered by its duly authorized officer, all as of the Effective Date.